crazylazy.info

txt

IDA on an iPhone

First part - backgrounds

Yes, it's the IDA - "intelligent" disassembler. Chris Eagle wrote a book, which got very good reviews. So I thought Chris is a smart guy, who published very inspiriting things on DEFCON, Blackhat or so. Give it a try, too.
I'm using IDA since two years, but deeper stuff always stayed obfuscated to me, because no one ever documents that. Reversing communities are lazy when it comes to documentation. Normally every geek is.

I've used otool, objdump, dumpbin, of course PEiD and file very often. These tools have an own chapter. That was somehow surprising, because most IDA documentation I read directly started at using IDA, without background or anything else. And I always missed that - until now. It broadens the horizon to know which role different tools play and why they're necessary to reach the goal of reversing a binary.
So I was pretty amazed, and read along, but skipped the Desktop introduction. The GUI is self-explaining, the curses-based cross-plattform GUI always breaks down while scrolling (accidently) in Terminal.app in osX. Maybe it's more stable on the iPhone :).

The first part summed stuff up very well, and I enjoyed reading it.
The second part just wasn't for me I guess. But it's not a filler with useless screenshots. It's even for those who never touched IDA until now. Maybe...

FLIRT signatures

Okay, you guys all know that we're not talking about girls, right? But the third part gets rough: I learn new stuff now :). The customizing chapter is very interesting, because a fluent and motivating workflow is inherent in a motivating IDA session. Many introductions just skip that. And that's a deep failure.

I never launched the IDA Debugger. In the 5th part I'll be able to read about that. And I can constructively use IDA for programming in C++, too. I hope! That'd be brilliant. Next to the Immunity Debugger I'd be able to have very powerful tools for debugging at hand.

Furthermore, because IDA Pro is expensive, there's a comparison between the Freeware version of IDA and its limitation are explained. I never used the Freeware version. Just came across the full-featured one and I ever stayed with that. But that's interesting, too: if you want to share knowledge and you can't install your super-expensive Pro version.

Reference worth: the dead tree problem

It's very well indexed. The only problem when using it as a reference is: it's big. And there's no eBook version, or CD version. I really miss that.
Even just a CD with examples could have been interesting. I always index and tag my eBooks... but nothing. Just dead tree.

On the other hand the book is 30 bucks. So it's worth it of course. But having digital material in our digital age is much cooler. And especially while aiming on a deeply interested community - what Chris definitely does with that book.


Have fun,
wishi