Igor’s tip of the week #38: Hex view

In addition to the disassembly and decompilation (Pseudocode) views, IDA also allows you to see the actual, raw bytes behind the program’s instructions and data. This is possible using the Hex view, one of the views opened by default (or available in the View > Open subviews menu). Even if you’ve used it before, there may […]

Igor’s tip of the week #37: Patching

Although IDA is mostly intended to be used for static analysis, i.e. simply looking at unaltered binaries, there are times you do need to make some changes. For example, you can use it to fix up some obfuscated instructions to clean up the code flow or decompiler output, or change some constants used in the […]

IDA 7.6 Service Pack 1 released

Today, Hex-Rays announces the release of Service Pack 1 (SP1) for IDA 7.6. We are glad to announce the release of IDA 7.6 Service Pack 1 today! This Service Pack is primarily a bug fix release for a few errors that might affect some users. How to request the new versions As usual, the new versions are free […]

Igor’s tip of the week #36: working with list views in IDA

List views (also called choosers or table views) are used in many places in IDA to show lists of different kind of information. For example, the Function list we’ve covered previously is an example of a list view. Many windows opened via the View > Open subviews menu are list views: Exports Imports Names Strings Segments Segment registers Selectors Signatures Type libraries Local types Problems Patched […]

Igor’s tip of the week #35: Demangled names

Name mangling (also called name decoration) is a technique used by compilers to implement some of the features required by the language. For example, in C++ it is used to distinguish functions with the same name but different arguments (function overloading), as well as to support namespaces, templates, and other purposes. Mangled names often end up in the […]

Igor’s tip of the week #34: Dummy names

In IDA’s disassembly, you may have often observed names that may look strange and cryptic on first sight: sub_73906D75, loc_40721B, off_40A27C and more. In IDA’s terminology, they’re called dummy names. They are used when a name is required by the assembly syntax but there is nothing suitable available, for example the input file has no […]

Igor’s tip of the week #33: IDA’s user directory (IDAUSR)

The user directory is a location where IDA stores some of the global settings and which can be used for some additional customization. Default location  On Windows: %APPDATA%/Hex-Rays/IDA Pro On Linux and Mac: $HOME/.idapro For brevity, we’ll refer to this path as $IDAUSRin the following text. Contents/settings The directory is used to store the processor module caches (proccache.lst and proccache64.lst) as well […]

2021 IDA Training Course: Registration is now open!

The 2021 IDA training course will take place online from 10–14 and 17-19 May 2021, CEST time. Due to the ongoing COVID-19 situation, the world-class IDA Training course is taking place online for the second time from 10-14 and 17-19 May 2021 (CEST time). The course is devised to help professional reverse engineers master IDA […]

Igor’s tip of the week #32: Running scripts

Scripting allows you to automate tasks in IDA which can be repetitive or take a long time to do manually. We previously covered how to run them in batch (headless) mode, but how can they be used interactively? Script snippets File > Script Command… (Shift+F2) Although this dialog is mainly intended for quick prototyping and database-specific […]

IDA 7.6 released

Today, Hex-Rays team is thrilled to announce the release of IDA version 7.6! Our top-notch binary analysis tool IDA Pro’s latest version delivers new features and various enhancements. With significantly-improved performance, version 7.6 is expected to certainly accelerate its users’ reverse-engineering experience. Here are the highlight features and changes introduced in IDA 7.6: Apple Silicon’s full support: The […]