IDA’s behavior and defaults can be configured using the Options dialog, saved desktop layouts, or config files. However, sometimes the behavior you need depends on something in the input file and can’t be covered by a single option, or you may want IDA to do something additional after the file is loaded. […]
Read MoreCross-references is one of the most useful features of IDA. For example, they allow you to see where a particular function is being called or referenced from, helping you to see how the function is used and understand its behavior better or discover potential bugs or vulnerabilities. For direct calls, IDA adds cross-references automatically, […]
Read MorePreviously, we have covered offset expressions which fit into a single instruction operand or data value. But this is not always the case, so let’s see how IDA can handle offsets which may be built out of multiple parts. 8-bit processors Although slowly dying out, the 8-bit processors — especially the venerable 8051 — […]
Read MoreImage-relative offsets are values that represent an offset from the image base of the current module (image) in memory. This means that they can be used to refer to other locations in the same module regardless of its real, final load address, and thus can be used to make the code position-independent (PIC), similarly to […]
Read MoreThis is a guest entry written by Dennis Elser from Trenchant Advanced Research Center (formerly Azimuth Security). His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. HRDevHelper HRDevHelper is a decompiler plugin that takes advantage of […]
Read MoreWhen working with big functions in the decompiler, it may be difficult to find what you need if the listing is long. While you can use cross-references to jump between uses of a variable or collapse parts of pseudocode to make it more compact, there is one simple shortcut which can make your […]
Read MoreThe IDA patfind plugin Just raw binary data at address 0x00000AC While IDA excels at extracting useful information from all sorts of binary files, it may happen that some unstructured binary files (e.g., firmwares, raw memory dumps, …) throw it off the rails, and the user needs to kickstart autoanalysis by figuring out some sort of […]
Read More
Many keyboard shortcuts have been described on this blog, but they may be difficult to retain, especially if you don’t use them every day. To remedy that, we have been publishing a cheat sheet with the most common ones. You can find it linked from our documentation page in HTML or PDF […]
Read MoreThe Hex-Rays Halloween Challenge It is almost Halloween, and this year we have decided to celebrate it with a challenge! Solve the challenge correctly, and if you’re quick enough to be within the first five, you will get an exclusive Halloween-themed IDA T-shirt. Before we continue, we would like to make you aware of some essential rules: This […]
Read MoreHex-Rays has been acquired by a consortium of investors led by Smartfin, a leading European venture capital and private equity investor, and including co-investors SFPIM and SRIW. Ilfak Guilfanov, the founder of Hex-Rays, also reinvests a substantial amount in the new structure. Over the past 10 years, Hex-Rays’ revenues have […]
Read More