IDA & Qt: Under the hood

Generally speaking most plugins for IDA can be written by using only the provided SDK. The API environment provided by IDA is vast and gives the plugin writer the capability to display graphical elements such as colored text views, graphs, forms and choosers. However, there are cases when this is not enough. In idag the developer […]

Calculating API hashes with IDA Pro

Many times when debugging malware you discover that the malware does not import any function, replaces API names by hashes and tries to resolve the addresses by looking up which API name has the desired hash! In this blog post we are going to demonstrate how to use IDA Pro to solve this problem and uncover […]

Book Review: The Art of Assembly Language, 2nd Edition

Have you ever tried to teach x86 assembly language programming to someone coming from high level language programming background and discovered that it was hard? Before being able to write a simple “Hello World” program one needs to know a fair deal about the x86 architecture, the assembler language and the operating system. Obviously this is […]

Casts are bad

Halvar and Dennis Elser recently blogged about a serious vulnerability in the ATL libraries. A few days ago, Microsoft released an emergency “out-of-band” patch. Yes, the bug was that nasty, and since it is in a library, many MS Windows components were affected. Everyone who used the library should review their code and […]

Double renaming

Quite often I have to revise old code in IDA Pro. Given its age, it happens almost every time a new feature is added (two exceptions: the bTree and the virtual memory manager are basically the same as about 17 years ago).

Confusing instruction

A few days ago I was working on the x86 IDA module. The goal was to have it recognize jump tables for 64-bit processors. This is routine: we have to add new instruction idioms to the analysis engine from time to time to keep up with new compilers. I was typing in the patterns and hoping that the tests would […]

On uninitialized variables

Quite busy week, sorry for being silent. I wanted to talk about an annoyance I discovered with all my C/C++ compilers. Here is quite interesting presentation from Halvar Flake: Attacks on uninitialized local variables After reading it I wanted to verify my compilers and created a small C file. I wanted to check if the compilers would warn […]

FOSDEM

FOSDEM did not deceive me at all – just the contrary. There were many interesting things and the talk I liked the most was about valgrind. The very obvious idea after it was “why not develop a security scanner on the top of valgrind?”. Valgrind is a framework to develop simulation-based tools, and MemCheck is […]