Monthly Archives: January 2010

Hex-Rays against Aurora

As everyone knows, Google and some other companies were under a targeted attack a few days ago. A vulnerability in the Internet Explorer was used to penetrate the computers. An IDA user very kindly sent us the following link http://www.avertlabs.com/research/blog/index.php/2010/01/18/an-insight-into-the-aurora-communication-protocol/

Posted in Decompilation | 2 Comments

Practical Appcall examples

Last week we introduced the new Appcall feature in IDA Pro 5.6. Today we will talk a little about how it’s implemented and describe some of the uses of Appcall in various scenarios. How Appcall works Given a function with … Continue reading

Posted in IDA Pro | 1 Comment

Introducing the Appcall feature in IDA Pro 5.6

In this blog entry we are going to talk about the new Appcall feature that was introduced in IDA Pro 5.6. Briefly, Appcall is a mechanism used to call functions inside the debugged program from the debugger or your script … Continue reading

Posted in IDA Pro | 1 Comment

Debugging ARM code snippets in IDA Pro 5.6 using QEMU emulator

Introduction IDA Pro 5.6 has a new feature: automatic running of the QEMU emulator. It can be used to debug small code snippets directly from the database. In this tutorial we will show how to dynamically run code that can … Continue reading

Posted in IDA Pro | 5 Comments

PDF file loader to extract and analyse shellcode

One of the new features in IDA Pro 5.6 is the possibility to write file loaders using scripts such as IDC or Python. To illustrate this new feature, we are going to explain how to write a file loader using … Continue reading

Posted in IDA Pro, Security | 7 Comments