Book Review: The IDA Pro Book

Chris Eagle’s long-awaited The IDA Pro Book has a very straightforward title, but it is perhaps the most descriptive title possible for this book.  It is simply the IDA Pro book.  The book weighs in at 640 pages and really does an excellent job of covering everything from the basic usage of IDA to using the SDK to extend IDA’s capabilities.  While IDA Pro comes with documentation, it is nowhere near as comprehensive or easy to read.

Chris Eagle is clearly an excellent educator, as he makes the sometimes very dense and technically involved material easy to read and understand and also chooses his examples well.  One of my personal favorites is an extended example on writing an IDA processor module for Python bytecode.  The bytecode’s simple stack language made it easy to focus on the specifics of writing IDA processor modules without getting bogged down in architectural details.  The amount of material spent on how to extend IDA is also unique to this book.

This book does not cover the basics of the x86 architecture and x86 assembly, so it is assumed that the reader is already familiar with it.  The book also does not spend too much time on showing how to identify high-level language constructs (functions, C++ virtual methods, switch tables, loops, etc) in assembly.  After all, this is a book on how to use IDA, not a book on how to read disassembly.  For an extensive treatment on how to read disassembly, check out Kris Kaspersky’s Hacker Disassembling Uncovered or Eldad Eilam’s Reversing: Secrets of Reverse Engineering.

There are several skill levels of IDA Pro users.  The casual (can follow strings or imports references to interesting functions), experienced (can use custom structures to make code easier to read), advanced (can turn assembly into C pseudocode manually), and professional (can write custom IDC scripts and plugins to automate repetitive and/or difficult tasks).  This book makes getting to the higher levels much easier and should really be considered an essential purchase along with an IDA license for any serious user.

Follow

Get every new post delivered to your Inbox.

Join 3,863 other followers