Book review: The IDA PRO Book

ida_pro_book_front_coverRecently I’ve had the pleasure of reading trough “The IDA PRO Book: The Unofficial Guide to the World’s Most Popular Disassembler”. It is a well written book and definitely a “should read” for anyone working with IDA.

The book is structured into 26 chapters which cover every aspect of IDA, no matter how exotic :-). A word of caution: this book isn’t an “introduction into reverse engineering”. A prerequisite to reading it is at least some basic knowledge of the PC and the OS (things like CPU registers, memory addressing, paging, etc). For obvious reasons (like size limit – the book is already 500+ pages long) it is presumed that the reader posses this knowledge.

The chapters are well structured and can be read in a maximum of two hours by my estimation, so you could read trough the whole book in a month easily by looking at one chapter a day.

A very large percentage of what is described can be directly applied to the freeware version (4.9), and even more, the book contains a separate appendix listing the differences between the version covered in the book (5.2) and the freeware version (4.9).

An other positive aspect of the book are the warnings inserted in the correct places (when it talks about debugging malware for example), which is very important to avoid unpleasant surprises (like infecting the local network, having to rebuild your machine to ensure that it is not infected, etc).

I have very few negative things to say about the book and all of them are a matter of taste/personal preference. For example I feel that too little emphasis was put on the usage of shortcut keys and everything was presented by using the menus. Then again, shortcut keys can change from installation to installation, but the menus are always in the same place and you can easily find out the associated shortcut key. An other quibble of mine would be the usage of IDC (the built-in scripting language) despite of the existence of much better options like IDAPython (the difference between the two beeing – IMHO – wanting to kill yourself and enjoying your work IMHO :-)). Then again, IDC is directly available upon installation, while IDAPython (and its brethren) need to be installed separately (which can be difficult, especially if you are not running Windows).

So, should you buy this book? If you already have (some) RE knowledge and plan on using IDA (even if only the free version), the answer is a resounding yes. It will give you a big productivity boost, so it is definitely worth its price. Also, how can you go wrong if Ilfak say: “I wholeheartedly recommend The IDA Pro Book to all IDA Pro users” and displays it on his blog :-).

Full disclosure: the links provided contain my Amazon affiliate id so that I can give you more and more useful reviews (or at least buy myself some quality black tea :-)).

PS. You can find a sample chapter and further material on the site of the book.

, , ,

One response to “Book review: The IDA PRO Book”

  1. "A prerequisite to reading it is at least some basic knowledge of the PC and the OS (things like CPU registers, memory addressing, paging, etc). "

    Hook a brother up then 😛

Leave a Reply

Your email address will not be published. Required fields are marked *