Hex-Rays IDA Pro Product Overview Seminar

Product Overview seminar session video capture summary and highlight.

For those who attend or miss the event organized by E-SPIN, you may watch the video above for flashback or cover the key usage, benefits and highlight of IDA Pro for software analysis, malware analysis and binary reverse engineering (MARE).

For those who are new to malware analysis and reverse engineering, IDA Pro is primarily a multi-platform, multi-processor dis-assembler that translates machine executable code into assembly language source code for the purpose of debugging and reverse engineering. It can be used as a local or as a remote debugger on various platforms.

A disassembler is used to translate machine code into a human readable format. Reading disassembled code is more complex than original source code because disassembled code lacks programmer comments and annotations.

In computer programming and software development, debugging is the process of finding and resolving bugs (defects or problems that prevent correct operation) within computer programs, software, or systems.

Debugging tactics can involve interactive debugging, control flow analysis, unit testing, integration testing, log file analysis, monitoring at the application or system level, memory dumps, and profiling. Many programming languages and software development tools also offer programs to aid in debugging, known as debuggers.

Reverse engineering of software can be accomplished by various methods. The three main groups of software reverse engineering are:

(1) Analysis through observation of information exchange, most prevalent in protocol reverse engineering, which involves using bus analyzers and packet sniffers, such as for accessing a computer bus or computer network connection and revealing the traffic data thereon. Bus or network behavior can then be analyzed to produce a standalone implementation that mimics that behavior. That is especially useful for reverse engineering device drivers. Sometimes, reverse engineering on embedded systems is greatly assisted by tools deliberately introduced by the manufacturer, such as JTAG ports or other debugging means. In Microsoft Windows, low-level debuggers such as SoftICE are popular.

(2) Disassembly using a disassembler, meaning the raw machine language of the program is read and understood in its own terms, only with the aid of machine-language mnemonics. It works on any computer program but can take quite some time, especially for those who are not used to machine code. The Interactive Disassembler (IDA Pro) is a particularly popular tool for use to carry out and achieve this objective.

(3) Decompilation using a decompiler, a process that tries, with varying results, to recreate the source code in some high-level language for a program only available in machine code or bytecode. Hex-Rays Decompiler used within IDA Pro as an add-on can be used to carry out and achieve this objective.

E-SPIN Group in the business of enterprise ICT solution supply, consulting, project management, training and maintenance for multinational corporations and government agencies, across the region E-SPIN do business, since 2005. Malware analysis and reverse engineering being part of our application lifecycle management (ALM) for development customer and threat and vulnerability management (malware analysis and exploit research and development) for security analyst, vulnerability researcher and exploit developer that we are active in continuous supply together with range of other complementary solution for their operation and project usage. Feel free to contact E-SPIN for your project requirement.