IDA Pro Grant Uland. What is IDA Pro? Interactive Dissassembler Reverse Engineering Used to...

9
IDA Pro Grant Uland

description

How does it work? IDA takes a.exe and generates 4 files – Name.id0: B-tree style database – Name.id1: Flags describing program bytes – Name.nam: Index of program locations – Name.til: local type definition info

Transcript of IDA Pro Grant Uland. What is IDA Pro? Interactive Dissassembler Reverse Engineering Used to...

Page 1: IDA Pro Grant Uland. What is IDA Pro? Interactive Dissassembler Reverse Engineering Used to turn.exe binary to machine code While Expensive, IDA Pro.

IDA Pro

Grant Uland

Page 2: IDA Pro Grant Uland. What is IDA Pro? Interactive Dissassembler Reverse Engineering Used to turn.exe binary to machine code While Expensive, IDA Pro.

What is IDA Pro?

• Interactive Dissassembler– Reverse Engineering

• Used to turn .exe binary to machine code

• While Expensive, IDA Pro is considered by many to be the best availiable– Professional License = $1129– Or free… if you’re sneaky

Page 3: IDA Pro Grant Uland. What is IDA Pro? Interactive Dissassembler Reverse Engineering Used to turn.exe binary to machine code While Expensive, IDA Pro.

How does it work?

• IDA takes a .exe and generates 4 files– Name.id0: B-tree style database– Name.id1: Flags describing program bytes– Name.nam: Index of program locations– Name.til: local type definition info

Page 4: IDA Pro Grant Uland. What is IDA Pro? Interactive Dissassembler Reverse Engineering Used to turn.exe binary to machine code While Expensive, IDA Pro.
Page 5: IDA Pro Grant Uland. What is IDA Pro? Interactive Dissassembler Reverse Engineering Used to turn.exe binary to machine code While Expensive, IDA Pro.

What do you get?

• An incredibly complex program flow graphical interface

• Function Window• Hex view of the instructions• Imports, strings and enumerations

Page 6: IDA Pro Grant Uland. What is IDA Pro? Interactive Dissassembler Reverse Engineering Used to turn.exe binary to machine code While Expensive, IDA Pro.
Page 7: IDA Pro Grant Uland. What is IDA Pro? Interactive Dissassembler Reverse Engineering Used to turn.exe binary to machine code While Expensive, IDA Pro.
Page 8: IDA Pro Grant Uland. What is IDA Pro? Interactive Dissassembler Reverse Engineering Used to turn.exe binary to machine code While Expensive, IDA Pro.
Page 9: IDA Pro Grant Uland. What is IDA Pro? Interactive Dissassembler Reverse Engineering Used to turn.exe binary to machine code While Expensive, IDA Pro.

Source

• http://resources.infosecinstitute.com/basics-of-ida-pro-2/


Building plugins for IDA Pro Hex-Rays Ilfak Guilfanov.

Building plugins for IDA Pro Hex-Rays Ilfak Guilfanov.

High level constructs width IDA Pro. © DataRescue 2005

High level constructs width IDA Pro. © DataRescue 2005

Practical Malware Analysis: Ch 5: IDA Pro

Practical Malware Analysis: Ch 5: IDA Pro

Ida Zelaya ida@sensorystreet.com sensory street, inc.

Ida Zelaya [email protected] sensory street, inc.

IDA Pro 4.9 - unpacking plug-in tutorial - Hex-Rays

IDA Pro 4.9 - unpacking plug-in tutorial - Hex-Rays

Ida Orlandos

Ida Orlandos

MEETING NOTICE TO Suzanne Loughlin, IDA Vice Chair Sean ... · Suzanne Loughlin, IDA Vice Chair . Sean Rieber, IDA Secretary . Howard Siegel, IDA Treasurer . ... nunc pro tunc from

MEETING NOTICE TO Suzanne Loughlin, IDA Vice Chair Sean ... · Suzanne Loughlin, IDA Vice Chair . Sean Rieber, IDA Secretary . Howard Siegel, IDA Treasurer . ... nunc pro tunc from

CDC LIST OF KNOWN APPROVED PRESENTERS FOR … · Ashby, Jane IDA 2019 Ashton, Darla Indiana IDA March 2016 Atwell, Allyson IDA 2017 August, Diane IDA 2016 Avrit, Karen (Jane) IDA,

CDC LIST OF KNOWN APPROVED PRESENTERS FOR … · Ashby, Jane IDA 2019 Ashton, Darla Indiana IDA March 2016 Atwell, Allyson IDA 2017 August, Diane IDA 2016 Avrit, Karen (Jane) IDA,

Inside - IdadesalThe IDA membership year runs from July 1 – June 30 and is not pro-rated. Following is a summary of member-ship categories and benefits. Corporate Membership: IDA

Inside - IdadesalThe IDA membership year runs from July 1 – June 30 and is not pro-rated. Following is a summary of member-ship categories and benefits. Corporate Membership: IDA

Next Generation Collaborative Reversing with Ida Pro and ...Capability by Version IDA Version 4.9 / 4.9 FW 5.0 5.1 5.2 Action (Publish/Subscribe) P S P S P S P S Undefine Make code

Next Generation Collaborative Reversing with Ida Pro and ...Capability by Version IDA Version 4.9 / 4.9 FW 5.0 5.1 5.2 Action (Publish/Subscribe) P S P S P S P S Undefine Make code

Princess Ida

Princess Ida

Ida Tarbell

Ida Tarbell

edisp/... · Of IDA Industrial Development Authority . Of IDA Industrial Development Authority . Of IDA Industrial Development Authority

edisp/... · Of IDA Industrial Development Authority . Of IDA Industrial Development Authority . Of IDA Industrial Development Authority

[BlackHat]Eagle Ida Pro 06

[BlackHat]Eagle Ida Pro 06

Georgia - First, Second and Third Competitiveness and ... · Web viewIMPLEMENTATION COMPLETION AND RESULTS REPORT (IDA-51470, IDA-52850, IDA-55110, IDA-55120) FOR A SERIES OF IDA

Georgia - First, Second and Third Competitiveness and ... · Web viewIMPLEMENTATION COMPLETION AND RESULTS REPORT (IDA-51470, IDA-52850, IDA-55110, IDA-55120) FOR A SERIES OF IDA

Managing your Product Definition Data independent from …ida-step.net/sites/ida-step.net/files/IDA-STEP_Brochure-A4.pdf · IDA-STEP GD&T Editor IDA-STEP is generating two kinds of

Managing your Product Definition Data independent from …ida-step.net/sites/ida-step.net/files/IDA-STEP_Brochure-A4.pdf · IDA-STEP GD&T Editor IDA-STEP is generating two kinds of

Reverse Engineering - A Practical Approach Using IDA Pro

Reverse Engineering - A Practical Approach Using IDA Pro

The Ida Pro Book

The Ida Pro Book

IDA ELIGIBILITY, TERMS AND GRADUATION POLICIESsiteresources.worldbank.org/IDA/Resources/Seminar PDFs/ida... · IDA ELIGIBILITY, TERMS AND GRADUATION POLICIES 1. Under the IDA12 Agreement,

IDA ELIGIBILITY, TERMS AND GRADUATION POLICIESsiteresources.worldbank.org/IDA/Resources/Seminar PDFs/ida... · IDA ELIGIBILITY, TERMS AND GRADUATION POLICIES 1. Under the IDA12 Agreement,

AList - Disassembling Code IDA Pro and SoftICE Dec 2005 ... · PDF fileWCK Digital Library Computer Books July 15, 2006 Page 1 AList - Disassembling Code IDA Pro and SoftICE Dec 2005.chm

AList - Disassembling Code IDA Pro and SoftICE Dec 2005 ... · PDF fileWCK Digital Library Computer Books July 15, 2006 Page 1 AList - Disassembling Code IDA Pro and SoftICE Dec 2005.chm