When decompiling code without high-level metadata (especially firmware), you may observe strange-looking address expressions which do not seem to make sense. What are these and how to fix/improve the pseudocode? Because on the CPU level there is no difference between an address and a simple number, distinguishing addresses and plain numbers is a difficult task which […]
Read MoreWhen working on a binary, you often recover types used in it from many sources: creating structures manually, from data, or using decompiler; parsing header files; importing them from type libraries or debug information; However, it may happen that eventually you discover duplicates. For example, you find out that the “custom” structure you’ve been […]
Read MoreMadame de Maintenon (AKA “IDA lady”) is locked in a castle and needs help to escape. Do you think you could free her? Be careful, you might get lost or caught by vicious guardians. Traps are laid along the way, so keep your eyes open, your mind sharp, and capture the flag. Send us proof […]
Read MorePreviosuly, we’ve covered creating structures from C code using the Local Types window, however this may be not very convenient when you have complex types with many dependencies (especially of scattered over several fiels or depending on preprocessor defines). In such case it may be nore convenient to parse the original header file(s) on […]
Read MoreAre you ready for an immersive experience in the world of cybersecurity and reverse engineering? Hex-Rays, a leading provider of cutting-edge software analysis tools, is excited to announce an exclusive giveaway for 2 lucky IDA users. We are offering you the opportunity to win two free tickets to the highly anticipated TyphoonCon 2023 event! TyphoonCon […]
Read MoreWhile IDA comes with a rich set of type libraries for Windows API, they don’t cover the whole set of types used in Windows. Our libraries are based on the official Windows SDK/DDK headers, which tend to only include public, stable information which is common to multiple Windows versions. A new Windows build may […]
Read MoreThis is a guest entry written by Can Bölük. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. NtRays: Reversing Windows kernel, simplified Windows kernel has changed a lot in the past few years, with the addition of Hypervisor […]
Read MoreFloating licenses allow additional flexibility for companies with many IDA users: IDA can be installed on as many computers as required, but only a limited number of copies can run simultaneously. This flexibility its downsides: IDA needs to have permanent connection to your organization’s license server which may make things problematic in some situations (e.g. working […]
Read MoreWhile working with decompiled code and retyping variables (or sometimes when they get typed by the decompiler automatically), you might be puzzled by the discrepancies between pseudocode and disassembly. Consider the following example: We see that X22 is accessed with offset 0x10 (16) in the disassembly but 2 in the pseudocode. Is there a bug in the […]
Read MoreThis is a guest entry written by Simon Garrelou and Sylvain Peyrefitte from the Airbus CERT Team. Their views and opinions are their own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the authors. Power up your debugging with time travel: the ttddbg plugin Time Travel […]
Read More