Reverse Engineering Code with IDA Pro
If you want to master the art and science of reverse engineering code with IDA Pro for security R&D or software debugging, this is the book for you. Highly organized and sophisticated criminal entities are constantly developing more complex, obfuscated, and armored viruses, worms, Trojans, and botnets. IDA Pro's interactive interface and programmable development language provide you with complete control over code disassembly and debugging. This is the only book which focuses exclusively on the world's most powerful and popular took for reverse engineering code.
*Reverse Engineer REAL Hostile Code
To follow along with this chapter, you must download a file called !DANGER!INFECTEDMALWARE!DANGER!... 'nuff said.
*Download the Code!
The companion Web site to this book offers up really evil code for you to reverse engineer and really nice code for you to automate tasks with the IDC Scripting Language.
*Portable Executable (PE) and Executable and Linking Formats (ELF)
Understand the physical layout of PE and ELF files, and analyze the components that are essential to reverse engineering.
*Break Hostile Code Armor and Write your own Exploits
Understand execution flow, trace functions, recover hard coded passwords, find vulnerable functions, backtrace execution, and craft a buffer overflow.
Debug in IDA Pro, use a debugger while reverse engineering, perform heap and stack access modification, and use other debuggers.
Anti-reversing, like reverse engineering or coding in assembly, is an art form. The trick of course is to try to stop the person reversing the application. Find out how!
*Track a Protocol through a Binary and Recover its Message Structure
Trace execution flow from a read event, determine the structure of a protocol, determine if the protocol has any undocumented messages, and use IDA Pro to determine the functions that process a particular message.
*Develop IDA Scripts and Plug-ins
Learn the basics of IDA scripting and syntax, and write IDC scripts and plug-ins to automate even the most complex tasks.
What people are saying - Write a review
I have some solid suggestions to the author of reverse enginneering code with ida pro.
The topic is attractive but the text is not comprehensive enough. Some of the figure is not necessary to print out,for example, p.159 fig 7.23, because this is not the key step. Even the author wanna show this pic, he doesn't have to snag the whole window, just part of it is enough. and, he could list the sequental steps in a systematically manner to improve the readability. and please turn to page 170 you could see some "JPEG compression residue" I know these unclear points came from the change of basis with wavelet basis, which is kind of lossy compression. Maybe the author could use tiff (lossyless compression format)in the next version.