State-of-the-art binary code analysis tools
As several of our users have noticed, IDA 7.4 Windows installer refuses to use Python 3.8.0 if you installed it. You can usually observe output similar to following: ———- Checking installs from “Python Software Foundation” Checking “Python 3.8 (64-bit)” (3.8) Found: “C:\Program Files\Python38\” (version: 3.8.0 (’38’)) Ignoring unusable Python 3.8.0 No Python installations were found ———- So why exactly is 3.8.0 “unusable”? Well, […]
Intended audience IDA 7.2 users, who have experience with IDAPython and/or the decompiler. The problem As you may already know, the decompilers allow not only decompiling the current function (shortcut F5) but also all the functions in the database (shortcut Ctrl+F5).A somewhat less-well known feature of the “multiple” decompilation, is that if a range is selected (for example […]
Intended audience Plugin writers, either using the C SDK or IDAPython, who would like to add actions/commands to IDA UI in order to augment its capabilities. Rationale: before 6.7 APIs galore Depending on what type of context you were in, various APIs were available to you: Want to add a main menu item? add_menu_item(const char *menupath, const char *name, const char […]
Target audience You may want to read this if you have been writing an IDA C++ plugin, that itself uses the CPython runtime. Prior art In 2010, Elias Bachaalany wrote a blog post about extending IDAPython: http://www.hexblog.com/?p=126 Note that this is not about writing your own plugins in Python. Rather, that blog post instruct on how you may […]
TL;DR If you were using import to import your own “currently-in-development” modules from your IDAPython scripts, you may want to use idaapi.require(), starting with IDA 6.5. Rationale When using IDAPython scripts, users were sometimes facing the following issue Specifically: User loads script Script imports user’s module mymodule Script ends User modifies code of mymodule (Note: the module is modified, not the script) User […]
This year I again was lucky to present at Recon in Montreal. There were many great talks as usual. I combined the topic of my last year’s talk on C++ reversing and my OpenRCE article on Visual C++ internals. New material was implementation of exceptions and RTTI in MSVC x64 and GCC (including Apple’s […]
In this post I’ll present some new things in IDA 6.2. There’s a new control, the code viewer, some additions to forms and the introduction of timers to discuss. All these new features have been exposed to the SDK, so that our users can benefit from them too. 😉
With the upcoming IDA 6.1 it will be possible to create forms which host chooser controls. This feature will be available in the Qt and text version (not so in the VCL one).
Generally speaking most plugins for IDA can be written by using only the provided SDK. The API environment provided by IDA is vast and gives the plugin writer the capability to display graphical elements such as colored text views, graphs, forms and choosers. However, there are cases when this is not enough. In idag the developer […]
Many times when debugging malware you discover that the malware does not import any function, replaces API names by hashes and tries to resolve the addresses by looking up which API name has the desired hash! In this blog post we are going to demonstrate how to use IDA Pro to solve this problem and uncover […]