Reverse Engineering with IDA (3 days)

The goal of this course is to provide a quick but solid introduction to software reverse engineering goals, techniques and tools. For 2012, the training has been updated to be more dynamic and to better cover modern programs, recent worms, and new IDA features.

Target Audience:

The course is designed for IT Security Engineers, Security Software Developers, Researchers, Forensic Specialists, Virus Analysts, Software Validators.



This training will demonstrate the use of IDA to analyze binary programs on modern operating systems. While the training will be mainly focused on Microsoft Windows programs, the skills taught are universal and usable on other IDA supported platform.

The following topics will be covered:

Course Outline:

IDA overview
Common executable file features

IDA features
Memory organization
Type system
IDS files

Working with IDA
Creating the database: various information sources
Various views of the database
Modifying the listing
Patching the program
With all this information, how do I start my analysis?

Working with high level data
Enumerations and bitfields

Advanced operations
Bulk operations
Special structure types
Function prototypes
Processor specific issues

Code obfuscation
Overview of obfuscation techniques
Exercises with several real-world sample files