As we’ve mentioned before, the same numerical value can be used represented in different ways even if it’s the same bit pattern on the binary level. One of the representations used in IDA is offset. Offsets In IDA, an offset is a numerical value which is used as an address (either directly or as part of […]
Read MoreThe next 2022 IDA training course will take place online 12–16 and 19-21 September 2022, CEST time. standard training: (12-16 September) aims to teach standard knowledge about IDA by demonstrating its use to analyze binary programs on modern operating systems. advanced training: (19-21 September) intended for experienced IDA users who want to take advantage […]
Read MoreVariable-sized structures is a construct used to handle binary structures of variable size with the advantage of compile-time type checking. In source code Usually such structures use a layout similar to following: struct varsize_t { // some fixed fields at the start int id; size_t datalen; //[more fields] unsigned char data[];// variable part }; In other words, a fixed-layout part at […]
Read MoreThis is a guest entry written by Elias Bachaalany. His views and opinions are his own, and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to him. ida-qscripts or QScripts is a productivity plugin for better/faster scripting and coding workflow/experience for IDA. IDA provides two […]
Read MoreCOM aka Component Object Model is the technology used by Microsoft (and others) to create and use reusable software components in a manner independent from the specific language or vendor. It uses a stable and well-defined ABI which is mostly compatible with Microsoft C++ ABI, allowing easy implementation and usage of COM components in C++. COM […]
Read MoreThe address details pane is a rather recent addition to IDA so probably not many users are familiar with it yet. However, it can be a quite useful addition to the standard workflow, permitting you to perform some common tasks faster. Address details view On invoking View > Open subview > Address details (you can also use […]
Read MoreWhen changing operand representation, you may need to check what are the operand types currently used by IDA for a specific instruction. In some cases it is obvious (e.g. for offset or character type), but the hex and default, for example, look exactly the same in most processors so it’s not easy to tell […]
Read MoreAlthough in general case the problem of correct disassembly is unsolvable, in practice it can get pretty close. IDA uses various heuristics to improve the disassembly and make it more readable, such as converting numerical values to offsets when it “looks plausible”. However, this is not always reliable or successful and it may miss some. […]
Read MoreLast time we used operand types to make a function more readable and understand its behavior better. Converting operands one by one is fine if you need to do it a few times, but can quickly get tedious if you need to do it for a long piece of code. En masse operation To convert operands of […]
Read MoreAs software systems becomes more complex, we at Hex-Rays have witnessed a growing desire for more collaboration in the field of reverse-engineering: applying multiple sets of eyes and diversified skill sets, will be a boon for speeding up that process. Over the last months/years, we have been busy cooking an appropriate response to that demand, and […]
Read More