The need for reverse engineering binary software components arises in more and more contexts every day. Common cases include analysis of malicious software such as viruses, worms, trojans and rootkits, analyzing binary drivers in order to develop open source drivers for alternate platforms, analyzing closed source software for security flaws, and source code recovery in legacy systems. The first step in such an analysis is generally the acquisition of a high quality disassembly of the binary component. Ida Pro is touted as the premier disassembler available today, capable of disassembling machine languages for a large number of microprocessors and micro controllers. This course will cover essential features of Ida that anyone looking to begin using this tool should be familiar with. This course is taught using x86, 32-bit, assembly language.
This course is intended for students who have little to no prior experience using Ida and are interested in learning how to make use of Ida's basic capabilities. Topics to be covered in this course include a gentle introduction to disassembler theory, an overview of common binary file formats, understanding and using the most common Ida display views, what compiler generated code looks like for most common C language control structures including calling conventions for passing function arguments, how to recognize andanalyze complex data structures including C++ classes, and a basic introduction to scripting with Ida Python and the use of 3rd partyplugins.
Students should be familiar w ith x86 assembly language. Familiarity w ith C, C++, and Python are a plus.
Students should bring their own laptops with an installed version of Ida Starter or Ida Professional 6.0 or greater (available for Windows, Mac, or Linux). Also required are Adobe Reader or other pdf reader and an unzip utility (.zip .gz .tgz). Laptops should be pre-configured with a w orking 32-bit Python 2.7 installation. No guarantee is made that students attempting to complete the courseusing the demo version of Ida will be able to complete every exercise.
Printed course notes, CD or USB stick with digital copy of course notes and additional course materials used throughout the course.
Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 28+ years, his research interests include computer netw ork operations, computer forensics and reverse/antireverseengineering. He has been a speaker at conferences such as Black Hat, DEF CON, CodeCon, and Shmoocon and is the author of "The IDA Pro Book", the definitive guide to IDA Pro. He is a tw o time w inner of the Defcon CTF competition and is currently helping to build the DARPA Cyber Grand Challenge.