State-of-the-art binary code analysis tools
Although IDA was initially created for interactive usage and tries to automate as much of the tedious parts of RE as possible, it still cannot do everything for you and doing the still necessary work manually can take a long time. To alleviate this, IDA ships with IDC and IDAPython scripting engines, which can be […]
Scripting allows you to automate tasks in IDA which can be repetitive or take a long time to do manually. We previously covered how to run them in batch (headless) mode, but how can they be used interactively? Script snippets File > Script Command… (Shift+F2) Although this dialog is mainly intended for quick prototyping and database-specific […]
IDA Pro for ARM64 is coming! We have ported all of IDA to run natively on Apple Silicon and it will be available in IDA 7.6. Initial analysis shows that the hype is real. IDA is consistently performing much faster on M1 macs: And a visual representation, for your viewing delight: https://www.hex-rays.com/wp-content/uploads/2020/12/split.mp4 We have also ported the mac […]
Python 3.9 has been released fairly recently and it was a bit too short notice for us to ensure it works with IDA 7.5 Service Pack 3 (if you have tried it, you may have had a bad time.) We have now added support for Python 3.9 in IDAPython. Here’s how you can get it to […]
We’ve briefly covered batch mode last time but the basic functionality is not always enough so let’s discuss how to customize it. Basic usage To recap, batch mode can be invoked with this command line: ida -B -Lida.log <other switches> <filename> IDA will load the file, wait for the end of analysis, and write the full disassembly to […]
As several of our users have noticed, IDA 7.4 Windows installer refuses to use Python 3.8.0 if you installed it. You can usually observe output similar to following: ———- Checking installs from “Python Software Foundation” Checking “Python 3.8 (64-bit)” (3.8) Found: “C:\Program Files\Python38\” (version: 3.8.0 (’38’)) Ignoring unusable Python 3.8.0 No Python installations were found ———- So why exactly is 3.8.0 “unusable”? Well, […]
IDA 7.4 will still ship with IDAPython for Python 2.7 by default, but users will now have the opportunity to pick IDAPython for Python 3.x at installation-time!
IDA 7.4 will ship with the IDAPython “IDA 6.x” compatibility layer off by default. Please see this article for more information!
We posted an addendum to the release notes for IDA 7.2: The Mac Rundown. It dives much deeper into the Mac-specific features introduced in 7.2, and should be great reference material for users interested in reversing the latest Apple binaries. It’s packed full of hints, tricks, and workarounds. We hope you will find it quite useful! […]
Intended audience IDAPython developers who enjoy the occasional headache, leaky abstraction enthousiasts, or simply the curious. TL;DR IDAPython wraps C++ types, and the lifecycle of C++ objects (and in particular members of larger objects) is not necessarily the same as that of the Python wrapper object that is wrapping it. The problem One of our users reported IDA crashes when […]
