State-of-the-art binary code analysis tools
Things are quite easy with the Symbian TRK! Today I decided to write a small program to interact with it and everything worked extremely smoothly. My driver program can download a SIS file to the phone, automatically install and run it. It reacts to debugging events and gracefully closes the connection when the application […]
Yesterday I created my first Symbian program 🙂 Sure enough, it was a “hello world” and to tell the truth I did not write it myself. But it still took me 3 (three) hours to get it running on Nokia E51. The good side is that I learned a lot about possible failures with Symbian […]
A brilliant blog post by Ero Carrera: IDAPython in action: http://blog.dkbza.org/2008/03/digging-up-system-call-ordinals.html Just note how concise and powerful is the script!
Just a quick post to announce that we have published a small plugin to specify jump table information. When IDA misses them, the flow charts are virtually useless – they fall apart into several loosely connected components and the logic is completely hidden. This plugin is especially useful for rarely used processors with unusual switch […]
Just a small note about the debugger plugins and events. Many users who try to develop a plugin for the debugger notice that IDA behaves slightly differently in the notification callbacks than anywhere else. For example, IDA might claim that EIP points to an address without a segment, or none of exported names of a loaded DLL are available.
It is an endless story: regardless of how many different jump table types IDA supports, there will be a new unhandled twist. Be it the instruction scheduler, which rearranged the instructions in an unexpected manner, or the compiler, which learned a new optimization trick, it is the same for IDA: jump tables are missed and […]
If you ever used IDA to analyze embedded stuff, you would immediately notice its pc-centric nature. While any embedded SDK targets specific devices with real-world part numbers, IDA just provides you with a universal analysis framework. You are supposed to know how the device works, its idiosyncrasies, programming model, memory organization, and all other practical […]
A month ago I received a support request: If I have an instruction like mov eax, [edi-0ch] and I know that that’s really the sum of an offset to a structure not at edi and the offset of a member within that structure, how do I get IDA to display it as such without using […]
As promised, here is the plugin which demonstrates how to create a very simple custom viewer in IDA Pro. When run, it displays this text on the screen:
IDA v5.1 introduces the notion of dynamic colors. Plugins can install a callback which dynamically calculates colors and provides them to the user interface. In the previous versions of IDA plugins were forced to change the item color in the database thus overwriting any user-defined colors. The new IDA makes it possible to calculate colors on the fly.