Reverse Engineering Code with IDA Pro [Paperback]

This is my second attempt at reviewing the book I helped write, Amazon continues to censor me probably because my encouragement is not to buy this book (after dealing with syngress, I wouldn't advise buying anything that comes from them). I don't know how to say this other than I apologize to everyone who purchased this book, it really was supposed to be much more. However the corporate world being what it is, it was rushed from deadline to deadline without any regard for quality, the editors actually introduced errors, many of the diagrams are unreadable and theres parts of the book just flat out missing. DO NOT BUY.

I agree with the other reviewer [Wuping Xin] that the authors (the original ones, not the one presented NOW) are very knowledgable, but if we have to speak about the book itself and forget about the authors -which of course are authoritative- I think it falls short. Let me explain.

What's the target audience here? Should the reader be comfortable with IA32 instructions? Because the book tries to explain something about assembly, but it is so short that I don't even understand why filling a few pages with that. Also, the book does many assumptions about what the reader should know, how the IDA screen will look like (if you download the free version and do EXACTLY as they say, you won't have the same on the screen), etc.
And finally, there is information in the index of a chapter, but the pages are not there! It is not a problem of my book, it is a problem of the edition itself!

Chapter 1: Introduction - Five pages. Two screenshots of IDA and about' 300 words. In my opinion, even the introduction fell short. Absolutely nothing to learn here. Just two screenshots of IDA.

Chapter 2: Assembly and RevEng Basics >> 27 pages of what? 27 pages that if you are a beginner (who does not know anything about ASM) better not to read it because you will really want to run away ASM. If you have an intermediate level, you won't believe the assumptions that the author of this part made. It's like trying to compress the Britannica in 4 pages. Come on, it's much better to point the reader to a good ASM book or webpage. Trying to do a "complete" book that packs everything needed inside, is a fantasy.
In other words, this "Assembly Basics" chapter is not targeting any reader. No reader will benefit from that, and if I'm wrong, I would love to know.

Chapter 3: PE and ELF Formats >> Can you imagine something more boring to start with? Imaging trying to learn something that is fun and long. OK, now imagine starting from the most boring parts. Hey! A book is not a blog where you just drop unsorted info. It is a book. The authors and editor should take care of the order and to choose the best material for it. I can't believe that a reader who wants to learn RevEng with IDA Pro should read all this before going to the good staff.

Chapter 4: Walktroughs One and Two >> Now this chapter is really funny. The page 67 (Chapter 4) claims to have this items:
Understanding Execution Flow, Tracing Functions, Recovering Hard Coded Password, Finding Vulnerable Functions, Backtracing Execution, Crafting a Buffer Overflow.
The problem is that the editors (Syngress) forgot to include the latest three. Yes, exactly as you hear it: the editors forgot to place those pages on the book. What to listen again? The book says it has ABCDEF but when you open it, it has only ABC. If you have it on your hands, go to page 67 check it by yourself.

So because those "vanished chapters" were very interesting for me, I mailed the customercare of syngress three times: May 21, June 03, and June 10. No reponses from them.
Syngress does not seem to care a lot because they did not even reply to my emails.

In one line, the book falls very short on everything. You won't learn IDA from here. The samples are not EXACTLY as you will get on your screen. There are parts of the book that do not exist, and the authors do many assumptions. If you want to learn about the subject, I suggest you going with: [Advanced Windows Debugging - Mario Hewardt] and [Reversing: Secrets of Reverse Engineering - Eldad Eilam].

Good luck with your RevEng quest, and if you become a master, join the good guys! :) (And write good books) :)

>> Update on 15/Sept/2008 <<
It is funny that now Syngress has changed the names of the authors :) The original authors of this book simply vanished and now we have THE SAME BOOK "written" by Chris Paget which nobody knows, while in Amazon UK you have again THE SAME BOOK written by Joshua Pennel!!! :)

It is obvious that Syngress is teasing us. Why are they changing the authors? It is AMAZING. I want my money BACK but they refused to reply my emails!

Others have already done this book justice, but let me just go ahead and echo that this book is a big disappointment. It was bad enough that I returned my copy, which I have only ever done one other time to my recollection.

Most of this book is just filler stuff, it seems like every page was written with the sole purpose of trying to add fluff so that the book was long enough that it looked like it contained substance. Do we really need half a page to print a table that does nothing but list every possible form a MOV instruction can take?

Later in the book, you read entire chapters and at the end of the chapter you reflect on the contents, and realize you've learned nothing. What's worse, you realize the book HAS SAID NOTHING.

The comments about the source code and the publisher are accurate as well. For heaven's sake, the book was published FOUR MONTHS AGO, and already the repository for the book's source and binaries has disappeared?! Come on, this is unacceptable. Every time the book dedicates an entire chapter to disassembling a binary, you have to pretty much skip the entire chapter, because the binary isn't available for you to disassemble. You can't follow along.

Not that it would have helped much anyway. In one example you try to disassemble and debug a version of the common netcat utility that has a vulnerability. The binary and source are available for download from a publi website. So you download it and start following the book, and nothing matches up. It's totally different, even though this is a public download! Why? Because there's no symbols available in the public download, and the one in the book was reversed with symbols. So now you have to build your own copy of it, but now the generated code is different because you're not using the same compiler, so you STILL can't follow along. Furthermore, the very first step in the walkthrough of finding this bug in the book says "The bug is in the SessionWriteShellThreadFn function, so we will start there". WOW THAT WAS SO OBVIOUS! I'm sure glad 80% of the problem came pre-solved so that we could get right down to the fluff and skip the actual learning part.