Introduction
This course offers a succinct introduction to the fundamental features of IDA Pro. Participants will become familiar with the most commonly used parts of the user interface and learn how to overcome challenges encountered during the reverse engineering process. The course will cover navigation and interaction with the disassembly and the decompiler, as well as exploring IDA's powerful type system. The program will include both lectures and in-program demonstrations. Additionally, we will provide small exercises for participants to solve during the course to deepen their understanding of the covered material.
Who would benefit from this course?
Software developers new to binary code reverse engineering.
What you will learn
Upon completion of this course, participants will be able to reverse engineer simple binaries containing compiler-generated code.
Prerequisites
Basics in Computer Architecture, Operating Systems and Programming
Location
Online
Date & Duration
Mon, June 17, 2024 10:00 UTC-4 (New York) - 1 day
About your trainer
Julian Kirsch has been using IDA Pro for his daily reverse engineering works for more than 15 years. At Hex-Rays, he works at the intersection of product, research, and development. He is an experienced instructor of reverse engineering classes, usually centered around deobfuscation and program analysis topics, with a focus on targets found in the real world. Julian graduated from TU Munich, where he has taught hands-on courses on reverse engineering and binary exploitation to students for six years. In his limited spare time, he organizes and participates in capture the flag contests alongside his teammates from hxp.
Course Content
- IDA overview
- Loading files into IDA
- File format loader
- Target processor
- Auto analyzer
- Main user interface
- Main menu
- Navigation bar
- Status indicator
- Analysis indicator
- Output window
- Command line interpreter
- Desktop configuration
- Command palette
- View synchronization
- Disassembly View
- Text mode
- Graph mode
- Proximity mode
- Navigation
- Bookmarks
- Hints
- Address details window
- Functions view
- Pseudocode view
- Hex view
- Names view
- Strings view
- Imports view
- Exports view
- Segments view
- Editing data
- Converting bytes to data
- Builtin data types
- Data representation
- Strings
- Offsets
- Arrays
- Patching
- Editing code
- Disassembler options
- Converting bytes to code
- Creating functions
- Editing functions
- Names
- Attributes
- Chunks
- Stack pointer and stack frame
- Calling conventions
- Prototypes
- Editing pseudocode
- Renaming
- Setting and editing builtin data types
- Mapping and splitting variables
- Casts
- Undo / Redo
- Snapshots
- Commenting
- Creating and Editing Types
- Standard Structures and Enums
- Creating Structures
- Editing Structures
- Unions
- Creating Enums
- Editing Enums
- Type libraries
- Importing/exporting types
- Applying Types
- Applying types to data
- Applying types to code
- Applying types to pseudocode
- IDA file system hierarchy
- Using plugins
- Decompiler tricks
- Decompile as call
- Skippable instructions
- Intrinsics
- Force decompilation
- Working with more than one analysis target
- Function recognition
- Function identification
- Signatures
- Lumina
- Architecture-specific tricks
- String pools
- Memory segments
- Searching
- Byte patterns
- Wildcards
- Regular expressions
1 day
Date: Mon, June 17, 2024 10:00 UTC-4 (New York)
before June 14, 2024 15:00 UTC+2