Dedication | |
Acknowledgments | |
Introduction | |
Introduction to IDA | |
Introduction to Disassembly | |
Disassembly Theory | |
The What of Disassembly | |
The Why of Disassembly | |
The How of Disassembly | |
Summary | |
Reversing and Disassembly Tools | |
Classification Tools | |
Summary Tools | |
Deep Inspection Tools | |
Summary | |
IDA Pro Background | |
Hex-Rays' Stance on Piracy | |
Obtaining IDA Pro | |
IDA Support Resources | |
Your IDA Installation | |
Thoughts on IDA's User Interface | |
Summary; Basic IDA Usage | |
Getting Started with IDA | |
Launching IDA | |
IDA Database Files | |
Introduction to the IDA Desktop | |
Desktop Behavior During Initial Analysis | |
IDA Desktop Tips and Tricks | |
Reporting Bugs | |
Summary | |
IDA Data Displays | |
The Principal IDA Displays | |
Secondary IDA Displays | |
Tertiary IDA Displays | |
Summary | |
Disassembly Navigation | |
Basic IDA Navigation | |
Stack Frames | |
Searching the Database | |
Summary | |
Disassembly Manipulation | |
Names and Naming | |
Commenting in IDA | |
Basic Code Transformations | |
Basic Data Transformations | |
Summary | |
Datatypes and Data Structures | |
Recognizing Data Structure Use | |
Creating IDA Structures | |
Using Structure Templates | |
Importing New Structures | |
Using Standard Structures | |
IDA TIL Files | |
C++ Reversing Primer | |
Summary | |
Cross-References and Graphing | |
Cross-References | |
IDA Graphing | |
Summary | |
The Many Faces of IDA | |
Console Mode IDA | |
Using IDA's Batch Mode | |
Summary; Advanced IDA Usage | |
Customizing IDA | |
Configuration Files | |
Additional IDA Configuration Options | |
Summary | |
Library Recognition Using FLIRT Signatures | |
Fast Library Identification and Recognition Technology | |
Applying FLIRT Signatures | |
Creating FLIRT Signature Files | |
Summary | |
Extending IDA's Knowledge | |
Augmenting Function Information | |
Augmenting Predefined Comments with loadint | |
Summary | |
Patching Binaries and Other IDA Limitations | |
The Infamous Patch Program Menu | |
IDA Output Files and Patch Generation | |
Summary; Extending IDA's Capabilities | |
IDA Scripting | |
Basic Script Execution | |
The IDC Language | |
Associating IDC Scripts with Hotkeys | |
Useful IDC Functions | |
IDC Scripting Examples | |
IDAPython | |
IDAPython Scripting Examples | |
Summary | |
The IDA Software Development Kit | |
SDK Introduction | |
The IDA Application Programming Interface | |
Summary | |
The IDA Plug-in Architecture | |
Writing a Plug-in | |
Building Your Plug-ins | |
Installing Plug-ins | |
Configuring Plug-ins | |
Extending IDC | |
Plug-in User Interface Options | |
Scripted Plug-ins | |
Summary | |
Binary Files and IDA Loader Modules | |
Unknown File Analysis | |
Manually Loading a Windows PE File | |
IDA Loader Modules | |
Writing an IDA Loader Using the SDK | |
Alternative Loader Strategies | |
Writing a Scripted Loader | |
Summary | |
IDA Processor Modules | |
Python Byte Code | |
The Python Interpreter | |
Writing a Processor Module Using the SDK | |
Building Processor Modules | |
Customizing Existing Processors | |
Processor Module Architecture | |
Scripting a Processor Module | |
Summary; Real-World Applications | |
Compiler Personalities | |
Jump Tables and Switch Statements | |
RTTI Implementations | |
Locating main | |
Debug vs. Release Binaries | |
Alternative Calling Conventions | |
Summary | |
Obfuscated Code Analysis | |
Anti–Static Analysis Techniques | |
Anti–Dynamic Analysis Techniques | |
Static De-obfuscation of Binaries Using IDA | |
Virtual Machine-Based Obfuscation | |
Summary | |
Vulnerability Analysis | |
Discovering New Vulnerabilities with IDA | |
After-the-Fact Vulnerability Discovery with IDA | |
IDA and the Exploit-Development Process | |
Analyzing Shellcode | |
Summary | |
Real-World IDA Plug-ins | |
Hex-Rays | |
IDAPython | |
collabREate | |
ida-x86emu | |
Class Informer | |
MyNav | |
IdaPdf | |
Summary; The IDA Debugger | |
The IDA Debugger | |
Launching the Debugger | |
Basic Debuuuuuugger Displays | |
Process Control | |
Automating Debugger Tasks | |
Summary | |
Disassembler/Debugger Integration | |
Background | |
IDA Databases and the IDA Debugger | |
Debugging Obfuscated Code | |
IdaStealth | |
Dealing with Exceptions | |
Summary | |
Additional Debugger Features | |
Remote Debugging with IDA | |
Debugging with Bochs | |
Appcall | |
Summary; Using IDA Freeware 5.0 | |
Restrictions on IDA Freeware | |
Using IDA Freeware; IDC/SDK Cross-Reference; | |
Table of Contents provided by Publisher. All Rights Reserved. |