Just a short post to show you the current state of the x64 decompiler. In fact, it already mostly works but we still have to solve some minor problems. Let us consider this source code: struct color_t { short red; short green; short blue; short alpha; }; extern color_t lighten(color_t c); color_t func(int red, int green, […]
Read MoreI’m happy to present you a guest post by David Zimmer <dzzie@yahoo.com>. The approach he describes can be used to develop plugins more conveniently (but not limited to that): In this article we are going to discuss a mechanism that can be used to interact with IDA through external applications. The reason this technique was developed was […]
Read MoreJust a quick note for all IDA users. We published a fix for potential vulnerability in IDA. Please check out https://www.hex-rays.com/vulnfix.shtml. It does not seem to be exploitable but we prefer to be on the safe side. Feel free to download and copy it to your plugins subdirectory. The plugin will validate all opened […]
Read MoreTL;DR If you were using import to import your own “currently-in-development” modules from your IDAPython scripts, you may want to use idaapi.require(), starting with IDA 6.5. Rationale When using IDAPython scripts, users were sometimes facing the following issue Specifically: User loads script Script imports user’s module mymodule Script ends User modifies code of mymodule (Note: the module is modified, not the script) User […]
Read MoreRecently, one of our customers came to us asking how he should proceed to be able to install python packages, using PIP, and use those from IDA. The issue he was facing is that his system is a 64-bit Ubuntu 12.04 VM. Therefore using the Ubuntu-bundled PIP will just result in installing the desired package (let’s say […]
Read MoreThis year I again was lucky to present at Recon in Montreal. There were many great talks as usual. I combined the topic of my last year’s talk on C++ reversing and my OpenRCE article on Visual C++ internals. New material was implementation of exceptions and RTTI in MSVC x64 and GCC (including Apple’s […]
Read MoreIDAPython provides wrappers for a big chunk of IDA SDK. Still, there are some APIs that are not wrapped because of SWIG limitations or just because we didn’t get to them yet. Recently, I needed to test the get_loader_name() API which is not available in IDAPython but I didn’t want to write a full plugin […]
Read MoreOne of the new features that will be available in the next version of IDA is a trace re-player. This pseudo-debugger allows to re-play execution traces of programs debugged in IDA. The replayer debugger allows replaying traces recorded with any of the currently supported debuggers, ranging from local Linux or win32 debuggers to remote GDB targets. Currently […]
Read MoreIn this post I’ll present some new things in IDA 6.2. There’s a new control, the code viewer, some additions to forms and the introduction of timers to discuss. All these new features have been exposed to the SDK, so that our users can benefit from them too. 😉
Read MoreLast week we released IDA 6.2 and Hex-Rays Decompiler 1.6. Many of the new IDA features have been described in previous posts, but there have been notable additions in the decompiler as well. They will let you make the decompilation cleaner and closer to the original source. However, it might be not very obvious how […]
Read More