IDA Advanced Intermediate - 5 days
Description
Hex-Rays is one of the major players in the development of reverse engineering tools. Their IDA product has established itself over the years as the benchmark in this area. However, the lack of documentation and resources sometimes makes it difficult to use.
The objective of this training is to familiarize yourself with IDA (its interface, its functionalities, its API and its ecosystem) through several theoretical and practical modules. Participants will also learn how to develop scripts and plugins to extend the functionality of IDA and its decompiler.
-
5 days (35 hours)
-
8h theoretical courses / 27h practical labs
Public and prerequisites
This advanced level training is designed for security researchers and reverse engineering experts wishing to change environments or improve their use of IDA.
-
Security researchers
-
Reverse-engineering experts
Good knowledge of assembler (x86-x64, ARM) as well as Python programming is strongly recommended. An IDA Pro license (not supplied) is mandatory.
Content
Day 1
Introduction to IDA: terminology, architecture and presentation of the tool.
Understanding the Python SDK and API: basics.
Day 2
Getting started with the features available via different exercises. Static analysis: disassembler, FLIRT, IDS, Type Info Library. Dynamic analysis: debugger, tracer and binary instrumentation.
Day 3
Advanced programming (part 1): detailed presentation of the SDK and practice through scripting to automate complex tasks.
Day 4
Advanced programming (part 2): development of plugins, loaders and processor extensions to practice on the previous notions.
Day 5
Extension of the decompiler: presentation of the Hex-Rays API, manipulation of microcode and AST, extension and improvement of the tools created during the session.