Muutke küpsiste eelistusi

E-raamat: IDA Pro Book, 2nd Edition

4.29/5 (215 hinnangut Goodreads-ist)
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 11-Jul-2011
  • Kirjastus: No Starch Press,US
  • Keel: eng
  • ISBN-13: 9781593273958
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 58,06 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
IDA Pro Book, 2nd EditionSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 11-Jul-2011
  • Kirjastus: No Starch Press,US
  • Keel: eng
  • ISBN-13: 9781593273958
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

No source code? No problem. With IDA Pro, the interactive disassembler, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book, you'll learn how to turn that mountain of mnemonics into something you can actually use. Hailed by the creator of IDA Pro as 'profound, comprehensive, and accurate,' the second edition of The IDA Pro Book covers everything from the very first steps to advanced automation techniques. You'll find complete coverage of IDA's new Qt-based user interface, as well as increased coverage of the IDA debugger, the Bochs debugger, and IDA scripting (especially using IDAPython). But because humans are still smarter than computers, you'll even learn how to use IDA's latest interactive and scriptable interfaces to your advantage. Save time and effort as you learn to: Navigate, comment, and modify disassembly Identify known library routines, so you can focus your analysis on other areas of the code Use code graphing to quickly make sense of cross references and function calls Extend IDA to support new processors and filetypes using the SDK Explore popular plug-ins that make writing IDA scripts easier, allow collaborative reverse engineering, and much more Use IDA's built-in debugger to tackle hostile and obfuscated code Whether you're analyzing malware, conducting vulnerability research, or reverse engineering software, a mastery of IDA is crucial to your success. Take your skills to the next level with this 2nd edition of The IDA Pro Book.

Arvustused

"Chris proves again his captivating and informative writing style. We highly recommend this book." Hex Blog

"The IDA Pro Book, 2nd Edition is an excellent book." Richard Bejtlich, TaoSecurity

"The additions made to the book have made an excellent resource even better." The Ethical Hacker Network

"If you are serious about mastering IDA Pro, this is the only book that you need." Hack in the Box Magazine

"This is the manual you need if you use IDA Pro for fun or profit." Secret Diabolical Workshop

"This updated edition of The IDA Pro Book is well-organized, smoothly written, and nicely illustrated." Books, Books & More (New) Books

"The book provides many great examples that are easy to follow along with and complete yourself." Small Town Geeks

Acknowledgments xix
Introduction xxi
PART I INTRODUCTION TO IDA
1 Introduction To Disassembly
3(12)
Disassembly Theory
4(1)
The What of Disassembly
5(1)
The Why of Disassembly
6(1)
Malware Analysis
6(1)
Vulnerability Analysis
6(1)
Software Interoperability
7(1)
Compiler Validation
7(1)
Debugging Displays
7(1)
The How of Disassembly
7(7)
A Basic Disassembly Algorithm
8(1)
Linear Sweep Disassembly
9(2)
Recursive Descent Disassembly
11(3)
Summary
14(1)
2 Reversing And Disassembly Tools
15(16)
Classification Tools
16(4)
file
16(2)
PE Tools
18(1)
PEiD
19(1)
Summary Tools
20(7)
nm
20(2)
Idd
22(1)
objdump
23(1)
otool
24(1)
dumpbin
25(1)
C++filt
25(2)
Deep Inspection Tools
27(2)
strings
27(1)
Disassemblers
28(1)
Summary
29(2)
3 Ida Pro Background
31(12)
Hex-Ray's Stance on Piracy
32(1)
Obtainning IDA Pro
33(2)
IDA Versions
33(1)
IDA Licenses
33(1)
Purchasing IDA
34(1)
Upgrading IDA
34(1)
IDA Support Resources
35(1)
Your IDA Installation
36(4)
Windows Installation
36(1)
OS X and Linux Installation
37(1)
IDA and SELinux
38(1)
32-bit vs. 64-bit IDA
38(1)
The IDA Directory Layout
38(2)
Thoughts on IDA'S User Interface
40(1)
Summary
40(3)
PART II BASIC IDA USAGE
4 Getting Started With Ida
43(16)
Launching IDA
44(4)
IDA File Loading
45(2)
Using the Binary File Loader
47(1)
IDA Database Files
48(5)
IDA Database Creation
50(1)
Closing IDA Databases
51(1)
Reopening a Database
52(1)
Introduction to the IDA Desktop
53(3)
Desktop Behavior During Initial Analysis
56(1)
IDA Desktop Tips and Tricks
57(1)
Reporting Bugs
58(1)
Summary
58(1)
5 Ida Data Displays
59(20)
The Principal IDA Displays
60(6)
The Disassembly Window
60(6)
The Functions Window
66(1)
The Output Window
66(1)
Secondary IDA Displays
66(4)
The Hex View Window
67(1)
The Exports Window
68(1)
The Imports Window
68(1)
The Structures Window
69(1)
The Enums Window
70(1)
Tertiary IDA Displays
70(7)
The Strings Window
70(2)
The Names Window
72(2)
The Segments Window
74(1)
The Signatures Window
74(1)
The Type Libraries Window
75(1)
The Function Calls Window
76(1)
The Problems Window
76(1)
Summary
77(2)
6 Disassembly Navigation
79(22)
Basic IDA Navigation
80(3)
Double-Click Navigation
80(2)
Jump to Address
82(1)
Navigation History
82(1)
Stack Frames
83(15)
Calling Conventions
85(4)
Local Variable Layout
89(1)
Stack Frame Examples
89(4)
IDA Stack Views
93(5)
Searching the Database
98(2)
Text Searches
99(1)
Binary Searches
99(1)
Summary
100(1)
7 Disassembly Manipulation
101(26)
Names and Naming
102(4)
Parameters and Local Variables
102(1)
Named Locations
103(2)
Register Names
105(1)
Commenting in IDA
106(2)
Regular Comments
107(1)
Repeatable Comments
107(1)
Anterior and Posterior Lines
108(1)
Function Comments
108(1)
Basic Code Transformations
108(12)
Code Display Options
109(3)
Formatting Instruction Operands
112(1)
Manipulating Functions
113(6)
Converting Data to Code (and Vice Versa)
119(1)
Basic Data Transformations
120(6)
Specifying Data Sizes
121(1)
Working with Strings
122(2)
Specifying Arrays
124(2)
Summary
126(1)
8 Datatypes And Data Structures
127(40)
Recognizing Data Structure Use
130(12)
Array Member Access
130(5)
Structure Member Access
135(7)
Creating IDA Structures
142(4)
Creating a New Structure (or Union)
142(2)
Editing Structure Members
144(2)
Stock Frames as Specialized Structures
146(1)
Using Structure Templates
146(3)
Importing New Structures
149(2)
Parsing C Structure Declarations
149(1)
Parsing C Header Files
150(1)
Using Standard Structures
151(3)
IDA TIL Files
154(2)
Loading New TIL Files
155(1)
Sharing TIL Files
155(1)
C++ Reversing Primer
156(10)
The this Pointer
156(1)
Virtual Functions and Vtables
157(3)
The Object Life Cycle
160(2)
Name Mangling
162(1)
Runtime Type Identification
163(1)
Inheritance Relationships
164(1)
C++ Reverse Engineering References
165(1)
Summary
166(1)
9 Cross-References And Graphing
167(22)
Cross-References
168(8)
Code Cross-References
169(2)
Data Cross-References
171(2)
Cross-Reference Lists
173(2)
Function Calls
175(1)
IDA Graphing
176(11)
IDA External (Third-Party) Graphing
176(9)
IDA's Integrated Graph View
185(2)
Summary
187(2)
10 The Many Faces Of Ida
189(12)
Console Mode IDA
190(6)
Common Features of Console Mode
190(1)
Windows Console Specifics
191(1)
Linux Console Specifics
192(2)
OS X Console Specifics
194(2)
Using IDA's Batch Mode
196(2)
Summary
198(3)
PART III ADVANCED IDA USAGE
11 Customizing Ida
201(10)
Configuration Files
201(6)
The Main Configuration File: ida.cfg
202(1)
The GUI Configuration File: idagui.cfg
203(3)
The Console Configuration File: idatui.cfg
206(1)
Additional IDA Configuration Options
207(3)
IDA Colors
207(1)
Customizing IDA Toolbars
208(2)
Summary
210(1)
12 Library Recognition Using Flirt Signatures
211(16)
Fast Library Identification and Recognition Technology
212(1)
Applying FLIRT Signatures
212(4)
Creating FLIRT Signature Files
216(9)
Signature-Creation Overview
217(1)
Identifying and Acquiring Static Libraries
217(2)
Creating Pattern Files
219(2)
Creating Signature Files
221(3)
Startup Signatures
224(1)
Summary
225(2)
13 Extending Ida's Knowledge
227(10)
Augmenting Function Information
228(5)
IDS Files
230(1)
Creating IDS Files
231(2)
Augmenting Predefined Comments with loadint
233(2)
Summary
235(2)
14 Patching Binaries And Other Ida Limitations
237(12)
The Infamous Patch Program Menu
238(3)
Changing Individual Database Bytes
238(1)
Changing a Word in the Database
239(1)
Using the Assemble Dialog
239(2)
IDA Output Files and Patch Generation
241(4)
IDA-Generated MAP Files
242(1)
IDA-Generated ASM Files
242(1)
IDA-Generated INC Files
243(1)
IDA-Generated LST Files
243(1)
IDA-Generated EXE Files
243(1)
IDA-Generated DIF Files
244(1)
IDA-Generated HTML Files
245(1)
Summary
245(4)
PART IV EXTENDING IDA'S CAPABILITIES
15 Ida Scripting
249(36)
Basic Script Execution
250(2)
The IDC Language
252(9)
IDC Variables
252(1)
IDC Expressions
253(1)
IDC Statements
254(1)
IDC Functions
254(2)
IDC Objects
256(1)
IDC Programs
257(1)
Error Handling in IDC
258(1)
Persistent Data Storage in IDC
259(2)
Associating IDC Scripts with Hotkeys
261(1)
Useful IDC Functions
261(9)
Functions for Reading and Modifying Data
262(1)
User Interaction Functions
263(1)
String-Manipulation Functions
264(1)
File Input/Output Functions
264(2)
Manipulating Database Names
266(1)
Functions Dealing with Functions
266(1)
Code Cross-Reference Functions
267(1)
Data Cross-Reference Functions
268(1)
Database Manipulation Functions
268(1)
Database Search Functions
269(1)
Disassembly Line Components
270(1)
IDC Scripting Examples
270(10)
Enumerating Functions
270(1)
Enumerating Instructions
271(1)
Enumerating Cross-References
272(3)
Enumerating Exported Functions
275(1)
Finding and Labeling Function Arguments
275(3)
Emulating Assembly Language Behavior
278(2)
IDAPython
280(2)
Using IDAPython
281(1)
IDAPython Scripting Examples
282(2)
Enumerating Functions
282(1)
Enumerating Instructions
282(1)
Enumerating Cross-References
283(1)
Enumerating Exported Functions
283(1)
Summary
284(1)
16 The Ida Software Development Kit
285(30)
SDK Introduction
286(3)
SDK Installation
287(1)
SDK Layout
287(2)
Configuring a Build Environment
289(1)
The IDA Application Programming Interface
289(25)
Header Files Overview
290(4)
Netnodes
294(8)
Useful SDK Datatypes
302(2)
Commonly Used SDK Functions
304(6)
Iteration Techniques Using the IDA API
310(4)
Summary
314(1)
17 The Ida Plug-In Architecture
315(32)
Writing a Plug-in
316(8)
The Plug-in Life Cycle
318(2)
Plug-in Initialization
320(1)
Event Notification
321(1)
Plug-in Execution
322(2)
Building Your Plug-ins
324(5)
Installing Plug-ins
329(1)
Configuring Plug-ins
330(1)
Extending IDC
331(2)
Plug-in User Interface Options
333(11)
Using the SDK's Chooser Dialogs
334(3)
Creating Customized Forms with the SDK
337(4)
Windows-Only User Interface-Generation Techniques
341(1)
User Interface Generation with Qt
342(2)
Scripted Plug-ins
344(2)
Summary
346(1)
18 Binary Files And Ida Loader Modules
347(30)
Unknown File Analysis
348(1)
Manually Loading a Windows PE File
349(9)
IDA Loader Modules
358(1)
Writing an IDA Loader Using the SDK
358(14)
The Simpleton Loader
361(5)
Building an IDA Loader Module
366(1)
A pcap Loader for IDA
366(6)
Alternative Loader Strategies
372(1)
Writing a Scripted Loader
373(2)
Summary
375(2)
19 Ida Processor Modules
377(38)
Python Byte Code
378(1)
The Python Interpreter
379(1)
Writing a Processor Module Using the SDK
380(23)
The processor Struct
380(1)
Basic initialization of the LPH Structure
381(4)
The Analyzer
385(5)
The Emulator
390(4)
The Outputter
394(5)
Processor Notifications
399(2)
Other processor Members
401(2)
Building Processor Modules
403(4)
Customizing Existing Processors
407(2)
Processor Module Architecture
409(2)
Scripting a Processor Module
411(1)
Summary
412(3)
PART V REAL-WORLD APPLICATIONS
20 Compiler Personalities
415(18)
Jump Tables and Switch Statements
416(4)
RTTI Implementations
420(1)
Locating main
421(7)
Debug vs. Release Binaries
428(2)
Alternative Calling Conventions
430(2)
Summary
432(1)
21 Obfuscated Code Analysis
433(42)
Anti-Static Analysis Techniques
434(15)
Disassembly Desynchronization
434(3)
Dynamically Computed Target Addresses
437(7)
Imported Function Obfuscation
444(4)
Targeted Attacks on Analysis Tools
448(1)
Anti-Dynamic Analysis Techniques
449(5)
Detecting Virtualization
449(2)
Detecting Instrumentation
451(1)
Detecting Debuggers
452(1)
Preventing Debugging
453(1)
Static De-obfuscation of Binaries Using IDA
454(18)
Script-Oriented De-obfuscation
455(5)
Emulation-Oriented De-obfuscation
460(12)
Virtual Machine-Based Obfuscation
472(2)
Summary
474(1)
22 Vulnerability Analysis
475(24)
Discovering New Vulnerabilities with IDA
476(7)
After-the-Fact Vulnerability Discovery with IDA
483(5)
IDA and the Exploit-Development Process
488(7)
Stack Frame Breakdown
488(4)
Locating Instruction Sequences
492(2)
Finding Useful Virtual Addresses
494(1)
Analyzing Sheellcode
495(3)
Summary
498(1)
23 Real-World Ida Plug-Ins
499(14)
Hex-Rays
500(3)
IDAPython
503(1)
collabREate
503(3)
ida-x86emu
506(1)
Class Informer
506(2)
MyNav
508(1)
IdaPdf
509(1)
Summary
510(3)
PART VI THE IDA DEBUGGER
24 The Ida Debugger
513(26)
Launching the Debugger
514(4)
Basic Debugger Displays
518(3)
Process Control
521(9)
Breakpoints
522(4)
Tracing
526(2)
Stack Traces
528(1)
Watches
529(1)
Automating Debugger Tasks
530(8)
Scripting Debugger Actions
530(6)
Automating Debugger Actions with IDA Plug-ins
536(2)
Summary
538(1)
25 Disassembler/Debugger Integration
539(30)
Background
540(1)
IDA Databases and the IDA Debugger
541(2)
Debugging Obfuscated Code
543(17)
Launching the Process
545(1)
Simple Decryption and Decompression Loops
546(4)
Import Table Reconstruction
550(5)
Hiding the Debugger
555(5)
IdaSteaith
560(1)
Dealing with Exceptions
561(7)
Summary
568(1)
26 Additional Debugger Features
569(12)
Remote Debugging with IDA
569(5)
Using a Hex-Rays Debugging Server
570(3)
Attaching to a Remote Process
573(1)
Exception Handling During Remote Debugging
574(1)
Using Scripts and Plug-ins During Remote Debugging
574(1)
Debugging with Bochs
574(4)
Bochs IDB Mode
575(1)
Bochs PE Mode
576(1)
Bochs Disk Image Mode
577(1)
Appcall
578(1)
Summary
579(2)
A Using Ida Freeware 5.0
581(4)
Restrictions on IDA Freeware
582(1)
Using IDA Freeware
583(2)
B Idc/Sdk Cross-Reference
585(24)
Index 609
Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School in Monterey, CA. He is the author of many IDA plug-ins and co-author of Gray Hat Hacking, and he has spoken at numerous security conferences, including Black Hat, Defcon, ToorCon, and ShmooCon.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97815932739586e.html
Märksõnad: