Hex-Rays Blog

Last week we started improving decompilation of a simple function. While you can go quite far with renaming and retyping, some things need more explanation than a simple renamng could provide. Comments When you can’t come up with a good name for a variable or a function, you can add a comment with an explanation or […]

Previously we’ve covered how to start using the decompiler, but unmodified decompiler output is not always easy to read, especially if the binary doesn’t have symbols or debug information. However, with just a few small amendments you can improve the results substantially. Let’s look at some basic interactive operations available in the pseudocode view. Renaming Although […]

IDA supports more than 40 file formats out of box. Most of them are structured file formats – with defined headers and metadata – so they’re recognized and handled automatically by IDA. However, there are times when all you have is just a piece of a code without any headers (e.g. shellcode or raw firmware) […]

The Hex-Rays decompiler is one of the most powerful add-ons available for IDA. While it’s quite intuitive once you get used to it, it may be non-obvious how to start using it. Basic information As of the time of writing (May 2021), the decompiler is not included with the standard IDA Pro license; some editions of IDA […]

Today, IDA turns thirty years old. In commemoration of the anniversary we’ll describe the beginnings and major milestones of the epic journey. Background In the early 1990’s, DOS was the most popular OS for PCs which were majorly 8086 with occasional 80286 (80386 was still very expensive). Typical PC had at most 1MB of RAM leaving little […]

The  Edit > Export Data command (Shift+E) offers you several formats for extracting the selected data from the database: hex string (unspaced): 4142434400 hex string (spaced): 41 42 43 44 00 string literal: ABCD C unsigned char array (hex): unsigned char aAbcd[] = { 0x41, 0x42, 0x43, 0x44, 0x00 }; C unsigned char array (decimal): unsigned char aAbcd[] = { 65, 66, […]

Hex-Rays is excited to announce that IDA Freeware has been upgraded to the latest IDA version (7.6), and now includes a cloud-based decompiler! IDA Freeware is the free version of IDA Pro, introduced to provide individual users¹ with an opportunity to see IDA in action, supporting disassembly of x86 and x64 binaries. It is […]

In addition to the disassembly and decompilation (Pseudocode) views, IDA also allows you to see the actual, raw bytes behind the program’s instructions and data. This is possible using the Hex view, one of the views opened by default (or available in the View > Open subviews menu). Even if you’ve used it before, there may […]

Today, Hex-Rays announces its new corporate identity as part of IDA’s 30th anniversary celebration. This new look reflects a key milestone of Hex-Rays team in its journey to relentlessly evolve and move forward. After three decades of hard work to develop and improve the best-of-breed binary analysis tools which brought our flagship product – IDA Pro […]

Although IDA is mostly intended to be used for static analysis, i.e. simply looking at unaltered binaries, there are times you do need to make some changes. For example, you can use it to fix up some obfuscated instructions to clean up the code flow or decompiler output, or change some constants used in the […]