Binary code analysis tool-IDA Pro is one of the flagship product of Hex-Rays. With IDA Pro being an interactive and programmable disassembler and debugger, it offers world-class performance on different platforms and compatibility with various types of processors. IDA pro is a top quality tool for software analysts, reverse engineers, malware analysts and cybersecurity professionals.
1. Multi-processor disassembler
2. Multi-Target Debugger
Debugger functions to add dynamic analysis of the information collected statically by disassembler.
Leverage all the features that can be offered from a debugger and more which include “remote” function and tracking.
Remote debugger are available for Windows, Linux, Mac OS X, and other machines in any combination.
Hex-Rays will continue to improve on their IDA Pro to enhance user experience. The details of the latest release and updates are presented in the manner where the latest release is shown at the top of the post and then followed with the previous releases. Feel free to visit this post for the updates and please do not hesitate to contact E-SPIN regarding product and related matter (if any).
IDA Pro 8.0 release (2022-Aug-1)
IDA Pro 8.0 includes several significant improvements which are the introduction of IDA teams, iOS 16 dyld shared cache support, changes on layout metadata, ARC decompiler and many more.
Key improvements:
1. IDA Teams
IDA Pro 8.0 introduces brand-new IDA Team which brings the key concept to IDA Databases and workflows including revision control, changes attribution and diffing & merging.
2. iOS 16 dyld shared cache support
This release of IDA pro has been updated to fit the changes made by Apple Inc. where the internal format of the system files on their mobile operating systems has been modified to enhance performance and memory usage.
3. Outlined functions
Outlined functions in the recent Apple iOS versions is a code size optimisation where the compiler extracts common instruction sequences used in some functions into a new pseudo-function which is then “called” from multiple places. A major drawback of outlined function is that it inclined to make decompiled pseudocode ugly when it applies arbitrary registers or stack variables from the parent function.
With IDA Pro 8.0, users can tark such functions with a special attribute and the decompiled code to make the decompiled pseudocode nicer. Additional, In initial pseudocode, users can view explicit calls to the compiler-generated _OUTLINED_FUNCTION_NN
4. Changes to the layout of the metadata (Golang 1.18)
The new release of IDA is able to parse and recover function name nicely.
5. ARC decompiler
ARC processors are applied in embedded processor like SSD drives or Wi-Fi chipsets.
In the new release of IDA Pro, the decompiler supports all ARC instruction set variants currently supported by IDA such as classic 32-bit ISA, 32/16-bit ARCompact and the ARCv2. Delay slots, conditional instructions and zero-overhead loops are also supported out of the box.
6. Removal of Python 2
IDA 8.0 will now only support Python 3.x which include the latest 3.10 (Windows installer- Python 3.10.5).
7. Improved firmware analysis through function finder plugin (patfind)
IDA Pro 8.0 is added with plugin that allow unmarked loaded data to apply the pattern format used in Ghidra (with minor extensions). With this plugin which can be enable by default allows IDA to discover more code automatically. The plugin can be invoked manually for normal structured files.
Below shows the difference between the number of functions discovered after initial autoanalysis using default settings:
|
File type |
IDA 7.7 |
IDA 8.0 |
|
Cortex M0 firmware (8KB) |
0 |
59 |
|
ARM9 firmware (23KB) |
0 |
97 |
|
ARM11 firmware (300KB) |
84 |
1697 |
| PowerPC firmware (2MB) | 0 |
2223 |
8. FLAIR pattern generator (makepat)
The FLAIR toolkit which is available to all IDA Pro customers enables users to create FLIRT signatures from static libraries. Nevertheless there will be time where all you have is just the final linked binary. The makepat plugin supports creating .pat files for functions in an arbitrary IDA database. This features applies the functionality added for Lumina to mark variable bytes in the patterns. The .pat can then be compiled to a signature file
with sigmake and used to other files.
*Full details of the IDA Pro 8.0 release: Welcome to IDA 8.0! (hex-rays.com)
