Share to: share facebook share twitter share wa share telegram print page

Interactive Disassembler

Interactive Disassembler
Original author(s)Ilfak Guilfanov
Developer(s)Hex-Rays
Initial releaseMay 21, 1991; 33 years ago (1991-05-21)[1]
Stable release
9.0[2] / September 30, 2024; 58 days ago (2024-09-30)
Written inC++[3]
Operating systemMicrosoft Windows, Mac OS X, and Linux
Available inEnglish, Russian
TypeDisassembler, Decompiler
LicenseProprietary
Websitehex-rays.com/ida-pro/

The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It can also be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executables. A decompiler plug-in, which generates a high level, C source code-like representation of the analysed program, is available at extra cost.[4][5]

IDA is used widely in software reverse engineering, including for malware analysis[6][7] and software vulnerability research.[8][9] IDA's decompiler is one of the most popular and widely used decompilation frameworks,[10][11][12] and IDA has been called the "de-facto industry standard" for program disassembly and static binary analysis.[13][14][15]

History

Ilfak Guilfanov began working on IDA in 1990,[16][17][18][19] and initially distributed it as a shareware application. In 1996, the Belgian company DataRescue took over the development of IDA and began to sell it as a commercial product, under the name IDA Pro.[20][21]

Initial versions of IDA did not have a graphical user interface (GUI), and ran as an extended DOS, OS/2, or Windows console application.[22] In 1999, DataRescue released the first version of IDA Pro with a GUI, IDA Pro 4.0.[23]

In 2005, Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension.[24][25] In January 2008, Hex-Rays assumed the development and support of DataRescue's IDA Pro.[26][27]

In 2022, Hex-Rays was acquired by a group of investors led by Smartfin, a European venture capital and private equity investor. Co-investors in the acquisition included the Belgian public holding company The Federal Holding & Investment Company (SFPIM) [fr], and the Walloon public investment firm Regional Investment Company of Wallonia (SRIW).[28][29]

Features

IDA disassembles a compiled program back into an assembly language representation. In addition to performing basic disassembly, IDA also automatically annotates disassembled programs with information about:[30]

However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and vice versa, rename, annotate, and otherwise add information to the listing, until its functionality becomes clear.

Scripting

"IDC scripts" make it possible to extend the operation of the disassembler. Some helpful scripts are provided, which can serve as the basis for user written scripts. Most frequently scripts are used for extra modification of the generated code. For example, external symbol tables can be loaded thereby using the function names of the original source code.

Users have created plugins that allow other common scripting languages to be used instead of, or in addition to, IDC. IdaRUB[31] supports Ruby and IDAPython[32] adds support for Python. As of version 5.4, IDAPython (dependent on Python 2.5) comes preinstalled with IDA Pro.

Debugging

IDA Pro supports a number of debuggers,[33] including:

  • Remote Windows, Linux, and Mac applications (provided by Hex-Rays) allow running an executable in its native environment (presumably using a virtual machine for malware)
  • GNU Debugger (gdb) is supported on Linux and OS X, as well as the native Windows debugger
  • A Bochs plugin is provided for debugging simple applications (i.e., damaged UPX or mpress compacted executables)
  • An Intel PIN-based debugger
  • A trace replayer

Versions

The latest full version of IDA Pro is commercial (version 8.4 as of June 2024), while a less capable version, named IDA Free, is available for download free of cost.[34]

Supported systems/processors/compilers

IDA Pro's logo is a cropped image of Françoise d'Aubigné, Marquise de Maintenon. The logo image is similar to a miniature painting of Françoise d'Aubigné attested to a painter in the circle of Pierre Mignard.[36]

The original greyscale version of the logo was introduced in September 1999, with the release of IDA 4.0.[18] Ilfak Guilfanov has stated that the logo is not a depiction of Saint Ida of Louvain.[37]

See also

References

  1. ^ Czokow, Geoffrey (2021-05-20). "IDA: celebrating 30 years of binary analysis innovation". Hex-Rays. Retrieved 2023-03-19.
  2. ^ "IDA 9.0". Archived from the original on September 30, 2024. Retrieved Nov 13, 2024.
  3. ^ "Hex-rays Home". Archived from the original on 2024-05-26. Retrieved 2008-03-31.
  4. ^ Eagle, Chris (2011). "Chapter 23: Real-World IDA Plug-ins". The IDA Pro Book : the Unoffical Guide to the World's Most Popular Disassembler (2nd ed.). San Francisco: No Starch Press. pp. 500–502. ISBN 978-1-59327-395-8. OCLC 830164382.
  5. ^ "Hex-Rays Decompiler". hex-rays.com. Retrieved 2023-03-18.
  6. ^ Staff, S. C. (2017-09-11). "Hex-Rays IDA Pro". SC Media. Retrieved 2023-03-13.
  7. ^ Sikorski, Michael (2012). "Chapter 5. IDA Pro". Practical Malware Analysis : a Hands-On Guide to Dissecting Malicious Software. Andrew Honig. San Francisco: No Starch Press. ISBN 978-1-59327-430-6. OCLC 830164262.
  8. ^ Shoshitaishvili, Yan; Wang, Ruoyu; Salls, Christopher; Stephens, Nick; Polino, Mario; Dutcher, Andrew; Grosen, John; Feng, Siji; Hauser, Christophe; Kruegel, Christopher; Vigna, Giovanni (2016-05-22). "SOK: (State of) the Art of War: Offensive Techniques in Binary Analysis". 2016 IEEE Symposium on Security and Privacy (SP). pp. 138–157. doi:10.1109/SP.2016.17. hdl:11311/1161277. ISBN 978-1-5090-0824-7.
  9. ^ Guo, Wei; Wei, Qiang; Wu, Qianqiong; Guo, Zhimin (2022-04-01). "CSChecker : A binary taint-based vulnerability detection method based on static taint analysis". Journal of Physics: Conference Series. 2258 (1): 012069. Bibcode:2022JPhCS2258a2069G. doi:10.1088/1742-6596/2258/1/012069. ISSN 1742-6588.
  10. ^ Yakdan, Khaled; Eschweiler, Sebastian; Gerhards-Padilla, Elmar; Smith, Matthew (2015). No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations. doi:10.14722/ndss.2015.23185. ISBN 978-1-891562-38-9. Retrieved 2023-03-18. {{cite book}}: |website= ignored (help)
  11. ^ Schulte, Eric; Ruchti, Jason; Noonan, Matt; Ciarletta, David; Loginov, Alexey (2018). "Evolving Exact Decompilation". Proceedings 2018 Workshop on Binary Analysis Research. Reston, VA: Internet Society. doi:10.14722/bar.2018.23008. ISBN 978-1-891562-50-1.
  12. ^ Liu, Zhibo; Wang, Shuai (2020-07-18). "How far we have come: Testing decompilation correctness of C decompilers". Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. ISSTA 2020. New York, NY, USA: Association for Computing Machinery. pp. 475–487. doi:10.1145/3395363.3397370. ISBN 978-1-4503-8008-9.
  13. ^ Di Federico, Alessandro; Payer, Mathias; Agosta, Giovanni (2017-02-05). "Rev.ng: A unified binary analysis framework to recover CFGS and function boundaries". Proceedings of the 26th International Conference on Compiler Construction. CC 2017. New York, NY, USA: Association for Computing Machinery. pp. 131–141. doi:10.1145/3033019.3033028. ISBN 978-1-4503-5233-8. In an extensive evaluation, we test our [binary analysis] tool on binaries compiled for MIPS, ARM, and x86-64 using GCC and clang and compare them to the industry's state of the art tool, IDA Pro, and two well-known academic tools, BAP/ByteWeight and angr.
  14. ^ Garcia Prado, Carlos; Erickson, Jon (April 10, 2018). "Solving Ad-hoc Problems with Hex-Rays API". FireEye Threat Research Blog. Archived from the original on June 2, 2022. Retrieved March 12, 2023. IDA Pro is the de facto standard when it comes to binary reverse engineering.
  15. ^ Andriesse, Dennis (2019). "Appendix C: List of Binary Analysis Tools". Practical binary analysis : build your own Linux tools for binary instrumentation, analysis, and disassembly. San Francisco, CA: No Starch Press, Inc. ISBN 978-1-59327-913-4. OCLC 1050453850. This [IDA Pro] is the de facto industry-standard recursive disassembler.
  16. ^ Гильфанов, Ильфак (22 May 2003). "IDA Pro - samyj moshhnyj dizassembler v mire" IDA Pro - самый мощный дизассемблер в мире [IDA Pro - the most powerful disassembler in the world] (Interview) (in Russian). Interviewed by Доля, Алексей. Компания "Ф-Центр". sec. 2.30. Archived from the original on May 15, 2021. Retrieved 14 March 2023. Он начался как хобби в далеком 1991 году, просто увлечением для себя и для друзей.
  17. ^ "IDA Pro - Часто задаваемые вопросы". Archived from the original on December 19, 2003. Первые строки для IDA были написаны в декабре 1990.
  18. ^ a b Czokow, Geoffrey (2021-05-20). "IDA: celebrating 30 years of binary analysis innovation". Hex-Rays. Retrieved 2023-03-19.
  19. ^ "Hex Rays - State-of-the-art binary code analysis solutions". hex-rays.com. Archived from the original on 2023-05-31. Retrieved 2023-07-21.
  20. ^ Guilfanov, Ilfak (22 June 2015), CODE BLUE 2014 : Ilfak Guilfanov - Keynote : The story of IDA Pro, retrieved 2023-03-16, Datarescue converted my hobby project into a commercial program in 1996.
  21. ^ "DataRescue IDA Pro Page". DataRescue. Archived from the original on 1997-02-14.
  22. ^ "DataRescue IDA Page : download an evaluation version". DataRescue. Archived from the original on 1997-02-14.
  23. ^ "DataRescue IDA Pro What's new Page". DataRescue. Archived from the original on 1999-10-10.
  24. ^ "Gegevens van de geregistreerde entiteit | KBO Public Search". kbopub.economie.fgov.be. Retrieved 2023-03-13.
  25. ^ "Hex-Rays Decompiler". Hex-Rays. Archived from the original on 2007-10-11.
  26. ^ "DataRescue Home Page : home of the IDA Pro Disassembler and of PhotoRescue". DataRescue. Archived from the original on 2008-02-21. News 07/01/2008: IDA Pro moves to Hex-Rays.
  27. ^ "Hex-Rays Home Page". Hex-Rays. Archived from the original on 2008-02-12.
  28. ^ "A consortium of investors acquires Hex-Rays – Hex Rays". 19 October 2022. Archived from the original on 2023-07-21. Retrieved 2023-07-21.
  29. ^ "News Industry | Smartfin led consortium acquires Hex-Rays to accelerate product innovation efforts". Help Net Security. 2022-10-20. Archived from the original on 2023-07-21. Retrieved 2023-07-21.
  30. ^ Eagle, Chris (2011). "Part II. Basic IDA Usage". The IDA Pro Book : the Unoffical Guide to the World's Most Popular Disassembler (2nd ed.). San Francisco: No Starch Press. ISBN 978-1-59327-395-8. OCLC 830164382.
  31. ^ "Spoonm/Idarub". GitHub. Archived from the original on 2016-01-08. Retrieved 2011-12-05.
  32. ^ "Idapython [d-dome.net]". Archived from the original on 2006-01-16.
  33. ^ Eagle, Chris (2008). The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler. No Starch Press. ISBN 978-1-59327-178-7.
  34. ^ "IDA Pro Freeware version download". Archived from the original on 2008-08-08. Retrieved 2008-03-31.
  35. ^ "FLIRT Compiler Support". Hex-Rays. Archived from the original on 2011-10-03. Retrieved 2010-04-13.
  36. ^ "Französische Schule, Nachfolge Pierre Mignard - Osterauktion 17.04.2019 - Schätzwert: EUR 1.500 bis EUR 2.600 - Dorotheum". www.dorotheum.com (in Austrian German). Archived from the original on 2023-08-14. Retrieved 2024-07-08.
  37. ^ Guilfanov, Ilfak (2006-04-13). "Sainte Ida | Hex Blog". Hex Blog. Archived from the original on 2011-06-17. Retrieved 2024-07-08.

Further reading

Read other articles:

Bertrand's postulate

Joseph Louis François Bertrand Existence of a prime number between any number and its double In number theory, Bertrand's postulate is the theorem that for any integer n > 3 {\displaystyle n>3} , there exists at least one prime number p {\displaystyle p} with n < p < 2 n − 2. {\displaystyle n<p<2n-2.} A less restrictive formulation is: for every n > 1 {\displaystyle n>1} , there is always at least one prime p {\displaystyle p} such that n < p < 2 n . {\di...

 

Харьоно, Мас Тиртодармо

Мас Тиртодармо Харьоноиндон. Mas Tirtodarmo Haryono Дата рождения 20 января 1924(1924-01-20) Место рождения Сурабая, Восточная Ява, Голландская Ост-Индия Дата смерти 1 октября 1965(1965-10-01) (41 год) Место смерти Джакарта, Индонезия Принадлежность  Индонезия Род войск Сухопутные войска...

 

Chris Hemsworth

Australian actor (born 1983) Chris HemsworthAMHemsworth at the 2019 San Diego Comic-ConBornChristopher Hemsworth (1983-08-11) 11 August 1983 (age 40)Melbourne, Victoria, AustraliaEducationHeathmont CollegeOccupationsActorproducerYears active2002–presentSpouse Elsa Pataky ​(m. 2010)​Children3RelativesLuke Hemsworth (brother)Liam Hemsworth (brother)Joanne van Os (aunt)Signature Christopher Hemsworth AM (born 11 August 1983) is an Australian actor. He ros...

Fur (parochie)

Fur Parochie van Denemarken Situering Bisdom Bisdom Viborg Gemeente Skive Coördinaten 56°48'46,001NB, 9°1'18,001OL Algemeen Inwoners (2004) 914 Leden Volkskerk (2004) 862 Overig Kerken Sankt Mortens Kirke Proosdij Salling Provsti Pastoraat Fur Foto's Portaal    Denemarken Fur is een parochie van de Deense Volkskerk in de Deense gemeente Skive. De parochie maakt deel uit van het bisdom Viborg en telt 862 kerkleden op een bevolking van 914 (2004). Tot 1970 was de parochie deel van ...

 

اللغة العبرية

العبرية الاسم الذاتي עברית لفظ الاسم /ʕiv'ʁit/ العالم الناطقة باللغة العبرية:   المناطق التي العبرية هي لغة الأغلبية فيها   المناطق التي العبرية هي لغة أقلية كبيرة فيها الناطقون 9 مليون الدول إسرائيل، الأراضي الفلسطينية الرتبة غير موجودة في أول 100 الكتابة أبجدية عبري

 

Spouse

Partner in a marriage or similar union Statue of Simon Carmiggelt and his wife Tiny by Wim Kuijl [nl] Marriage of the Virgin, a Renaissance period painting depicting a marriage A spouse is a significant other in a marriage or without marriage. In certain contexts, it can also apply to a civil union or common-law marriage. Although a spouse is a form of significant other, the latter term also includes non-marital partners who play a social role similar to that of a spouse, but do ...

List of best-selling singles of the 1950s in the United Kingdom

Bill Haley & His Comets had the biggest-selling single of the 1950s with Rock Around the Clock, the first single in the UK to sell more than one million copies. 1950s in music in the UK Number-one singlesNumber-one albumsBest-selling singlesBest-selling albums Events 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 ←1949 1960s→ Singles are a type of music release that typically have fewer tracks than an extended play or album; during the 1950s, sales of singles in the United Kingdom ...

 

سديم البومة

سديم البومة بيانات الرصد الصفات الفيزيائية انظر أيضا: سديم تعديل مصدري - تعديل   سديم االبومة أو مسييه 97. رسم لسديم البومة (M97) للورد روس الذي أعطى الاسم للسديم الكوكبي. المصدر: seds.org سديم البومة أو «مسييه 97» أو «إن جي سي 3587» هو عبارة عن سديم كوكبي يقع في كوكبة الدب الأكبر.[1&...

 

Iris subg. Iris

Subgenus of flowering plants Iris subg. Iris Purple bearded iris Scientific classification Kingdom: Plantae Clade: Tracheophytes Clade: Angiosperms Clade: Monocots Order: Asparagales Family: Iridaceae Subfamily: Iridoideae Tribe: Irideae Genus: Iris Subgenus: Iris subg. IrisB.Mathew Subgenus Iris is one subgenus of Iris. Iris as a plant was originally named by Carl Linnaeus in his book Systema Naturae (in 1735), with a great number of species being added into the genus. Including new ones tha...

الصيغة الشرطية

الشرط هو مزاج نحوي، صفة من صفات الكلام الذي يشير إلى موقف المتحدث تجاهه. تُستخدم الأشكال الشرطية من الأفعال عادةً للتعبير عن حالات مختلفة من عدم الواقعية مثل: الرغبة أو العاطفة أو الاحتمال أو الحكم أو الرأي أو الالتزام أو الشك أو الفعل الذي لم يحدث بعد ؛ تختلف المواقف المحد�...

 

Europees kampioenschap voetbal mannen onder 17 - 2017

Europees kampioenschap voetbal onder 17 – 2017 UEFA U-17 Europsko prvenstvo 2017 Toernooi-informatie Gastland  Kroatië Organisator UEFA Editie 35e Datum 3–19 mei 2017 Teams 16 (van 1 confederatie) Stadions 7 (in 6 gaststeden) Winnaar  Spanje (9e titel) Toernooistatistieken Wedstrijden 32 Doelpunten 99  (3,09 per wedstrijd) Topscorer(s) Amine Gouiri (8 goals) (Lijst) Navigatie Vorige     Volgende Portaal    Voetbal Het Europees kampioenschap vo...

 

Freddie Stroma

British actor Freddie StromaStroma in 2016BornFrederic Wilhelm C. J. Sjöström (1987-01-08) 8 January 1987 (age 36)London, EnglandEducationRadley CollegeNational Youth TheatreAlma materUniversity College LondonOccupationActorYears active2005–presentSpouse Johanna Braddy ​(m. 2016)​ Frederic Wilhelm C. J. Sjöström[1] (born 8 January 1987[2]), known professionally as Freddie Stroma, is a British actor. He is known for his work in ...

Menoreh, Salaman, Magelang

MenorehDesaNegara IndonesiaProvinsiJawa TengahKabupatenMagelangMenorehSalamanKode pos56162Kode Kemendagri33.08.01.2004 Luas668,92 km²Jumlah penduduk7962 jiwaKepadatan... jiwa/km²Jumlah KK1647Situs webhttps://desamenoreh.magelangkab.go.id/ Menoreh adalah salah satu desa di kecamatan Salaman, Magelang, Jawa Tengah, Indonesia. Batas Wilayah Utara Desa Salaman Selatan Desa Kalirejo Barat Desa Kalisalak Timur Desa Ngadirejo Pembagian Administrasi Cagar Budaya Plengkung pitu Daftar Dusun di ...

 

La Marseillaise des Blancs

National anthem of France La Marseillaise des BlancsEnglish: The Marseille [Song] of the 'Blancs'The flag of the Blancs, sown with lilies anthem of French RoyalistsAdopted1793 La Marseillaise des Blancs (English: The Marseille [Song] of the 'Blancs') is a royalist and Catholic adaptation of the national anthem of France, La Marseillaise. The lyrical content of the Royal and Catholic variation is strongly counter-revolutionary and originated from the War in the Vendée, where locals attem...

 

Non-binary gender

Gender identities other than male or female Genderqueer redirects here. For the book, see Gender Queer. ‹ The template Infobox gender and sexual identity is being considered for deletion. › Non-binaryA genderqueer pride flag in Valencia reading The future is not binary in SpanishClassificationGender identityAbbreviationsEnbyNBOther termsSynonymsGenderqueerAssociated termsAndrogynyqueerthird gendertransgendergenderfluidtwo-spirit Part of a series onLGBT topics   &#...

Palos (TV series)

Filipino TV series or program PalosTitle cardGenre Drama Action Thriller Based onAlyas Palos (1961)by Tony SantosDeveloped byRondel LindayagWritten by Galo T. Ador Jr. Danica Mae Domingo Directed by Toto S. Natividad Erick C. Salud Trina N. Dayrit Starring Cesar Montano Jake Cuenca Theme music composerJay DuriasOpening themePalos themeEnding themeLangit sa 'Yong Tabi by South BorderCountry of originPhilippinesOriginal languageFilipinoNo. of episodes63ProductionExecutive producerRocky B. ...

 

Pornography in Bangladesh

A map showing pornography laws of Asia.   Fully legal   Partially legal, under some restrictions, or ambiguous status   Illegal   Data unavailable Pornography in Bangladesh is forbidden. It is against the law to watch, produce, distribute, or possess pornography, since the Pornography Control Act has been passed in 2012.[1] Types of publication Print Erotic novels, which sometimes included illustrations, are popularly known as choti, are sold by...

 

Crime in London

Overview of crime in London, England An anti-knife crime demonstration in Wood Green, north London, October 2019 Figures on crime in London are based primarily on two sets of statistics: the Crime Survey for England and Wales (CSEW) and police recorded crime data. Greater London is generally served by three police forces; the Metropolitan Police which is responsible for policing the vast majority of the capital, the City of London Police which is responsible for The Square Mile of the City of...

Hilton San Francisco Union Square

Hotel in San Francisco Hilton San Francisco Union Square1964 wing in foreground, with 1988 facade cladding, and 1971 tower in rearLocation within San FranciscoShow map of San FranciscoHilton San Francisco Union Square (California)Show map of CaliforniaHilton San Francisco Union Square (the United States)Show map of the United StatesHotel chainHilton Hotels & ResortsGeneral informationLocationUnited StatesAddress333 O'Farrell StreetSan Francisco, CaliforniaCoordinates37°47′07″N 122°2...

 

S. Vaiyapuri Pillai

Rao SahibS. Vaiyapuri PillaiVaiyapuri Pillai in 1936Born(1891-10-12)12 October 1891Tinnevely District, Madras Presidency, IndiaDied17 February 1956(1956-02-17) (aged 64)NationalityIndianOccupation(s)Lawyer, publisherKnown forTamil Scholar, publisher Rao Sahib Saravanapperumal Vaiyapuri Pillai (12 October 1891 – 17 February 1956)[1] was a renowned lawyer and Tamil scholar. An advocate by profession, he edited and published several Tamil classics from original manuscripts. H...

 
Kembali kehalaman sebelumnya