Interactive Disassembler: Difference between revisions
Jump to navigation
Jump to search
imported>Sin2x m Version bump |
imported>Hexware Update version |
||
| Line 14: | Line 14: | ||
| developer = Hex-Rays | | developer = Hex-Rays | ||
| released = {{Start date and age|1991|05|21}}<ref>{{Cite web |last=Czokow |first=Geoffrey |date=2021-05-20 |title=IDA: celebrating 30 years of binary analysis innovation |url=https://hex-rays.com/blog/ida-celebrating-30-years-of-binary-analysis-innovation/ |access-date=2023-03-19 |website=Hex-Rays |language=en}}</ref> | | released = {{Start date and age|1991|05|21}}<ref>{{Cite web |last=Czokow |first=Geoffrey |date=2021-05-20 |title=IDA: celebrating 30 years of binary analysis innovation |url=https://hex-rays.com/blog/ida-celebrating-30-years-of-binary-analysis-innovation/ |access-date=2023-03-19 |website=Hex-Rays |language=en}}</ref> | ||
| latest release version = 9. | | latest release version = 9.2<ref>{{Cite web |date=September 8, 2025 |url=https://hex-rays.com/blog/ida-9.2-release|title=IDA 9.2 Release |access-date=November 14, 2025}}</ref> | ||
| latest release date = {{Start date and age|2025| | | latest release date = {{Start date and age|2025|9|8}} | ||
| latest preview version = | | latest preview version = | ||
| latest preview date = | | latest preview date = | ||
| Line 27: | Line 27: | ||
| website = {{URL|https://hex-rays.com/ida-pro/}} | | website = {{URL|https://hex-rays.com/ida-pro/}} | ||
}} | }} | ||
The '''Interactive Disassembler''' ('''IDA''') is a [[disassembler]] for [[software|computer software]] which generates [[assembly language]] [[source code]] from [[Machine code|machine-executable code]]. It supports a variety of [[executable|executable format]]s for different [[Central processing unit|processor]]s and [[operating system]]s. It can also be used as a [[debugger]] for [[Portable Executable|Windows PE]], [[Mac OS X]] [[Mach-O]], and [[Linux]] [[Executable and Linkable Format|ELF]] executables. A [[decompiler]] plug-in, which generates a high level, [[C (programming language)|C]] source code-like representation of the analysed program, is available at extra cost.<ref>{{Cite book |last=Eagle |first=Chris | The '''Interactive Disassembler''' ('''IDA''') is a [[disassembler]] for [[software|computer software]] which generates [[assembly language]] [[source code]] from [[Machine code|machine-executable code]]. It supports a variety of [[executable|executable format]]s for different [[Central processing unit|processor]]s and [[operating system]]s. It can also be used as a [[debugger]] for [[Portable Executable|Windows PE]], [[Mac OS X]] [[Mach-O]], and [[Linux]] [[Executable and Linkable Format|ELF]] executables. A [[decompiler]] plug-in, which generates a high level, [[C (programming language)|C]] source code-like representation of the analysed program, is available at extra cost.<ref>{{Cite book |last=Eagle |first=Chris |title=The IDA Pro Book: the Unofficial Guide to the World's Most Popular Disassembler. |date=2011 |publisher=No Starch Press |isbn=978-1-59327-395-8 |edition=2nd |location=San Francisco |pages=500–502 |chapter=Chapter 23: Real-World IDA Plug-ins |oclc=830164382}}</ref><ref>{{Cite web |title=Hex-Rays Decompiler |url=https://hex-rays.com/decompiler/ |access-date=2023-03-18 |website=hex-rays.com}}</ref> | ||
IDA is used widely in software [[reverse engineering]], including for [[malware analysis]]<ref>{{Cite web |last=Staff |first=S. C. |date=2017-09-11 |title=Hex-Rays IDA Pro |url=https://www.scmagazine.com/product-test/content/hex-rays-ida-pro |access-date=2023-03-13 |website=SC Media |language=en}}</ref><ref>{{Cite book |last=Sikorski |first=Michael | IDA is used widely in software [[reverse engineering]], including for [[malware analysis]]<ref>{{Cite web |last=Staff |first=S. C. |date=2017-09-11 |title=Hex-Rays IDA Pro |url=https://www.scmagazine.com/product-test/content/hex-rays-ida-pro |access-date=2023-03-13 |website=SC Media |language=en}}</ref><ref>{{Cite book |last=Sikorski |first=Michael |title=Practical Malware Analysis: a Hands-On Guide to Dissecting Malicious Software. |date=2012 |publisher=No Starch Press |others=Andrew Honig |isbn=978-1-59327-430-6 |location=San Francisco |chapter=Chapter 5. IDA Pro |oclc=830164262}}</ref> and [[Vulnerability (computing)|software vulnerability]] research.<ref>{{Cite book |last1=Shoshitaishvili |first1=Yan |last2=Wang |first2=Ruoyu |last3=Salls |first3=Christopher |last4=Stephens |first4=Nick |last5=Polino |first5=Mario |last6=Dutcher |first6=Andrew |last7=Grosen |first7=John |last8=Feng |first8=Siji |last9=Hauser |first9=Christophe |last10=Kruegel |first10=Christopher |last11=Vigna |first11=Giovanni |chapter=SOK: (State of) the Art of War: Offensive Techniques in Binary Analysis |date=2016-05-22 |title=2016 IEEE Symposium on Security and Privacy (SP) |pages=138–157 |doi=10.1109/SP.2016.17|hdl=11311/1161277 |isbn=978-1-5090-0824-7 |hdl-access=free }}</ref><ref>{{Cite journal |last1=Guo |first1=Wei |last2=Wei |first2=Qiang |last3=Wu |first3=Qianqiong |last4=Guo |first4=Zhimin |date=2022-04-01 |title=CSChecker: A binary taint-based vulnerability detection method based on static taint analysis |journal=Journal of Physics: Conference Series |volume=2258 |issue=1 |article-number=012069 |doi=10.1088/1742-6596/2258/1/012069 |issn=1742-6588|doi-access=free |bibcode=2022JPhCS2258a2069G }}</ref> IDA's decompiler is one of the most popular and widely used decompilation frameworks,<ref name=":02">{{Cite book |title=No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations |url=https://www.ndss-symposium.org/ndss2015/ndss-2015-programme/no-more-gotos-decompilation-using-pattern-independent-control-flow-structuring-and-semantics/ |access-date=2023-03-18 |website=NDSS Symposium |date=2015 |language=en-US |doi=10.14722/ndss.2015.23185 |last1=Yakdan |first1=Khaled |last2=Eschweiler |first2=Sebastian |last3=Gerhards-Padilla |first3=Elmar |last4=Smith |first4=Matthew |isbn=978-1-891562-38-9 }}</ref><ref name=":1">{{Cite journal |last1=Schulte |first1=Eric |last2=Ruchti |first2=Jason |last3=Noonan |first3=Matt |last4=Ciarletta |first4=David |last5=Loginov |first5=Alexey |date=2018 |title=Evolving Exact Decompilation |journal=Proceedings 2018 Workshop on Binary Analysis Research |location=Reston, VA |publisher=Internet Society |doi=10.14722/bar.2018.23008|isbn=978-1-891562-50-1 |doi-access=free }}</ref><ref name=":2">{{Cite book |last1=Liu |first1=Zhibo |last2=Wang |first2=Shuai |chapter=How far we have come: Testing decompilation correctness of C decompilers |date=2020-07-18 |title=Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis |chapter-url=https://doi.org/10.1145/3395363.3397370 |series=ISSTA 2020 |location=New York, NY, USA |publisher=Association for Computing Machinery |pages=475–487 |doi=10.1145/3395363.3397370 |isbn=978-1-4503-8008-9}}</ref> and IDA has been called the "de-facto industry standard" for program disassembly and static binary analysis.<ref>{{Cite book |last1=Di Federico |first1=Alessandro |last2=Payer |first2=Mathias |last3=Agosta |first3=Giovanni |chapter=Rev.ng: A unified binary analysis framework to recover CFGS and function boundaries |date=2017-02-05 |title=Proceedings of the 26th International Conference on Compiler Construction |chapter-url=https://doi.org/10.1145/3033019.3033028 |series=CC 2017 |location=New York, NY, USA |publisher=Association for Computing Machinery |pages=131–141 |doi=10.1145/3033019.3033028 |isbn=978-1-4503-5233-8 |quote="In an extensive evaluation, we test our [binary analysis] tool on binaries compiled for MIPS, ARM, and x86-64 using GCC and clang and compare them to the industry's state of the art tool, IDA Pro, and two well-known academic tools, BAP/ByteWeight and angr."}}</ref><ref>{{Cite web |last1=Garcia Prado |first1=Carlos |last2=Erickson |first2=Jon |date=April 10, 2018 |title=Solving Ad-hoc Problems with Hex-Rays API |url=https://www.fireeye.com/blog/threat-research/2018/04/solving-ad-hoc-problems-with-hex-rays-api.html |archive-url=https://web.archive.org/web/20220602140613/https://www.fireeye.com/blog/threat-research/2018/04/solving-ad-hoc-problems-with-hex-rays-api.html |archive-date=June 2, 2022 |access-date=March 12, 2023 |website=FireEye Threat Research Blog |quote="IDA Pro is the de facto standard when it comes to binary reverse engineering."}}</ref><ref>{{Cite book |last=Andriesse |first=Dennis |title=Practical binary analysis: build your own Linux tools for binary instrumentation, analysis, and disassembly |date=2019 |publisher=No Starch Press, Inc. |isbn=978-1-59327-913-4 |location=San Francisco, CA |chapter=Appendix C: List of Binary Analysis Tools |oclc=1050453850 |quote="This [IDA Pro] is the de facto industry-standard recursive disassembler."}}</ref> | ||
== History == | == History == | ||
[[Ilfak Guilfanov]] began working on IDA in 1990,<ref>{{cite interview |last=Гильфанов |first=Ильфак |subject-link=Ilfak_Guilfanov |title=IDA Pro - samyj moshhnyj dizassembler v mire |url=https://fcenter.ru/online/softarticles/interview/6704 |access-date=14 March 2023 |archive-url=https://web.archive.org/web/20210515200735/https://fcenter.ru/online/softarticles/interview/6704 |archive-date=May 15, 2021 |publisher=Компания "Ф-Центр" |date=22 May 2003 |quote=Он начался как хобби в далеком 1991 году, просто увлечением для себя и для друзей. |interviewer-first=Алексей |interviewer-last=Доля |script-title=ru:IDA Pro - самый мощный дизассемблер в мире |trans-title=IDA Pro - the most powerful disassembler in the world |language=ru |at=sec. 2.30}}</ref><ref>{{Cite web |title=IDA Pro - Часто задаваемые вопросы |url=http://www.idapro.ru/faq.html#053 | [[Ilfak Guilfanov]] began working on IDA in 1990,<ref>{{cite interview |last=Гильфанов |first=Ильфак |subject-link=Ilfak_Guilfanov |title=IDA Pro - samyj moshhnyj dizassembler v mire |url=https://fcenter.ru/online/softarticles/interview/6704 |access-date=14 March 2023 |archive-url=https://web.archive.org/web/20210515200735/https://fcenter.ru/online/softarticles/interview/6704 |archive-date=May 15, 2021 |publisher=Компания "Ф-Центр" |date=22 May 2003 |quote=Он начался как хобби в далеком 1991 году, просто увлечением для себя и для друзей. |interviewer-first=Алексей |interviewer-last=Доля |script-title=ru:IDA Pro - самый мощный дизассемблер в мире |trans-title=IDA Pro - the most powerful disassembler in the world |language=ru |at=sec. 2.30}}</ref><ref>{{Cite web |title=IDA Pro - Часто задаваемые вопросы |url=http://www.idapro.ru/faq.html#053 |archive-url=https://web.archive.org/web/20031219030300/http://www.idapro.ru/faq.html#053 |archive-date=December 19, 2003 |quote=Первые строки для IDA были написаны в декабре 1990.}}</ref><ref name=":0">{{Cite web |last=Czokow |first=Geoffrey |date=2021-05-20 |title=IDA: celebrating 30 years of binary analysis innovation |url=https://hex-rays.com/blog/ida-celebrating-30-years-of-binary-analysis-innovation/ |access-date=2023-03-19 |website=Hex-Rays |language=en}}</ref><ref>{{Cite web |title=Hex Rays - State-of-the-art binary code analysis solutions |url=https://hex-rays.com/about-us/our-journey/ |access-date=2023-07-21 |website=hex-rays.com |archive-date=2023-05-31 |archive-url=https://web.archive.org/web/20230531100330/https://hex-rays.com/about-us/our-journey/ |url-status=live }}</ref> and initially distributed it as a [[shareware]] application. In 1996, the [[Belgium|Belgian]] company DataRescue took over the development of IDA and began to sell it as a commercial product, under the name IDA Pro.<ref>{{Citation |last=Guilfanov |first=Ilfak |title=CODE BLUE 2014 : Ilfak Guilfanov - Keynote: The story of IDA Pro |date=22 June 2015 |url=https://www.youtube.com/watch?v=hLBlck1lTUs |access-date=2023-03-16 |language=en |quote="Datarescue converted my hobby project into a commercial program in 1996."}}</ref><ref>{{Cite web |title=DataRescue IDA Pro Page |url=http://www.datarescue.com/ida.htm |archive-url=https://web.archive.org/web/19970214111312/http://www.datarescue.com/ida.htm |archive-date=1997-02-14 |website=DataRescue}}</ref> | ||
Initial versions of IDA did not have a [[Graphical user interface|graphical user interface (GUI)]], and ran as an [[extended DOS]], [[OS/2]], or Windows [[console application]].<ref>{{Cite web |date= |title=DataRescue IDA Page : download an evaluation version |url=http://www.datarescue.com/idadown.htm |archive-url=https://web.archive.org/web/19970214112722/http://www.datarescue.com/idadown.htm |archive-date=1997-02-14 | Initial versions of IDA did not have a [[Graphical user interface|graphical user interface (GUI)]], and ran as an [[extended DOS]], [[OS/2]], or Windows [[console application]].<ref>{{Cite web |date= |title=DataRescue IDA Page: download an evaluation version |url=http://www.datarescue.com/idadown.htm |archive-url=https://web.archive.org/web/19970214112722/http://www.datarescue.com/idadown.htm |archive-date=1997-02-14 |website=DataRescue}}</ref> In 1999, DataRescue released the first version of IDA Pro with a GUI, IDA Pro 4.0.<ref>{{Cite web |date= |title=DataRescue IDA Pro What's new Page |url=http://datarescue.com:80/idanew.htm |archive-url=https://web.archive.org/web/19991010010636/http://datarescue.com:80/idanew.htm |archive-date=1999-10-10 |website=DataRescue}}</ref> | ||
In 2005, Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension.<ref>{{Cite web |title=Gegevens van de geregistreerde entiteit {{!}} KBO Public Search |url=https://kbopub.economie.fgov.be/kbopub/toonondernemingps.html?ondernemingsnummer=873473914 |access-date=2023-03-13 |website=kbopub.economie.fgov.be}}</ref><ref>{{Cite web |date= |title=Hex-Rays Decompiler |url=http://www.hex-rays.com/products.shtml |archive-url=https://web.archive.org/web/20071011044755/http://www.hex-rays.com/products.shtml |archive-date=2007-10-11 | In 2005, Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension.<ref>{{Cite web |title=Gegevens van de geregistreerde entiteit {{!}} KBO Public Search |url=https://kbopub.economie.fgov.be/kbopub/toonondernemingps.html?ondernemingsnummer=873473914 |access-date=2023-03-13 |website=kbopub.economie.fgov.be}}</ref><ref>{{Cite web |date= |title=Hex-Rays Decompiler |url=http://www.hex-rays.com/products.shtml |archive-url=https://web.archive.org/web/20071011044755/http://www.hex-rays.com/products.shtml |archive-date=2007-10-11 |website=Hex-Rays}}</ref> In January 2008, Hex-Rays assumed the development and support of DataRescue's IDA Pro.<ref>{{Cite web |date= |title=DataRescue Home Page: home of the IDA Pro Disassembler and of PhotoRescue |url=http://www.datarescue.com/ |archive-url=https://web.archive.org/web/20080221202137/http://www.datarescue.com:80/ |archive-date=2008-02-21 |website=DataRescue |quote="News 07/01/2008: IDA Pro moves to Hex-Rays."}}</ref><ref>{{Cite web |date= |title=Hex-Rays Home Page |url=http://www.hex-rays.com/index.shtml |archive-url=https://web.archive.org/web/20080212081246/http://www.hex-rays.com/index.shtml |archive-date=2008-02-12 |website=Hex-Rays}}</ref> | ||
In 2022, Hex-Rays was acquired by a group of investors led by Smartfin, a European [[venture capital]] and [[private equity investor]]. Co-investors in the acquisition included the Belgian public holding company {{Interlanguage link|The Federal Holding & Investment Company (SFPIM)|fr|Société Fédérale de Participations et d'Investissement}}, and the [[Wallonia|Walloon]] public investment firm [[Regional Investment Company of Wallonia|Regional Investment Company of Wallonia (SRIW)]].<ref>{{Cite web |title=A consortium of investors acquires Hex-Rays – Hex Rays |date=19 October 2022 |url=https://hex-rays.com/blog/hex-rays-acquisition/ |access-date=2023-07-21 |language=en |archive-date=2023-07-21 |archive-url=https://web.archive.org/web/20230721143654/https://hex-rays.com/blog/hex-rays-acquisition/ |url-status=live }}</ref><ref>{{Cite web |last= |first= |date=2022-10-20 |title=News Industry {{!}} Smartfin led consortium acquires Hex-Rays to accelerate product innovation efforts |url=https://www.helpnetsecurity.com/2022/10/21/hex-rays-smartfin/ |access-date=2023-07-21 |website=Help Net Security |language=en-US |archive-date=2023-07-21 |archive-url=https://web.archive.org/web/20230721143654/https://www.helpnetsecurity.com/2022/10/21/hex-rays-smartfin/ |url-status=live }}</ref> | In 2022, Hex-Rays was acquired by a group of investors led by Smartfin, a European [[venture capital]] and [[private equity investor]]. Co-investors in the acquisition included the Belgian public holding company {{Interlanguage link|The Federal Holding & Investment Company (SFPIM)|fr|Société Fédérale de Participations et d'Investissement}}, and the [[Wallonia|Walloon]] public investment firm [[Regional Investment Company of Wallonia|Regional Investment Company of Wallonia (SRIW)]].<ref>{{Cite web |title=A consortium of investors acquires Hex-Rays – Hex Rays |date=19 October 2022 |url=https://hex-rays.com/blog/hex-rays-acquisition/ |access-date=2023-07-21 |language=en |archive-date=2023-07-21 |archive-url=https://web.archive.org/web/20230721143654/https://hex-rays.com/blog/hex-rays-acquisition/ |url-status=live }}</ref><ref>{{Cite web |last= |first= |date=2022-10-20 |title=News Industry {{!}} Smartfin led consortium acquires Hex-Rays to accelerate product innovation efforts |url=https://www.helpnetsecurity.com/2022/10/21/hex-rays-smartfin/ |access-date=2023-07-21 |website=Help Net Security |language=en-US |archive-date=2023-07-21 |archive-url=https://web.archive.org/web/20230721143654/https://www.helpnetsecurity.com/2022/10/21/hex-rays-smartfin/ |url-status=live }}</ref> | ||
== Features == | == Features == | ||
IDA disassembles a compiled program back into an assembly language representation. In addition to performing basic disassembly, IDA also automatically annotates disassembled programs with information about:<ref>{{Cite book |last=Eagle |first=Chris | IDA disassembles a compiled program back into an assembly language representation. In addition to performing basic disassembly, IDA also automatically annotates disassembled programs with information about:<ref>{{Cite book |last=Eagle |first=Chris |title=The IDA Pro Book: the Unofficial Guide to the World's Most Popular Disassembler. |date=2011 |publisher=No Starch Press |isbn=978-1-59327-395-8 |edition=2nd |location=San Francisco |chapter=Part II. Basic IDA Usage |oclc=830164382}}</ref> | ||
* cross-references between code and data in the program | * cross-references between code and data in the program | ||
| Line 70: | Line 70: | ||
** [[Microsoft Windows|Windows]] x86 and ARM | ** [[Microsoft Windows|Windows]] x86 and ARM | ||
** Linux x86 | ** Linux x86 | ||
** | ** macOS x86 and Apple silicon | ||
* Recognized executable file formats | * Recognized executable file formats | ||
** [[COFF]] and derivatives, including Win32/64/generic [[Portable Executable|PE]] | ** [[COFF]] and derivatives, including Win32/64/generic [[Portable Executable|PE]] | ||
| Line 116: | Line 116: | ||
** [[PA-RISC]] | ** [[PA-RISC]] | ||
** [[PowerPC]] | ** [[PowerPC]] | ||
** Xenon PowerPC | ** [[RISC-V]] | ||
** Xenon PowerPC family | |||
** SGS-Thomson ST20/ST20c4/ST7 | ** SGS-Thomson ST20/ST20c4/ST7 | ||
** [[SPARC]] | ** [[SPARC]] family | ||
** [[Samsung]] SAM8 | ** [[Samsung]] SAM8 | ||
** [[Siemens C166]] | ** [[Siemens C166]] | ||
| Line 128: | Line 129: | ||
** GNU C++ for [[Cygwin]] | ** GNU C++ for [[Cygwin]] | ||
** [[Microsoft C]] | ** [[Microsoft C]] | ||
** | ** [[QuickC]] | ||
** | ** [[Visual C++]] | ||
** [[Watcom C/C++]] (16/32 bit) for | ** [[Watcom C/C++]] (16/32 bit) for DOS & [[OS/2]] | ||
** ARM C v1.2 | ** ARM C v1.2 | ||
** GNU C++ for Unix/common | ** GNU C++ for Unix/common | ||
| Line 152: | Line 153: | ||
==Further reading== | ==Further reading== | ||
* {{cite book |title=[[Reversing: Secrets of Reverse Engineering]] |last=Eilam |first=Eldad |year=2005 |publisher=[[Wiley Publishing]] |isbn=0-7645-7481-7 | | * {{cite book |title=[[Reversing: Secrets of Reverse Engineering]] |last=Eilam |first=Eldad |year=2005 |publisher=[[Wiley Publishing]] |isbn=0-7645-7481-7 |page=595}} | ||
==External links== | ==External links== | ||
Latest revision as of 17:56, 14 November 2025
Template:Short description Script error: No such module "Unsubst".
Script error: No such module "Infobox".Template:Template other Script error: No such module "Check for unknown parameters".Script error: No such module "Check for conflicting parameters". The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It can also be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executables. A decompiler plug-in, which generates a high level, C source code-like representation of the analysed program, is available at extra cost.[1][2]
IDA is used widely in software reverse engineering, including for malware analysis[3][4] and software vulnerability research.[5][6] IDA's decompiler is one of the most popular and widely used decompilation frameworks,[7][8][9] and IDA has been called the "de-facto industry standard" for program disassembly and static binary analysis.[10][11][12]
History
Ilfak Guilfanov began working on IDA in 1990,[13][14][15][16] and initially distributed it as a shareware application. In 1996, the Belgian company DataRescue took over the development of IDA and began to sell it as a commercial product, under the name IDA Pro.[17][18]
Initial versions of IDA did not have a graphical user interface (GUI), and ran as an extended DOS, OS/2, or Windows console application.[19] In 1999, DataRescue released the first version of IDA Pro with a GUI, IDA Pro 4.0.[20]
In 2005, Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension.[21][22] In January 2008, Hex-Rays assumed the development and support of DataRescue's IDA Pro.[23][24]
In 2022, Hex-Rays was acquired by a group of investors led by Smartfin, a European venture capital and private equity investor. Co-investors in the acquisition included the Belgian public holding company Template:Interlanguage link, and the Walloon public investment firm Regional Investment Company of Wallonia (SRIW).[25][26]
Features
IDA disassembles a compiled program back into an assembly language representation. In addition to performing basic disassembly, IDA also automatically annotates disassembled programs with information about:[27]
- cross-references between code and data in the program
- function locations, function stack frames, and function calling conventions
- reconstructed data types
However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and vice versa, rename, annotate, and otherwise add information to the listing, until its functionality becomes clear.
Scripting
"IDC scripts" make it possible to extend the operation of the disassembler. Some helpful scripts are provided, which can serve as the basis for user written scripts. Most frequently scripts are used for extra modification of the generated code. For example, external symbol tables can be loaded thereby using the function names of the original source code.
Users have created plugins that allow other common scripting languages to be used instead of, or in addition to, IDC. IdaRUB[28] supports Ruby and IDAPython[29] adds support for Python. As of version 5.4, IDAPython (dependent on Python 2.5) comes preinstalled with IDA Pro.
Debugging
IDA Pro supports a number of debuggers,[30] including:
- Remote Windows, Linux, and Mac applications (provided by Hex-Rays) allow running an executable in its native environment (presumably using a virtual machine for malware)
- GNU Debugger (gdb) is supported on Linux and OS X, as well as the native Windows debugger
- A Bochs plugin is provided for debugging simple applications (i.e., damaged UPX or mpress compacted executables)
- An Intel PIN-based debugger
- A trace replayer
Versions
The latest full version of IDA Pro is available via paid annual subscription (version 9.0sp1 as of December 2024), while a less capable version (limited to x86), named IDA Free, is available for download free of cost.[31]
Supported systems/processors/compilers
- System hosts
- Windows x86 and ARM
- Linux x86
- macOS x86 and Apple silicon
- Recognized executable file formats
- COFF and derivatives, including Win32/64/generic PE
- ELF and derivatives (generic)
- Mach-O (Mach)
- NLM (NetWare)
- LC/LE/LX (OS/2 2.x+ and various DOS extenders)
- NE (OS/2 1.x, Win16, and various DOS extenders)
- MZ (MS-DOS)
- OMF and derivatives (generic)
- AIM (generic)
- raw binary, such as a ROM image or a COM file
- Instruction sets
- Intel 80x86 family
- ARM architecture
- Motorola 68k and H8
- Zilog Z80
- MOS 6502
- Intel i860
- DEC Alpha
- Analog Devices ADSP218x
- Angstrem KR1878
- Atmel AVR series
- DEC series PDP11
- Fujitsu F2MC16L/F2MC16LX
- Fujitsu FR 32-bit Family
- Hitachi SH3/SH3B/SH4/SH4B
- Hitachi H8: h8300/h8300a/h8s300/h8500
- Intel 196 series: 80196/80196NP
- Intel 51 series: 8051/80251b/80251s/80930b/80930s
- Intel i960 series
- Intel Itanium (ia64) series
- Java virtual machine
- MIPS: mipsb/mipsl/mipsr/mipsrl/r5900b/r5900l
- Microchip PIC: PIC12Cxx/PIC16Cxx/PIC18Cxx
- MSIL
- Mitsubishi 7700 Family: m7700/m7750
- Mitsubishi m32/m32rx
- Mitsubishi m740
- Mitsubishi m7900
- Motorola DSP 5600x Family: dsp561xx/dsp5663xx/dsp566xx/dsp56k
- Motorola ColdFire
- Motorola HCS12
- NEC 78K0/78K0S
- PA-RISC
- PowerPC
- RISC-V
- Xenon PowerPC family
- SGS-Thomson ST20/ST20c4/ST7
- SPARC family
- Samsung SAM8
- Siemens C166
- TMS320Cxxx series
- Compiler/libraries (for automatic library function recognition)[32]
- Borland C++ 5.x for DOS/Windows
- Borland C++ 3.1
- Borland C Builder v4 for DOS/Windows
- GNU C++ for Cygwin
- Microsoft C
- QuickC
- Visual C++
- Watcom C/C++ (16/32 bit) for DOS & OS/2
- ARM C v1.2
- GNU C++ for Unix/common
Logo
IDA Pro's logo is a cropped image of Françoise d'Aubigné, Marquise de Maintenon. The logo image is similar to a miniature painting of Françoise d'Aubigné attested to a painter in the circle of Pierre Mignard.[33]
The original greyscale version of the logo was introduced in September 1999, with the release of IDA 4.0.[15] Ilfak Guilfanov has stated that the logo is not a depiction of Saint Ida of Louvain.[34]
See also
References
<templatestyles src="Reflist/styles.css" />
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "Citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "Citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ a b Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
Script error: No such module "Check for unknown parameters". <templatestyles src="Refbegin/styles.css" />
Further reading
- Script error: No such module "citation/CS1".
External links
- Script error: No such module "Official website".Script error: No such module "Check for unknown parameters".
- Script error: No such module "citation/CS1".
- Script error: No such module "citation/CS1".