State-of-the-art binary code analysis tools
Previously we’ve covered cross-references in the disassembly view but in fact you can also consult them in the decompiler (pseudocode) view. Local cross-references The most common shortcut (X) works similarly to disassembly: you can use it on labels, variables (local and global), function names, but there are some differences and additions: for local variables, the list of […]
We’ve briefly covered batch mode last time but the basic functionality is not always enough so let’s discuss how to customize it. Basic usage To recap, the batch mode can be invoked with this command line: ida -B -Lida.log <other switches> <filename> IDA will load the file, wait for the end of analysis, and write the full disassembly to <filename>.asm How it […]
It is not a surprise to hear the IDA and Decompiler cannot handle all possible cases and eventually fail to recognize a construct, optimize an expression and represent it in its simplest form. It is perfectly understandable — nobody has resources to handle everything. This is why we publish a rich API that can be […]
Intended audience IDA 7.2 users, who have experience with IDAPython and/or the decompiler. The problem As you may already know, the decompilers allow not only decompiling the current function (shortcut F5) but also all the functions in the database (shortcut Ctrl+F5).A somewhat less-well known feature of the “multiple” decompilation, is that if a range is selected (for example […]
We posted an addendum to the release notes for IDA 7.2: The Mac Rundown. It dives much deeper into the Mac-specific features introduced in 7.2, and should be great reference material for users interested in reversing the latest Apple binaries. It’s packed full of hints, tricks, and workarounds. We hope you will find it quite useful! […]
This is a guest entry written by Rolf Rolles from Mobius Strip Reverse Engineering. His views and opinions are his own, and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should […]
A few days ago a customer sent us a sample file. The code he sent us was using a very simple technique to obfuscate string constants by building them on the fly and using ‘xor’ to hide the string contents from static disassembly: The decompiler recovered most of the xor’ed values but some of them […]
It is a nice feeling, when, after long debugging nights, your software finally runs and produces meaningful results. Another hallmark is when other users start to use it and obtain useful results. Usually this period is very busy: lots of new bugs are discovered and fixed, unforeseen corner cases are handled. Then another period starts: when users come back for […]
Just a short post to show you the current state of the x64 decompiler. In fact, it already mostly works but we still have to solve some minor problems. Let us consider this source code: struct color_t { short red; short green; short blue; short alpha; }; extern color_t lighten(color_t c); color_t func(int red, int green, […]
Last week we released IDA 6.2 and Hex-Rays Decompiler 1.6. Many of the new IDA features have been described in previous posts, but there have been notable additions in the decompiler as well. They will let you make the decompilation cleaner and closer to the original source. However, it might be not very obvious how […]
