Many processors (especially RISC based) use instruction sets with fixed size (most commonly 4 bytes). Among examples are ARM, PPC, MIPS and a few others. This is also obvious in the disassembly when observing the instructions’ addresses – they increase by a fixed amount: However, occasionally you may come across larger instructions: What is this? Does A64 […]
Read MoreThis is a guest entry written by Robert from Interrupt Labs. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. Heimdallr: Deep links into IDA Databases When reverse engineering in IDA, I find it useful to take notes on […]
Read MoreA handful of our users have already requested information regarding the Qt 5.15.2 build, that is shipped with IDA 8.3. The Qt sources used by IDA are: based on Qt 5.15.2, to which the KDE Qt5 patch collection has been added, plus a few custom patches/fixes Rebuilding Qt from source In order to obtain compatible libs, the simplest way forward […]
Read MoreWe are pleased to announce the release of IDA version 8.3! In this release, there are many new features and enhancements, including: IDA64 support for (32-bit) .idb files UX improvements IDA Teams enhancements DWARF speedup ARM64 system registers IDA Educational now includes x86/x64 decompiler, and file size limit has been lifted. IDA Home features IDA Python API improvements Golang: added support for Go […]
Read MoreWhen decompiling code without high-level metadata (especially firmware), you may observe strange-looking address expressions which do not seem to make sense. What are these and how to fix/improve the pseudocode? Because on the CPU level there is no difference between an address and a simple number, distinguishing addresses and plain numbers is a difficult task which […]
Read MoreWhen working on a binary, you often recover types used in it from many sources: creating structures manually, from data, or using decompiler; parsing header files; importing them from type libraries or debug information; However, it may happen that eventually you discover duplicates. For example, you find out that the “custom” structure you’ve been […]
Read MoreMadame de Maintenon (AKA “IDA lady”) is locked in a castle and needs help to escape. Do you think you could free her? Be careful, you might get lost or caught by vicious guardians. Traps are laid along the way, so keep your eyes open, your mind sharp, and capture the flag. Send us proof […]
Read MorePreviosuly, we’ve covered creating structures from C code using the Local Types window, however this may be not very convenient when you have complex types with many dependencies (especially of scattered over several fiels or depending on preprocessor defines). In such case it may be nore convenient to parse the original header file(s) on […]
Read MoreAre you ready for an immersive experience in the world of cybersecurity and reverse engineering? Hex-Rays, a leading provider of cutting-edge software analysis tools, is excited to announce an exclusive giveaway for 2 lucky IDA users. We are offering you the opportunity to win two free tickets to the highly anticipated TyphoonCon 2023 event! TyphoonCon […]
Read MoreWhile IDA comes with a rich set of type libraries for Windows API, they don’t cover the whole set of types used in Windows. Our libraries are based on the official Windows SDK/DDK headers, which tend to only include public, stable information which is common to multiple Windows versions. A new Windows build may […]
Read More