Sometimes in pseudocode you may encounter strange-looking code: The code seems to dereference an array calledMEMORY and is highlighted in red. However, this variable is not defined anywhere. What is it? Such notation is used by the decompiler when the code accesses memory addresses not present in the database. In most cases it indicates an error in […]
Read MoreThe Hex-Rays decompiler was initially created to decompile C code, so its pseudocode output uses (mostly) C syntax. However, the input binaries may be compiled using other languages: C++, Pascal, Basic, ADA, and many others. While the code of most of them can be represented in C without real issues, some have peculiarities which require […]
Read MoreThe release notes for IDA 8.0 mention outlined functions. What are those and how to deal with them in IDA? Function outlining is an optimization that saves code size by identifying recurring sequences of machine code and replacing each instance of the sequence with a call to a new function that contains the identified sequence […]
Read MoreIn the past, we have worked with various beta testers that helped us shape our products by trying out our pre-release versions. Today, we are launching our Beta Program initiative with the idea of building a community of enthusiasts who would regularly take an active part in the evolution […]
Read MoreWe’ve already covered simple offsets, where an operand value or a data value matches an address in the program and so can be directly converted to an offset. However, programs may also employ more complex, or indirect ways of referring to a location. One common approach is using a small offset from some predefined […]
Read MoreIn August 2020, we started blog series called “Igor’s tip of the week.” These blog posts aim to help you better work with IDA & Decompilers. Over the years, his pieces of advice have become very popular, and our natural response was to make them even more accessible and easy to read. That’s […]
Read MoreIDA Service Pack 1 (SP1) for IDA 8.0 is now available. This new release fixes a few issues that might have affected some users. How to request the new versions All new versions are free for users with an active support plan. Please use the “Help > Check for free update” menu item in IDA. It is also […]
Read MoreImmediate search is one of three main search types available in IDA. While not that known, it can be very useful in some situations. Here are some examples. Unique (magic) constants If you know some unique constants used by the program, looking for them can let you narrow down the range of code you have to […]
Read MoreAs of the time of writing, IDA does not have a built-in plugin manager, so third-party plugins have to be installed manually. Installing into IDA directory The standard location for IDA plugins is the plugins directory in IDA’s installation (for example, C:\Program Files\IDA Pro 8.0\plugins on Windows). So this is the most common way of installing them […]
Read MoreWe have recently announced the launch of IDA Teams, our new product that allows teams of analysts to work together. The heart of IDA remains unchanged, but your team now has better tools to publish their discoveries to the rest of the colleagues and benefit from the work done by other group members. To better […]
Read More