While working with pseudocode, you may make various changes to it, for example: add comments rename local variables and change their types collapse code blocks map variables mark skippable instructions split expressions adjust variadic arguments select union members and so on If the results of some actions do not look better, you can always undo, but what […]
Read MoreVariadic functions are functions which accept different number of arguments depending on the needs of the caller. Typical examples include printf and scanf in C and C++ but there are other functions, or even some custom ones (specific to the binary being analyzed). Because each call of a variadic function may have a different […]
Read MoreA handful of our users have already requested information regarding the Qt 5.15.2 build, that is shipped with IDA 8.0. The Qt sources used by IDA are: based on Qt 5.15.2, to which the KDE Qt5 patch collection has been added, plus a few custom patches/fixes Rebuilding Qt from source In order to obtain compatible libs, the simplest way forward […]
Read MoreHex-Rays team is thrilled to announce the release of IDA version 8.0! As with every release, IDA Pro and IDA Home gained many new features and enhancements, including: Support for iOS16 and recent macOS releases Golang improvements: significantly improved support for Golang 1.17 and 1.18 binaries Better function discovery with the new “patfind” plugin FLIRT patterns directly from an IDA […]
Read MoreWhen working with big functions in the decompiler, it may be useful to temporarily hide some parts of the pseudocode to analyze the rest. While currently it’s not possible to hide arbitrary lines like in disassembly, you can hide specific sections of it. Collapsing local variable declarations While the local variable declarations are useful to see […]
Read MoreIn IDA, an enum (from “enumeration”) is a set of symbolic constants with numerical values. They can be thought of as a superset of C/C++ enum types and preprocessor defines. These constants can be used in disassembly or pseudocode to replace specific numbers or their combinations with symbolic names, making the listing more readable and understandable. Creating […]
Read MoreThe autoanalysis engine is the heart of IDA’s disassembly functionality. In most cases it “just works” but in rare situations tweaking it may be necessary. Analysis options The generic analysis options are available in Options > General, Analysis tab, Kernel Options 1..3. The same settings are also available at the initial load time. You can even turn off the […]
Read MoreWe have covered basic usage of cross-references before, but there are situations where they may not behave as you may expect. Accessing large data items If there is a large structure or an array and the code reads or writes data deep inside it, you may not see cross-references from that code listed at the […]
Read MoreA friendly heads-up to IDA users: we just published a vulnerability fix for a potential double-free during DWARF parsing. Please grab it from www.hex-rays.com/vulnfix/ and replace the original files with those you will find in the archive.
Read MoreAlthough most of the time IDA is used to work on single, self-contained file (e.g. an executable, library, or a firmware image), this is not always the case. Sometimes the program may refer to or load additional files or data, and it may be useful to have that data in the database and analyze it […]
Read More