The IDA Pro Book und über 1,5 Millionen weitere Bücher verfügbar für Amazon Kindle. Erfahren Sie mehr
  • Statt: EUR 43,95
  • Sie sparen: EUR 1,00 (2%)
  • Alle Preisangaben inkl. MwSt.
Nur noch 5 auf Lager (mehr ist unterwegs).
Verkauf und Versand durch Amazon.
Geschenkverpackung verfügbar.
Menge:1
The IDA Pro Book: The Uno... ist in Ihrem Einkaufwagen hinzugefügt worden
Gebraucht: Sehr gut | Details
Verkauft von buchhandel_bloedow
Zustand: Gebraucht: Sehr gut
Kommentar: 2. Auflage ( 2011) - - Rechnung mit MWST.
Ihren Artikel jetzt
eintauschen und
EUR 13,31 Gutschein erhalten.
Möchten Sie verkaufen?
Zur Rückseite klappen Zur Vorderseite klappen
Anhören Wird wiedergegeben... Angehalten   Sie hören eine Probe der Audible-Audioausgabe.
Weitere Informationen
Alle 2 Bilder anzeigen

The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler (Englisch) Taschenbuch – 30. Juni 2011

1 Kundenrezension

Alle 3 Formate und Ausgaben anzeigen Andere Formate und Ausgaben ausblenden
Amazon-Preis Neu ab Gebraucht ab
Kindle Edition
"Bitte wiederholen"
Taschenbuch
"Bitte wiederholen"
EUR 42,95
EUR 40,86 EUR 35,97
9 neu ab EUR 40,86 5 gebraucht ab EUR 35,97

Hinweise und Aktionen

  • Große Hörbuch-Sommeraktion: Entdecken Sie unsere bunte Auswahl an reduzierten Hörbüchern für den Sommer. Hier klicken.


Wird oft zusammen gekauft

The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler + Practical Reverse Engineering + The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Preis für alle drei: EUR 155,23

Einige dieser Artikel sind schneller versandfertig als andere.

Die ausgewählten Artikel zusammen kaufen
Jeder kann Kindle Bücher lesen — selbst ohne ein Kindle-Gerät — mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.



Produktinformation

  • Taschenbuch: 670 Seiten
  • Verlag: No Starch Press; Auflage: 2., nd Edition (30. Juni 2011)
  • Sprache: Englisch
  • ISBN-10: 1593272898
  • ISBN-13: 978-1593272890
  • Größe und/oder Gewicht: 17,8 x 4 x 22,9 cm
  • Durchschnittliche Kundenbewertung: 5.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)
  • Amazon Bestseller-Rang: Nr. 26.989 in Fremdsprachige Bücher (Siehe Top 100 in Fremdsprachige Bücher)
  • Komplettes Inhaltsverzeichnis ansehen

Produktbeschreibungen

Über den Autor und weitere Mitwirkende

Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School in Monterey, CA. He is the author of many IDA plug-ins, co-author of "Gray Hat Hacking," and has spoken at numerous security conferences, including Black Hat, Defcon, ToorCon, and ShmooCon.

Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?

Kundenrezensionen

5.0 von 5 Sternen
5 Sterne
1
4 Sterne
0
3 Sterne
0
2 Sterne
0
1 Sterne
0
Siehe die Kundenrezension
Sagen Sie Ihre Meinung zu diesem Artikel

Die hilfreichsten Kundenrezensionen

Format: Taschenbuch Verifizierter Kauf
I had already bought the first edition when it came out and rushed to order the second edition accordingly.

This book is an invaluable reference and tutorial into the many aspects of IDA Pro. IDA gets continuously extended and improved and while IDAPython was already existent when the first edition of this title came out, it was not really explained in detail. The new proximity view in IDA Pro is not explained in this edition, for example. Which is to show how hard it is for a book author to keep up with the developer team at Hex-Rays.

IDAPython is now explained in detail and although I haven't read this one cover to cover like I did with the first edition, I could already see that the improvements stretch beyond this particular topic.

The book explains the just about any aspect of IDA Pro, from the surface (the GUI ) deep into the bowels of it (writing plugins and processor modules, certain internals). You could just as well let IDA disassemble itself (remember, the license allows it), but this book will make the transfer of knowledge easier and faster.

A must-have for any proper IDA Pro user. Absolutely recommended. A third edition will also be by me ordered as soon as it becomes available.
Kommentar War diese Rezension für Sie hilfreich? Ja Nein Feedback senden...
Vielen Dank für Ihr Feedback. Wenn diese Rezension unangemessen ist, informieren Sie uns bitte darüber.
Wir konnten Ihre Stimmabgabe leider nicht speichern. Bitte erneut versuchen

Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)

Amazon.com: 14 Rezensionen
7 von 8 Kunden fanden die folgende Rezension hilfreich
s/Unofficial/Definitive/ 7. Oktober 2011
Von Happy Cat - Veröffentlicht auf Amazon.com
Format: Taschenbuch
IDA Pro is the world's most popular disassembler. This book is for you if you are a beginner or intermediate reverser and you do not already own the first edition of The IDA Pro Book. Much of the second edition is similar, or identical in some places, to the first edition. The IDA Pro Book 2nd Edition does a great job using IDA Pro as the enabling tool for discussing specific techniques of reverse engineering. It is more of a book about reverse engineering rather than a user manual for IDA.

Part I

Reverse engineering may be illegal in certain situations, but the author, Chris Eagle, gives solid explanations of reasons for reversing. Some of the reasons are obvious and maybe a bit scary, such as malware analysis and vulnerability analysis. Other reasons are more related to traditional computer science such as software interoperability and compiler/assembler validation. Like the first edition of the IDA Pro book, my favorite part of the chapter is still the explanations on disassembly algorithms. The author again does an excellent job highlighting the advantages and disadvantages of linear sweep and recursive descent, as well as explaining their differences and intricacies.

Chapter two is spent enumerating tools that supplement IDA in reversing. This is pretty much the same chapter as the first edition, and legitimately so. Beginners and first-time readers will likely find the chapter's contents to be helpful in working alongside IDA. It's worth noting for the chapter that one of the tools mentioned is PEiD, an application to help identify protections and other attributes of a PE. PEiD, however, is no longer developed or maintained as of April 4th, 2011. Instead, I would have liked to see a different comparable tool mentioned, perhaps ProtectionID and/or ExEinfo. No big deal, as stated in the intro, tools change faster than the book can be published. Maybe NoStarch can add a note in the Errata.

Part II

Part II starts by easing the user into working with IDA. Chapter 5 reminds the reader that there is no undo in IDA. This is disappointing for IDA, but an important aspect to keep in mind while diligently assessing a target. It's good to be reminded the easy way as opposed to inadvertently sabotaging a project on which you've spent countless hours. This fifth chapter contains some good tidbits on the user interface. One of my favorite user interface tweaks that I learned from The IDA Pro Book is that virtual addresses can be displayed in graph mode. This helped me combine the effectiveness of visualizing a target's code flow with the benefits of having some good insight into where to look while examining the disassembly. Some of the displays have changed tiers, for example the Strings Window which was a Primary IDA Display in the first edition is now a Tertiary Display with the new UI covered by the second edition of the book.

While much of Part II carried over from the first edition, it was a nice refresher to read the C++ Reversing Primer again. Developers know that C++ has additional features not found in C, such as the 'this' pointer, objects, and virtual functions. Under the hood, a reverse engineer adept at analyzing C applications may not be familiar with the data structures or intricacies used by C++. Chapter 8, Datatypes and Data Structures, does a great job taking the reverse engineer through reversing the aforementioned aspects of C++, as well as name mangling (or name decoration), runtime type identification (RTTI), and inheritance relations, an essential aspect of OOP.

Part II also discusses some of the new graphing functionality in the IDA 6.1 release. As of IDA 6.1, all versions of IDA can now use qwingraph, a cross-platform Qt port of wingraph32. This helps bring a unified look to graphing across all versions of IDA. The new external graphing functionality can still generate the five types of graphs: function flowchart, call graph for the entire binary, cross-references to a symbol, cross-references from a symbol, and a customized cross-reference graph; they just all look a little bit smoother, in my opinion, with qwingraph.

Part III

Part III begins by showing the user different ways to customize IDA. Aspects such as the configuration files, color schemes, and the toolbars are covered in Chapter 11, with much of the information carrying over from the first edition. My favorite portion of Part III, however, is the chapter on library recognition.

When developing software, code can be stored in libraries external to the main program. Sometimes the code in those libraries can also be linked in place into the main program. When this happens, it can add extra work or wasted time if the reverser is analyzing unnecessary functions. For example, most people don't really need to know the nitty gritty details of how MessageBoxA does its thing, but they might end up finding out unwittingly if the function were statically linked. To address this issue, IDA utilizes a signature-based approach with two features: FLAIR and FLIRT. FLAIR is the Fast Library Acquisition for Identification and Recognition, a toolset distributed by Hex-Rays, which can quickly create signatures for libraries and their functions. IDA can then scan the target binary with FLIRT, Fast Library Identification and Recognition Technology, using signatures generated by FLAIR. This way, functions that have already been identified can be recognized and labeled saving the reverser the time and effort of manually analyzing the function.

Chris Eagle does a great job explaining FLAIR and FLIRT, as well as walking the reader through how to use the two features in conjunction. Additionally noted are some cases where identifying the library can be rather difficult; for example, a binary that's been stripped during linking will lack symbols/function names. Chris discusses some different approaches that can be used to figure out the libraries statically linked into the target binary such that FLAIR and FLIRT can then be effectively utilized.

Part IV

Part IV looks into the internals of IDA where intermediate and advanced users will find core functionality to automate tasks and assist with analysis. Chapter 15 examines IDC, the original language used in scripting for IDA. New to this edition are IDC Objects, which, like objects in C++ and Java, allow for more complex data types. IDC Objects support single inheritance, but do not use access specifiers; in essence, all class members are effectively public. The IDC section of this chapter is valuable for both its reference content on IDC, as well as the listing of examples that are provided. The IDA Pro Book 2nd Edition does not come up short on examples.

One of the new parts in The IDA Pro Book 2nd Edition that was fun to read was "Writing a Scripted Loader" in Chapter 18. IDA 5.6 introduced the ability to implement loaders with IDC or Python, in addition to the previous offering of using the SDK. This is great for using IDA to analyze files whose format is not already supported and may be more flexible than what the SDK allows. A perfect example of this is the Portable Document Format, or PDF. PDF is an extremely flexible format that can tolerate all sorts of manipulations to its layout and still work properly in certain reader programs. This presented a challenge to loader authors who could only use the SDK. However, Python provides an adequate feature-set to parse and handle the creation of a PDF loader in IDA. It's also worth noting that processor modules can now be scripted, as well. The scriptable processor modules are covered in Chapter 19.

Part V

Chapter 21, "Obfuscated Code Analysis" contains a nice addition on analyzing virtualized code obfuscation. With virtualized code, think more along the lines of an intermediate language byte code, like a JVM with a .class file. This section covers using functionality, added to IDA after the book's first edition, which makes the reverser's work a bit less stressful. This short new section talks about customizing processor modules, as well as specifying custom formats with scripts and/or plug-ins, to automate the parsing of embedded code. The end result is that both native code and disassembled intermediate code can be displayed coherently.

Chapter 22, "Vulnerability Analysis" examines aspects of determining vulnerable function usage, potential vulnerabilities, and developing exploits, all with the help of IDA. One of the new sections focuses on using PatchDiff2, an open source project that can enumerate differences between two versions of a binary (two databases). Knowing what code was patched in response to a security advisory can significantly help with identifying a vulnerability and developing an exploit in a timely manner.

Part VI

The IDA Pro Book 2nd Edition includes a new chapter on additional debugger features. This chapter starts with remote debugging in IDA, which is a powerful feature if you are debugging code at kernel mode, or if you are debugging a remote target that requires a specific environment in which to function. The chapter then moves into debugging with Bochs, an open source x86 emulation environment. Lastly, the chapter examines Appcall, a feature of the debugger to allow IDC or IDAPython to call any function of the active process from a script. This is an interesting component as Appcall could be used in a variety of manners such as fuzzing functions, DLL injection, and manipulating the target's virtual memory space, just to name a few. In the past, I've mainly used gdb, kd, and WinDbg for remote debugging; but after reading this chapter, I'll need to give remote debugging with IDA another consideration.

Conclusion

Chris Eagle does an excellent job discussing many facets of reverse engineering using IDA Pro. If you are interested in reversing, or are already a beginner or intermediate reverser and do not own the first edition of this book, The IDA Pro Book 2nd Edition is absolutely a must-own.
3 von 4 Kunden fanden die folgende Rezension hilfreich
The best book in IDA Pro on the market - by far 16. März 2012
Von TestUser - Veröffentlicht auf Amazon.com
Format: Taschenbuch
My review title says it all.

If you want to learn to use IDA Pro, this is by far the best book on the market. No other books even nearly come close.

If you have the 1st edition of the book and think about buying the 2nd edition: several chapters have been added, however in my opinion it is unnessary to invest your money on it. Rather spend your bucks on one of the many other good books on the market.
2 von 3 Kunden fanden die folgende Rezension hilfreich
So Much More Than An IDA PRO Manual 15. September 2011
Von Ira Laefsky - Veröffentlicht auf Amazon.com
Format: Taschenbuch
This book is so much more than a manual enabling the novice (or advanced user) to exploit the features of IDA PRO as a Disassembler/Debugger; it is everything a technical book should be
in providing instruction, context and even wisdom. I have a thirty-year old CS Masters and its been almost that long since I used assembly language extensively (I also have an MBA :-) ).
While the introduction makes clear that a major goal of this book is to instruct in Reverse Engineering (which it does excellently), it also provides they why's and wherefores of performing this sort of analysis, and gives a vivid picture of the relationship between a family of Software Engineering tools such as Compilers, Linker/Loaders, Library Management Tools,
and Debuggers. This sort of "why do it?" and "what does it mean?" sort of explanation proceeds throughout the volume and I found was excellently illustrated by the excellent description of stack frames on pages 83-98 which certainly refreshed my understanding of compiler mechanics.

I find this sort of superior organization and imparting of "why" as well as "how" knowledge only in the very best of technical books; this is done here without neglecting to illustrate how the advanced user can obtain the greatest use of this tool through customization, scripting and integration with the Operating System. The author is Senior Lecturer at the prestigious Naval Postgraduate School, and active participant in the Computer Security and White Hat Hacking community.

--Ira Laefsky, MSE(CS)/MBA IT Consultant and HCI Researcher
formerly on the Senior Consulting Staff of Arthur D. Little, Inc. and DIGITAL Equipment Corporation
"The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler" by Chris Eagle; No Starch Press 5. Februar 2012
Von Dan Anderson - Veröffentlicht auf Amazon.com
Format: Taschenbuch
This is _the_ manual you need if you use IDA Pro for fun or profit. It covers a wide range of information ranging from disassembly basics to writing plugins for IDA. It provides sufficient detail without the tedious extraneous information you often have to dig through in technical books.

IDA is one of those tools that you can use for a long time and still miss a lot of the functionality that it has. Chris does a masterful job of illuminating these features (as well as the pieces everyone uses) with good examples and an appropriate level of detail.

There is a very well done map to this book in the "Introduction" before chapter one - this enables readers of any level of experience to focus. But, I found that there was value to reading all of the sections anyway - so don;t let this direct you too much.

The accompanying website is well done and provides the examples, a small errata and additional references.

This may go without saying, but you should have access to IDA PRO to get the full value from this book. This edition is less applicable to the freeware version than the last edition was (although I'd still probably recommend it for anyone using IDA).

Bottom line: If you use (or plan to use) IDA PRO - buy this book.

Disclosure: I was provided with a free PDF copy of this book by O'Reilly as a part of their "Blogger Review Program" program.
1 von 2 Kunden fanden die folgende Rezension hilfreich
The Ultimate IDA Pro Help Resource 27. Februar 2012
Von Ed In Virginia - Veröffentlicht auf Amazon.com
Format: Taschenbuch Verifizierter Kauf
IDA Pro is a very powerful tool that is very difficult to learn and use. I am very versed in using windows applications and even difficult Unix applications to master like vi. I also did not find the IDA Pro help very useful.

If you own a copy of IDA Pro you need a copy of this book. It clearly illustrates the many nuances of using IDA Pro and is full of tips and tricks.
Waren diese Rezensionen hilfreich? Wir wollen von Ihnen hören.