Customer Reviews

The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler

5 star:		(17)
4 star:		(0)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

Second Edition Review:
If you are considering any other book about IDA Pro Don't bother, as The IDA Pro Book Second Edition is the only book on IDA Pro that you will need.

The overall structure of the Second Edition is unchanged, which is not a bad thing. The structure Chris Eagle uses allows for inexperienced users to get spun up on the basics of IDA Pro while allowing experienced users to jump into more advanced topics.

The author has an excellent method of elaborating concepts. A Novice user can easily follow the examples and build knowledge as they dive deeper into the book. Experienced users should not be put off by this, the first half of the book may be aimed at the Novice, but the second half is packed with much deeper information on more advanced topics.

If you've read the first edition and take a look at the table of contents for the second edition you may be deceived into thinking very little has changed. In fact, you'd be wrong as the second edition offers much more coverage of IDA Python. The second edition also brings users up to speed on the latest editions to IDA Pro to include Scriptable Plugins, Loader Modules and Scriptable Processor Modules. The Second Edition has an increased number of examples using IDA Python, whereas the examples from the first editions were largely only in C using IDC /SDK.

The Likes & Dislikes of the book remain the same as my review for the first edition. Although, after considering my only dislike I must admit that my suggestion is somewhat beyond the scope of the book.

Bottom line on the Second Edition: If you are new to IDA Pro you NEED this book. If you are experienced with IDA Pro I still suggest picking it up!


First Edition Review:
I was able to pick up a pre-released copy of The IDA Pro book at Defcon in the vendor area, thanks to Adam from No Starch. This book is not an introduction to reverse engineering, its a hard core manual for IDA Pro. IDA Pro is a critical weapon in any reverser's arsenal, so proficiency in this tool is paramount to your success in reverse engineering. If you are new to IDA Pro you need this book, even if you've been working with IDA for a while you will more than likely learn quite a few things after reading it. Unlike the two other books I've read on IDA Pro this book has no fluff or filler, its solid information! The funny thing when comparing it to the other two IDA books is its thicker than both combined, and contains an exponentially larger amount of information.

The author takes time to explain things in a very clear manner as you walk through from an introduction to the tool to more advanced usage such as customizing, extending IDA, debugging, and dealing with obfuscated code. The author answered questions I had been spent weeks asking and searching the Internet for.


Likes:

Just about everything. The author walks you through plenty of code and discusses scenarios where you could apply the information he is giving you. The fact that he took his time to elaborate on why, and when you might use a piece of information is unlike many authors whom will give you information and leave the reader wondering "What would I use that for".

This book does not just talk about Win32 and Portable Executable format, ELF binaries have a continual guest appearance throughout the book, and firmware/binaries are mentioned in numerous chapters.

Side bar elaboration is kept to a minimum, I often find in texts that an author will go on about background information that does not add anything significant to what I am reading. Chris Eagle keeps this to a minimum adding small side bars when necessary but only take up a small amount of real estate.


Dislikes

My only dislike of this book was the use of PE format as the example in chapter 18 - Binary Files and Ida Loader modules. Despite the use of a well known format chosen for this example the concepts were clearly displayed. I think it would have made it more interesting if the author had used a lesser known format, or do as the author of "Reversing, Secrets of Reverse Engineers" did and create his own binary.

IDA Pro is a tool that I always tentatively held at arms length. The magnitude of its complexity and lack of accessible documentation (in the form of vague web tutorials, advanced technical docs that were over my head, and half-remembered bits of advice) kept me from fully embracing this useful tool. Chris Eagle's book is the book I wish I had years ago.

The IDA Pro Book is the first book you should read if you are interested in IDA Pro, or disassembly and reverse engineering in general. It is also a book that intermediate and expert IDA Pro users can learn something new from as well.

The book focuses on IDA Pro, while delving into other related topics (assembly, binary formats, variations between compilers, etc.) to give the reader a general understanding but not so much as to be distracting. There is little fluff material, but plenty of concise, practical examples and scenarios.

As much as I enjoyed The Shellcoder's Handbook and Reversing: Secrets of Reverse Engineering, I would say reading The IDA Pro Book first would be an excellent primer.

This is a really good book. Definitively a complete reference on IDA Pro. Chris Eagle has gone to great lengths to put in the detailed screenshots and examples to illustrate the power of IDA. There are chapters on IDC scripting, reversing obfuscated code, etc. Every small feature of IDA is well documented. This book is a good reference for novice to advanced users. One thing that is missing (may not technically be termed missing because it was released after the book was published) is the bochs emulator support using IDA Plugins. Since it is a plugin, it cannot technically be termed missing but would have been cool to read about in this book...may be in the next edition. This is a definite buy for reverse engineering enthusiasts.

Honestly, when picking up a book that is focused on a single tool, as in this case, my main concerns are: how linked (and limited) the content is to the tool and its capabilities, if the book can become obsolete soon with new versions of the tool, and what else the material offers to the specific field out of the tool.

In this case, it is fair to say that IDA Pro ([...]) is the most popular disassembly tool (and debugger now) in the market during the last decade, so covering it is like going deeper into the field of malware analysis, software reverse engineer and vulnerability research. Beginners can start playing with the evaluation version, while professionals have been using the Pro version for a long time.

Apart from that, the moment I realize Chris Eagle was the book author, it added some excitement to the mix. I know Chris when we released the Scan of the Month 32 challenge on the Honeynet Project ([...]), back in 2004. The challenge was focused on analyzing a home-made malware binary, called RaDa, and Chris was the winner ([...]); he even developed an IDA Pro script to unpack the binary and solve it.

Therefore, the book title does not make any justice to its contents :), as this is not only The IDA PRO Book or the unofficial guide, but the modern software disassembly (static binary analysis) masterpiece and The IDA Pro Bible.

The first two chapters are a must for anyone starting in the world of reversing and disassembly. Something I really liked about the introductory chapters is how the author establishes the relationships between the different functionality available in IDA, and other (more traditional) single tools offering similar capabilities.

Then, the book goes in depth into IDA, getting started, covering the interactive interface and navigation capabilities, including the well-known and the most hidden features, explaining how to manage data types, structures and projects, the beauty of cross-references and graphs, and how to extend and customize IDA for extra advanced analysis (libraries, IDC scripts, plugins, modules, etc). It offers the advance readers the required skills and tools to move their analysis activities to the next level.

Every chapter is preceded by a great introduction explaining what is it about, and when and why this chapter is important for the analyst. Chapters do not simply move over the different menus and capabilities of IDA Pro, but describe them within a context based on the author experience after years of binary analysis, going in depth into the essence and goal of a given feature, the way to use it and the common drawbacks. Chris also uses his experience to highlight what is the most typical finding and tool output in various scenarios and why.

The book ends up with a few chapters that challenge the reader to put in action the skills learned throughout the book into real-world applications. Finally, it covers the new debugging capabilities (dynamic binary analysis) available since IDA version 4.5. For those starting in the field, appendix A points out the differences between the free and the commercial IDA version, and how these may influence your interest on specific book chapters.

The book is highly recommended to both beginners and intermediate/advanced users and professionals, and definitely it is a dense (like the tool it covers) but very easy to read book that becomes a reference in your bookshelves the minute it reaches your hands. Besides that, its contents won't easily become obsolete with new IDA Pro version. It is not a book to read in a couple of nights; this is the kind of "practical" book that I strongly recommend to read with a computer and a running copy of IDA handy, so that you can test all the tips and tricks and practice the topics being discussed.

I have a few IDA Pro books at home. Luckily, I can throw out all the rest now thanks to Chris Eagle's wonderful contribution. I also tried quite hard to discover technical errors in this book, but there are very few. This book is solid. Cheers to the author! The 2nd edition updates and improves the content by expanding on new features added in IDA Pro 6.x. Highly recommended!!!

This book is so much more than a manual enabling the novice (or advanced user) to exploit the features of IDA PRO as a Disassembler/Debugger; it is everything a technical book should be
in providing instruction, context and even wisdom. I have a thirty-year old CS Masters and its been almost that long since I used assembly language extensively (I also have an MBA :-) ).
While the introduction makes clear that a major goal of this book is to instruct in Reverse Engineering (which it does excellently), it also provides they why's and wherefores of performing this sort of analysis, and gives a vivid picture of the relationship between a family of Software Engineering tools such as Compilers, Linker/Loaders, Library Management Tools,
and Debuggers. This sort of "why do it?" and "what does it mean?" sort of explanation proceeds throughout the volume and I found was excellently illustrated by the excellent description of stack frames on pages 83-98 which certainly refreshed my understanding of compiler mechanics.

I find this sort of superior organization and imparting of "why" as well as "how" knowledge only in the very best of technical books; this is done here without neglecting to illustrate how the advanced user can obtain the greatest use of this tool through customization, scripting and integration with the Operating System. The author is Senior Lecturer at the prestigious Naval Postgraduate School, and active participant in the Computer Security and White Hat Hacking community.

--Ira Laefsky, MSE(CS)/MBA IT Consultant and HCI Researcher
formerly on the Senior Consulting Staff of Arthur D. Little, Inc. and DIGITAL Equipment Corporation

Absolutely essential book for using and extending IDA Pro. It can be a little sparse in places, but gives the "big picture" that the IDA Pro documentation lacks. It's section on setting up the development environment for building extensions alone is worth the price of the book.

This is an amazingly complete book, written in a clear and understandable manner. It covers not only IDA Pro, but reverse engineering in general. I hope the author keeps it up-to-date as IDA grows quickly. More material on debuggers might be useful since 5.5 and above really added more support for them.

The only addition I would recommend is a "tips and tricks" website for common IDA idiosyncracies. For example, if you try to enumerate strings via a plugin but the Strings subview is not open, the list will be empty. This is because the strings processing is delayed until required. The author has the expertise to create this kind of resource. How about it?

I highly recommend buying this book.

Very good book!

The ~600 pages are stuffed with good information; but they're easily navigable via the 12 page content list, though.

Especially helpful is the plugin list - it shows which problems are already solved, so that similar situations can be economically handled.

See also the books homepage at <...>

A MUST READ for people having to use deassemblers!

IDA Pro is the worlds leading disassembler. This means that given a binary file without any source code IDA Pro will reverse engineer that file and attempt to give you something quite close to the original source.

"The IDA Pro Book" by Chris Eagle, published by No Starch Press, is the book for anyone working with IDA. Chris Eagle is certainly an expert with both Disassembly and IDA Pro.

The first chapters of the book will catch any novice up to speed. However, Intermediate and Advanced users may also benefit from Eagles' refresher on the world of disassembly and reverse engineering tools.

The book provides many great examples that are easy to follow along and complete yourself. Any of the code examples used in the book are available online.

Eagle is extremely confident in his writing which comforts the reader as he walks you through steps to become an IDA Pro wizard. The author uses technical terms proficiently throughout the book, but he takes good care to explain any new or unfamiliar terms to reader.

The more advanced sections of the book cover everything from Scripting in IDA with Python to Virtual Machine based obfuscation. Even IDA Pro experts must have a copy on their shelf.

In the first appendix Eagle reminds us that Hex-Rays,the company managing the IDA project, has released an older less sophisticated version of IDA as freeware(V5.0). With many versions of the software out there some users may be skeptical about whether or not this book will fulfill their needs, and how long will it be relevant? This is the book you are looking for, and even with the ever changing software releases Eagle has written in such a way that the book will be extremely relevant for a good time to come.

printf("Happy Coding!");

<...>
Scott J. Krieder
Small Town Geeks
scott@smalltowngeeks.net
<...>