Deepen Your Knowledge: Get The Most Out of IDA Pro
Intermediate training
Summary
This intermediate training is for experienced IDA users looking to deepen their skills in scripting, decompilation, debugging, and extending IDA with the C++ SDK. The training is divided into six sessions: we begin with scripting and automation using IDC and IDAPython, followed by handling complex scenarios in disassembly, such as working with functions and structure offsets. We then delve into decompilation techniques, including a gentle introduction to reversing C++ programs. The debugging session covers local and emulated debuggers, as well as scripting automation. Next, we explore type libraries and signatures, including creating and applying TIL files. The final session introduces the IDA SDK, guiding you through setting up and building C/C++ plugins.
Prerequisites
At least basic understanding of IDA Pro, Good knowledge of C++ and/or Python
Course Overview
Session 1: Working with functions and the disassembly
- Applying structure offsets, user defined offsets, etc.
- Working with enums
- Troubleshooting stack pointer tracing
- Working with chunked functions
Session 2: Decompiler
- Decompiler exercise covering various advanced cases (force call type, skippable instructions, user defined prototypes, etc.)
- Basics of reversing C++ programs
Session 3: Debuggers
- Local debuggers
- Emulating debuggers (Bochs debugger)
- Working with Windows crash dump files
- Automating the debugger with scripting
- Conditional breakpoints
- Appcall
Session 4: Scripting
- Basic automation with IDC
- IDAPython
- IDAPython essentials
- Working with functions, xrefs, querying database information, disassembler, decompiler, etc.
Session 5: Introduction to the SDK
- Overview of header files
- Setting up and building your first C/C++ plugin
Session 6: Type libraries and signatures
- Creating TIL files with tilib and idaclang
- Applying TILs
- Creating signatures
- Applying signatures
