Jump to content

Interactive Disassembler

From Wikipedia, the free encyclopedia
Interactive Disassembler
Original author(s)Ilfak Guilfanov
Developer(s)Hex-Rays
Initial releaseMay 21, 1991;33 years ago(1991-05-21)[1]
Stable release
8.4 SP2[2] / May 27, 2024;49 days ago(2024-05-27)
Written inC++[3]
Operating systemMicrosoft Windows,Mac OS X,andLinux
Available inEnglish,Russian
TypeDisassembler,Decompiler
LicenseProprietary
Websitehex-rays.com/ida-pro/

TheInteractive Disassembler(IDA) is adisassemblerforcomputer softwarewhich generatesassembly languagesource codefrommachine-executable code.It supports a variety ofexecutable formatsfor differentprocessorsandoperating systems.It can also be used as adebuggerforWindows PE,Mac OS XMach-O,andLinuxELFexecutables. Adecompilerplug-in, which generates a high level,Csource code-like representation of the analysed program, is available at extra cost.[4][5]

IDA is used widely in softwarereverse engineering,including formalware analysis[6][7]andsoftware vulnerabilityresearch.[8]IDA has been referred to as the "de-facto industry standard disassembler".[9][10][11][12]

History[edit]

Ilfak Guilfanovbegan working on IDA in 1990,[13][14][15][16]and initially distributed it as asharewareapplication. In 1996, theBelgiancompany DataRescue took over the development of IDA and began to sell it as a commercial product, under the name IDA Pro.[17][18]

Initial versions of IDA did not have agraphical user interface (GUI),and ran as anextended DOS,OS/2,or Windowsconsole application.[19]In 1999, DataRescue released the first version of IDA Pro with a GUI, IDA Pro 4.0.[20]

In 2005, Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension.[21][22]In January 2008, Hex-Rays assumed the development and support of DataRescue's IDA Pro.[23][24]

In 2022, Hex-Rays was acquired by Smartfin, a Europeanventure capitalandprivate equity investor.[25][26]

Features[edit]

IDA disassembles a compiled program back into an assembly language representation. In addition to performing basic disassembly, IDA also automatically annotates disassembled programs with information about:[27]

However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and vice versa, rename, annotate, and otherwise add information to the listing, until its functionality becomes clear.

Scripting[edit]

"IDC scripts" make it possible to extend the operation of the disassembler. Some helpful scripts are provided, which can serve as the basis for user written scripts. Most frequently scripts are used for extra modification of the generated code. For example, external symbol tables can be loaded thereby using the function names of the original source code.

Users have created plugins that allow other common scripting languages to be used instead of, or in addition to, IDC. IdaRUB[28]supportsRubyand IDAPython[29]adds support forPython.As of version 5.4, IDAPython (dependent on Python 2.5) comes preinstalled with IDA Pro.

Debugging[edit]

IDA Pro supports a number of debuggers,[30]including:

  • Remote Windows, Linux, and Mac applications (provided by Hex-Rays) allow running an executable in its native environment (presumably using a virtual machine for malware)
  • GNU Debugger(gdb) is supported on Linux and OS X, as well as the native Windows debugger
  • ABochsplugin is provided for debugging simple applications (i.e., damagedUPXor mpress compacted executables)
  • AnIntel PIN-based debugger
  • A trace replayer

Versions[edit]

The latest full version of IDA Pro is commercial (version 8.4 as of June 2024), while a less capable version, named IDA Free, is available for download free of cost.[31]

Supported systems/processors/compilers[edit]

[edit]

IDA Pro's logo is a cropped image ofFrançoise d'Aubigné, Marquise de Maintenon.The logo image is similar to a miniature painting of Françoise d'Aubigné attested to a painter in the circle ofPierre Mignard.[33]

The original greyscale version of the logo was introduced in September 1999, with the release of IDA 4.0.[15]Ilfak Guilfanov has stated that the logo is not a depiction ofSaint Ida of Louvain.[34]

See also[edit]

References[edit]

  1. ^Czokow, Geoffrey (2021-05-20)."IDA: celebrating 30 years of binary analysis innovation".Hex-Rays.Retrieved2023-03-19.
  2. ^"IDA 8.4.240527 (8.4sp2)".Archivedfrom the original on June 2, 2024.RetrievedJune 28,2024.
  3. ^"Hex-rays Home".Archivedfrom the original on 2024-05-26.Retrieved2008-03-31.
  4. ^Eagle, Chris (2011). "Chapter 23: Real-World IDA Plug-ins".The IDA Pro Book: the Unoffical Guide to the World's Most Popular Disassembler(2nd ed.). San Francisco: No Starch Press. pp. 500–502.ISBN978-1-59327-395-8.OCLC830164382.
  5. ^"Hex-Rays Decompiler".hex-rays.com.Retrieved2023-03-18.
  6. ^Staff, S. C. (2017-09-11)."Hex-Rays IDA Pro".SC Media.Retrieved2023-03-13.
  7. ^Sikorski, Michael (2012). "Chapter 5. IDA Pro".Practical Malware Analysis: a Hands-On Guide to Dissecting Malicious Software.Andrew Honig. San Francisco: No Starch Press.ISBN978-1-59327-430-6.OCLC830164262.
  8. ^Shoshitaishvili, Yan; Wang, Ruoyu; Salls, Christopher; Stephens, Nick; Polino, Mario; Dutcher, Andrew; Grosen, John; Feng, Siji; Hauser, Christophe; Kruegel, Christopher; Vigna, Giovanni (2016-05-22)."SOK: (State of) the Art of War: Offensive Techniques in Binary Analysis".2016 IEEE Symposium on Security and Privacy (SP).pp. 138–157.doi:10.1109/SP.2016.17.hdl:11311/1161277.ISBN978-1-5090-0824-7.S2CID3337994.Archivedfrom the original on 2022-12-08.Retrieved2023-03-17.
  9. ^Ben Khadra, M. Ammar; Stoffel, Dominik; Kunz, Wolfgang (2016-10-01)."Speculative disassembly of binary code".Proceedings of the International Conference on Compilers, Architectures and Synthesis for Embedded Systems.CASES '16. New York, NY, USA: Association for Computing Machinery. pp. 1–10.doi:10.1145/2968455.2968505.ISBN978-1-4503-4482-1.S2CID16206393.It outperforms IDA Pro, the de-facto industry standard disassembler, in terms of disassembly correctness.
  10. ^Di Federico, Alessandro; Payer, Mathias; Agosta, Giovanni (2017-02-05)."Rev.ng: A unified binary analysis framework to recover CFGS and function boundaries".Proceedings of the 26th International Conference on Compiler Construction.CC 2017. New York, NY, USA: Association for Computing Machinery. pp. 131–141.doi:10.1145/3033019.3033028.ISBN978-1-4503-5233-8.S2CID15830760.We evaluate our prototype implementation against the de-facto industry standard for static binary analysis, IDA Pro,
  11. ^Garcia Prado, Carlos; Erickson, Jon (April 10, 2018)."Solving Ad-hoc Problems with Hex-Rays API".FireEye Threat Research Blog.Archived fromthe originalon 2022-06-02.RetrievedMarch 12,2023.IDA Pro is the de facto standard when it comes to binary reverse engineering.
  12. ^Andriesse, Dennis (2019). "Appendix C: List of Binary Analysis Tools".Practical binary analysis: build your own Linux tools for binary instrumentation, analysis, and disassembly.San Francisco, CA.ISBN978-1-59327-913-4.OCLC1050453850.This [IDA Pro] is the de facto industry-standard recursive disassembler.{{cite book}}:CS1 maint: location missing publisher (link)
  13. ^Гильфанов, Ильфак(22 May 2003)."IDA Pro - samyj moshhnyj dizassembler v mire"IDA Pro - самый мощный дизассемблер в мире[IDA Pro - the most powerful disassembler in the world] (Interview) (in Russian). Interviewed by Доля, Алексей. Компания "Ф-Центр". sec. 2.30. Archived fromthe originalon May 15, 2021.Retrieved14 March2023.Он начался как хобби в далеком 1991 году, просто увлечением для себя и для друзей.
  14. ^"IDA Pro - Часто задаваемые вопросы".Archived fromthe originalon December 19, 2003.Первые строки для IDA были написаны в декабре 1990.
  15. ^abCzokow, Geoffrey (2021-05-20)."IDA: celebrating 30 years of binary analysis innovation".Hex-Rays.Retrieved2023-03-19.
  16. ^"Hex Rays - State-of-the-art binary code analysis solutions".hex-rays.com.Archivedfrom the original on 2023-05-31.Retrieved2023-07-21.
  17. ^Guilfanov, Ilfak,CODE BLUE 2014: Ilfak Guilfanov - Keynote: The story of IDA Pro,retrieved2023-03-16,Datarescue converted my hobby project into a commercial program in 1996.
  18. ^"DataRescue IDA Pro Page".DataRescue.Archived fromthe originalon 1997-02-14.
  19. ^"DataRescue IDA Page: download an evaluation version".DataRescue.Archived fromthe originalon 1997-02-14.
  20. ^"DataRescue IDA Pro What's new Page".DataRescue.Archived fromthe originalon 1999-10-10.
  21. ^"Gegevens van de geregistreerde entiteit | KBO Public Search".kbopub.economie.fgov.be.Retrieved2023-03-13.
  22. ^"Hex-Rays Decompiler".Hex-Rays.Archived fromthe originalon 2007-10-11.
  23. ^"DataRescue Home Page: home of the IDA Pro Disassembler and of PhotoRescue".DataRescue.Archived fromthe originalon 2008-02-21.News 07/01/2008: IDA Pro moves to Hex-Rays.
  24. ^"Hex-Rays Home Page".Hex-Rays.Archived fromthe originalon 2008-02-12.
  25. ^"A consortium of investors acquires Hex-Rays – Hex Rays".Archivedfrom the original on 2023-07-21.Retrieved2023-07-21.
  26. ^"News Industry | Smartfin led consortium acquires Hex-Rays to accelerate product innovation efforts".Help Net Security.2022-10-20.Archivedfrom the original on 2023-07-21.Retrieved2023-07-21.
  27. ^Eagle, Chris (2011). "Part II. Basic IDA Usage".The IDA Pro Book: the Unoffical Guide to the World's Most Popular Disassembler(2nd ed.). San Francisco: No Starch Press.ISBN978-1-59327-395-8.OCLC830164382.
  28. ^"Archived copy".Archivedfrom the original on 2016-01-08.Retrieved2011-12-05.{{cite web}}:CS1 maint: archived copy as title (link)
  29. ^"Idapython [d-dome.net]".Archived fromthe originalon 2006-01-16.
  30. ^Eagle, Chris (2008).The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler.No Starch Press.ISBN978-1-59327-178-7.
  31. ^"IDA Pro Freeware version download".Archivedfrom the original on 2008-08-08.Retrieved2008-03-31.
  32. ^"FLIRT Compiler Support".Hex-Rays.Archivedfrom the original on 2011-10-03.Retrieved2010-04-13.
  33. ^"Französische Schule, Nachfolge Pierre Mignard - Osterauktion 17.04.2019 - Schätzwert: EUR 1.500 bis EUR 2.600 - Dorotheum".www.dorotheum.com(in Austrian German).Archivedfrom the original on 2023-08-14.Retrieved2024-07-08.
  34. ^Guilfanov, Ilfak (2006-04-13)."Sainte Ida | Hex Blog".Hex Blog.Archivedfrom the original on 2011-06-17.Retrieved2024-07-08.

Further reading[edit]

External links[edit]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Interactive_Disassembler&oldid=1233265084"