Today, IDA turns thirty years old. In commemoration of the anniversary we’ll describe the beginnings and major milestones of the epic journey.
In the early 1990’s, DOS was the most popular OS for PCs which were majorly 8086 with occasional 80286 (80386 was still very expensive). Typical PC had at most 1MB of RAM leaving little space for intensive tasks. However, software development industry was growing quickly and there was a need for debugging and diagnostic tools. Aside from debuggers, disassemblers were mostly batch based (non-interactive). The most popular (and expensive) one was Sourcer by V Communications. It had limited interactivity in that it accepted a “definition file” with a list of starting disassembly points, possible function names and segmentation info. After each change to the definition file the disassembly of the whole file had to be redone from scratch which could take a long time on the machines available at the time. Most of the runtime data was kept in memory (at most 640KB in DOS) so it could fail on big files.
There were some debuggers which could be used for disassembly but they did not really offer RE features such as custom names or comments so deep RE was often done in a text editor or by marking up printouts.
IDA offered a new paradigm. It could disassemble a file piece by piece, loading only the fragment which the user was looking at, and did not need to load the whole file into memory. Renaming and commenting was done “just in time” instead of redoing the whole disassembly on every change. The database saved all changes so the work could be performed incrementally over time. However, it took time for this approach to be appreciated by the users.
Ilfak Guilfanov (from IDA 2.05 history file, circa 1994?):
First idea about IDA was born in the fall of 1990. It took half an year to screw up enough courage and to start implementing it. In the beginning of 1991, in January, first code line was written. In April 1991 the first program was fully disassembled with IDA. IDA grew up and new ideas appeared. I wanted to create a built-in C-style language to control analysis of the program, to add more processors, to disassemble object files, to handle UNIX COFF files, to add more intelligence to IDA e t c…
Alas, all of this was not implemented. In July 1991 I stopped working at IDA almost completely, working at IDA only for fun. It was time to learn more about other computers, networks and other nice things. Today I would implement something based on client-server architecture with network support (I have a crazy idea about X-windows implementation) working under various operating systems – but I won’t. Enough for the moment. I really think that disassemblers and all the staff like this are becoming obsolete. People work with GUIs, write in C++ (IDA is written in C++ too, about 40000 lines); they adore VisualBasic and they debug in source codes. Today’s programmer even doesn’t know assembler language – and doesn’t need to know it.
I hope that this product will be a help for you. If so, I’m glad. Hope, there are some people who need a tool like this. And if there is a need to add a new processor type to IDA (the same was with Intel 8085), I can do it fast enough.
As we all know, disassemblers did not (yet?) get obsolete. Most of the planned features did get added to IDA eventually, not in the least thanks to the users who supported IDA during the early years and spread word about IDA, but also thanks to the early distributors and supporters such as DataRescue.
Pierre Vandevenne (DataRescue CEO), 2003:
When I discovered IDA, it was $30. I knew how to recognize a good deal and walked to my bank in the middle of the night to drop the wire order in their mailbox (pre-internet age stuff). Very very few, an unbelievably small number of people, did the same thing at that time.
Version 2.05 (which is the one I registered) was developed by Ilfak.
We starting distributing, supporting the development and advertising version 3.05 (which essentially was very close to 2.05). Then Ilfak joined our company, moved to Belgium and the GUI version saw the light of the day.
By 2008, the first commercial decompiler has been released, IDA’s development moved to a separate company, and first commercial plugins for IDA appeared. By now it is evident that binary analysis is far from a dying field and we hope that IDA will stay around to celebrate more anniversaries. And of course, we don’t plan to stop innovating.
The complete timeline
(one of the core source files mentions being created on 25-Oct-1990)
Length Date Time Name -------- ---- ---- ---- 24708 18-02-91 18:55 COMPRESS.EXE 11451 21-05-91 22:21 COMTYPES.DOC 76048 21-05-91 22:24 IDA.EXE 57344 21-05-91 22:23 IDA.INT 3581 06-05-91 17:36 IDAE.DOC 3795 06-05-91 16:22 IDAR.DOC 5976 27-05-91 18:17 README 25080 18-02-91 19:07 REPAIR.EXE -------- ------- 207983 8 files
- Turbo Vision instead of custom UI
- IDC scripting language added
- start of shareware distribution (mainly via FidoNet and BBS, some FTPs)
- support for additional processors (8080, 8085, Z80)
- support for the NE file format (16-bit Windows and later OS/2)
- Plugins support added in the SDK
- Windows GUI version (text mode listing only). First appearance of now-classic IDA icon.
- Type System (standard function prototypes)
- PIT (parameter identification and tracking)
- Graphs and flowcharts using Wingraph
June: Desquirr decompiler plug-in released http://desquirr.sourceforge.net/
January: user-contributed Windows PE debugger plugin (Idbg)IDA 4.5 (12/02/03)
- Integrated debugger
- 64-bit address space support; AMD64 disassembly
- support for fragmented (chunked) functions
- Linux console version
- remote cross-patform debugging
- 64-bit remote debugger
Ilfak starts posting on hexblog.com
December 14: WMF vulnerability zero day attack
December 31: Ilfak’s unofficial vulnerability hotfix becomes very popular
- Intel Mac OS X debugger
- Simplex based stack pointer analysis https://www.hex-rays.com/blog/simplex-method-in-ida-pro
Hex-Rays Decompiler 1.0 (17/09/07) released
Hex-Rays Decompiler SDK (25/10/07) released
January 1: Hex-Rays SA takes over development of IDAIDA 5.3
- Multithreaded debugging
- iPhone, Symbian debuggers
- development moves to Google Code
- Bochs, GDB, WinDbg debuggers
- IDAPython included with IDA
- dockable windows
- arrival of the now classsic IDA layout with the functions list to the left of disassembly
- IDAPython support for Linux and Mac
- 64-bit Linux and Mac debuggers
- ARM Linux remote debugger
- Appcall feature
- Scripted plugins and processor modules
- ARM decompiler
- cross-platform Qt based GUI version for Windows, Linux & Mac
- source-level debugging
- ARM64 disassembly
- x64 decompiler
- Python bindings for the decompiler SDK
- ARM64 decompiler
- ARM64 Android debugger
- iPhone debugger using official Apple debugserver
- PPC decompiler
- IDA is a native 64-bit executable for all platforms
- decompiler microcode API opened
- Lumina function database
- PPC64 decompiler
- UNDO feature
- Python 3 support
- folder views
- MIPS decompiler
- native ARM64 macOS build
See also detailed IDA changelists