Practical IDA Pro Python Scripting

VIRTUAL 16 CPE HOURS TRAINING: FEBRUARY 2023

Robin David

Class Details

IDA Pro is one of the most used disassembler and reverse-engineering tools. While it is now challenged by other competitors, it is still one of the most fast and accurate, and its Python is largely underrated. This training aims at demystifying the Python API providing trainees the keys to help them automate their reversing tasks and subsquently their reversing efficiency.

This course will provide a quick walkthrough in IDA's interface functionalities and then shift to the counterpart in the Python API. It will cover the most useful static and dynamic API capabilities through many practical hands-on.

At the end of the training one shall be able to perform any static tasks in a given binary, from searching particular code construct, to applying automatically types or scripting a debugging session from end-to-end. The trainee will be autonomously starting to write their plugins for their own purposes.

Course Objectives

  • Getting keys and tips to solve most reverse issues thanks to scripting
  • Speeding-up reverse by automating repetitive (or cumbersome) tasks
  • Getting familiar with IDA's plugin ecosystem
  • Avoiding some pain and struggles of using the API

Course Topics

IDA Introduction

  • IDA walkthrough: views, menus, shortcuts
  • IDAPython primer
  • Python modules

Static Analysis

  • Memory layout: code, data, linear scanning, segmentation
  • Control Flow Navigation: function, chunks, basic block, instructions
  • Cross-references
  • Data structures: array, structures, enums, stack frame
  • Type management: Type Information Library (TIL), idaclang

Dynamic Analysis

  • Debugging, breakpoints, groups
  • Process, threads handling
  • Runtime, reading, patching
  • Trace generation

Extending IDA

  • Loaders
  • Processors
  • Plugins
  • UI integration

This training aims at helping you solve your reverse-engineering tasks! A dedicated time will be allocated to work on such topics. Participants are encouraged to come with their use-case (if applicable). This will be the occasion to directly put into practice what you have just learned.

Who Should Attend

Reverse engineers, or any security researcher willing to level-up in IDA Pro scripting and willing to leverage all functionalities provided by IDA to make their life easier during reversing.

Prerequisites & System Requirements

  • IDA Pro or IDA Home >7.5 (preferably x86-64) with Python 3.X. (no need for decompilers)
  • Comfortable with the Python language
  • Knowledgeable with QT Python API (PyQt) would be nice (but not mandatory)