| Dedication | |
| Acknowledgments | |
| Introduction | |
| Introduction to IDA | |
| Introduction to Disassembly | |
| Disassembly Theory | |
| The What of Disassembly | |
| The Why of Disassembly | |
| The How of Disassembly | |
| Summary | |
| Reversing and Disassembly Tools | |
| Classification Tools | |
| Summary Tools | |
| Deep Inspection Tools | |
| Summary | |
| IDA Pro Background | |
| Hex-Rays' Stance on Piracy | |
| Obtaining IDA Pro | |
| IDA Support Resources | |
| Your IDA Installation | |
| Thoughts on IDA's User Interface | |
| Summary; Basic IDA Usage | |
| Getting Started with IDA | |
| Launching IDA | |
| IDA Database Files | |
| Introduction to the IDA Desktop | |
| Desktop Behavior During Initial Analysis | |
| IDA Desktop Tips and Tricks | |
| Reporting Bugs | |
| Summary | |
| IDA Data Displays | |
| The Principal IDA Displays | |
| Secondary IDA Displays | |
| Tertiary IDA Displays | |
| Summary | |
| Disassembly Navigation | |
| Basic IDA Navigation | |
| Stack Frames | |
| Searching the Database | |
| Summary | |
| Disassembly Manipulation | |
| Names and Naming | |
| Commenting in IDA | |
| Basic Code Transformations | |
| Basic Data Transformations | |
| Summary | |
| Datatypes and Data Structures | |
| Recognizing Data Structure Use | |
| Creating IDA Structures | |
| Using Structure Templates | |
| Importing New Structures | |
| Using Standard Structures | |
| IDA TIL Files | |
| C++ Reversing Primer | |
| Summary | |
| Cross-References and Graphing | |
| Cross-References | |
| IDA Graphing | |
| Summary | |
| The Many Faces of IDA | |
| Console Mode IDA | |
| Using IDA's Batch Mode | |
| Summary; Advanced IDA Usage | |
| Customizing IDA | |
| Configuration Files | |
| Additional IDA Configuration Options | |
| Summary | |
| Library Recognition Using FLIRT Signatures | |
| Fast Library Identification and Recognition Technology | |
| Applying FLIRT Signatures | |
| Creating FLIRT Signature Files | |
| Summary | |
| Extending IDA's Knowledge | |
| Augmenting Function Information | |
| Augmenting Predefined Comments with loadint | |
| Summary | |
| Patching Binaries and Other IDA Limitations | |
| The Infamous Patch Program Menu | |
| IDA Output Files and Patch Generation | |
| Summary; Extending IDA's Capabilities | |
| IDA Scripting | |
| Basic Script Execution | |
| The IDC Language | |
| Associating IDC Scripts with Hotkeys | |
| Useful IDC Functions | |
| IDC Scripting Examples | |
| IDAPython | |
| IDAPython Scripting Examples | |
| Summary | |
| The IDA Software Development Kit | |
| SDK Introduction | |
| The IDA Application Programming Interface | |
| Summary | |
| The IDA Plug-in Architecture | |
| Writing a Plug-in | |
| Building Your Plug-ins | |
| Installing Plug-ins | |
| Configuring Plug-ins | |
| Extending IDC | |
| Plug-in User Interface Options | |
| Scripted Plug-ins | |
| Summary | |
| Binary Files and IDA Loader Modules | |
| Unknown File Analysis | |
| Manually Loading a Windows PE File | |
| IDA Loader Modules | |
| Writing an IDA Loader Using the SDK | |
| Alternative Loader Strategies | |
| Writing a Scripted Loader | |
| Summary | |
| IDA Processor Modules | |
| Python Byte Code | |
| The Python Interpreter | |
| Writing a Processor Module Using the SDK | |
| Building Processor Modules | |
| Customizing Existing Processors | |
| Processor Module Architecture | |
| Scripting a Processor Module | |
| Summary; Real-World Applications | |
| Compiler Personalities | |
| Jump Tables and Switch Statements | |
| RTTI Implementations | |
| Locating main | |
| Debug vs. Release Binaries | |
| Alternative Calling Conventions | |
| Summary | |
| Obfuscated Code Analysis | |
| Anti–Static Analysis Techniques | |
| Anti–Dynamic Analysis Techniques | |
| Static De-obfuscation of Binaries Using IDA | |
| Virtual Machine-Based Obfuscation | |
| Summary | |
| Vulnerability Analysis | |
| Discovering New Vulnerabilities with IDA | |
| After-the-Fact Vulnerability Discovery with IDA | |
| IDA and the Exploit-Development Process | |
| Analyzing Shellcode | |
| Summary | |
| Real-World IDA Plug-ins | |
| Hex-Rays | |
| IDAPython | |
| collabREate | |
| ida-x86emu | |
| Class Informer | |
| MyNav | |
| IdaPdf | |
| Summary; The IDA Debugger | |
| The IDA Debugger | |
| Launching the Debugger | |
| Basic Debuuuuuugger Displays | |
| Process Control | |
| Automating Debugger Tasks | |
| Summary | |
| Disassembler/Debugger Integration | |
| Background | |
| IDA Databases and the IDA Debugger | |
| Debugging Obfuscated Code | |
| IdaStealth | |
| Dealing with Exceptions | |
| Summary | |
| Additional Debugger Features | |
| Remote Debugging with IDA | |
| Debugging with Bochs | |
| Appcall | |
| Summary; Using IDA Freeware 5.0 | |
| Restrictions on IDA Freeware | |
| Using IDA Freeware; IDC/SDK Cross-Reference; | |
| Table of Contents provided by Publisher. All Rights Reserved. |
