Hex blog

Recon 2010: Intro to Embedded Reverse Engineering for PC reversers

Tue, 24 Aug 2010 15:11:09 +0100

In July I had the honor to speak at the Recon conference in Montreal, Canada. It was my first conference but I really liked the experience. I hope I'll be able to attend it in future.
The presentations were recorded and hopefully will appear on the Recon site soon but for now you can check out the slides (ODP, PDF). I have also uploaded some of the tools I mentioned, most notably various filesystem extractors compiled for Win32 (download).

Implementing command completion for IDAPython

Mon, 19 Jul 2010 15:12:29 +0100

In this blog post we are going to illustrate how to use the command line interpreter (CLI) interface from Python and how to write a basic command completion functionality for the Python CLI.

Running scripts from the command line with idascript

Thu, 08 Jul 2010 14:44:54 +0100

In this blog post we are going to demonstrate how the '-S' and '-t' switches (that were introduced in IDA Pro 5.7) can be used to run IDC, Python or other supported scripts from the command line as if they were standlone scripts and how to use the idascript utility

IDA Pro 5.7 highlights

Fri, 02 Jul 2010 17:52:05 +0100

We have released a IDA Pro 5.7 few days ago. The complete whatsnew can be found here. In this blog post we will highlight some of the major changes and additions of this release.

Extending IDC and IDAPython

Wed, 23 Jun 2010 16:30:31 +0100

Scripting with IDA Pro is very useful to automate tasks, write scripts or do batch analysis, nonetheless one problem is commonly faced by script writers: the lack of a certain function from the scripting language.
In the blog post going to demonstrate how to extend both IDC and IDAPython to add new functions.

UI and scripting improvements

Wed, 26 May 2010 15:54:37 +0100

In addition to the previously covered features we've already added, we took the opportunity to get to the bottom of it and add even more scripting facilities where possible along with minor but convenient UI enhancements. In this blog entry, we will introduce some of the new features in the coming version of IDA Pro.

ARM decompiler beta is coming

Wed, 12 May 2010 18:44:33 +0100

We have the beta version of the ARM decompiler almost ready! Below is a short demo of how it works now:

If you are interested in participating in the beta testing and you have an active x86 decompiler license, please send us a message. Thanks!

Kernel debugging with IDA Pro / Windbg plugin and VirtualKd

Fri, 30 Apr 2010 11:54:19 +0100

The other day we received an email support question asking if IDA Pro / Windbg debugger plugin works with VirtualKd, a tool that allows speeding up (up to 45x) Windows kernel module debugging using VMWare and VirtualBox virtual machines. After we installed and experimented with VirtualKd, our answer was "yes, certainly". This blog entry aims at illustrating how to configure VirtualKd to be used with IDA Pro / Windbg plugin and VMWare.

Book Review: The Art of Assembly Language, 2nd Edition

Wed, 28 Apr 2010 17:23:36 +0100

Have you ever tried to teach x86 assembly language programming to someone coming from high level language programming background and discovered that it was hard?

Before being able to write a simple "Hello World" program one needs to know a fair deal about the x86 architecture, the assembler language and the operating system. Obviously this is not the case with high level languages such as C for example.

I was reading The Art of Asssembly Language, 2nd edition book by Randall Hyde the other day and really enjoyed his approach to teaching the assembly language programming.

Environment variable editor

Mon, 05 Apr 2010 16:04:38 +0100

Normally, to change environment variables in a running process, one has to terminate the process, edit the environment variables and re-run the process. In this blog entry we are going to write an IDAPython script that allows us to add, edit or delete environment variables in a running process directly. To achieve this we will use Appcall to manage the variables and a custom viewer that serves as the graphical interface.

Scriptable plugins

Mon, 29 Mar 2010 18:28:17 +0100

In IDA Pro 5.6 we added support for loader scripts, last month we added processor module scripts support, and now by adding support for scriptable plugins (for the next version of IDA) it will be possible to write all sort of IDA Pro extensions using scripting languages.

(A plugin script written using IDC)

Using custom viewers from IDAPython

Thu, 25 Mar 2010 19:37:03 +0100

Custom viewers can be used to display arbitrary textual information and can be used in any IDA plugin.They are used in IDA-View, Hex-View, Enum and struct views and the Hex-Rays decompiler.

In this blog entry we are going to write an ASM file viewer in order to demonstrate how to create a custom viewer and populate it with colored lines.

Preview of the new cross-platform IDA Pro GUI

Wed, 10 Mar 2010 12:33:17 +0100

In order to provide our customers with the best user experience and in order to target many different platforms, the IDA Pro graphical user interface is currently being rewritten using the Qt technology.

Qt (pronounced "cute") is a cross-platform application and UI framework and the Win32 VCL-based IDA Pro interface is being ported to it. The goal is to provide all the features available in the current GUI while maintaining the maximum compatibility with plugins and other external modules.

Here is a screenshot of the current build of idaqt running on Ubuntu:

You can click on the images to enlarge them.

Custom data types and formats

Thu, 25 Feb 2010 18:48:44 +0100

Another new feature that will be available in the upcoming version of IDA Pro is the ability to create and render custom data types and formats.

(Embedded instructions disassembled and rendered along side with x86 code)

Scriptable Processor modules

Tue, 16 Feb 2010 18:38:51 +0100

One of the new features we are preparing for the next version of IDA is the ability to write processor modules using your favorite scripting language.
After realizing how handy it is to write file loaders using scripting languages, we set out to making the same thing for processor modules. As an exercise for this new feature, we implemented a processor module for the EFI bytecode.