Training and Seminars

We will organize two different classes in May 2008:

• STANDARD IDA Pro training: details
• PROGRAMMING for IDA Pro: details

The classed will be held in Columbia, MD, USA.

Please follow this link for all practical details.

Standard IDA Pro training (2 days)

IDA Pro - the binary software analysis tool

Who should attend: Security Engineers, Security Software Developers, Researchers, Forensic Specialists, Virus Analysts, Software Validators

Prerequisites: in depth x86 assembly knowledge, basics MS Windows API, basic programming skills in any procedural programming language (C/C++ is preferred)

This training will show how to use IDA Pro to analyze binary programs of modern operating systems. While the training will be mainly focused on programs running under MS Windows, the acquired methods and principles are universal: they can be used on any other platform as well.

The following topics will be covered during the course:

• Introducation to binary representation of modern programs
• IDA Pro architecture, its database and modules
• Binary program analysis in IDA Pro: where to begin, how to proceed toward the goal
• Problems encountered during analysis and how to handle them
• Special techniques to handle obfuscated code
• Built-in debugger and its capabilities
• High level data representation and data abstraction in IDA Pro
  (structures, enumerations, arrays, and the built-in type system)
• Automating IDA Pro: batch processing, scripts, plugins
• Introduction to decompilation

The tranining has the theoretical and practical parts. After each section of theretical material there will be hands-on exercises for deep understanding of the learned concepts and methods.

It also includes several IDA Pro demos using real-world programs:

• analysis of a malware from scratch (unpack, unobfuscate, reveal the logic)
• code audit of an unknown executable file
  (audit levels ranging from string analysis to deep function analysis)

The training material has been updated to cover the latest additions to IDA Pro.

Programming for IDA Pro (2 days)

IDA Pro - extending and building upon it

Who should attend: Security Engineers, Security Software Developers, Researchers, Forensic Specialists, Virus Analysts, Software Validators

Prerequisites: IDA Pro user skills, programming skills in C/C++ languauges

This course is intended for experienced IDA Pro users who want to take advantage of its open architecture by extending and improving it. You will learn how write modules to modify the listing, react to events, decrypt/uncompress data right in the database, and many other things. After the course you will have solid understanding of its concepts, classes, and programming interface.

We will implement a few useful plugins. Be prepared to program a lot in this training!

C/C++ programming skills as well as solid reverse engineering experience are required.

• IDA Pro architecture overview
  • Modules
  • Memory representation
  • Database organization
• SDK
  • Setting up
  • Processor module framework
  • Loader framework
  • Plugin framework
  • How to debug custom modules
• IDA Pro subsystems
  • Utils: i/o, custom stl, regex, misc
  • Database: netnodes and flags
  • Foundations: bytes, names, offsets, etc
  • Address range class: segments and functions
  • Accessing and using IDC
  • Cross-references
  • Functions
  • Events
  • Type information
  • Structures and enums
  • Debugger
  • User interface
  • Graphing
  • Decompiler framework
• Plugin programming
  • General guidelines
  • Plugin samples/exercises
    • Colorizer
    • Object extractor
    • Debugger helper
    • Type information
    • Graph plugin
    • Processor extension
    • Reaction to events