Product Overview - News - Support - Downloads - Sales - Processors - Technology - Links - Contacts

Enhancing IDA's Pro brain

After the visualization improvements introduced in IDA Pro 5.0, we'll focus on enhancing the brain of IDA Pro 5.1. Here is a first, very preliminary example, of one of the enhancements that will be introduced in our next releases. In its initial analysis, IDA follows, somewhat blindly, the natural flow of the code it examines. The result of such an analysis is shown below, on the left pane. What would happen if IDA discovered that call sub_2128C never returned? The sequence in red would not be created in the first code analyzer passes. It is not before its final pass, when IDA Pro systematically attempts to convert unvisited bytes in the code segments to meaningful opcodes that this bogus code would show up, only to see its arpl instructions rejected as non-sensical by IDA's heuristics. At this point, another of IDA Pro's heuristics would be free to reveal the string that's actually hiding in the code segment, as shown below on the right pane.

The astute reader will probably notice that there is still room for improvements. Check back later to discover how IDA Pro 5.1 will deal with this less obviously rotten code...

   

 
Product Overview - News - Support - Downloads - Sales - Processors - Technology - Links - Contacts
Hex-Rays cour Saint Remy 10g, 4000 Liège (Belgium) tel 32-4-222-4300 fax 32-4-222-6500 Please send us your questions or comments.