IDA 7.4 and Python 3.8

As several of our users have noticed, IDA 7.4 Windows installer refuses to use Python 3.8.0 if you installed it. You can usually observe output similar to following: ———- Checking installs from “Python Software Foundation” Checking “Python 3.8 (64-bit)” (3.8) Found: “C:\Program Files\Python38\” (version: 3.8.0 (’38’)) Ignoring unusable Python 3.8.0 No Python installations were found ———- So why exactly is 3.8.0 “unusable”? Well, […]

Environment variable editor

Normally, to change environment variables in a running process, one has to terminate the process, edit the environment variables and re-run the process. In this blog entry we are going to write an IDAPython script that allows us to add, edit or delete environment variables in a running process directly. To achieve this we will […]

IDA 7.2 – The Mac Rundown

We posted an addendum to the release notes for IDA 7.2: The Mac Rundown. It dives much deeper into the Mac-specific features introduced in 7.2, and should be great reference material for users interested in reversing the latest Apple binaries. It’s packed full of hints, tricks, and workarounds. We hope you will find it quite useful! […]

Deobfuscating xor'ed strings

A few days ago a customer sent us a sample file. The code he sent us was using a very simple technique to obfuscate string constants by building them on the fly and using ‘xor’ to hide the string contents from static disassembly: The decompiler recovered most of the xor’ed values but some of them […]

IDA and common Python issues

With IDA 7.0 switching fully to native x64 architecture, we also switched to the x64 Python which brought some new issues but also exposed some we’ve seen before. This post tries to summarize the most common issues we’ve seen our users encounter as well as suggestions how to fix them or at least diagnose where […]

Augmenting IDA UI with your own actions.

Intended audience Plugin writers, either using the C SDK or IDAPython, who would like to add actions/commands to IDA UI in order to augment its capabilities. Rationale: before 6.7 APIs galore Depending on what type of context you were in, various APIs were available to you: Want to add a main menu item? add_menu_item(const char *menupath, const char *name, const char […]

IDA Dalvik debugger: tips and tricks

One of the new features of IDA 6.6 is the Dalvik debugger, which allows us to debug Dalvik binaries on the bytecode level. Let us see how it can help when analysing Dalvik files. Encoded strings Let us consider the package with the encrypted strings: STRINGS:0001F143 unk_1F143:.byte 0x30 # 0 # DATA XREF: STR_IDS:off_70 STRINGS:0001F144 aFda8sohchnidgh: .string “FDA8sOhCHNidghM2hzFxMXUsivl2k7hFOhkJrW7O2ml8qLVM”,0 STRINGS:0001F144 […]

Interacting with IDA through IPC channels

I’m happy to present you a guest post by David Zimmer <[email protected]>. The approach he describes can be used to develop plugins more conveniently (but not limited to that): In this article we are going to discuss a mechanism that can be used to interact with IDA through external applications. The reason this technique was developed was […]