A few weeks ago we received an electronic copy of the “IDA Pro Book, 2nd Edition”. In the second edition of his 26 chapters book, Chris Eagle did a good job updating the book and covering the latest changes in IDA Pro 6.1: the IDA Qt graphical interface is illustrated in this edition (all screenshots are up to date), some chapters are slightly updated whereas some have new sections that cover topics such as IDAPython, various debugger plugins and other features.
In this edition, though the book structure remained the same, the chapters have been updated to cover the new features in IDA Pro 6.1. In this blog post we are not going to review the whole book, instead we will take the opportunity to review the most obvious changes and additions.
For a complete review of the previous edition, please check Sebastian Porst’s review here.
Part IV – Extending IDA’s capabilities: This part has been heavily updated to cover the major additions to the SDK and the IDA kernel. For example, in chapter 17 to chapter 19, there is a new section explaining how to write plugins, file loaders or processor modules using scripts (withIDC or IDAPython).
Chapter 15: formerly called “Scripting with IDC” is now called “IDA Scripting”. This chapter not only talks about scripting with IDC but with Python too.
The IDC language section has been updated to cover the new IDC language features (since IDA 5.6) such as IDC objects, string slicing operations and other changes to the language.
There are two new sections, one introducing IDAPython and the other a set of useful IDAPython examples.
Chapter 17 – The IDA Plug-in Architecture: has a new section covering how to use Qt to write UI rich plugins for the idaq interface.
Chapter 23 – Real-World IDA Plugins: the list of real world IDA plugins have been updated. The new plugins are:
- MyNav: a plugin by Joxean Koret, helps reverse engineers in the most typical task like discovering what functions are responsible of some specifical tasks, finding paths between interesting functions and data entry points”
- Class informer: a plugin by Sirmabus, is a plug-in designed to assist in the process of reverse engineering C++ code that was compiled using Microsoft Visual Studio
- IdaPdf: a plugin by Chris Eagle, is a very handy “PDF loader and plug-in for dissecting and navigating PDF files”
Chapter 26 – Additional debugger features: introduces the Bochs debugger plugin and its three modes of operation, while giving real life examples about how/where best to use each mode. The chapter is concluded by a section covering the basics of the Appcall feature. Nonetheless, the Windbg debugger plugin and the crash dump analysis facilities have been briefly covered.
Chris proves again his captivating and informative writing style. We highly recommend this book for new users that want to learn how to apply reverse engineering skills with IDA or seasoned users who want to take their IDA expertise to the next level and start writing extensions.