Tech Quarto
Search Advanced SearchView Cart   Checkout   
 Location:  Home » Computer Science » Privacy » Reverse Engineering Code with IDA Pro  
Categories
Computer Science
The Internet
For Dummies
Web Browsers
Windows
Digital Culture
Multimedia
Mobile & Wireless
Subcategories
Mass Market
Trade
Related Categories
• Privacy
Business & Culture
Computers & Internet
Subjects
Books
• Network Security
Networking
Computers & Internet
Subjects
Books
• Software Development
Software Design, Testing & Engineering
Programming
Computers & Internet
Subjects
• General
Programming
Computers & Internet
Subjects
Books
• General
Programming
Web Development
Computers & Internet
Subjects
• General
Computers & Internet
Subjects
Books
• General
Software
Computers & Internet
Subjects
Books
• Programming Languages
Computer Science
New & Used Textbooks
Custom Stores
Specialty Stores
• Software Design & Engineering
Computer Science
New & Used Textbooks
Custom Stores
Specialty Stores
• General AAS
Computer Science
New & Used Textbooks
Custom Stores
Specialty Stores
• General AAS
New & Used Textbooks
Custom Stores
Specialty Stores
Books
• General AAS
Qualifying Textbooks
Custom Stores
Specialty Stores
Books
• Paperback
Binding (binding)
Refinements
Books
• Printed Books
Format (feature_browse-bin)
Refinements
Books
Visit Laptop Nirvana for the best Cheap Discount Laptops

Reverse Engineering Code with IDA Pro

Reverse Engineering Code with IDA Pro

zoom enlarge 		Author: Ioactive
Publisher: Syngress
Category: Book

List Price: $49.95
Buy New: $29.50
You Save: $20.45 (41%)



New (23) Used (7) from $26.55

Avg. Customer Rating: 1.5 out of 5 stars 5 reviews
Sales Rank: 243119

Media: Paperback
Edition: 1st
Number Of Items: 1
Pages: 316
Shipping Weight (lbs): 1.5
Dimensions (in): 9 x 7.5 x 0.9

ISBN: 159749237X
Dewey Decimal Number: 005
EAN: 9781597492379
ASIN: 159749237X

Publication Date: March 12, 2008
Availability: Usually ships in 1-2 business days
Condition: BRAND NEW BOOK, CLEAN AND UN-USED. SHIPPED SECURELY IN A BOX.
Similar Items:

  • Advanced Windows Debugging (Addison-Wesley Microsoft Technology Series)
  • The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
  • Reversing: Secrets of Reverse Engineering
  • Hacking: The Art of Exploitat 2nd Edition
  • BIOS Disassembly Ninjutsu Uncovered (Uncovered series)
Editorial Reviews:

Product Description
If you want to master the art and science of reverse engineering code with IDA Pro for security R&D or software debugging, this is the book for you. Highly organized and sophisticated criminal entities are constantly developing more complex, obfuscated, and armored viruses, worms, Trojans, and botnets. IDA Pro's interactive interface and programmable development language provide you with complete control over code disassembly and debugging. This is the only book which focuses exclusively on the world's most powerful and popular took for reverse engineering code.

*Reverse Engineer REAL Hostile Code
To follow along with this chapter, you must download a file called !DANGER!INFECTEDMALWARE!DANGER!... 'nuff said.
*Download the Code!
The companion Web site to this book offers up really evil code for you to reverse engineer and really nice code for you to automate tasks with the IDC Scripting Language.
*Portable Executable (PE) and Executable and Linking Formats (ELF)
Understand the physical layout of PE and ELF files, and analyze the components that are essential to reverse engineering.
*Break Hostile Code Armor and Write your own Exploits
Understand execution flow, trace functions, recover hard coded passwords, find vulnerable functions, backtrace execution, and craft a buffer overflow.
*Master Debugging
Debug in IDA Pro, use a debugger while reverse engineering, perform heap and stack access modification, and use other debuggers.
*Stop Anti-Reversing
Anti-reversing, like reverse engineering or coding in assembly, is an art form. The trick of course is to try to stop the person reversing the application. Find out how!
*Track a Protocol through a Binary and Recover its Message Structure
Trace execution flow from a read event, determine the structure of a protocol, determine if the protocol has any undocumented messages, and use IDA Pro to determine the functions that process a particular message.
*Develop IDA Scripts and Plug-ins
Learn the basics of IDA scripting and syntax, and write IDC scripts and plug-ins to automate even the most complex tasks.

Customer Reviews:

2 out of 5 stars very poor   September 9, 2008
 1 out of 1 found this review helpful

many other stated poor written. reversing is better choice even though focus on debugger. do not buy save money.


2 out of 5 stars No   July 14, 2008
 5 out of 6 found this review helpful

Others have already done this book justice, but let me just go ahead and echo that this book is a big disappointment. It was bad enough that I returned my copy, which I have only ever done one other time to my recollection.

Most of this book is just filler stuff, it seems like every page was written with the sole purpose of trying to add fluff so that the book was long enough that it looked like it contained substance. Do we really need half a page to print a table that does nothing but list every possible form a MOV instruction can take?

Later in the book, you read entire chapters and at the end of the chapter you reflect on the contents, and realize you've learned nothing. What's worse, you realize the book HAS SAID NOTHING.

The comments about the source code and the publisher are accurate as well. For heaven's sake, the book was published FOUR MONTHS AGO, and already the repository for the book's source and binaries has disappeared?! Come on, this is unacceptable. Every time the book dedicates an entire chapter to disassembling a binary, you have to pretty much skip the entire chapter, because the binary isn't available for you to disassemble. You can't follow along.

Not that it would have helped much anyway. In one example you try to disassemble and debug a version of the common netcat utility that has a vulnerability. The binary and source are available for download from a publi website. So you download it and start following the book, and nothing matches up. It's totally different, even though this is a public download! Why? Because there's no symbols available in the public download, and the one in the book was reversed with symbols. So now you have to build your own copy of it, but now the generated code is different because you're not using the same compiler, so you STILL can't follow along. Furthermore, the very first step in the walkthrough of finding this bug in the book says "The bug is in the SessionWriteShellThreadFn function, so we will start there". WOW THAT WAS SO OBVIOUS! I'm sure glad 80% of the problem came pre-solved so that we could get right down to the fluff and skip the actual learning part.


1 out of 5 stars Author of book   July 10, 2008
 12 out of 13 found this review helpful

This is my second attempt at reviewing the book I helped write, Amazon continues to censor me probably because my encouragement is not to buy this book (after dealing with syngress, I wouldn't advise buying anything that comes from them). I don't know how to say this other than I apologize to everyone who purchased this book, it really was supposed to be much more. However the corporate world being what it is, it was rushed from deadline to deadline without any regard for quality, the editors actually introduced errors, many of the diagrams are unreadable and theres parts of the book just flat out missing. DO NOT BUY.


1 out of 5 stars Don't waste your money in this   July 9, 2008
 5 out of 6 found this review helpful

I agree with the former reviewer. The book is boring and useless. It has chapter only for increasing the pages of the book. It isn't possible to get the code for the examples form the companion web site because that site is not accesible. I can't register the book in that site, and this should be the previous step to get the code.



2 out of 5 stars Does not meet its objective and falls very short   June 29, 2008
 9 out of 11 found this review helpful

I agree with the other reviewer [Wuping Xin] that the authors (the original ones, not the one presented NOW) are very knowledgable, but if we have to speak about the book itself and forget about the authors -which of course are authoritative- I think it falls short. Let me explain.

What's the target audience here? Should the reader be comfortable with IA32 instructions? Because the book tries to explain something about assembly, but it is so short that I don't even understand why filling a few pages with that. Also, the book does many assumptions about what the reader should know, how the IDA screen will look like (if you download the free version and do EXACTLY as they say, you won't have the same on the screen), etc.
And finally, there is information in the index of a chapter, but the pages are not there! It is not a problem of my book, it is a problem of the edition itself!

Chapter 1: Introduction - Five pages. Two screenshots of IDA and about 300 words. In my opinion, even the introduction fell short. Absolutely nothing to learn here. Just two screenshots of IDA.

Chapter 2: Assembly and RevEng Basics >> 27 pages of what? 27 pages that if you are a beginner (who does not know anything about ASM) better not to read it because you will really want to run away ASM. If you have an intermediate level, you won't believe the assumptions that the author of this part made. It's like trying to compress the Britannica in 4 pages. Come on, it's much better to point the reader to a good ASM book or webpage. Trying to do a "complete" book that packs everything needed inside, is a fantasy.
In other words, this "Assembly Basics" chapter is not targeting any reader. No reader will benefit from that, and if I'm wrong, I would love to know.

Chapter 3: PE and ELF Formats >> Can you imagine something more boring to start with? Imaging trying to learn something that is fun and long. OK, now imagine starting from the most boring parts. Hey! A book is not a blog where you just drop unsorted info. It is a book. The authors and editor should take care of the order and to choose the best material for it. I can't believe that a reader who wants to learn RevEng with IDA Pro should read all this before going to the good staff.

Chapter 4: Walktroughs One and Two >> Now this chapter is really funny. The page 67 (Chapter 4) claims to have this items:
Understanding Execution Flow, Tracing Functions, Recovering Hard Coded Password, Finding Vulnerable Functions, Backtracing Execution, Crafting a Buffer Overflow.
The problem is that the editors (Syngress) forgot to include the latest three. Yes, exactly as you hear it: the editors forgot to place those pages on the book. What to listen again? The book says it has ABCDEF but when you open it, it has only ABC. If you have it on your hands, go to page 67 check it by yourself.

So because those "vanished chapters" were very interesting for me, I mailed the customercare of syngress three times: May 21, June 03, and June 10. No reponses from them.
Syngress does not seem to care a lot because they did not even reply to my emails.

In one line, the book falls very short on everything. You won't learn IDA from here. The samples are not EXACTLY as you will get on your screen. There are parts of the book that do not exist, and the authors do many assumptions. If you want to learn about the subject, I suggest you going with: [Advanced Windows Debugging - Mario Hewardt] and [Reversing: Secrets of Reverse Engineering - Eldad Eilam].

Good luck with your RevEng quest, and if you become a master, join the good guys! :) (And write good books) :)


>> Update on 15/Sept/2008 <<
It is funny that now Syngress has changed the names of the authors :) The original authors of this book simply vanished and now we have THE SAME BOOK "written" by Chris Paget which nobody knows, while in Amazon UK you have again THE SAME BOOK written by Joshua Pennel!!! :)

It is obvious that Syngress is teasing us. Why are they changing the authors? It is AMAZING. I want my money BACK but they refused to reply my emails!

Powered by Associate-O-Matic