On This Page

THE IDA PRO ADVANCED COURSE: REVERSE ENGINEERING WITH IDA PRO

Chris Eagle | July 24-25



Overview

The need for reverse engineering binary software components arises in more and more contexts every day. Common cases include analysis of malicious software such as viruses, worms, trojans and rootkits, analyzing binary drivers in order to develop open source drivers for alternate platforms, analyzing closed source software for security flaws, and source code recovery in legacy systems. The first step in such an analysis is generally the acquisition of a high quality disassembly of the binary component. Ida Pro is touted as the premier disassembler available today, capable of disassembling machine languages for a large number of microprocessors and micro controllers. This course will cover advanced features of Ida that may be used to work through challenging reverse engineering problems. This course is taught using primarily x86 and ARM assembly language.

Who Should Take this Course

This course is intended for students who are already familiar with Ida and are interested in learning how to make use of Ida's advanced features. Students should be comfortable with all of the topics listed under "The Ida BASIC Course." Topics to be covered in this course include signature creation with FLIRT, scripting with Python, plugin, loader, and processor module development, batch mode usage, advanced Ida debugger usage, dealing with obfuscated code, and anti-debugging.

Student Requirements

In addition to the content of the Ida Basic Course content, students should be familiar with Python, C, C++, and x86 assembly language. Familiarity with ARM assembly language is a plus.

What Students Should Bring

Students should bring their own laptops with an installed version of Ida Starter or Ida Professional 6.95 or greater (available for Windows, Mac, or Linux). Also required are Adobe Reader or other pdf reader, unzip utility (.zip .gz .tgz) and an appropriate build environment for their version of Ida (Visual Studio C++ 2010 (or newer) for Windows, g++/make for Linux/Mac). Laptops should be pre-configured with a working 32-bit Python 2.7 installation. No guarantee is made that students attempting to complete the course using the demo version of Ida will be able to complete every exercise.

What Students Will Be Provided With

Printed course notes, CD or USB stick with digital copy of course notes and additional course materials used throughout the course

Trainers

Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for over 30 years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering. He was the chief architect of the competition infrastructure for DARPA's Cyber Grand Challenge. He has been a speaker at conferences such as Black Hat, Shmoocon, and Defcon and is the author of "The IDA Pro Book". In his spare time he is an inveterate CTF player and has twice won the prestigious capture the flag competition at Defcon.