We posted an addendum to the release notes for IDA 7.2: The Mac Rundown. It dives much deeper into the Mac-specific features introduced in 7.2, and should be great reference material for users interested in reversing the latest Apple binaries. It’s packed full of hints, tricks, and workarounds. We hope you will find it quite useful! […]
This is a guest entry written by Rolf Rolles from Mobius Strip Reverse Engineering. His views and opinions are his own, and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to him. In this entry, we’ll investigate an in-the-wild malware sample that was compiled […]
It is a nice feeling, when, after long debugging nights, your software finally runs and produces meaningful results. Another hallmark is when other users start to use it and obtain useful results. Usually this period is very busy: lots of new bugs are discovered and fixed, unforeseen corner cases are handled. Then another period starts: when users come back for […]
A few days ago a customer sent us a sample file. The code he sent us was using a very simple technique to obfuscate string constants by building them on the fly and using ‘xor’ to hide the string contents from static disassembly: The decompiler recovered most of the xor’ed values but some of them […]
Just a short post to show you the current state of the x64 decompiler. In fact, it already mostly works but we still have to solve some minor problems. Let us consider this source code: struct color_t { short red; short green; short blue; short alpha; }; extern color_t lighten(color_t c); color_t func(int red, int green, […]
Last week we released IDA 6.2 and Hex-Rays Decompiler 1.6. Many of the new IDA features have been described in previous posts, but there have been notable additions in the decompiler as well. They will let you make the decompilation cleaner and closer to the original source. However, it might be not very obvious how […]
Last month I visited the Recon conference and had a great time again. I gave a talk on C++ decompilation and how to handle it in IDA and Hex-Rays decompiler. You can get the slides here, and download the recorded talk here. Edit: for some reason the streaming version does […]
We have the beta version of the ARM decompiler almost ready! Below is a short demo of how it works now: If you are interested in participating in the beta testing and you have an active x86 decompiler license, please send us a message. Thanks!
As everyone knows, Google and some other companies were under a targeted attack a few days ago. A vulnerability in the Internet Explorer was used to penetrate the computers. An IDA user very kindly sent us the following link http://www.avertlabs.com/research/blog/index.php/2010/01/18/an-insight-into-the-aurora-communication-protocol/
The Hex-Rays Decompiler 1.0 was released more than two years ago. Since then it has improved a lot and does a great job decompiling real-life code, but sometimes there are additional things that you might wish to do with its output. For that purpose we have released the Hex-Rays Decompiler SDK and several sample plugins. However, […]
