A handful of our users have already requested information regarding the Qt 5.15.2 build, that is shipped with IDA 7.7. The Qt sources used by IDA are: based on Qt 5.15.2, to which the KDE Qt5 patch collection has been added, plus a few custom patches/fixes (here they are for reference) Rebuilding Qt from source In order to obtain […]
Read MoreHex-Rays team is thrilled to announce the release of IDA version 7.7! Our top-notch binary analysis tool IDA Pro’s latest version delivers new features and various enhancements. With updates on some key features, version 7.7 is expected to certainly improve the user experience. Here are the highlight features and changes introduced in IDA 7.7: iOS15 and macOS 12 […]
Read MoreWhile using the decompiler, sometimes you may have seen the item named Split expression in the context menu. What does it do and where it can be useful? Let’s look at two examples where it can be applied. Structure field initialization Modern compilers perform many optimizations to speed up code execution. One of them is merging two […]
Read MoreHex-Rays is moving to a subscription model In 2022, we will update the catalogue of products available under our subscription model. Our new bundles are HEX-RAYS Base, HEX-RAYS Core and HEX-RAYS Ultra. Those, in addition to our existing products IDA Pro Standalone and IDA Home will be available under the new subscription model only. IDA Home cloud-based x64, […]
Read MoreIn compiled code, you can sometimes find instructions which do not directly represent the code written by the programmer but were added by the compiler for its own purposes or due to the requirements of the environment the program is executing in. Skippable instruction kinds Compiled functions usually have prolog instructions at the start which perform various […]
Read MoreWe’ve already described custom types used in the decompiled code, but you may also encounter some unusual keywords resembling function calls. They are used by the decompiler to represent operations which it was unable to map to nice C code, or just to make the output more compact. They are listed in the defs.h […]
Read MoreWhen working with pseudocode in the decompiler, you may have noticed that variable declarations and hints have comments with somewhat cryptic contents. What do they mean? While meaning of some may be obvious, others less so, and a few appear only in rare situations. Variable location The fist part of the comment is the variable location. For stack […]
Read MoreThe stack frame is part of the stack which is managed by the current function and contains the data used by it. Background The stack frame usually contains data such as: local and temporary variables; incoming arguments (for calling conventions which use stack for passing arguments); saved volatile registers; other bookkeeping information (e.g. the return address on x86). Because the stack may […]
Read MoreWhile not commonly used, full-screen mode can be useful on complex IDA layouts when working with a single monitor or on a laptop, for example when you need to read a long listing line but are tired of scrolling around. The feature is somewhat hidden, but the action is present in the View menu. By pressing F11, […]
Read MoreIDA is the Swiss army knife of reverse-engineering and has countless applications that can’t be summarized with a catchy one-liner. Security experts, malware analysts, and software engineers use IDA daily to solve a critical problem in their workflow. Improving your knowledge of IDA through one of our training sessions can help you to unlock the […]
Read More