Generally speaking most plugins for IDA can be written by using only the provided SDK. The API environment provided by IDA is vast and gives the plugin writer the capability to display graphical elements such as colored text views, graphs, forms and choosers. However, there are cases when this is not enough. In idag the developer […]
Many times when debugging malware you discover that the malware does not import any function, replaces API names by hashes and tries to resolve the addresses by looking up which API name has the desired hash! In this blog post we are going to demonstrate how to use IDA Pro to solve this problem and uncover […]
Have you ever tried to teach x86 assembly language programming to someone coming from high level language programming background and discovered that it was hard? Before being able to write a simple “Hello World” program one needs to know a fair deal about the x86 architecture, the assembler language and the operating system. Obviously this is […]
Halvar and Dennis Elser recently blogged about a serious vulnerability in the ATL libraries. A few days ago, Microsoft released an emergency “out-of-band” patch. Yes, the bug was that nasty, and since it is in a library, many MS Windows components were affected. Everyone who used the library should review their code and […]
A quite interesting document for everyone who programs in C++: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n2271.html I’m even tempted to switch to it when/if it becomes available.
Quite often I have to revise old code in IDA Pro. Given its age, it happens almost every time a new feature is added (two exceptions: the bTree and the virtual memory manager are basically the same as about 17 years ago).
A few days ago I was working on the x86 IDA module. The goal was to have it recognize jump tables for 64-bit processors. This is routine: we have to add new instruction idioms to the analysis engine from time to time to keep up with new compilers. I was typing in the patterns and hoping that the tests would […]
There is no such thing as a bug free software. Today I stumbled on this: http://googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-nearly.html This is an unfortunate and sad truth about programming: regardless of our efforts, software will have bugs; it will crash, it will burn, it will fail. At the same time there is a hope: http://alloy.mit.edu/ We desperately need code verification tools like […]
Quite busy week, sorry for being silent. I wanted to talk about an annoyance I discovered with all my C/C++ compilers. Here is quite interesting presentation from Halvar Flake: Attacks on uninitialized local variables After reading it I wanted to verify my compilers and created a small C file. I wanted to check if the compilers would warn […]
FOSDEM did not deceive me at all – just the contrary. There were many interesting things and the talk I liked the most was about valgrind. The very obvious idea after it was “why not develop a security scanner on the top of valgrind?”. Valgrind is a framework to develop simulation-based tools, and MemCheck is […]