As we’ve seen previously, an IDB (IDA database) consists of several embedded files which contain the actual database data and which IDA reads/write directly when working with the database. By default, they’re unpacked next to the IDB, which can lead to various issues such as excessive disk usage, or speed (e.g. if IDB is […]
Read MoreThis is a guest entry written by Martin Perrier and Louis Jacotot from Synacktiv. The views and opinions expressed in this blog post are solely those of the authors and do not necessarily reflect the views or opinions of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the […]
Read MoreWhen you work in IDA, it saves the results of your analysis in the IDA Database, so that you can pause and continue at a later time. You can recognize the database files by their file extension .idb (for legacy, 32-bit IDA) or .i64 (for 64-bit IDA or IDA64). Thus they’re also often called just […]
Read MorePreviously we’ve seen how to do small edits to types directly from the pseudocode view. While this is enough for minor edits, sometimes you still need to use the full editor. Of course, it is always possible to open Structures, Enums, or Local Types and look for your type there, but what if you have […]
Read MoreThis is a guest entry written by David Catalán from Outpost24. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. Software reverse engineering involves working with a wide variety of processor architectures, both real and virtual. Thus, having […]
Read MoreOne reason for our success is the strong community that has emerged around our products. We are always excited and surprised to see what plugins and tools you’ve been building on top of IDA all those years. This year, we want to engage with all of you better. It starts with asking you a few […]
Read MoreWe already know that user-defined types such as structures and enums can be created and edited through the corresponding views, or the Local Types list. However, some small edits can be performed directly in the pseudocode view: structure fields can be renamed using the “Rename” action (shortcut N): you can also quickly retype them using […]
Read MoreWe’ve seen how custom structures can be used to format data tables nicely, but sometimes you can improve your understanding even further with small adjustments. For example, in the structure we created, the first member (nMessage) is printed as a simple integer: If you know Win32 API well, you may recognize that these numbers correspond […]
Read MoreCreating user-defined structures can be quite useful both in disassembly and pseudocode when dealing with code using custom types. However, they can be useful not only in code but also data areas. MFC message maps As an example, let’s consider an MFC program which uses message maps. These maps are present in the constant […]
Read MoreEven though most manipulations with binaries can be done directly in IDA, you may occasionally need to use other tools. For example, Binwalk for basic firmware analysis, or a hex editor/viewer to find interesting patterns in the file manually. Let’s say you found an interesting text or byte pattern at some offset in the file […]
Read More