The IDA Disassembler and Debugger is an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X. IDA has become the de-facto standard for the analysis of hostile code, vulnerability research and commercial-off-the-shelf validation.
WHAT IS IDA PRO?
● IDA Pro is a disassembler
A disassembler is a piece of software used to translate machine code into a human readable format called assembly language. ● IDA Pro is a debugger
A debugger is a computer program that assists in the detecttion and correction of errors in other computer programs. ● IDA Pro is interactive
IDA always allows the human analyst to override its decisions or to provide hints. A built-in programming language and an open plugin architecture pushes interactivity even further. ● IDA Pro is programmable
IDA Pro is a complete integrated development environment. It consists of a very powerful macro-like language that can be used to automate simple to medium complexity tasks.
WHAT IS IDA PRO?
● Hostile Code analysis
Given the speed and the complexity of today’s hostile code, a powerful analysis solution is required. IDA Pro has become such a standard in the field of malware analysis that information about new viruses is often exchanged under the form of “IDA Databases”. IDA Pro is used daily by anti-virus, malware and spyware analysts to investigate new virus samplesthreats and to provide timely solutions. ● Vulnerability research
The topic of vulnerability disclosure remains quite controversial but software is, as a matter of fact, unfortunately often vulnerable to outside attacks. IDA Pro is the ideal tool to investigate such vulnerabilities. If they aren’t fixed they could be exploited by third-parties with dishonest or criminal intentions. The Wisconsin Safety Analyzer, for instance, is a very interesting project investigating software vulnerability where IDA Pro plays an important role. ● Commercial-off-the-shelf (COTS) validation
A lot of software are developed outside the country where they are used. Since those programs are incredibly hard to verify and since complete source code audit and rebuilds aren’t always practical or possble, tools such as IDA provide a convenient way to check if a program really does what it claims to do, contains no harmful vulnerabilities and leaks no sensitive information. ● Privacy protection
Software is invading our lives at every level. Respect of essential privacy rights is a concern for many, at a time when the amount of data about individual users that can potentially be collected, sold or exploited has surged to an unprecedented level. IDA Pro helps investigate software that may cause concern, thereby protecting your essential rights. ● Other uses
IDA Pro has generated quite a lot of interest in academic circles. A partial list of papers where IDA Pro plays a role is visible here.
The Hex-Rays Decompiler brings binary software analysis within reach of millions of programmers. It converts native processor code into a readable C-like pseudocode text.
In comparison to low level assembly language, high level language representation in the Decompiler has several advantages:
● concise: requires less time to read it
● structured: program logic is more obvious
● dynamic: variable names and types can be changed on the fly
● familiar: no need to learn the assembly language
● cool: the most advanced decompiler ever built!
Currently the decompiler supports compiler generated code for the x86, x64, ARM32, ARM64, and PowerPC processors. We plan to port it to other platforms in the future. The programmatic API allows our customers to improve the decompiler output. Vulnerability search, software validation, coverage analysis are the directions that immediately come to mind.
The decompiler runs on MS Windows, Linux, and Mac OS X. The GUI and text IDA versions are supported.
IDA Pro’s interactivity allows you to improve disassemblies in real time. Its multi-processor support is unmatched. Our FLIRT and PIT modules are truly unique, are not offered by any other commercial disassemblers and, more importantly, are incredible time savers.
IDA runs on all standard platforms – MS Windows, Linux, Mac OS X both in GUI and console modes.
●IDA is programmable through a C-like language – this flexibility enables you to improve IDA to your requirements
●IDA offers PE debugger – an open Plugin Architecture which again allows you to use third-party software to increase the power of IDA to meet your requirements. The source code of several plugins is included in the SDK. Other plugins can be found around the net, for example from our blog. Others can be found on Github.
●stealth: stealth against anti-debugging tricks.
●findcrypt: identifies some frequently used block ciphers.
●highlighter: highlights code that has been single stepped through in a debugging session.
●unispector: extracts unicode strings from an IDA database.
Other features & Tutorials
●Fully Interactive: you work with the disassembler and forget about tedious multiple passes, enabling a quicker and more intuitive analysis of the code
●Multiple processor handling: same interface and features for dozens of processors to speed up the process of analysis, rather than having to understand new features for different processors
●Debugger: multiple local and remote debugger modules, including WinDbg and GDBServer
●Fully customizable work and provides a unified environment on all platforms
●High level constructs such as unions, structures, and variable sized structures and low level constructs such as bitfields.
●Stack Variables keep track of your local variables, so that you can analyze the code more quickly.
●Graphing: provides a pictorial overview of the code structure at a glance. See our Graphing Tutorial
●IDC scripting: IDC is a powerful C LIKE embedded programming language that extends IDA’s capabilities.
●The Program Navigator Toolbar
●Interactive Register Renaming makes RISC processors easy.
●Auto-commenting: you can even define and use your own comments base.
●Code flow: enhancing IDA’s brain
Type of licences available for IDA
● Named licences
● Computer licenses
● Floating licenses