Hex-Rays Plugin Contest

We are glad to announce the results of our first plugin contest! For the contest rules, please check this page:
http://www.hex-rays.com/contest.shtml
Or you may directly go to the contest results and check out some cool plugins:
http://www.hex-rays.com/contest2009
It was our first contest, but we are happy with the results and will repeat it in the near future.
Have fun!

Hex-Rays is hiring

We are looking for someone to join our team and participate in the development of unique software security tools. The candidates must know low-level details of modern software as well as high-level data structures and algorithms.
Requirements:
* strong knowledge of C/C++
* experience with Qt and GUI development is a big PLUS
* knowledge of x86 assembler and unwillingness to use it in development
* cross platform development (Windows/Linux/Mac) is a plus
* knowing the graph theory and how compilers work is a plus
* ability and willingness to write secure yet fast code
* good problem solving and communication skills
To apply, please send your resume to [email protected]
Code samples and links to implemented projects are welcome.

Javascript for IDA Pro

Just a quick post to share the joy of having more expressiveness and freedom in IDA Pro. A few days ago we implemented a JavaScript plugin. This means that there is yet one more languauge to write scripts in IDA, and a very powerful one.

All usual methods of accessing the language work: you may execute scripts, standalone statements, or even completely replace IDC with JavaScript.

All IDC functions are availalble in JavaScript (in fact, we just exported them one-to-one). In the future, we will export IDA objects into JavaScript and this will make programming it even easier.

Download the plugin here:
http://hexblog.com/ida_pro/files/js.zip

If you notice anything unusual, send us a note, thank you!

Elias will blog more about the plugin in the coming days, and maybe present something handy, as he already did in the past 😉

P.S. I subscribed to twitter a few days ago – it is so dynamic. Will probably switch to it, at least partially

Casts are bad

Halvar and Dennis Elser recently blogged about a serious vulnerability in the ATL libraries. A few days ago, Microsoft released an emergency “out-of-band” patch. Yes, the bug was that nasty, and since it is in a library, many MS Windows components were affected. Everyone who used the library should review their code and recompile with the corrected version.

Continue reading Casts are bad

IDA Pro 5.5 and Hex-Rays 1.1 have been released!

IDA Pro 5.5

We are happy to announce a new version of IDA Pro! The major news is the
new docking user interface. There are many other improvements: processor modules,
file formats, analysis tweaks, well, the usual stuff. There is a new MS Windows
Crash Dump Loader and improved Bochs debugger. The complete list of new
features and bug fixes is available here

http://www.hex-rays.com/idapro/55/index.htm

Hex-Rays 1.1

We also release a new version of our decompiler: now with the floating point
support. It was a technically challenging task and required lots of testing, but
we are very happy with the end result. It can really handle floating point
computations and generates reliable output. All subtle nuances, like conversion
rules, fpu stack state, predefined compiler helper functions, are all taken care of.

The decompiler uses debug information if it is available: in this case, even local
variable names and types will be restored. If there is no debug information, the
decompiler will still generate correct and precise output. In fact, it is designed
to work without debug information, which means that virtually any
compiler-generated executable can be analyzed and turned into C output.

New pricing and support plans

With this release, we update the pricing of IDA Pro and Hex-Rays Decompiler.
While the initial purchase prices are increased, upgrade prices go down.
In order to streamline the upgrade process, we will use the same rules for
all our products: now a support plan is renewable any time while it is active
and also three months after its expiration. The new support period is counted from
the expiration date of the previous support period.

If you upgraded your IDA/Hex-Rays copy the last month with older prices,
do not worry. For you, we will add a month of support for the IDA license,
and three months of support for Hex-Rays Decompiler.

We will continue to accept old-style upgrade orders until 12 October 2009.

How to request the new versions

As usual, the new versions are free for users whose licenses are within active
support plan. Submit your ida.key to

https://www.hex-rays.com/updida.shtml

and expect a message from us within 5-10 minutes. Sometimes we do not have your
email in the database, so please specify it (otherwise we will have no means of
communicating with you).

To request the new version of the decompiler, please use Edit, Plugins, Hex-Rays,
Check for updates in IDA.

Is your key too old?

If your key is too old for a free update, you might still be
eligible for a discounted upgrade. Until 12 October 2009 we offer the upgrade
prices for all purchases made two years ago or less. The order forms can be
found here:

http://www.hex-rays.com/idapro/idaorder.htm

We will arrange an electronic delivery to existing customers.

That’s all folks! Enjoy the release.

Decompiling floating point

It is a nice feeling, when, after long debugging nights, your software
finally runs and produces meaningful results. Another hallmark is when other users
start to use it and obtain useful results. Usually this period is very busy: lots
of new bugs are discovered and fixed, unforeseen corner cases are handled.
Then another period starts: when users come back
for more copies,with more ideas, request more functionality, etc. This is what is happening
with the decompiler now and I feel it is time to update you with the latest news.

Continue reading Decompiling floating point

IDA v5.4 demo

Just a quick note for interested parties: we prepared the new demo version of IDA Pro. The new demo includes the bochs debugger. The debugger is fully functional with just one limitation: it will become inactive after a number of commands. I prefer to tell you this in advance rather than this limitation to be discovered in the middle of a heavy debugging session 😉
Here’s the download link:
http://www.hex-rays.com/idapro/idadowndemo.htm
Enjoy!

IDA Pro has 9 debugger modules

Since the number of debugger modules in IDA surpassed the magical number seven plus or minus two, we created a small table describing what is available and what is not:
http://www.hex-rays.com/idapro/debugger/index.htm
Direct links to tutorials are available here:
http://www.hex-rays.com/idapro/idasupport.htm
I know, I know – we need to add 64-bit support for all platforms, port the Bochs debugger module to Linux, and… any other suggestions? I personally would love to have source level debugging, yet it requires some substantial changes to the kernel. We probably will move in this direction, sooner or later…

IDA v5.4 release is not that far away

I’m happy to inform you that we are entering the beta stage of IDA v5.4!
In addition to numerous small and not that small improvements, the new version will have three debugger modules: bochs, gdb, and windbg, selectable on the fly (the active debugger session will be closed, though ;))

  • With the bochs debugger, we offer three different worlds: run-any-code-snippet facility, windows-like-environment for PE files, and any-bochs-image bare-bone machine emulation mode. You can read more about this module in our blog: http://hexblog.com/2008/11/bochs_plugin_goes_alpha.html
  • With gdb, x86 and arm targets are supported. Among other things, it is possible to connect IDA to QEMU or debug a virtual machine inside VMWare. We tried it iPhone as well. However, while it works in some curcimstances, there were some problems on the gdbserver side.
  • With windbg, user and kernel mode debugging is available. The debugger engine from Microsoft, which is currently the only choice for driver and kernel mode debugging, can be used from IDA. It can automatically load required PDB files and populate the listing with meaningful names, types, etc. Speaking of PDB files, IDA imports more information from them: local function variables and types are retrieved too, c++ base classes are handled, etc.

The gdb and windbg debugger modules support local and remote debugging. We tried to make the debugger modules as open as possible: target-specific commands can be sent to all backend engines in a very easy and user-friendly way.
As usual, better analysis and many minor changes have been made. If you spend plenty of time analyzing gcc generated binaries, you’ll certainly appreciate that IDA handles its weird way of preparing outgoing function arguments. Now it can trace and find arguments copies to the stack with mov statements.
The new IDA will support Python out of box, thanks to Gergely Erdelyi, who kindly agreed the Python plugin to be included in the official distribution. In fact, the main IDA window will have a command line to enter any python (or other language) expressions and immediately get a result in the message window.
We will prepare the detailed list of improvements later this week.