Disassemblers Books

IDA Pro is a tool that I always tentatively held at arms length. The magnitude of its complexity and lack of accessible documentation (in the form of vague web tutorials, advanced technical docs that were over my head, and half-remembered bits of advice) kept me from fully embracing this useful tool. Chris Eagle's book is the book I wish I had years ago.

The IDA Pro Book is the first book you should read if you are interested in IDA Pro, or disassembly and reverse engineering in general. It is also a book that intermediate and expert IDA Pro users can learn something new from as well.

The book focuses on IDA Pro, while delving into other related topics (assembly, binary formats, variations between compilers, etc.) to give the reader a general understanding but not so much as to be distracting. There is little fluff material, but plenty of concise, practical examples and scenarios.

As much as I enjoyed The Shellcoder's Handbook and Reversing: Secrets of Reverse Engineering, I would say reading The IDA Pro Book first would be an excellent primer.

I was able to pick up a pre-released copy of The IDA Pro book at Defcon in the vendor area, thanks to Adam from No Starch. This book is not an introduction to reverse engineering, its a hard core manual for IDA Pro. IDA Pro is a critical weapon in any reverser's arsenal, so proficiency in this tool is paramount to your success in reverse engineering. If you are new to IDA Pro you need this book, even if you've been working with IDA for a while you will more than likely learn quite a few things after reading it. Unlike the two other books I've read on IDA Pro this book has no fluff or filler, its solid information! The funny thing when comparing it to the other two IDA books is its thicker than both combined, and contains an exponentially larger amount of information.

The author takes time to explain things in a very clear manner as you walk through from an introduction to the tool to more advanced usage such as customizing, extending IDA, debugging, and dealing with obfuscated code. The author answered questions I had been spent weeks asking and searching the Internet for.


Likes:

Just about everything. The author walks you through plenty of code and discusses scenarios where you could apply the information he is giving you. The fact that he took his time to elaborate on why, and when you might use a piece of information is unlike many authors whom will give you information and leave the reader wondering "What would I use that for".

This book does not just talk about Win32 and Portable Executable format, ELF binaries have a continual guest appearance throughout the book, and firmware/binaries are mentioned in numerous chapters.

Side bar elaboration is kept to a minimum, I often find in texts that an author will go on about background information that does not add anything significant to what I am reading. Chris Eagle keeps this to a minimum adding small side bars when necessary but only take up a small amount of real estate.


Dislikes

My only dislike of this book was the use of PE format as the example in chapter 18 - Binary Files and Ida Loader modules. Despite the use of a well known format chosen for this example the concepts were clearly displayed. I think it would have made it more interesting if the author had used a lesser known format, or do as the author of "Reversing, Secrets of Reverse Engineers" did and create his own binary.

many other stated poor written. reversing is better choice even though focus on debugger. do not buy save money.

This is my second attempt at reviewing the book I helped write, Amazon continues to censor me probably because my encouragement is not to buy this book (after dealing with syngress, I wouldn't advise buying anything that comes from them). I don't know how to say this other than I apologize to everyone who purchased this book, it really was supposed to be much more. However the corporate world being what it is, it was rushed from deadline to deadline without any regard for quality, the editors actually introduced errors, many of the diagrams are unreadable and theres parts of the book just flat out missing. DO NOT BUY.

Others have already done this book justice, but let me just go ahead and echo that this book is a big disappointment. It was bad enough that I returned my copy, which I have only ever done one other time to my recollection.

Most of this book is just filler stuff, it seems like every page was written with the sole purpose of trying to add fluff so that the book was long enough that it looked like it contained substance. Do we really need half a page to print a table that does nothing but list every possible form a MOV instruction can take?

Later in the book, you read entire chapters and at the end of the chapter you reflect on the contents, and realize you've learned nothing. What's worse, you realize the book HAS SAID NOTHING.

The comments about the source code and the publisher are accurate as well. For heaven's sake, the book was published FOUR MONTHS AGO, and already the repository for the book's source and binaries has disappeared?! Come on, this is unacceptable. Every time the book dedicates an entire chapter to disassembling a binary, you have to pretty much skip the entire chapter, because the binary isn't available for you to disassemble. You can't follow along.

Not that it would have helped much anyway. In one example you try to disassemble and debug a version of the common netcat utility that has a vulnerability. The binary and source are available for download from a publi website. So you download it and start following the book, and nothing matches up. It's totally different, even though this is a public download! Why? Because there's no symbols available in the public download, and the one in the book was reversed with symbols. So now you have to build your own copy of it, but now the generated code is different because you're not using the same compiler, so you STILL can't follow along. Furthermore, the very first step in the walkthrough of finding this bug in the book says "The bug is in the SessionWriteShellThreadFn function, so we will start there". WOW THAT WAS SO OBVIOUS! I'm sure glad 80% of the problem came pre-solved so that we could get right down to the fluff and skip the actual learning part.

I agree with the former reviewer. The book is boring and useless. It has chapter only for increasing the pages of the book. It isn't possible to get the code for the examples form the companion web site because that site is not accesible. I can't register the book in that site, and this should be the previous step to get the code.

I agree with the other reviewer [Wuping Xin] that the authors (the original ones, not the one presented NOW) are very knowledgable, but if we have to speak about the book itself and forget about the authors -which of course are authoritative- I think it falls short. Let me explain.

What's the target audience here? Should the reader be comfortable with IA32 instructions? Because the book tries to explain something about assembly, but it is so short that I don't even understand why filling a few pages with that. Also, the book does many assumptions about what the reader should know, how the IDA screen will look like (if you download the free version and do EXACTLY as they say, you won't have the same on the screen), etc.
And finally, there is information in the index of a chapter, but the pages are not there! It is not a problem of my book, it is a problem of the edition itself!

Chapter 1: Introduction - Five pages. Two screenshots of IDA and about 300 words. In my opinion, even the introduction fell short. Absolutely nothing to learn here. Just two screenshots of IDA.

Chapter 2: Assembly and RevEng Basics >> 27 pages of what? 27 pages that if you are a beginner (who does not know anything about ASM) better not to read it because you will really want to run away ASM. If you have an intermediate level, you won't believe the assumptions that the author of this part made. It's like trying to compress the Britannica in 4 pages. Come on, it's much better to point the reader to a good ASM book or webpage. Trying to do a "complete" book that packs everything needed inside, is a fantasy.
In other words, this "Assembly Basics" chapter is not targeting any reader. No reader will benefit from that, and if I'm wrong, I would love to know.

Chapter 3: PE and ELF Formats >> Can you imagine something more boring to start with? Imaging trying to learn something that is fun and long. OK, now imagine starting from the most boring parts. Hey! A book is not a blog where you just drop unsorted info. It is a book. The authors and editor should take care of the order and to choose the best material for it. I can't believe that a reader who wants to learn RevEng with IDA Pro should read all this before going to the good staff.

Chapter 4: Walktroughs One and Two >> Now this chapter is really funny. The page 67 (Chapter 4) claims to have this items:
Understanding Execution Flow, Tracing Functions, Recovering Hard Coded Password, Finding Vulnerable Functions, Backtracing Execution, Crafting a Buffer Overflow.
The problem is that the editors (Syngress) forgot to include the latest three. Yes, exactly as you hear it: the editors forgot to place those pages on the book. What to listen again? The book says it has ABCDEF but when you open it, it has only ABC. If you have it on your hands, go to page 67 check it by yourself.

So because those "vanished chapters" were very interesting for me, I mailed the customercare of syngress three times: May 21, June 03, and June 10. No reponses from them.
Syngress does not seem to care a lot because they did not even reply to my emails.

In one line, the book falls very short on everything. You won't learn IDA from here. The samples are not EXACTLY as you will get on your screen. There are parts of the book that do not exist, and the authors do many assumptions. If you want to learn about the subject, I suggest you going with: [Advanced Windows Debugging - Mario Hewardt] and [Reversing: Secrets of Reverse Engineering - Eldad Eilam].

Good luck with your RevEng quest, and if you become a master, join the good guys! :) (And write good books) :)


>> Update on 15/Sept/2008 <<
It is funny that now Syngress has changed the names of the authors :) The original authors of this book simply vanished and now we have THE SAME BOOK "written" by Chris Paget which nobody knows, while in Amazon UK you have again THE SAME BOOK written by Joshua Pennel!!! :)

It is obvious that Syngress is teasing us. Why are they changing the authors? It is AMAZING. I want my money BACK but they refused to reply my emails!