If you want to master the art and science of reverse engineering code with IDA Pro for security R&D or software debugging, this is the book for you. Highly organized and sophisticated criminal entities are constantly developing more complex, obfuscated, and armored viruses, worms, Trojans, and botnets. IDA Pros interactive interface and programmable development language provide you with complete control over code disassembly and debugging. This is the only book which focuses exclusively on the worlds most powerful and popular took for reverse engineering code.
*Reverse Engineer REAL Hostile Code with Dan Kaminsky To follow along with this chapter, you must download a file called !DANGER!INFECTEDMALWARE!DANGER!... nuff said. *Download the Code! The companion Web site to this book offers up really evil code for you to reverse engineer and really nice code for you to automate tasks with the IDC Scripting Language. *Portable Executable (PE) and Executable and Linking Formats (ELF) Understand the physical layout of PE and ELF files, and analyze the components that are essential to reverse engineering. *Break Hostile Code Armor and Write your own Exploits Understand execution flow, trace functions, recover hard coded passwords, find vulnerable functions, backtrace execution, and craft a buffer overflow. *Master Debugging Debug in IDA Pro, use a debugger while reverse engineering, perform heap and stack access modification, and use other debuggers. *Stop Anti-Reversing Anti-reversing, like reverse engineering or coding in assembly, is an art form. The trick of course is to try to stop the person reversing the application. Find out how! *Track a Protocol through a Binary and Recover its Message Structure Trace execution flow from a read event, determine the structure of a protocol, determine if the protocol has any undocumented messages, and use IDA Pro to determine the functions that process a particular message. *Develop IDA Scripts and Plug-ins Learn the basics of IDA scripting and syntax, and write IDC scripts and plug-ins to automate even the most complex tasks.
Spotlight customer reviews:
Customer Rating: Summary: Does not meet its objective and falls very short Comment: I agree with the other reviewer [Wuping Xin] that the authors are very knowledgable, but if we have to speak about the book itself and forget about the authors -which of course are authoritative- I think it falls short. Let me explain.
What's the target audience here? Should the reader be comfortable with IA32 instructions? Because the book tries to explain something about assembly, but it is so short that I don't even understand why filling a few pages with that. Also, the book does many assumptions about what the reader should know, how the IDA screen will look like (if you download the free version and do EXACTLY as they say, you won't have the same on the screen), etc.
And finally, there is information in the index of a chapter, but the pages are not there! It is not a problem of my book, it is a problem of the edition itself!
Chapter 1: Introduction - Five pages. Two screenshots of IDA and about 300 words. In my opinion, even the introduction fell short. Absolutely nothing to learn here. Just two screenshots of IDA.
Chapter 2: Assembly and RevEng Basics 27 pages of what? 27 pages that if you are a beginner (who does not know anything about ASM) better not to read it because you will really want to run away ASM. If you have an intermediate level, you won't believe the assumptions that the author of this part made. It's like trying to compress the Britannica in 4 pages. Come on, it's much better to point the reader to a good ASM book or webpage. Trying to do a "complete" book that packs everything needed inside, is a fantasy.
In other words, this Assembly Basics chapter is not targeting any reader. No reader will benefit from that, and if I'm wrong, I would love to know.
Chapter 3: PE and ELF Formats Can you imagine something more boring to start with? Imaging trying to learn something that is fun and long. OK, now imagine starting from the most boring parts. Hey! A book is not a blog where you just drop unsorted info. It is a book. The authors and editor should take care of the order and to choose the best material for it. I can't believe that a reader who wants to learn RevEng with IDA Pro should read all this before going to the good staff.
Chapter 4: Walktroughs One and Two Now this chapter is really funny. The page 67 (Chapter 4) claims to have this items:
Understanding Execution Flow, Tracing Functions, Recovering Hard Coded Password, Finding Vulnerable Functions, Backtracing Execution, Crafting a Buffer Overflow.
The problem is that the editors (Syngress) forgot to include the latest three. Yes, exactly as you hear it: the editors forgot to place those pages on the book. What to listen again? The book says it has ABCDEF but when you open it, it has only ABC. If you have it on your hands, go to page 67 check it by yourself.
So because those "vanished chapters" were very interesting for me, I mailed the customercare of syngress three times: May 21, June 03, and June 10. No reponses from them.
Syngress does not seem to care a lot because they did not even reply to my emails.
In one line, the book falls very short on everything. You won't learn IDA from here. The samples are not EXACTLY as you will get on your screen. There are parts of the book that do not exist, and the authors do many assumptions. If you want to learn about the subject, I suggest you going with: [Advanced Windows Debugging - Mario Hewardt] and [Reversing: Secrets of Reverse Engineering - Eldad Eilam].
Good luck with your RevEng quest, and if you become a master, join the good guys! :) (And write good books) :) Customer Rating: Summary: Good hands-on tutorial on reverse engineering Comment: This book can be used as a hand-on tutorial for using IDA Pro. The authors are very knowledgable and authoritative on the subject.
In all, perhaps I think the book should better be read together with Jeffery Richer's Windows via C/C++ and Reversing: Secret of Reverse Engineering by Eilam, for best learning curve.
Jeffery's book can make up for the knowledge of Windows OS, and Eilam's book is more "academic"-oriented than this book.
