Reverse Engineering with IDA (3 days)
The goal of this course is to provide a quick but solid introduction to software reverse engineering goals, techniques and tools. For 2012, the training has been updated to be more dynamic and to better cover modern programs, recent worms, and new IDA features.
Target Audience:
The course is designed for IT Security Engineers, Security Software Developers, Researchers, Forensic Specialists, Virus Analysts, Software Validators.
Prerequitises:
Goals:
This training will demonstrate the use of IDA to analyze binary programs on modern operating systems. While the training will be mainly focused on Microsoft Windows programs, the skills taught are universal and usable on other IDA supported platform.
The following topics will be covered:
Course Outline:
IDA overview
Common executable file features
Debugger
IDC
IDA features
Memory organization
FLIRT
Type system
IDS files
Working with IDA
Creating the database: various information sources
Various views of the database
Navigation
Modifying the listing
Patching the program
With all this information, how do I start my analysis?
Working with high level data
Arrays
Structures
Enumerations and bitfields
Advanced operations
Offsets
Bulk operations
Special structure types
Function prototypes
Processor specific issues
Code obfuscation
Overview of obfuscation techniques
Countermeasures
Exercises with several real-world sample files