State-of-the-art binary code analysis tools
We’ve covered simple enums previously, but there is a different kind of enum that you may sometimes encounter or need to create manually. They are used to represent various bits (or flags) which may be set in an integer value. For example, the file mode on Unix filesystems contains Access Permission bits (you can […]
This is a guest entry written by Arnaud Gatignol and Julien Staszewski from the THALIUM team. The views and opinions expressed in this blog post are solely those of the authors and do not necessarily reflect the views or opinions of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed […]
In the past, we’ve seen how structure instance representation can be changed by editing the structure in the Structures window. In IDA 8.4, a new unified view was introduced for Local Types and the same operations can (and should) be done in that window. Instead of comments, additional custom attributes are printed now: In addition […]
In one of the past tips we mentioned the __unused attribute which can be applied to function arguments. When can it be useful? Let’s consider this code from Apple’s dyld: v19 is passed as fist argument to dyld4::ProcessConfig::PathOverrides::setString(). Since its name looks like a class method, the decompiler assigned the class type to the first argument […]
Previously, we discussed a situation where the decompiler wrongly used a combined stack slot for two separate variables. We could solve it because each variable had a distinct stack location, so editing the stack frame to split them worked. However, modern optimizing compilers can actually reuse the same stack location for different variables active at […]
As we’ve seen previously, an IDB (IDA database) consists of several embedded files which contain the actual database data and which IDA reads/write directly when working with the database. By default, they’re unpacked next to the IDB, which can lead to various issues such as excessive disk usage, or speed (e.g. if IDB is […]
This is a guest entry written by Martin Perrier and Louis Jacotot from Synacktiv. The views and opinions expressed in this blog post are solely those of the authors and do not necessarily reflect the views or opinions of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the […]
When you work in IDA, it saves the results of your analysis in the IDA Database, so that you can pause and continue at a later time. You can recognize the database files by their file extension .idb (for legacy, 32-bit IDA) or .i64 (for 64-bit IDA or IDA64). Thus they’re also often called just […]
Previously we’ve seen how to do small edits to types directly from the pseudocode view. While this is enough for minor edits, sometimes you still need to use the full editor. Of course, it is always possible to open Structures, Enums, or Local Types and look for your type there, but what if you have […]
This is a guest entry written by David Catalán from Outpost24. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. Software reverse engineering involves working with a wide variety of processor architectures, both real and virtual. Thus, having […]