The IDA Pro Advanced Course
Overview
The need for reverse engineering binary software components arises in more and more contexts every day. Common cases include analysis of malicious software such as viruses, worms, trojans and rootkits, analyzing binary drivers in order to develop open source drivers for alternate platforms, analyzing closed source software for security flaws, and source code recovery in legacy systems. The first step in such an analysis is generally the acquisition of a high quality disassembly of the binary component. Ida Pro is touted as the premier disassembler available today, capable of disassembling machine languages for a large number of microprocessors and micro controllers. This course will cover advanced features of Ida that may be used to work through challenging reverse engineering problems. This course is taught using primarily x86 and ARM assembly language.
Who Should Take this Course
This course is intended for students who are already familiar with Ida and are interested in learning how to make use of Ida's advanced features. Students should be comfortable with all of the topics listed under "The Ida BASIC Course." Topics to be covered in this course include signature creation with FLIRT, scripting with Python, plugin, loader, and processor module development, batch mode usage, advanced Ida debugger usage, dealing with obfuscated code, and anti-debugging.
Student Requirements
In addition to the content of the Ida Basic Course content, students should be familiar with Python, C, C++, and x86 assembly language. Familiarity with ARM assembly language is a plus.
What Students Should Bring
Students should bring their own laptops with an installed version of Ida Starter or Ida Professional 7.0 or greater (available for Windows, Mac, or Linux). Also required are Adobe Reader or other pdf reader, unzip utility (.zip .gz .tgz) and an appropriate 64-bit build environment for their version of Ida (Visual Studio C++ 2013 (or newer) for Windows, g++/make for Linux/Mac). Laptops should be pre-configured with a working 64-bit Python 2.7 installation. No guarantee is made that students attempting to complete the course using older or demo versions of Ida will be able to complete every exercise.
What Students Will Be Provided With
Printed course notes and USB stick with digital copy of course notes and additional course materials used throughout the course
Trainers
Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for over 30 years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering. He was the chief architect of the competition infrastructure for DARPA's Cyber Grand Challenge. He has been a speaker at conferences such as Black Hat, Shmoocon, and Defcon and is the author of "The IDA Pro Book". In his spare time he is an inveterate CTF player and has twice won the prestigious capture the flag competition at Defcon.