The Beginner's Guide to IDAPython
$24.99
Minimum price
$34.99
Suggested price

The Beginner's Guide to IDAPython

About the Book

Hello!

This is a book about IDAPython.

I originally wrote it as a reference for myself - I wanted a place to go to where I could find examples of functions that I commonly use (and forget) in IDAPython. Since I started this bookI have used it many times as a quick reference to understand syntax or see an example of some code - if you follow my blog you may notice a few familiar faces – lots of scripts that I cover here are result of sophomoric experiments that I documented online.

Over the years I have received numerous emails asking what is the best guide for learning IDAPython. Usually I will point them to to Ero Carrera's Introduction to IDAPython or the example scripts in the IDAPython's public repo. They are excellent sources for learning but they don't cover some common issues that I have come across. I wanted to create a book that covers these issues.I feel this book will be of value for anyone learning IDAPython or wanting a quick reference for examples and snippets. Being an e-book it will not be a static document and I plan on updating it in the future on regular basis.

The above snippet is from the Introduction of the The Beginner's Guide to IDAPython. I wrote this book in my spare time. It has been rewritten to cover changes made with the release of IDA 7.

Updates

Version 1.0

  • Published

Version 2.0

  • Table of Contents and closing added

Version 3.0

  • Grammar fixes provided by Russell V. and added an example of renaming operands.

Version 4.0

  • Support for IDAPython 7.0

Version 4.1

  • Bug fixes provided by Minh-Triet Pham Tran @MinhTrietPT

Version 5.0 

  • Converted format from Markdown to Microsoft Word.
  • Yara chapter added
  • Coloring chapter added
  • Structure chapter added
  • Enumerated Types chapter added
  • What’s next chapter added
  • Fixed bug found by @qmemcpy
  • Added MakeFunction as requested by Minh-Triet Pham Tran

Version 6.0

  • Support for IDAPython 7.4 and Python 3.
  • Extracting Function Arguments chapter added
  • Basic Blocks chapter added
  • PyQt chapter added
  • Unicorn Engine chapter added

 Version 7.0

  • Layout improvements, function updates and bug fixes.
  • Rewrote basic blocks chapter
  • Persistent storage chapter added

About the Author

Alexander Hanel
Alexander Hanel

I work as a reverse engineer and malware analyst. I enjoy coding, reverse engineering, data analysis and a bunch of outdoor activities. I live in Boulder, Colorado. For more information about my work you can check out my blog or my code repository.

Table of Contents

Introduction 1

Updates 2

Intended Audience & Disclaimer 3

Conventions 3

IDAPython Background 5

Old vs New 5

Python-x86_64 Issues 6

The Basics 7

Segments 9

Functions 10

Extracting Function Arguments 17

Instructions 18

Operands 22

Basic Blocks 27

Structures 30

Enumerated Types 35

Xrefs 38

Searching 44

Selecting Data 51

Comments & Renaming 52

Persistent Storage for IDBs 60

Coloring 65

Accessing Raw Data 67

Patching 69

Input and Output 71

PyQt 74

Batch File Generation 77

Executing Scripts 79

Yara 81

Unicorn Engine 87

What’s Next? 99

Closing 100

Appendix 101

PeFile 101

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earnedover $13 millionwriting, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub

Publish Early, Publish Often

  • Path
  • There are many paths, but the one you're on right now on Leanpub is...
  • › Idapython-book

*   *   *

Leanpub is copyright © 2010-2024 Ruboss Technology Corp.
All rights reserved.

This site is protected by reCAPTCHA
and the Google Privacy Policy and Terms of Service apply.