Just a small note about the debugger plugins and events. Many users who try to develop a plugin for the debugger notice that IDA behaves slightly differently in the notification callbacks than anywhere else. For example, IDA might claim that EIP points to an address without a segment, or none of exported names of a loaded DLL are available.
Read MoreIt is an endless story: regardless of how many different jump table types IDA supports, there will be a new unhandled twist. Be it the instruction scheduler, which rearranged the instructions in an unexpected manner, or the compiler, which learned a new optimization trick, it is the same for IDA: jump tables are missed and […]
Read MoreWe are glad to release a new version of the Hex-Rays decompiler! Highlights of this build: improved usability support for unusual calling conventions better handling of obfuscated code The most important improvement is […]
Read MoreThe upcoming version of the decompiler SDK adds some nice features. First, we created a reference manual. It is in doxygen format: cross references make it really easy to browse. Second, the SDK is compatible with both IDA v5.1 and v5.2. Third, we added functions to retrieve and modify all user-defined attributes like variable names, […]
Read MoreA binary analysis tool like a decompiler is incomplete without a programming interface. Sure, decompilers tremendously facilitate binary analysis. You can concentrate of the program logic expressed in a familiar way. Just add comments, rename variables and functions to get almost the original source code, almost perfect. However, quite often there is a small ugly detail and the output […]
Read MoreIf you ever used IDA to analyze embedded stuff, you would immediately notice its pc-centric nature. While any embedded SDK targets specific devices with real-world part numbers, IDA just provides you with a universal analysis framework. You are supposed to know how the device works, its idiosyncrasies, programming model, memory organization, and all other practical […]
Read MoreA month ago I received a support request: If I have an instruction like mov eax, [edi-0ch] and I know that that’s really the sum of an offset to a structure not at edi and the offset of a member within that structure, how do I get IDA to display it as such without using […]
Read MoreOne of must-have features of a reverse engineering tool is the ability to add comments to the output listing. Without this feature, the output stays difficult to understand. The user copies it to a text editor to continue the analysis but this is a bad solution because the dynamic nature of the output is lost. […]
Read MoreIDA Pro being and old and time-proven platform for binary analysis, many plugins grew on it. There are custom made plugins for new processors and file formats. There are deobfuscators, exporters, data visualizers, object reconstructors and other stuff.
Read More