Some functions in programs do not return to caller: well-known examples include C runtime functions like exit(), abort(), assert() but also many others. Modern compilers can exploit this knowledge to optimize the code better: for example, the code which would normally follow such a function call does not need to be generated which decreases the […]
Read MoreWhen dealing with structure instances in disassembly, sometimes you may want to change how IDA displays them, but how to do it is not always obvious. Let’s have a look at some examples. Win32 section headers Let’s say you have loaded the PE file header using manual load, or found an embedded PE file in your […]
Read MoreThe gooMBA plugin, as well as this blog post, was written by our intern Garrett Gu. You can view the plugin source on GitHub. gooMBA is maintained by Hex-Rays, and will be incorporated in the next IDA release. Hands-Free Binary Deobfuscation with gooMBA At Hex-Rays SA, we are constantly looking for ways to improve […]
Read MoreService Pack 1 (SP1) for IDA 8.2 is now available. This is primarily a bugfix release. How to request the new versions All new versions are free for users with an active support plan. Please use the “Help > Check for free update” menu item in IDA. It is also possible to configure automatic checks of new […]
Read MoreAlthough IDA was initially created for interactive usage and tries to automate as much of the tedious parts of RE as possible, it still cannot do everything for you and doing the still necessary work manually can take a long time. To alleviate this, IDA ships with IDC and IDAPython scripting engines, which can be […]
Read MoreThis is a guest entry written by Joxean Koret from Activision. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. Diaphora: The most advanced Free and Open Source Binary Diffing Tool Diaphora is an Open Source IDA plugin […]
Read MoreWhen disassembling, you are probably more interested in seeing the code (disassembly or pseudocode) rather than the raw file data, but there may be times you need to see what actually lies behind the instructions. One option is to use the Hex View, possibly docked and synchronized with IDA View. But probably a simpler solution is […]
Read MoreTo save on analysis time and database size, by default IDA only tries to load relevant parts of the binary (e.g. those that are expected or known to contain code). However, there may be cases when you want to see more, or even everything the binary contains. You can always load the file as plain […]
Read MoreA handful of our users have already requested information regarding the Qt 5.15.2 build, that is shipped with IDA 8.2. The Qt sources used by IDA are: based on Qt 5.15.2, to which the KDE Qt5 patch collection has been added, plus a few custom patches/fixes Rebuilding Qt from source In order to obtain compatible libs, the simplest way forward […]
Read MoreWhen performing a search in IDA, it by default starts from the current position and continues up to the maximum address in the database (or to the minimal for searches “Up”). This works well enough for small to average files, but can get pretty slow for big ones, or especially in case of debugging […]
Read More