IDA Pro, the “interactive disassembler,” is the most popular disassembler around--and not without good reason. It combines a powerful, static disassembler with the advantages of an interactive debugger. As a disassembler, IDA Pro can explore binary programs for which source code isn’t always available and map their path of execution. A disassembler shows the instructions that are executed by the processor in a symbolic representation called assembly language.

One important use case for reverse engineering is malware analysis. But hostile code is often armored and obfuscated, in order to mislead disassemblers and thwart analysis attempts. This is where IDA Pro’s debugger comes into play. It complements the disassembler’s capabilities by allowing it to step through the code being investigated, often bypassing obfuscation.

IDA Pro is a great tool not only for malware analysis, but also for vulnerability research. If you want to find out why software breaks, it can be of great help. Its extendable nature allows for scripting and plug-ins. For example, there are plug-ins that try to decompile rather than disassemble the target, providing the analyst with a higher-level result, close to the original source code of an application rather than cryptic assembly code.

This book is truly “the unofficial guide to the world’s most popular disassembler.” It doesn’t repeat the IDA Pro documentation and it doesn’t claim to. Instead, it explains how to use IDA; in this, it succeeds. The author illustrates the power of IDA using plenty of insightful discussions and examples. Apart from being a great source of information and ideas on how to leverage IDA’s power, the writing is also particularly solid, with few or no errors, which is a notable exception to many technical books published nowadays.

The book targets a large audience, from novice to professional. The author clearly indicates the chapters that may be skipped and those that may be interesting to a particular audience. This is a noteworthy difference from other books that leave the reader guessing.

If a little bit of criticism is allowed, it would be that the author sometimes omits information about topics he touches briefly, presumably to keep a clear focus on IDA Pro. This is understandable and generally a good idea. In some cases, however, a few additional lines could help the audience remain focused on the book, instead of having to look up information that is not explained in enough detail. In one of the beginner-level chapters, for example, the author describes the transformation from source code to compiled program, in order to bring out why a perfect decompiler cannot exist. While this is explained in detail, the word “linker” suddenly pops up. It is not described and leaves the (presumably novice) reader unenlightened. Another example, in the same chapter, is the summary of first-, second-, and third-generation programming languages. Fourth-generation languages (4GL) are mentioned as well, but somewhat along these lines: “They exist but won’t be tackled in this book.” In one or two lines, the author could have provided readers with a basic description of 4GL, instead of leaving them to wonder about it. Of course, one can easily dig up the information on Wikipedia, but that is not the point of having a printed book for offline reading.

Overall, this book is a must read for anyone interested in using IDA Pro to the max.