Product Overview - News - Support - Downloads - Sales - Processors - Technology - Links - Contacts

Training and Seminars

 

Due to numerous requests, we will organize two more classes in December 2008:

The tranining will have the theoretical and practical parts. After each section of the theoretical material, there will be hands-on exercises for deep understanding of the learned concepts and methods.

The training will be held at the Ramada Plaza Hotel, Liege, Belgium.

Please mention Hex-Rays IDA Pro training when booking your room to get the preferential rate of 85 EUR per night (parking and breakfast included).

The cost:

  • 2999 EUR (4260 USD) standard training
  • 1999 EUR (2840 USD) advanced training

This includes: the class fee, the training handbook and DVD, lunch and coffee breaks.

The order form is available here: and

You will get a 10% discount if you order before 16 October 2008.

Requirements:

  • An IDA license with active support period. There is no need to bring your copy of IDA with you, we will provide you with the latest version at the class. The package will include a free time-limited copy of the decompiler.
  • Please bring your laptop with you. For the programming class, we will ask you to have a compiler installed (Visual Studio or Borland compilers are preferred).

Standard IDA Pro training (3 days)

IDA Pro - the binary software analysis tool

Who should attend: Security Engineers, Security Software Developers, Researchers, Forensic Specialists, Virus Analysts, Software Validators

Prerequisites: in depth x86 assembly knowledge, basics MS Windows API, basic programming skills in any procedural programming languages (C/C++ is preferred)

This training will show how to use IDA Pro to analyze binary programs of modern operating systems. While the training will be mainly focused on programs running under MS Windows, the acquired methods and principles are universal: they can be used on any other platform as well.

Diverse topics will be covered during the training, including the following:

  • Introduction to binary representation of modern programs
  • IDA Pro architecture, its database and modules
  • Binary program analysis in IDA Pro: where to begin, how to proceed toward the goal
  • Problems encountered during analysis and how to handle them
  • Built-in debugger and its capabilities
  • High level data representation and data abstraction in IDA Pro
    (structures, enumerations, arrays)
  • The type system: powerful yet underestimated part of IDA Pro
  • Automating IDA Pro: batch processing, scripts, plugins
  • Introduction to decompilation

It also includes several IDA Pro demos using real-world programs:

  • analysis of a malware from scratch (unpack, unobfuscate, reveal the logic)
  • code audit of an unknown executable file
    (audit levels ranging from string analysis to deep function analysis)

The training material has been updated to cover the latest additions to IDA Pro.
We will discuss and work with the features planned for the upcoming releases.

Programming for IDA Pro (2 days)

IDA Pro - extending and building upon it

Who should attend: Security Engineers, Security Software Developers, Researchers, Forensic Specialists, Virus Analysts, Software Validators

Prerequisites: IDA Pro user skills, programming skills in C/C++ languages

This training is intended for experienced IDA Pro users who want to take advantage of its open architecture by extending and improving it. You will learn how to write modules to modify the listing, react to events, decrypt/uncompress data right in the database, and many other things. After the course you will have solid understanding of its concepts, classes, and programming interface.

We will implement a few useful plugins. Be prepared to program a lot in this training!

C/C++ programming skills as well as solid reverse engineering experience are required.

  • IDA Pro architecture overview
    • Modules
    • Memory representation
    • Database organization
  • SDK
    • Setting up
    • Processor module framework
    • Loader framework
    • Plugin framework
    • How to debug custom modules
  • IDA Pro subsystems
    • Utils: i/o, custom stl, regex, misc
    • Database: netnodes and flags
    • Foundations: bytes, names, offsets, etc
    • Address range class: segments and functions
    • Accessing and using IDC
    • Cross-references
    • Functions
    • Events
    • Type information
    • Structures and enums
    • Debugger
    • User interface
    • Graphing
    • Decompiler framework
  • Plugin programming
    • General guidelines
    • Plugin samples/exercises
      • Colorizer
      • Object extractor
      • Debugger helper
      • Type information
      • Graph plugin
      • Processor extension
      • Reaction to events

Order forms

The order forms are available in two formats:

Product Overview - News - Support - Downloads - Sales - Processors - Technology - Links - Contacts
Hex-Rays cour Saint Remy 10g, 4000 Liège (Belgium) tel 32-4-222-4300 fax 32-4-222-6500 Please send us your questions or comments.