State-of-the-art binary code analysis tools
Previously we’ve covered how to start using the decompiler, but unmodified decompiler output is not always easy to read, especially if the binary doesn’t have symbols or debug information. However, with just a few small amendments you can improve the results substantially. Let’s look at some basic interactive operations available in the pseudocode view. Renaming Although […]
The Hex-Rays decompiler is one of the most powerful add-ons available for IDA. While it’s quite intuitive once you get used to it, it may be non-obvious how to start using it. Basic information As of the time of writing (May 2021), the decompiler is not included with the standard IDA Pro license; some editions of IDA […]
Previously we’ve covered cross-references in the disassembly view but in fact you can also consult them in the decompiler (pseudocode) view. Local cross-references The most common shortcut (X) works similarly to disassembly: you can use it on labels, variables (local and global), function names, but there are some differences and additions: for local variables, the list of […]
We’ve briefly covered batch mode last time but the basic functionality is not always enough so let’s discuss how to customize it. Basic usage To recap, the batch mode can be invoked with this command line: ida -B -Lida.log <other switches> <filename> IDA will load the file, wait for the end of analysis, and write the full disassembly to <filename>.asm How it […]
It is not a surprise to hear the IDA and Decompiler cannot handle all possible cases and eventually fail to recognize a construct, optimize an expression and represent it in its simplest form. It is perfectly understandable — nobody has resources to handle everything. This is why we publish a rich API that can be […]
Intended audience IDA 7.2 users, who have experience with IDAPython and/or the decompiler. The problem As you may already know, the decompilers allow not only decompiling the current function (shortcut F5) but also all the functions in the database (shortcut Ctrl+F5).A somewhat less-well known feature of the “multiple” decompilation, is that if a range is selected (for example […]
We posted an addendum to the release notes for IDA 7.2: The Mac Rundown. It dives much deeper into the Mac-specific features introduced in 7.2, and should be great reference material for users interested in reversing the latest Apple binaries. It’s packed full of hints, tricks, and workarounds. We hope you will find it quite useful! […]
This is a guest entry written by Rolf Rolles from Mobius Strip Reverse Engineering. His views and opinions are his own, and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should […]
It is a nice feeling, when, after long debugging nights, your software finally runs and produces meaningful results. Another hallmark is when other users start to use it and obtain useful results. Usually this period is very busy: lots of new bugs are discovered and fixed, unforeseen corner cases are handled. Then another period starts: when users come back for […]
A few days ago a customer sent us a sample file. The code he sent us was using a very simple technique to obfuscate string constants by building them on the fly and using ‘xor’ to hide the string contents from static disassembly: The decompiler recovered most of the xor’ed values but some of them […]
