One of the more challenging parts of reverse engineering programs written in C++ is the accurate extraction of exception information. Due to the complexity of the language’s features and runtime behavior, recovering the missing information currently requires a lot of manual work and considerable effort.
However, with the release of IDA Pro 9.0, a significant advancement […]
makesig plugin overview
The makesig plugin was introduced in the IDA 8.4 release, and it is a convenient tool for generating FLIRT signatures from a current database. As you probably already know, FLIRT stands for Fast LibrarybIdentification and Recognition Technology, allowing IDA to recognize standard library functions generated by supported compilers. This technology improves […]
This is a guest entry written by Arnaud Gatignol and Julien Staszewski from the THALIUM team. The views and opinions expressed in this blog post are solely those of the authors and do not necessarily reflect the views or opinions of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed […]
It is official! IDA 8.4 has now been released, and we are beyond excited to share the new features and improvements with you.
This new version combines enhanced support for a bunch of processors, Mach-O file improvements, some signature boosts, standard plugin updates, and a shiny new set of UI refinements that will make your analysis […]
This is a guest entry written by Martin Perrier and Louis Jacotot from Synacktiv. The views and opinions expressed in this blog post are solely those of the authors and do not necessarily reflect the views or opinions of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the […]
This is a guest entry written by David Catalán from Outpost24. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author.
Software reverse engineering involves working with a wide variety of processor architectures, both real and virtual. Thus, having […]
We already know that user-defined types such as structures and enums can be created and edited through the corresponding views, or the Local Types list.
However, some small edits can be performed directly in the pseudocode view:
structure fields can be renamed using the “Rename” action (shortcut N):
you can also quickly retype them using […]
When you load a file into IDA, whether a standard executable format (e.g. PE, ELF, Macho-O), or a raw binary, IDA assigns a particular address range to the data loaded from it, either from the file’s metadata or user’s input (in case of binary file). The lowest address from those occupied by the file […]
This is a guest entry written by Alexander Hanel from CrowdStrike. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author.
Msdocviewer: A simple tool for viewing Microsoft’s technical specifications
An invaluable resource when reverse engineering Portable Executable (PE) binaries […]
This is a guest entry written by Baptiste Verstraeten from the Thalium Team. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author.
The Symless plugin aims to simplify the process of retrieving and defining structures, classes, and virtual […]