Image-relative offsets are values that represent an offset from the image base of the current module (image) in memory. This means that they can be used to refer to other locations in the same module regardless of its real, final load address, and thus can be used to make the code position-independent (PIC), similarly to […]
Read MoreThis is a guest entry written by Dennis Elser from Trenchant Advanced Research Center (formerly Azimuth Security). His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. HRDevHelper HRDevHelper is a decompiler plugin that takes advantage of […]
Read MoreWhen working with big functions in the decompiler, it may be difficult to find what you need if the listing is long. While you can use cross-references to jump between uses of a variable or collapse parts of pseudocode to make it more compact, there is one simple shortcut which can make your […]
Read MoreThe IDA patfind plugin Just raw binary data at address 0x00000AC While IDA excels at extracting useful information from all sorts of binary files, it may happen that some unstructured binary files (e.g., firmwares, raw memory dumps, …) throw it off the rails, and the user needs to kickstart autoanalysis by figuring out some sort of […]
Read MoreMany keyboard shortcuts have been described on this blog, but they may be difficult to retain, especially if you don’t use them every day. To remedy that, we have been publishing a cheat sheet with the most common ones. You can find it linked from our documentation page in HTML or PDF […]
Read MoreThe Hex-Rays Halloween Challenge It is almost Halloween, and this year we have decided to celebrate it with a challenge! Solve the challenge correctly, and if you’re quick enough to be within the first five, you will get an exclusive Halloween-themed IDA T-shirt. Before we continue, we would like to make you aware of some essential rules: This […]
Read MoreHex-Rays has been acquired by a consortium of investors led by Smartfin, a leading European venture capital and private equity investor, and including co-investors SFPIM and SRIW. Ilfak Guilfanov, the founder of Hex-Rays, also reinvests a substantial amount in the new structure. Over the past 10 years, Hex-Rays’ revenues have […]
Read MoreWe’ve covered offsets with base previously. There is a variation of such offsets commonly used in position-independent code which can be handled easily with a little trick. Let’s consider this ARM function from an ARM32 firmware: ROM:00000058 ; int sub_58() ROM:00000058 sub_58 […]
Read MoreThe Hex view is used to display the contents of the database as a hex dump. It is also used during debugging to display memory contents. By default it has a part on the right with the textual representation of the data. Usually the text part shows Latin letters or dots for unprintable characters but you […]
Read MoreHex-Rays team is thrilled to announce the release of IDA version 8.1! As with every release, IDA Pro and IDA Home gained many new features and enhancements, including: Private Lumina server New icons Golang regabi support Sunsetting IDA for 32-bit binaries (IDA32) and more See full updates here: https://hex-rays.com/products/ida/news/8_1/ How to request the new versions As usual, the new versions of IDA Pro […]
Read More