On This Page

The Ida Pro Basic Course: Reverse Engineering with Ida Pro

Chris Eagle | August 1-2



Overview

The need for reverse engineering binary software components arises in more and more contexts every day. Common cases include analysis of malicious software such as viruses, worms, trojans and rootkits, analyzing binary drivers in order to develop open source drivers for alternate platforms, analyzing closed source software for security flaws, and source code recovery in legacy systems. The first step in such an analysis is generally the acquisition of a high quality disassembly of the binary component. Ida Pro is touted as the premier disassembler available today, capable of disassembling machine languages for a large number of microprocessors and micro controllers. This course will cover essential features of Ida that anyone looking to begin using this tool should be familiar with. This course is taught using x86, 32-bit, assembly language.

Who Should Take this Course

This course is intended for students who have little to no prior experience using Ida and are interested in learning how to make use of Ida's basic capabilities. Topics to be covered in this course include a gentle introduction to disassembler theory, an overview of common binary file formats, understanding and using the most common Ida display views, what compiler generated code looks like for most common C language control structures including calling conventions for passing function arguments, how to recognize and analyze complex data structures including C++ classes, and a basic introduction to scripting with Ida Python and the use of 3rd party plugins.

Student Requirements

Students should be familiar with x86 assembly language. Familiarity with C, C++, and Python are a plus.

What Students Should Bring

Students should bring their own laptops with an installed version of Ida Starter or Ida Professional 6.0 or greater (available for Windows, Mac, or Linux). Also required are Adobe Reader or other pdf reader and an unzip utility (.zip .gz .tgz). Laptops should be pre-configured with a working 32-bit Python 2.7 installation. No guarantee is made that students attempting to complete the course using the demo version of Ida will be able to complete every exercise.

What Students Will Be Provided With

Printed course notes, CD or USB stick with digital copy of course notes and additional course materials used throughout the course.

Trainers

Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 29+ years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering. He has been a speaker at conferences such as Black Hat, DEF CON, CodeCon, and Shmoocon and is the author of "The IDA Pro Book," the definitive guide to IDA Pro. He is a two time winner of the Defcon CTF competition and is currently helping to build the DARPA Cyber Grand Challenge.