I’m happy to tell you that a new build of the decompiler is ready! It introduces new easily accessible commands to manipulate structure pointers. First, a variable can be converted into a structure pointer with one click. Also, new the structure types can be build on the fly by the decompiler. As usual, any type […]
Read MoreI wanted to present you a new plugin today. It was about switch idioms (jump tables). I spent a few hours trying to find a problematic x86 sample file but could not locate anything impressive. All jump tables were nicely recognized. This certainly does not mean that IDA handles them perfectly, but rather that my […]
Read MoreJust a small note about the debugger plugins and events. Many users who try to develop a plugin for the debugger notice that IDA behaves slightly differently in the notification callbacks than anywhere else. For example, IDA might claim that EIP points to an address without a segment, or none of exported names of a loaded DLL are available.
Read MoreIt is an endless story: regardless of how many different jump table types IDA supports, there will be a new unhandled twist. Be it the instruction scheduler, which rearranged the instructions in an unexpected manner, or the compiler, which learned a new optimization trick, it is the same for IDA: jump tables are missed and […]
Read MoreWe are glad to release a new version of the Hex-Rays decompiler! Highlights of this build: improved usability support for unusual calling conventions better handling of obfuscated code The most important improvement is […]
Read MoreThe upcoming version of the decompiler SDK adds some nice features. First, we created a reference manual. It is in doxygen format: cross references make it really easy to browse. Second, the SDK is compatible with both IDA v5.1 and v5.2. Third, we added functions to retrieve and modify all user-defined attributes like variable names, […]
Read MoreA binary analysis tool like a decompiler is incomplete without a programming interface. Sure, decompilers tremendously facilitate binary analysis. You can concentrate of the program logic expressed in a familiar way. Just add comments, rename variables and functions to get almost the original source code, almost perfect. However, quite often there is a small ugly detail and the output […]
Read MoreIf you ever used IDA to analyze embedded stuff, you would immediately notice its pc-centric nature. While any embedded SDK targets specific devices with real-world part numbers, IDA just provides you with a universal analysis framework. You are supposed to know how the device works, its idiosyncrasies, programming model, memory organization, and all other practical […]
Read MoreA month ago I received a support request: If I have an instruction like mov eax, [edi-0ch] and I know that that’s really the sum of an offset to a structure not at edi and the offset of a member within that structure, how do I get IDA to display it as such without using […]
Read More