This is a guest entry written by Marc-Étienne Léveillé. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. IPyIDA – a better console for IDA Pro using IPython and Jupyter Notebook Unlike most plugins, IPyIDA is […]
Read MoreWe are delighted to announce the Hex-Rays plugin repository! As you know, plugins have always played a substantial role in IDA due to their ability to enrich its functionality. Most of these extensions are created by the users and resolve all sorts of practical cases. Until now, for the lack of a centralized “index”, finding […]
Read MoreWhen dealing with compile binary code, the decompiler lacks information present in the source code, such as function prototypes and so must guess it or rely on the information provided by the user (where its interactive features come handy). One especially tricky situation is indirect calls: without exact information about the destination of the call, the […]
Read MoreWe are excited to announce the release of IDA version 8.2! In this release, there are many new features and enhancements for IDA Pro, IDA Teams, and IDA Home, including: 32-bit support in IDA64 Processor modules improvements Swift picture_search plugin UI candy and more… See full updates here: https://hex-rays.com/products/ida/news/8_2/ How to request the new versions As usual, the new versions of IDA Pro and […]
Read MoreWe’ve covered structure creation using disassembly or Local Types, but there is also a way of doing it from the decompiler, especially when dealing with unknown, custom types used by the program. Whenever you see code dereferencing a variable with different offsets, it is likely a structure pointer and the function is accessing different fields […]
Read MoreWhile currently (as of version 8.1) the Hex-Rays decompiler does not try to perform full type recovery, it does try to deduce some types based on operations done on the variables, or using the type information for the API calls from type libraries. One simple type deduction performed by the decompiler is creation of typed […]
Read MoreIDA’s behavior and defaults can be configured using the Options dialog, saved desktop layouts, or config files. However, sometimes the behavior you need depends on something in the input file and can’t be covered by a single option, or you may want IDA to do something additional after the file is loaded. […]
Read MoreCross-references is one of the most useful features of IDA. For example, they allow you to see where a particular function is being called or referenced from, helping you to see how the function is used and understand its behavior better or discover potential bugs or vulnerabilities. For direct calls, IDA adds cross-references automatically, […]
Read MorePreviously, we have covered offset expressions which fit into a single instruction operand or data value. But this is not always the case, so let’s see how IDA can handle offsets which may be built out of multiple parts. 8-bit processors Although slowly dying out, the 8-bit processors — especially the venerable 8051 — […]
Read MoreImage-relative offsets are values that represent an offset from the image base of the current module (image) in memory. This means that they can be used to refer to other locations in the same module regardless of its real, final load address, and thus can be used to make the code position-independent (PIC), similarly to […]
Read More