Hex Rays - State-of-the-art binary code analysis solutions

Background

The history of Hex-Rays is closely connected to that of our flagship product, IDA Pro.

In the early 1990's, DOS was the most popular OS for PCs which were majorly 8086 with occasional 80286 (80386 was still very expensive). Typical PC had at most 1MB of RAM leaving little space for intensive tasks. However, software development industry was growing quickly and there was a need for debugging and diagnostic tools. Aside from debuggers, disassemblers were mostly batch based (non-interactive). The most popular (and expensive) one was Sourcer by V Communications. It had limited interactivity in that it accepted a "definition file" with a list of starting disassembly points, possible function names and segmentation info. After each change to the definition file the disassembly of the whole file had to be redone from scratch which could take a long time on the machines available at the time. Most of the runtime data was kept in memory (at most 640KB in DOS) so it could fail on big files.

There were some debuggers which could be used for disassembly but they did not really offer RE features such as custom names or comments so deep RE was often done in a text editor or by marking up printouts.

IDA (Interactive Disassembler) offered a new paradigm. It could disassemble a file piece by piece, loading only the fragment which the user was looking at, and did not need to load the whole file into memory. Renaming and commenting was done "just in time" instead of redoing the whole disassembly on every change. The database saved all changes so the work could be performed incrementally over time. However, it took time for this approach to be appreciated by the users.

The complete timeline

Late 1990

development starts
(one of the core source files mentions being created on 25-Oct-1990)

1991

IDA 0.1 (The program banner says "May 20" but it seems the actual release happened a day later)

Archive

ida01.zip

  Length     Date   Time    Name
 --------    ----   ----    ----
    24708  18-02-91 18:55   COMPRESS.EXE
    11451  21-05-91 22:21   COMTYPES.DOC
    76048  21-05-91 22:24   IDA.EXE
    57344  21-05-91 22:23   IDA.INT
     3581  06-05-91 17:36   IDAE.DOC
     3795  06-05-91 16:22   IDAR.DOC
     5976  27-05-91 18:17   README
    25080  18-02-91 19:07   REPAIR.EXE
 --------                   -------
   207983                   8 files

May 22: Windows 3.0 released by Microsoft Microsoft logo

September 17: Linux release announcement by Linus Torvalds Linux logo

1993

IDA 1.8 (16/09/93)

Turbo Vision instead of custom UI

1994

IDA 2.0

IDC scripting language added
start of shareware distribution (mainly via FidoNet and BBS, some FTPs)
support for additional processors (8080, 8085, Z80)
support for the NE file format (16-bit Windows and later OS/2)

1994

"Reverse Compilation Techniques" thesis by Cristina Cifuentes, dcc decompiler

1995

August 15: Windows 95 released Microsoft Windows 95 logo

1996

IDA 3.6

FLIRT Standard Run-time Library Recognition
Win32 console version

DataRescue starts distributing IDA in Europe
CSO starts distributing IDA in North America

1999

IDA 3.84 (07/03/99)

Plugins support added in the SDK

IDA 4.0 (21/09/99)

Windows GUI version (text mode listing only). First appearance of now-classic IDA icon.

2000

IDA 4.10 (19/06/2000)

Type System (standard function prototypes)
PIT (parameter identification and tracking)

2001

IDA 4.17 (22/03/2001)

Graphs and flowcharts using Wingraph

experiments with microcode

2002

April: Boomerang decompiler development starts http://boomerang.sourceforge.net/2004.php
June: Desquirr decompiler plug-in released http://desquirr.sourceforge.net/

2003

January: user-contributed Windows PE debugger plugin (Idbg)

IDA 4.5 (12/02/03)

Integrated debugger

IDA 4.6 (27/10/03)

64-bit address space support; AMD64 disassembly

May: first decompiler results on a real life trojan http://www.datarescue.com/laboratory/vd2.htm

2004

IDA 4.7 (30/08/04)

support for fragmented (chunked) functions
Linux console version
remote cross-patform debugging

IDAPython 0.5.0 (07/08/04) released by Gergely Erdelyi

September: IDAPython presented at the Virus Bulletin conference

2005

IDA 4.8 (15/03/05)

64-bit remote debugger

Hex-Rays SA is registered.
Ilfak starts posting on hexblog.com
December 14: WMF vulnerability zero day attack
December 31: Ilfak's unofficial vulnerability hotfix becomes very popular

2006

IDA 5.0 (03/06)

the built-in graph view

2007

IDA 5.1

Intel Mac OS X debugger
Simplex based stack pointer analysis /blog/simplex-method-in-ida-pro

Hex-Rays decompiler beta testing opens (11/05/07)
Hex-Rays Decompiler 1.0 (17/09/07) released
Hex-Rays Decompiler SDK (25/10/07) released

August 8: www.hex-rays.com opens

2008

January 1: Hex-Rays SA takes over development of IDA

IDA 5.3

Multithreaded debugging
iPhone, Symbian debuggers

IDAPython 1.0.0 released

development moves to Google Code

2009

IDA 5.4

Bochs, GDB, WinDbg debuggers
IDAPython included with IDA

IDA 5.5

dockable windows
arrival of the now classsic IDA layout with the functions list to the left of disassembly

IDA 5.6

IDAPython support for Linux and Mac
64-bit Linux and Mac debuggers
ARM Linux remote debugger
Appcall feature

2010

IDA 5.7

Scripted plugins and processor modules
ARM decompiler

IDA 6.0

cross-platform Qt based GUI version for Windows, Linux & Mac

2011

Bug bounty program opens. First submissions and fixes for 6.0 and 5.7

2012

IDA 6.3

source-level debugging

2013

IDA 6.4

ARM64 disassembly

2014

IDA 6.6

x64 decompiler

IDA 6.7

Python bindings for the decompiler SDK

2015

IDA 6.9

ARM64 decompiler
ARM64 Android debugger

2016

IDA 6.95

iPhone debugger using official Apple debugserver
PPC decompiler

2017

IDA 7.0

IDA is a native 64-bit executable for all platforms

2018

IDA 7.1

decompiler microcode API opened

IDA 7.2

Lumina function database

2019

IDA 7.3

PPC64 decompiler
UNDO feature

IDA 7.4

Python 3 support

2020

IDA 7.5

folder views
MIPS decompiler

2021

IDA 7.6

native ARM64 macOS build

2022

IDA 7.7

MIPS64 decompiler

IDA 8.0

Multi-user collaboration (IDA Teams)

IDA 8.1

Private Lumina

2023

IDA 8.3

IDA64 .idb support

Our journey

Background

The complete timeline