Interactive Disassembler Explained

Interactive Disassembler
Author:Ilfak Guilfanov
Developer:Hex-Rays
Released:[1]
Latest Release Version:8.4 SP2[2]
Programming Language:C++[3]
Operating System:Microsoft Windows, Mac OS X, and Linux
Language:English, Russian
Genre:Disassembler, Decompiler
License:Proprietary

The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It can also be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executables. A decompiler plug-in, which generates a high level, C source code-like representation of the analysed program, is available at extra cost.[4] [5]

IDA is used widely in software reverse engineering, including for malware analysis[6] [7] and software vulnerability research.[8] IDA has been referred to as the "de-facto industry standard disassembler".[9] [10] [11] [12]

History

Ilfak Guilfanov began working on IDA in 1990,[13] [14] [15] [16] and initially distributed it as a shareware application. In 1996, the Belgian company DataRescue took over the development of IDA and began to sell it as a commercial product, under the name IDA Pro.[17]

Initial versions of IDA did not have a graphical user interface (GUI), and ran as an extended DOS, OS/2, or Windows console application.[18] In 1999, DataRescue released the first version of IDA Pro with a GUI, IDA Pro 4.0.[19]

In 2005, Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension.[20] [21] In January 2008, Hex-Rays assumed the development and support of DataRescue's IDA Pro.[22] [23]

In 2022, Hex-Rays was acquired by Smartfin, a European venture capital and private equity investor.[24] [25]

Features

IDA disassembles a compiled program back into an assembly language representation. In addition to performing basic disassembly, IDA also automatically annotates disassembled programs with information about:[26]

However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and vice versa, rename, annotate, and otherwise add information to the listing, until its functionality becomes clear.

Scripting

"IDC scripts" make it possible to extend the operation of the disassembler. Some helpful scripts are provided, which can serve as the basis for user written scripts. Most frequently scripts are used for extra modification of the generated code. For example, external symbol tables can be loaded thereby using the function names of the original source code.

Users have created plugins that allow other common scripting languages to be used instead of, or in addition to, IDC. IdaRUB[27] supports Ruby and IDAPython[28] adds support for Python. As of version 5.4, IDAPython (dependent on Python 2.5) comes preinstalled with IDA Pro.

Debugging

IDA Pro supports a number of debuggers,[29] including:

Versions

The latest full version of IDA Pro is commercial (version 8.4 as of June 2024), while a less capable version, named IDA Free, is available for download free of cost.[30]

Supported systems/processors/compilers

Logo

IDA Pro's logo is a cropped image of Françoise d'Aubigné, Marquise de Maintenon. The logo image is similar to a miniature painting of Françoise d'Aubigné attested to a painter in the circle of Pierre Mignard.[32]

The original greyscale version of the logo was introduced in September 1999, with the release of IDA 4.0. Ilfak Guilfanov has stated that the logo is not a depiction of Saint Ida of Louvain.[33]

See also

Further reading

External links

Notes and References

  1. Web site: Czokow . Geoffrey . 2021-05-20 . IDA: celebrating 30 years of binary analysis innovation . 2023-03-19 . Hex-Rays . en.
  2. Web site: IDA 8.4.240527 (8.4sp2) . June 28, 2024 . June 2, 2024 . https://web.archive.org/web/20240602042117/https://hex-rays.com/products/ida/news/8_4sp2/ . live .
  3. Web site: Hex-rays Home . 2008-03-31 . 2024-05-26 . https://web.archive.org/web/20240526003338/https://hex-rays.com/ . live .
  4. Book: Eagle, Chris . The IDA Pro Book : the Unoffical Guide to the World's Most Popular Disassembler. . 2011 . No Starch Press . 978-1-59327-395-8 . 2nd . San Francisco . 500–502 . Chapter 23: Real-World IDA Plug-ins . 830164382.
  5. Web site: Hex-Rays Decompiler . 2023-03-18 . hex-rays.com.
  6. Web site: Staff . S. C. . 2017-09-11 . Hex-Rays IDA Pro . 2023-03-13 . SC Media . en.
  7. Book: Sikorski, Michael . Practical Malware Analysis : a Hands-On Guide to Dissecting Malicious Software. . 2012 . No Starch Press . Andrew Honig . 978-1-59327-430-6 . San Francisco . Chapter 5. IDA Pro . 830164262.
  8. Book: Shoshitaishvili . Yan . Wang . Ruoyu . Salls . Christopher . Stephens . Nick . Polino . Mario . Dutcher . Andrew . Grosen . John . Feng . Siji . Hauser . Christophe . Kruegel . Christopher . Vigna . Giovanni . 2016 IEEE Symposium on Security and Privacy (SP) . SOK: (State of) the Art of War: Offensive Techniques in Binary Analysis . 2016-05-22 . https://ieeexplore.ieee.org/document/7546500 . 138–157 . 10.1109/SP.2016.17 . 11311/1161277 . 978-1-5090-0824-7 . 3337994 . 2023-03-17 . 2022-12-08 . https://web.archive.org/web/20221208155740/https://ieeexplore.ieee.org/document/7546500/ . live .
  9. Book: Ben Khadra . M. Ammar . Stoffel . Dominik . Kunz . Wolfgang . Proceedings of the International Conference on Compilers, Architectures and Synthesis for Embedded Systems . Speculative disassembly of binary code . 2016-10-01 . https://doi.org/10.1145/2968455.2968505 . CASES '16 . New York, NY, USA . Association for Computing Machinery . 1–10 . 10.1145/2968455.2968505 . 978-1-4503-4482-1 . 16206393 . "It outperforms IDA Pro, the de-facto industry standard disassembler, in terms of disassembly correctness.".
  10. Book: Di Federico . Alessandro . Payer . Mathias . Agosta . Giovanni . Proceedings of the 26th International Conference on Compiler Construction . Rev.ng: A unified binary analysis framework to recover CFGS and function boundaries . 2017-02-05 . https://doi.org/10.1145/3033019.3033028 . CC 2017 . New York, NY, USA . Association for Computing Machinery . 131–141 . 10.1145/3033019.3033028 . 978-1-4503-5233-8 . 15830760 . "We evaluate our prototype implementation against the de-facto industry standard for static binary analysis, IDA Pro,".
  11. Web site: Garcia Prado . Carlos . Erickson . Jon . April 10, 2018 . Solving Ad-hoc Problems with Hex-Rays API . dead . https://web.archive.org/web/20220602140613/https://www.fireeye.com/blog/threat-research/2018/04/solving-ad-hoc-problems-with-hex-rays-api.html . 2022-06-02 . March 12, 2023 . FireEye Threat Research Blog . "IDA Pro is the de facto standard when it comes to binary reverse engineering.".
  12. Book: Andriesse, Dennis . Practical binary analysis : build your own Linux tools for binary instrumentation, analysis, and disassembly . 2019 . 978-1-59327-913-4 . San Francisco, CA . Appendix C: List of Binary Analysis Tools . 1050453850 . "This [IDA Pro] is the de facto industry-standard recursive disassembler.".
  13. Гильфанов . Ильфак . Ilfak_Guilfanov . IDA Pro - samyj moshhnyj dizassembler v mire . 14 March 2023 . https://web.archive.org/web/20210515200735/https://fcenter.ru/online/softarticles/interview/6704 . May 15, 2021 . Компания "Ф-Центр" . 22 May 2003 . Он начался как хобби в далеком 1991 году, просто увлечением для себя и для друзей. . Алексей . Доля . ru:IDA Pro - самый мощный дизассемблер в мире . IDA Pro - the most powerful disassembler in the world . ru . sec. 2.30.
  14. Web site: IDA Pro - Часто задаваемые вопросы . dead . https://web.archive.org/web/20031219030300/http://www.idapro.ru/faq.html#053 . December 19, 2003 . Первые строки для IDA были написаны в декабре 1990..
  15. Web site: Czokow . Geoffrey . 2021-05-20 . IDA: celebrating 30 years of binary analysis innovation . 2023-03-19 . Hex-Rays . en.
  16. Web site: Hex Rays - State-of-the-art binary code analysis solutions . 2023-07-21 . hex-rays.com . 2023-05-31 . https://web.archive.org/web/20230531100330/https://hex-rays.com/about-us/our-journey/ . live .
  17. Web site: DataRescue IDA Pro Page . dead . https://web.archive.org/web/19970214111312/http://www.datarescue.com/ida.htm . 1997-02-14 . DataRescue.
  18. Web site: DataRescue IDA Page : download an evaluation version . https://web.archive.org/web/19970214112722/http://www.datarescue.com/idadown.htm . 1997-02-14 . DataRescue.
  19. Web site: DataRescue IDA Pro What's new Page . https://web.archive.org/web/19991010010636/http://datarescue.com:80/idanew.htm . 1999-10-10 . DataRescue.
  20. Web site: Gegevens van de geregistreerde entiteit KBO Public Search . 2023-03-13 . kbopub.economie.fgov.be.
  21. Web site: Hex-Rays Decompiler . https://web.archive.org/web/20071011044755/http://www.hex-rays.com/products.shtml . 2007-10-11 . Hex-Rays.
  22. Web site: DataRescue Home Page : home of the IDA Pro Disassembler and of PhotoRescue . https://web.archive.org/web/20080221202137/http://www.datarescue.com:80/ . 2008-02-21 . DataRescue . "News 07/01/2008: IDA Pro moves to Hex-Rays.".
  23. Web site: Hex-Rays Home Page . https://web.archive.org/web/20080212081246/http://www.hex-rays.com/index.shtml . 2008-02-12 . Hex-Rays.
  24. Web site: A consortium of investors acquires Hex-Rays – Hex Rays . 2023-07-21 . en . 2023-07-21 . https://web.archive.org/web/20230721143654/https://hex-rays.com/blog/hex-rays-acquisition/ . live .
  25. Web site: 2022-10-20 . News Industry Smartfin led consortium acquires Hex-Rays to accelerate product innovation efforts . 2023-07-21 . Help Net Security . en-US . 2023-07-21 . https://web.archive.org/web/20230721143654/https://www.helpnetsecurity.com/2022/10/21/hex-rays-smartfin/ . live .
  26. Book: Eagle, Chris . The IDA Pro Book : the Unoffical Guide to the World's Most Popular Disassembler. . 2011 . No Starch Press . 978-1-59327-395-8 . 2nd . San Francisco . Part II. Basic IDA Usage . 830164382.
  27. Web site: Archived copy . 2011-12-05 . 2016-01-08 . https://web.archive.org/web/20160108085820/https://github.com/spoonm/idarub . live .
  28. Web site: Idapython [d-dome.net] . https://web.archive.org/web/20060116123556/http://d-dome.net/idapython/ . 2006-01-16 .
  29. Book: Eagle, Chris . The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler . . 2008 . 978-1-59327-178-7.
  30. Web site: IDA Pro Freeware version download . 2008-03-31 . 2008-08-08 . https://web.archive.org/web/20080808195925/http://www.hex-rays.com/idapro/idadownfreeware.htm . live .
  31. Web site: FLIRT Compiler Support . . 2010-04-13 . 2011-10-03 . https://web.archive.org/web/20111003155049/http://www.hex-rays.com/idapro/idaflirtcomp.htm . live .
  32. Web site: Französische Schule, Nachfolge Pierre Mignard - Osterauktion 17.04.2019 - Schätzwert: EUR 1.500 bis EUR 2.600 - Dorotheum . live . https://web.archive.org/web/20230814052857/https://www.dorotheum.com/de/l/6130641/,%20https://www.dorotheum.com/de/l/6130641/ . 2023-08-14 . 2024-07-08 . www.dorotheum.com . de-AT.
  33. Web site: Guilfanov . Ilfak . 2006-04-13 . Sainte Ida Hex Blog . live . https://web.archive.org/web/20110617113702/http://www.hexblog.com/?p=38 . 2011-06-17 . 2024-07-08 . Hex Blog.