We’ve covered the usage of symbolic constants (enums) in the disassembly. but they are also useful in the pseudocode view. Reusing constants from disassembly If a number has been converted to a symbolic constant in the disassembly and it is present in unchanged form in pseudocode, the decompiler will use it in the output. For example, […]
Read MoreThis error is not very common but may appear in some situations. Such errors happen when there is a function call in the code, but the decompiler fails to convert it to a high-level function call, e.g.: the target function’s prototype is wrong; the decompiler failed to figure out the function arguments: how many of them, or how […]
Read MoreThe Hex-Rays decompiler has been designed to decompile compiler-generated code, so while it can usually handle hand-written or unusual assembly, occasionally you may run into a failure, especially if the code has been modified to hinder decompilation. Here is one of such errors: If you have a genuine function with a huge stack frame, you’ll probably […]
Read MoreWhile exporting text disassembly is enough in many cases, many users nowadays prefer IDA’s graph view, and saving its representation may be necessary. What other options are there besides screenshots? WinGraph WinGraph is an external program shipped with IDA which can display graphs. It was used to show function (and other) graphs before introduction of the […]
Read MoreThe Rust language is gaining popularity and nowadays even malware authors started using it, which means our users need to analyze them in IDA. The binaries produced by the Rust compiler have some peculiarities which make them difficult to analyze, such as: non-standard calling conventions non-terminated string literals unusual name mangling scheme While tackling all of them is a […]
Read MoreWe’ve covered exporting disassembly from IDA before but it was in context of interoperability, when simple text is enough. If you want to preserve formatting and coloring of IDA View (e.g. for a web page or blog post), taking a screenshot is one option, but that has its downsides (e.g. no indexing for search […]
Read MoreHex-Rays is thrilled to announce its sponsorship and participation at the highly anticipated Code Blue conference in Tokyo, Japan, on 8-9 November 2023. The attendance of the leading provider of advanced binary analysis tools confirms its commitment to fostering collaboration and knowledge sharing within the cybersecurity sector. Code Blue, an internationally renowned gathering of information […]
Read MoreMany processors (especially RISC based) use instruction sets with fixed size (most commonly 4 bytes). Among examples are ARM, PPC, MIPS and a few others. This is also obvious in the disassembly when observing the instructions’ addresses – they increase by a fixed amount: However, occasionally you may come across larger instructions: What is this? Does A64 […]
Read MoreThis is a guest entry written by Robert from Interrupt Labs. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. Heimdallr: Deep links into IDA Databases When reverse engineering in IDA, I find it useful to take notes on […]
Read MoreA handful of our users have already requested information regarding the Qt 5.15.2 build, that is shipped with IDA 8.3. The Qt sources used by IDA are: based on Qt 5.15.2, to which the KDE Qt5 patch collection has been added, plus a few custom patches/fixes Rebuilding Qt from source In order to obtain compatible libs, the simplest way forward […]
Read More