Table of Contents for
The IDA Pro Book, 2nd Edition
The IDA Pro Book, 2nd Edition
Published by
No Starch Press, 2011
- Cover
- The IDA Pro Book
- PRAISE FOR THE FIRST EDITION OF THE IDA PRO BOOK
- Acknowledgments
- Introduction
- I. Introduction to IDA
- 1. Introduction to Disassembly
- The What of Disassembly
- The Why of Disassembly
- The How of Disassembly
- Summary
- 2. Reversing and Disassembly Tools
- Summary Tools
- Deep Inspection Tools
- Summary
- 3. IDA Pro Background
- Obtaining IDA Pro
- IDA Support Resources
- Your IDA Installation
- Thoughts on IDA’s User Interface
- Summary
- II. Basic IDA Usage
- 4. Getting Started with IDA
- IDA Database Files
- Introduction to the IDA Desktop
- Desktop Behavior During Initial Analysis
- IDA Desktop Tips and Tricks
- Reporting Bugs
- Summary
- 5. IDA Data Displays
- Secondary IDA Displays
- Tertiary IDA Displays
- Summary
- 6. Disassembly Navigation
- Stack Frames
- Searching the Database
- Summary
- 7. Disassembly Manipulation
- Commenting in IDA
- Basic Code Transformations
- Basic Data Transformations
- Summary
- 8. Datatypes and Data Structures
- Creating IDA Structures
- Using Structure Templates
- Importing New Structures
- Using Standard Structures
- IDA TIL Files
- C++ Reversing Primer
- Summary
- 9. Cross-References and Graphing
- IDA Graphing
- Summary
- 10. The Many Faces of IDA
- Using IDA’s Batch Mode
- Summary
- III. Advanced IDA Usage
- 11. Customizing IDA
- Additional IDA Configuration Options
- Summary
- 12. Library Recognition Using FLIRT Signatures
- Applying FLIRT Signatures
- Creating FLIRT Signature Files
- Summary
- 13. Extending IDA’s Knowledge
- Augmenting Predefined Comments with loadint
- Summary
- 14. Patching Binaries and Other IDA Limitations
- IDA Output Files and Patch Generation
- Summary
- IV. Extending IDA’s Capabilities
- 15. IDA Scripting
- The IDC Language
- Associating IDC Scripts with Hotkeys
- Useful IDC Functions
- IDC Scripting Examples
- IDAPython
- IDAPython Scripting Examples
- Summary
- 16. The IDA Software Development Kit
- The IDA Application Programming Interface
- Summary
- 17. The IDA Plug-in Architecture
- Building Your Plug-ins
- Installing Plug-ins
- Configuring Plug-ins
- Extending IDC
- Plug-in User Interface Options
- Scripted Plug-ins
- Summary
- 18. Binary Files and IDA Loader Modules
- Manually Loading a Windows PE File
- IDA Loader Modules
- Writing an IDA Loader Using the SDK
- Alternative Loader Strategies
- Writing a Scripted Loader
- Summary
- 19. IDA Processor Modules
- The Python Interpreter
- Writing a Processor Module Using the SDK
- Building Processor Modules
- Customizing Existing Processors
- Processor Module Architecture
- Scripting a Processor Module
- Summary
- V. Real-World Applications
- 20. Compiler Personalities
- RTTI Implementations
- Locating main
- Debug vs. Release Binaries
- Alternative Calling Conventions
- Summary
- 21. Obfuscated Code Analysis
- Anti–Dynamic Analysis Techniques
- Static De-obfuscation of Binaries Using IDA
- Virtual Machine-Based Obfuscation
- Summary
- 22. Vulnerability Analysis
- After-the-Fact Vulnerability Discovery with IDA
- IDA and the Exploit-Development Process
- Analyzing Shellcode
- Summary
- 23. Real-World IDA Plug-ins
- IDAPython
- collabREate
- ida-x86emu
- Class Informer
- MyNav
- IdaPdf
- Summary
- VI. The IDA Debugger
- 24. The IDA Debugger
- Basic Debugger Displays
- Process Control
- Automating Debugger Tasks
- Summary
- 25. Disassembler/Debugger Integration
- IDA Databases and the IDA Debugger
- Debugging Obfuscated Code
- IdaStealth
- Dealing with Exceptions
- Summary
- 26. Additional Debugger Features
- Debugging with Bochs
- Appcall
- Summary
- A. Using IDA Freeware 5.0
- Using IDA Freeware
- B. IDC/SDK Cross-Reference
- Index
- About the Author
