Muutke küpsiste eelistusi

IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler [Pehme köide]

4.29/5 (303 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 608 pages, Illustrations
  • Ilmumisaeg: 01-Aug-2008
  • Kirjastus: No Starch Press,US
  • ISBN-10: 1593271786
  • ISBN-13: 9781593271787
Teised raamatud teemal:
  • Pehme köide
  • Hind: 74,11 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
IDA Pro Book: The Unofficial Guide to the World's Most Popular DisassemblerSuurem pilt
  • Formaat: Paperback / softback, 608 pages, Illustrations
  • Ilmumisaeg: 01-Aug-2008
  • Kirjastus: No Starch Press,US
  • ISBN-10: 1593271786
  • ISBN-13: 9781593271787
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781593271787.html
Märksõnad:
A guide to IDA Pro covers a variety of reverse engineering challenges including such topics as disassembly manipulation, graphing, using cross references, scripting, and loader modules. Eagle (US Naval Postgraduate School) offers this guide to the IDA Pro disassembly software, which highlights how this application can be used without having to write large amounts of code. Designed for both novice and advanced programmers, this book shows how the automation levels of IDA Pro are uncommon for disassemblers, and how the flexibility of the program saves users time and money. A section is devoted to plug-in options that make IDA Pros features even easier when analyzing unknown software architectures or conducting vulnerability studies of security systems. Annotation ©2008 Book News, Inc., Portland, OR (booknews.com) IDA Pro is the de facto standard for the analysis of hostile code and vulnerability research, and the tool that programmers around the world use to pick apart compiled software to see how it works. Eagle provides a top-down overview of IDA Pro and its potential uses in the software reverse-engineering field. No source code? No problem. With IDA Pro, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book, youll learn how to turn that mountain of mnemonics into something you can actually use. Hailed by the creator of IDA Pro as the long-awaited and information-packed guide to IDA, The IDA Pro Book covers everything from the very first steps to advanced automation techniques. While other disassemblers slow your analysis with inflexibility, IDA invites you to customize its output for improved readability and usefulness. Youll save time and effort as you learn to: Identify known library routines, so you can focus your analysis on other areas of the code Extend IDA to support new processors and filetypes, making disassembly possible for new or obscure architectures Explore popular plug-ins that make writing IDA scripts easier, allow collaborative reverse engineering, and much more Utilize IDAs built-in debugger to tackle obfuscated code that would defeat a stand-alone disassembler Youll still need serious assembly skills to tackle the toughest executables, but IDA makes things a lot easier. Whether youre analyzing the software on a black box or conducting hard-core vulnerability research, a mastery of IDA Pro is crucial to your success. Take your skills to the next level with The IDA Pro Book,
Foreword xix
Pierre Vandevenne
Acknowledgments xxi
Introduction xxiii
PART I INTRODUCTION TO IDA
Introduction to Disassembly
3(12)
Disassembly Theory
4(1)
The What of Disassembly
5(1)
The Why of Disassembly
6(1)
Malware Analysis
6(1)
Vulnerability Analysis
6(1)
Software Interoperability
7(1)
Compiler Validation
7(1)
Debugging Displays
7(1)
The How of Disassembly
7(7)
A Basic Disassembly Algorithm
8(1)
Linear Sweep Disassembly
9(2)
Recursive Descent Disassembly
11(3)
Summary
14(1)
Reversing and Disassembly Tools
15(16)
Classification Tools
16(4)
file
16(2)
PE Tools
18(1)
PEiD
19(1)
Summary Tools
20(7)
nm
20(2)
idd
22(1)
objdump
23(1)
otool
24(1)
dumpbin
25(1)
c++filt
25(2)
Deep Inspection Tools
27(2)
strings
27(1)
Disassemblers
28(1)
Summary
29(2)
Ida Pro Background
31(12)
Hex-Rays' Stance on Piracy
32(1)
Obtaining IDA Pro
32(2)
IDA Versions
33(1)
IDA Licenses
33(1)
Purchasing IDA
33(1)
Upgrading IDA
34(1)
IDA Support Resources
34(1)
Your IDA Installation
35(4)
Windows Installation
36(1)
OS X and Linux Installation
37(1)
The IDA Directory Layout
37(2)
Thoughts on IDA's User Interface
39(1)
Summary
39(4)
PART II BASIC IDA USAGE
Getting Started With IDA
43(18)
Launching IDA
44(5)
IDA File Loading
46(1)
Using the Binary File Loader
47(2)
IDA Database Files
49(5)
IDA Database Creation
50(2)
Closing IDA Databases
52(1)
Reopening a Database
53(1)
Introduction to the IDA Desktop
54(2)
Desktop Behavior During Initial Analysis
56(2)
IDA Desktop Tips and Tricks
58(1)
Reporting Bugs
58(1)
Summary
59(2)
IDA Data Displays
61(20)
The Principal IDA Displays
62(9)
The Disassembly Window
62(6)
The Names Window
68(1)
The Message Window
69(1)
The Strings Window
70(1)
Secondary IDA Displays
71(4)
The Hex View Window
72(1)
The Exports Window
73(1)
The Imports Window
73(1)
The Functions Window
74(1)
The Structures Window
74(1)
The Enums Window
75(1)
Tertiary IDA Displays
75(4)
The Segments Window
75(1)
The Signatures Window
76(1)
The Type Libraries Window
77(1)
The Function Calls Window
77(1)
The Problems Window
78(1)
Summary
79(2)
Disassembly Navigation
81(22)
Basic IDA Navigation
82(3)
Double-Click Navigation
82(2)
Jump to Address
84(1)
Navigation History
84(1)
Stack Frames
85(15)
Calling Conventions
87(4)
Local Variable Layout
91(1)
Stack Frame Examples
91(4)
IDA Stack Views
95(5)
Searching the Database
100(2)
Text Searches
101(1)
Binary Searches
101(1)
Summary
102(1)
Disassembly Manipulation
103(26)
Names and Naming
104(4)
Parameters and Local Variables
104(1)
Named Locations
105(2)
Register Names
107(1)
Commenting in IDA
108(2)
Regular Comments
109(1)
Repeatable Comments
109(1)
Anterior and Posterior Lines
110(1)
Function Comments
110(1)
Basic Code Transformations
110(12)
Code Display Options
111(3)
Formatting Instruction Operands
114(1)
Manipulating Functions
115(6)
Converting Data to Code (and Vice Versa)
121(1)
Basic Data Transformations
122(6)
Specifying Data Sizes
123(1)
Working with Strings
124(2)
Specifying Arrays
126(2)
Summary
128(1)
Datatypes and Data Structures
129(38)
Recognizing Data Structure Use
131(11)
Array Member Access
131(5)
Structure Member Access
136(6)
Creating IDA Structures
142(5)
Manual Structure Layout
143(4)
Using Structure Templates
147(3)
Importing New Structures
150(2)
Parsing C Structure Declarations
150(1)
Parsing C Header Files
151(1)
Using Standard Structures
152(3)
IDA TIL Files
155(1)
Loading New TIL Files
155(1)
Sharing TIL Files
155(1)
C++ Reversing Primer
156(10)
The this Pointer
156(1)
Virtual Functions and Vtables
157(3)
The Object Life Cycle
160(2)
Name Mangling
162(1)
Runtime Type Identification
163(1)
Inheritance Relationships
164(1)
C++ Reverse Engineering References
165(1)
Summary
166(1)
Cross-References and Graphing
167(20)
Cross-References
168(8)
Code Cross-References
169(2)
Data Cross-References
171(2)
Cross-Reference Lists
173(2)
Function Calls
175(1)
IDA Graphing
176(10)
Legacy IDA Graphing
176(8)
IDA's Integrated Graph View
184(2)
Summary
186(1)
The Many Faces of IDA
187(14)
Console Mode IDA
188(7)
Common Features of Console Mode
188(1)
Windows Console Specifics
189(1)
Linux Console Specifics
190(2)
OS X Console Specifics
192(3)
Using IDA's Batch Mode
195(1)
GUI IDA on Non-Windows Platforms
196(2)
Summary
198(3)
PART III ADVANCED IDA USAGE
Customizing IDA
201(10)
Configuration Files
201(6)
The Main Configuration File: ida.cfg
202(1)
The GUI Configuration File: idagui.cfg
203(3)
The Console Configuration File: idatui.cfg
206(1)
Additional IDA Configuration Options
207(3)
IDA Colors
207(1)
Customizing IDA Toolbars
208(2)
Summary
210(1)
Library Recognition Using Flirt Signatures
211(16)
Fast Library Identification and Recognition Technology
212(1)
Applying FLIRT Signatures
212(4)
Creating FLIRT Signature Files
216(9)
Signature-Creation Overview
217(1)
Identifying and Acquiring Static Libraries
217(2)
Creating Pattern Files
219(2)
Creating Signature Files
221(3)
Startup Signatures
224(1)
Summary
225(2)
Extending IDA's Knowledge
227(10)
Augmenting Function Information
228(6)
IDS Files
230(2)
Creating IDS Files
232(2)
Augmenting Predefined Comments with loadint
234(2)
Summary
236(1)
Patching Binaries and Other IDA Limitations
237(12)
The Infamous Patch Program Menu
238(3)
Changing Individual Database Bytes
238(1)
Changing a Word in the Database
239(1)
Using the Assemble Dialog
239(2)
IDA Output Files and Patch Generation
241(4)
IDA-Generated MAP Files
242(1)
IDA-Generated ASM Files
242(1)
IDA-Generated INC Files
243(1)
IDA-Generated LST Files
243(1)
IDA-Generated EXE Files
243(1)
IDA-Generated DIF Files
244(1)
IDA-Generated HTML Files
245(1)
Summary
245(4)
PART IV EXTENDING IDA'S CAPABILITIES
Scripting With IDC
249(30)
Basic Script Execution
250(1)
The IDC Language
251(7)
IDC Variables
251(1)
IDC Expressions
252(1)
IDC Statements
252(1)
IDC Functions
253(1)
IDC Programs
254(1)
Error Handling in IDC
255(1)
Persistent Data Storage in IDC
256(2)
Associating IDC Scripts with Hotkeys
258(1)
Useful IDC Functions
258(9)
Functions for Reading and Modifying Data
259(1)
User Interaction Functions
260(1)
String-Manipulation Functions
261(1)
File Input/Output Functions
261(1)
Manipulating Database Names
262(1)
Functions Dealing with Functions
263(1)
Code Cross-Reference Functions
264(1)
Data Cross-Reference Functions
265(1)
Database Manipulation Functions
265(1)
Database Search Functions
266(1)
Disassembly Line Components
267(1)
IDC Scripting Examples
267(10)
Enumerating Functions
268(1)
Enumerating Instructions
268(1)
Enumerating Cross-References
269(3)
Enumerating Exported Functions
272(1)
Finding and Labeling Function Arguments
272(2)
Emulating Assembly Language Behavior
274(3)
Summary
277(2)
The IDA Software Development Kit
279(30)
SDK Introduction
280(4)
SDK Installation
281(1)
SDK Layout
281(2)
Configuring a Build Environment
283(1)
The IDA Application Programming Interface
284(24)
Header Files Overview
284(4)
Netnodes
288(8)
Useful SDK Datatypes
296(2)
Commonly Used SDK Functions
298(6)
Iteration Techniques Using the IDA API
304(4)
Summary
308(1)
The IDA Plug-In Architecture
309(28)
Writing a Plug-in
310(8)
The Plug-in Life Cycle
312(1)
Plug-in Initialization
313(2)
Event Notification
315(1)
Plug-in Execution
316(2)
Building Your Plug-ins
318(4)
Plug-in Installation
322(1)
Plug-in Configuration
323(1)
Extending IDC
324(3)
Plug-in User Interface Options
327(9)
Building Interface Elements with the SDK
327(9)
Summary
336(1)
Binary Files and IDA Loader Modules
337(26)
Unknown File Analysis
338(1)
Manually Loading a Windows PE File
339(8)
IDA Loader Modules
347(1)
Writing an IDA Loader
348(13)
The Simpleton Loader
350(5)
Building an IDA Loader Module
355(1)
A pcap Loader for IDA
355(6)
Alternative Loader Strategies
361(1)
Summary
362(1)
IDA Processor Modules
363(36)
Python Byte Code
364(1)
The Python Interpreter
365(1)
Writing a Processor Module
366(23)
The processor_t Struct
366(1)
Basic Initialization of the LPH Structure
367(4)
The Analyzer
371(5)
The Emulator
376(4)
The Outputter
380(5)
Processor Notifications
385(1)
Other processor_t Members
386(3)
Building Processor Modules
389(4)
Customizing Existing Processors
393(2)
Processor Module Architecture
395(1)
Summary
396(3)
PART V REAL-WORLD APPLICATIONS
Compiler Variations
399(18)
Jump Tables and Switch Statements
400(4)
RTTI Implementations
404(1)
Locating main
405(7)
Debug vs. Release Binaries
412(2)
Alternative Calling Conventions
414(1)
Summary
415(2)
Obfuscated Code Analysis
417(40)
Anti-Static Analysis Techniques
418(15)
Disassembly Desynchronization
418(3)
Dynamically Computed Target Addresses
421(7)
Imprted Function Obfuscation
428(4)
Targeted Attacks on Analysis Tools
432(1)
Anti-Dynamic Analysis Techniques
433(5)
Detecting Virtualization
433(2)
Detecting Instrumentation
435(1)
Detecting Debuggers
435(1)
Preventing Debugging
436(2)
Static De-obfuscation of Binaries Using IDA
438(17)
Script-Oriented De-obfuscation
438(5)
Emulation-Oriented De-obfuscation
443(12)
Summary
455(2)
Vulnerability Analysis
457(22)
Discovering New Vulnerabilities with IDA
458(7)
After-the-Fact Vulnerability Discovery with IDA
465(4)
IDA and the Exploit-Development Process
469(6)
Stack Frame Breakdown
470(2)
Locating Instruction Sequences
472(1)
Finding Useful Virtual Addresses
473(2)
Analyzing Shellcode
475(2)
Summary
477(2)
Real-World IDA Plug-Ins
479(18)
Hex-Rays
480(1)
IDAPython
481(3)
IDARub
484(1)
IDA Sync
485(3)
collabREate
488(4)
ida-x86emu
492(1)
MIDA
492(2)
Summary
494(3)
PART VI THE IDA DEBUGGER
The IDA Debugger
497(24)
Launching the Debugger
498(3)
Basic Debugger Displays
501(3)
Process Control
504(8)
Breakpoints
505(3)
Tracing
508(3)
Stack Traces
511(1)
Watches
511(1)
Automating Debugger Tasks
512(8)
Scripting Debugger Actions with IDC
512(5)
Automating Debugger Actions with IDA Plug-ins
517(3)
Summary
520(1)
Disassembler/Debugger Integration
521(24)
Background
522(1)
IDA Databases and the IDA Debugger
523(2)
Debugging Obfuscated Code
525(19)
Simple Decryption and Decompression Loops
526(4)
Import Table Reconstruction
530(3)
Hiding the Debugger
533(5)
Dealing with Exceptions
538(6)
Summary
544(1)
Linux, OS X, And Remote Debugging with IDA
545(6)
Console-Mode Debugging
545(2)
Remote Debugging with IDA
547(3)
Exception Handling During Remote Debugging
550(1)
Using Scripts and Plug-ins During Remote Debugging
550(1)
Summary
550(1)
Using IDA Freeware 4.9
551(4)
Restrictions on IDA Freeware
552(1)
Using IDA Freeware
553(2)
IDC/SDK Cross-Reference
555(18)
What's New In IDA 5.3
573(4)
Redesigned Debugger
574(1)
Type Library Support
574(1)
New IDC Functions
574(1)
New API/SDK Functionality
574(1)
Summary
575(2)
Index 577