Scripting with IDA Pro has always been a very handy feature, not only when used in scripts but also in expressions, breakpoint conditions, form fields, etc… In IDA Pro 5.6 we improved the IDC language and made it more convenient to use by adding objects, exceptions, support for strings with embedded zeroes, string slicing and references.
Read MoreAs everyone knows, Google and some other companies were under a targeted attack a few days ago. A vulnerability in the Internet Explorer was used to penetrate the computers. An IDA user very kindly sent us the following link http://www.avertlabs.com/research/blog/index.php/2010/01/18/an-insight-into-the-aurora-communication-protocol/
Read MoreLast week we introduced the new Appcall feature in IDA Pro 5.6. Today we will talk a little about how it’s implemented and describe some of the uses of Appcall in various scenarios. How Appcall works Given a function with a correct prototype, the Appcall mechanism works like this: Save the current thread context Serialize the parameters (we […]
Read MoreIn this blog entry we are going to talk about the new Appcall feature that was introduced in IDA Pro 5.6. Briefly, Appcall is a mechanism used to call functions inside the debugged program from the debugger or your script as if it were a built-in function. If you’ve used GDB (call command), VS (Immediate window), […]
Read MoreIntroduction IDA Pro 5.6 has a new feature: automatic running of the QEMU emulator. It can be used to debug small code snippets directly from the database. In this tutorial we will show how to dynamically run code that can be difficult to analyze statically. Target As an example we will use shellcode from the article “Alphanumeric RISC […]
Read MoreOne of the new features in IDA Pro 5.6 is the possibility to write file loaders using scripts such as IDC or Python. To illustrate this new feature, we are going to explain how to write a file loader using IDC and then we will write a file loader (in Python) that can extract shell […]
Read MoreWe are glad to announce the results of our first plugin contest! For the contest rules, please check this page: http://www.hex-rays.com/contests/ Or you may directly go to the contest results and check out some cool plugins: https://www.hex-rays.com/contests_details/contest2009/ It was our first contest, but we are happy with the results and will repeat it in the near future. Have […]
Read MoreWe are looking for someone to join our team and participate in the development of unique software security tools. The candidates must know low-level details of modern software as well as high-level data structures and algorithms. Requirements: * strong knowledge of C/C++ * experience with Qt and GUI development is a big PLUS * knowledge of x86 assembler and […]
Read MoreThe Hex-Rays Decompiler 1.0 was released more than two years ago. Since then it has improved a lot and does a great job decompiling real-life code, but sometimes there are additional things that you might wish to do with its output. For that purpose we have released the Hex-Rays Decompiler SDK and several sample plugins. However, […]
Read MoreIt is said that a picture is worth a thousand words, and similarly many reversers would agree that a graph is worth a thousand lists! 😉 Recently, we added graphing support into IDAPython and now Python scripts can build interactive graphs. To demonstrate this new addition, we will write a small script that graphs the structured […]
Read More