Current Version: IDA v6.9 (21.12.2015)
Current Version: IDA v7.0.1 (18.09.2018)
Currently IDA Pro is a 32-bit application. One year later (in the first quarter of 2017) we will switch to 64-bit. Please note that this means that IDA Pro will not run on 32-bit systems after the transition.
News (like current version)
Executive Summary: IDA Pro – at the cornerstone of IT security
What is IDA Pro?
- IDA Pro is a disassembler
- IDA Pro is a debugger
- IDA Pro is interactive
- IDA Pro is programmable
How is IDA Pro useful?
- Hostile Code analysis
- Vulnerability research
- COTS validation
- Privacy protection
Debugger
Host:
- Windows
- Linux
- Mac OS X
Target:
- Windows
- Linux
- Mac OS X
Debugger
- Remote GDB debuggger
- Remote Linux debugger
Remote Linux debugger:
Remote debugging with IDA PRO 7.0
C:\Program Files\IDA 7.0\dbgsrv
Decompiler (Binary => C Code)
- x86 decompiler (32-bit code)
- x64 decompiler (64-bit code)
- ARM decompiler (32-bit code)
- ARM64 decompiler (64-bit code)
IDA Pro Book, 2nd Edition, No Starch Press
Hex-Rays IDA
Hex-Rays IDA Order
Documents
Digital Genome Mapping – Advanced Binary Malware Analysis, PDF
Books
- Practical Malware Analysis, 2012, Michael Sikorski, Andrew Honig
- The IDA Pro book, 2008, Chris Eagle
- Reverse Engineering Code with IDA Pro, Justin Ferguson, Jason Larsen, Luis Miras, Walter Pearce
Blog
Installing IDA 6.9 on Linux
Decompilation gets real
Developers
- Ilfak Guilfanov (Wikipedia)
- Igor Skochinsky
- Arnaud Diederen
Keyboard Shortcuts
Enter = Jump to operand Ctrl-X = List Cross-Reference
Contest
Plug-Ins
Unicorn – The ultimate CPU emulator
Unicorn & QEMU
github.com/cseagle/sk3wldbg, Debugger plugin for IDA Pro backed by the Unicorn Engine
github.com/alexhude/uEmu, Tiny cute emulator plugin for IDA based on unicorn
github.com/unicorn-engine/unicorn/tree/master/qemu
CPU Emulators
- Unicorn, Next Generation CPU Emulator (fork of QEMU)
- QEMU
- libemu
- PyEmu
- IDA-x86emu
- libCPU
Re-Assembler
Recompile the asm file IDA pro created
generate_nasm.idc
IDA pro asm instructions change
Why there are not any disassemblers that can generate re-assemblable asm code?
Modifying and Saving in IDA
- OllyDBG (Wikipedia)
- LordPE
- GNU Binutils objdump
- objconv
Modify Assembler
Applied IDA Pro: Part 1 – Applied Cracking & Byte Patching with IDA Pro
Applied IDA Pro: Part 2 – Applied Reverse Engineering with IDA Pro
OllyDBG
Other debuggers
Is there any disassembler to rival IDA Pro?
best alternatives to IDA, Immunity and Ollydbg
x64dbg (Github)
radare2 (Github)
Bokken (GUI for Radare2)
Snowman (Github)
Vdb / Vivisect (Github)