State-of-the-art binary code analysis tools
Last week we introduced the new Appcall feature in IDA Pro 5.6. Today we will talk a little about how it’s implemented and describe some of the uses of Appcall in various scenarios. How Appcall works Given a function with a correct prototype, the Appcall mechanism works like this: Save the current thread context Serialize the parameters (we […]
In this blog entry we are going to talk about the new Appcall feature that was introduced in IDA Pro 5.6. Briefly, Appcall is a mechanism used to call functions inside the debugged program from the debugger or your script as if it were a built-in function. If you’ve used GDB (call command), VS (Immediate window), […]
Introduction IDA Pro 5.6 has a new feature: automatic running of the QEMU emulator. It can be used to debug small code snippets directly from the database. In this tutorial we will show how to dynamically run code that can be difficult to analyze statically. Target As an example we will use shellcode from the article “Alphanumeric RISC […]
One of the new features in IDA Pro 5.6 is the possibility to write file loaders using scripts such as IDC or Python. To illustrate this new feature, we are going to explain how to write a file loader using IDC and then we will write a file loader (in Python) that can extract shell […]
We are glad to announce the results of our first plugin contest! For the contest rules, please check this page: http://www.hex-rays.com/contests/ Or you may directly go to the contest results and check out some cool plugins: https://www.hex-rays.com/contests_details/contest2009/ It was our first contest, but we are happy with the results and will repeat it in the near future. Have […]
We are looking for someone to join our team and participate in the development of unique software security tools. The candidates must know low-level details of modern software as well as high-level data structures and algorithms. Requirements: * strong knowledge of C/C++ * experience with Qt and GUI development is a big PLUS * knowledge of x86 assembler and […]
It is said that a picture is worth a thousand words, and similarly many reversers would agree that a graph is worth a thousand lists! 😉 Recently, we added graphing support into IDAPython and now Python scripts can build interactive graphs. To demonstrate this new addition, we will write a small script that graphs the structured […]
Searching for instructions and opcodes is a basic necessity for security researchers, therefore to address this issue IDA Pro provides many search facilities, among them we list: Text search: Used to search the listing for text patterns (regular expressions are allowed). One can write a regular expression to find any assignment to the eax register (with […]
With IDA, one can use the command line interface (CLI) not only to type scripting related commands but also to send debugger specific commands to the current debugger plugin. Although the topic mentions device drivers, you do not have to know much about drivers to learn something new from this post.
Just a quick post to share the joy of having more expressiveness and freedom in IDA Pro. A few days ago we implemented a JavaScript plugin. This means that there is yet one more languauge to write scripts in IDA, and a very powerful one. All usual methods of accessing the language work: you may execute […]