Objec0ves. Gain understanding of what IDA Pro is and what it can do. Expose students to the tool GUI

Similar documents
Macro Assembler. Defini3on from h6p://

Reverse Engineering with IDA Pro. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta

GENG2140 Lecture 4: Introduc4on to Excel spreadsheets. A/Prof Bruce Gardiner School of Computer Science and SoDware Engineering 2012

MAHR Webstore Tutorial POWERED BY

W1005 Intro to CS and Programming in MATLAB. Brief History of Compu?ng. Fall 2014 Instructor: Ilia Vovsha. hip://

Switchboard. Creating and Running a Navigation Form

Lecture 10: Potpourri: Enum / struct / union Advanced Unix #include function pointers

Customizing Ribbon with New Main Tab. 1 of 8

3D Digital Design. SketchUp

Microsoft Office Outlook 2007: Intermediate Course 01 Customizing Outlook

Ge#ng Started with L Edit

CS 465 Final Review. Fall 2017 Prof. Daniel Menasce

Concordance Basics. Part I

Working with Macros. Creating a Macro

Opening Microsoft Word. 1. Double click the Word 2016 icon on the desktop to launch word.

Objec+ves. Review. Basics of Java Syntax Java fundamentals. What are quali+es of good sooware? What is Java? How do you compile a Java program?

Intermediate Word for Windows

Pathway: Configuration Tool & Print Via dialog box

Microsoft Access 2010

CS101: Fundamentals of Computer Programming. Dr. Tejada www-bcf.usc.edu/~stejada Week 1 Basic Elements of C++

Intro to GIS (requirements: basic Windows computer skills and a flash drive)

DataPro Quick Start Guide

PowerPoint Tips and Tricks

IBM Notes Client V9.0.1 Reference Guide

Microsoft Access 2013

Microsoft Access 2013

Quick Start Guide - Contents. Opening Word Locating Big Lottery Fund Templates The Word 2013 Screen... 3

Creating Booklets Using Microsoft Word 2013 on a PC

Access Review. 4. Save the table by clicking the Save icon in the Quick Access Toolbar or by pulling

Computer Architecture. CSE 1019Y Week 16. Introduc>on to MARIE

T-Invoicer User Guide

Corel Ventura 8 Introduction

Microsoft Word Chapter 1. Creating, Formatting, and Editing a Word Document with Pictures

Use the Windows Start button. Use a desktop shortcut

Microsoft Windows 7 - Illustrated Unit A: Introducing Windows 7

Microsoft Word - Templates

ABBYY FlexiCapture 8.0 Professional Data Capture Operator s Guide

QuickStart Training Guide: The Accounting Review Role

You might think of Windows XP as a set of cool accessories, such as

Creating Interactive PDF Forms

MACRO NOTES DOCUMENTATION

Lesson 2: Creating a Business Letter with a Letterhead and Table Microsoft Word 2016 IN THIS CHAPTER, YOU WILL LEARN HOW TO

Navigating a Database Efficiently

Question: How do I move my mobile account from the Corporate to my Personal Account?

Introduction to Microsoft Office 2016: Word

Microsoft Word 2011: Basic Tutorial

Exercise 1: An Overview of ArcMap and ArcCatalog

Step 1: A few setup items are needed to properly start using SeamLESS EHR with MedicFusion.

Lecture 9: Potpourri: Call by reference vs call by value Enum / struct / union Advanced Unix

Outlook - an Introduction to Version 2003 Table of Contents

Palomar Transient Factory Archive Scripted Access Basic Use

Creating a new project To start a new project, select New from the File menu. The Select Insert dialog box will appear.

Revision Sue Ann Harkey DASHBOARD WAVE 0 UX WIREFRAMES BEHAVIORS SPEC

Jumping into GEMstudio. User guide 2013

Virtualization. Introduction. Why we interested? 11/28/15. Virtualiza5on provide an abstract environment to run applica5ons.

Introduction to Word 2010

The following step-by-step instruc5ons will help you navigate the and maximize your experience.

Microsoft How to Series

Microsoft Access 2013

Introduction. Summary. Otasuke GP-EX! Introduction Summary. Intro-21. Development Environment Intro-4. Procedures of Creating New Screen

Remote Desktop How to guide

Importing/Exporting Data in AdBase

BackupVault Desktop & Laptop Edition. USER MANUAL For Microsoft Windows

Forms/Distribution Acrobat X Professional. Using the Forms Wizard

Visualizer with Pixel Editor (PE) and Sequence Editor (SE)

Dell Canvas Layout. Version 1.0 User s Guide

Pathway: Configuration Tool & Export Through Pathway dialog box

Tutorials. Lesson 1 - Format a Schedule. In this lesson you will learn how to: Change the schedule s date range. Change the date headings.

The purpose of this tutorial is to introduce you to the Construct 2 program. First, you will be told where the software is located on the computer

SOFTWARE SKILLS BUILDERS

Introducing Office

Microsoft Access 2003 Quick Tutorial

Introduction And Overview ANSYS, Inc. All rights reserved. 1 ANSYS, Inc. Proprietary

Podium Plus Data Analysis Software. User Manual. SWIS10 Version

CHAPTER 1 COPYRIGHTED MATERIAL. Finding Your Way in the Inventor Interface

Bold, Italic and Underline formatting.

Open Book Format.docx. Headers and Footers. Microsoft Word Part 3 Office 2016

VSM Manager. The VSM Manager is a Windows GUI that can be installed to serially control Genesis Matrixes with a firmware of version 2.5 or later.

ABBYY FineReader 14. User s Guide ABBYY Production LLC. All rights reserved.

Desktop & Laptop Edition

Life After Word An Introduction to Microsoft Word The University of Iowa ITS Campus Technology Services Iowa City, IA 52242

Microsoft Outlook 2010 Hands On Guided Tour. Level 1

Anatomy of a Window (Windows 7, Office 2010)

Making Billboards. By Deborah Nelson Duke University, Under the direc:on of Professor Susan Rodger, July 14, 2008

Getting Started with LabVIEW Virtual Instruments

Getting Started The Application Window Office Office 2003 Application Window cont d

Design and Debug: Essen.al Concepts Numerical Conversions CS 16: Solving Problems with Computers Lecture #7

Microsoft Word: Steps To Success (The Bare Essentials)

Microsoft Office Outlook 2010

Handout created by Cheryl Tice, Instructional Support for Technology, GST BOCES

Oracle General Navigation Overview

TxEIS on Internet Explorer 8

Developing a Power Point Presentation

Microsoft FrontPage Practical Session

Excel 2007 New Features Table of Contents

Pro Users Guide Pro Desktop Signmaking Software

Intermediate Microsoft Excel

Su#erPatch So.ware Release Notes

Computer Systems and Networks. ECPE 170 Jeff Shafer University of the Pacific. MARIE Simulator

Working with PDF s. To open a recent file on the Start screen, double click on the file name.

Transcription:

Intro to IDA Pro

31/15 Objec0ves Gain understanding of what IDA Pro is and what it can do Expose students to the tool GUI Discuss some of the important func<onality of tool

31/15 What is IDA Pro Disassembler used to explore program binaries Helps to iden<fy paths of execu<on when source code is unavailable Shows instruc<ons that are actually executed in a symbolic representa<on called assembly language

31/15 Launching IDA New- Provides a standard File Open dialog box to select file to be disassembled Go- Opens IDA in an empty work space Previous- Allows user to reopen saved files from the recent list

31/15 IDA File Loading Selec<ng a file provides op<ons on how the file may be disassembled

31/15 IDA File Loading cont.. IDA selects loader op<ons best suited for dealing with the selected file Most pe32 files (executables) will provide Windows PE loader (pe.ldw) and MS- DOS EXE (dos.ldw) loader as op<ons Binary file is the default for loading files that IDA does not recognize IDA will also select the processor type needed disassemble a file, unless the file is not recognized

31/15 Loader Warnings

31/15 Loader Warnings Be aware that various messages may arise when loading files The messages may provide informa<on such as: Iden<fying addi<onal data inside of the file that can be processed Poin<ng out that files may be obfuscated and don t match standard file formats Providing op<ons on the views available to analyze files etc

31/15 IDA Database File Created when opening a new file to be analyzed Produced from result of examining an en<re execuable Makes an.idb archive containing four files name.id0 contains contents of B- tree style database, name.id1 contains flags that describe each program byte, name.nam contains index informa<on related to named program loca<ons, name.<l contains informa<on about local type defini<ons All further analysis is performed on the database file and not the actual executable

IDA Desktop. Toolbar area- contains tools corresponding to commonly used opera<ons. Overview navigator- horizontal band that presents a linear view of the address space for loaded file. Different colors represent different types of file content, such as data or code. Tabs- shows currently open data displays 31/15 1

IDA Desktop cont... Disassembly view can provide two display styles: graph and lis<ng view. Primary window for determining flow of a file. Graph view- Provides a zoomed- out snapshot of the basic graph structure. FuncMon window- List of func<ons found within file being analyzed 31/15 1

2 1 3 6 4 5 31/15 1

Other Views There are a number of other windows that are available in IDA These windows can be found under View à Open subviews Some window op<ons include Hex View- Presents hex dump of file Exports- list of func<ons that can be used by outside files Imports- list of func<ons that execute calls that are not contained in its own code Names- display all names and strings found within the executable program Structures- display the layout of any complex data structures 31/15 1

Sample Walk- Through Will reverse IDA_Intro_Example.exe to help understand IDA Pro op<ons. First open IDA Pro Free Next press OK on the following pop- up screen 31/15 1

Sample Walk- Through cont.. Open o_example.exe cify loca<on) 31/15 1

Loading file into IDA IDA has already selected how the load the file and the processor type 31/15 to use. 1

IDA Overview Navigator Loading a file ini<ally can take some <me IDA will take some type to load the en<re navigator bar Afer it has completed, click around in the navigator will take you to different parts of the disassembly Overview navigator 31/15 1

IDA Menu Bar Allows you to access any of IDA s func<ons and capabili<es Many viewing op<ons can be found under Viewà Open Subviews 31/15 1

ames window Displays a list of all global names within a binary Helps user navigate to known loca<ons where the names were used 31/15 1

trings Window Provides a lis<ng of the available strings found within the load applica<on 31/15 2

IDA Graph/Disassemble View Switching between Graph and Disassemble View can be done using the Space bar. 31/15 2

IDA Pro Quick Tips Selec<ng an instruc<on will highlight all other instruc<ons of the same type Simply click the instruc<on (Clicked call below) 31/15 2

DA Pro Quick Tips cont Click outside of the boxes and drag the mouse to move through the graphed disassemble 31/15 2

IDA Pro Quick Tips cont To view the disassembly of a func<on, double click on the func<on you would like to see To return to the previous posi<on press the Esc key. 31/15 2

IDA Pro Quick Tips cont Blocks of the graph are connected with arrows varying in color Blue- direct flow to next instruc<on Green- Branch condi<on true Red- Branch condi<on false Any of the above in bold, indicates a loop 31/15 2

IDA Pro Shortcuts Addi<onal informa<on on how to use IDA Pro can be found below: jps://www.hex- rays.com/products/ida/support/freefiles/ A_Pro_Shortcuts.pdf 31/15 2

Summary Presented the disassembly tool IDA Pro Discussed some of the important components of IDA Pro Allowed students to gain experience using the tool GUI 31/15 2

References hjps://www.hex- rays.com/products/ida/ida- execu<ve.pdf hjp://resources.infosecins<tute.com/basics- of- ida- pro- 2/ Chris Eagle. 2008. The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler. No Starch Press, San Francisco, CA, USA 31/15 2

Ques0ons 31/15 2

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback