Chris Eagle - The IDA Pro Book

This book is dedicated to my mother.

I wholeheartedly recommend The IDA Pro Book to all IDA Pro users.

Writing a book about IDA Pro is a challenging task. The fact that it is a complex piece of software with more features than can even be mentioned, let alone detailed in a book of reasonable size, is the least of the difficulties. New releases of IDA also tend to occur frequently enough that any book will almost certainly be one, if not two, versions behind by the time it hits the streets. Including version 5.3, which was released just as the first edition was going to press, seven new versions of IDA have been released since the first edition was published. The release of version 6.0 with a new, Qt-based graphical user interface motivated me to update the book and address many of the features that have been introduced in the interim. Of course, true to form, another version of IDA (6.1) was released late in the process just to make things more exciting.

My goal with this edition remains to help others get started with IDA and perhaps develop an interest in reverse engineering in general. For anyone looking to get into the reverse engineering field, I cant stress how important it is that you develop competent programming skills. Ideally, you should love code, perhaps going so far as to eat, sleep, and breathe code. If programming intimidates you, then reverse engineering is probably not for you. It is possible to argue that reverse engineering requires no programming at all because all you are doing is taking apart someone elses program; however, without committing to developing scripts and plug-ins to help automate your work, you will never become a truly effective reverse engineer. In my case, programming and reverse engineering substitute for the challenge of The New York Times Sunday crossword puzzle, so it is rarely tedious.

For continuity purposes, this edition preserves the overall structure of the first edition while elaborating and adding material where appropriate. There are a number of ways to read this book. Users with little reverse engineering background may wish to begin with discuss IDAs user interface features and basic capabilities.

Readers possessing some familiarity with IDA may wish to begin with provides a bit of a diversion useful for readers interested in running IDA on non-Windows platforms (Linux or OS X).

More advanced IDA users may find addresses the much-asked question of whether IDA can be used to patch binary files.

IDA is a quite capable tool right out of the box; however, one of its greatest strengths is its extensibility, which users have taken advantage of to make IDA do some very interesting things over the years. IDAs extensibility features are covered in walk you through plug-ins, file loaders, and processor modules.

With the bulk of IDAs capabilities covered, concludes the section by presenting some useful IDA extensions (plug-ins) that have been published over the years.

The book concludes with expanded coverage of IDAs built-in debugger in concludes the book with a discussion of IDAs remote debugging capabilities and the use of the Bochs emulator as an integrated debugging platform.

At the time of this writing, IDA version 6.1 was the most current version available, and the book is written largely from a 6.1 perspective. Hex-Rays is generous enough to make an older version of IDA available for free; the freeware version of IDA is a reduced-functionality version of IDA 5.0. While many of the IDA features discussed in the book apply to the freeware version as well, provides a brief rundown of some of the differences a user of the freeware version can expect to encounter.