Introducing IDA 8.4: Key Features and Enhancements

It is official! IDA 8.4 has now been released, and we are beyond excited to share the new features and improvements with you. This new version combines enhanced support for a bunch of processors, Mach-O file improvements, some signature boosts, standard plugin updates, and a shiny new set of UI refinements that will make your analysis […]

Plugin focus: Frinet

This is a guest entry written by Martin Perrier and Louis Jacotot from Synacktiv. The views and opinions expressed in this blog post are solely those of the authors and do not necessarily reflect the views or opinions of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the […]

Plugin focus: q3vm

This is a guest entry written by David Catalán from Outpost24. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. Software reverse engineering involves working with a wide variety of processor architectures, both real and virtual. Thus, having […]

Igor’s Tip of the Week #168: Rebasing

When you load a file into IDA, whether a standard executable format (e.g. PE, ELF, Macho-O), or a raw binary, IDA assigns a particular address range to the data loaded from it, either from the file’s metadata or user’s input (in case of binary file). The lowest address from those occupied by the file […]

Plugin focus: msdocviewer

This is a guest entry written by Alexander Hanel from CrowdStrike. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. Msdocviewer: A simple tool for viewing Microsoft’s technical specifications An invaluable resource when reverse engineering Portable Executable (PE) binaries […]

Plugin focus: Symless

This is a guest entry written by Baptiste Verstraeten from the Thalium Team. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. The Symless plugin aims to simplify the process of retrieving and defining structures, classes, and virtual […]

Plugin focus: IdaClu

This is a guest entry written by Sergejs Harlamovs from IKARUS Security Software GmbH. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. IdaClu: Finding clues without knowing what to seek IdaClu, as the name suggests, is about […]

Plugin focus: Generating signatures for Nim and other non-C programming languages

This is a guest entry written by Holger Unterbrink from Cisco Talos. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. Adversaries are increasingly writing malware in programming languages such as Go, Rust, or Nim, likely because these […]

Building IDA Python on Windows

This is a guest entry written by Elias Bachaalany. His views and opinions are his own and not those of Hex-Rays. Any questions with regards to the content of this blog post should be directed to the author. Introduction During the IDA Advanced training, I get asked a lot about how to set up the