FORGOT YOUR DETAILS?

Disassembler and Debugger

Hex-Rays IDA Pro

Solution Overview

Use an interactive, programmable, extensible, multi-processor disassembler that hosted on Windows, Linux, or Mac OS X for the analysis of hostile code, vulnerability research and commercial-off-the-shelf validation.

About IDA

The IDA Disassembler and Debugger is an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X. IDA has become the de-facto standard for the analysis of hostile code, vulnerability research and commercial-off-the-shelf validation.

IDA Pro is a disassembler

Capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation called assembly language.

IDA Pro is a debugger

Complements the static analysis capabilities (examining the code without executing the program) of the disassembler by allowing users to single step through the code being investigated.

Capabilities Overview

FAST - IDA analyzes binaries in a matter of seconds.

FULLY INTERACTIVE - Work seamlessly and quickly with the disassembler and analyse code more intuitively.

ALL STANDARD PLATFORMS SUPPORTED - IDA runs on all standard platforms — MS Windows, Linux, Mac OS X both in GUI and console modes.

MULTIPLE PROCESSOR HANDLING - Same interface and features for dozens of processors to speed up the analysis process.

HANDLES NUMEROUS FILE FORMATS - IDA loads and disassembles virtually any file format.

POWERFUL DEBUGGER - IDA is also a versatile debugger, supports multiple debugging targets and can handle remote applications.

PROGRAMMABLE - Extend IDA in line with your own requirements through IDC or IDAPython.

OPEN PLUG-IN ARCHITECTURE - IDA’s functionality can easily be extended by the use of programmable plug-ins.

FLIRT - Fast Library Identification and Recognition Technology(FLIRT) identifies standard function calls for many compilers.

GRAPHING - Code graphing provides a pictorial overview of the code structure at a glance.

LUMINA SERVER - The Lumina server holds metadata (names, prototypes, operand types) about a large number of well-known functions.

CUSTOMIZABLE - IDA sports a fully customizable and unified work environment on all platforms.

Benefits

Given the speed and the complexity of today’s hostile code, a powerful analysis solution is required. IDA Pro has become such a standard in the field of malware analysis that information about new viruses is often exchanged under the form of “IDA Databases”. IDA Pro is used daily by anti-virus, malware and spyware analysts to investigate new virus samplesthreats and to provide timely solutions.

The topic of vulnerability disclosure remains quite controversial but software is, as a matter of fact, unfortunately often vulnerable to outside attacks. IDA Pro is the ideal tool to investigate such vulnerabilities. If they aren’t fixed they could be exploited by third-parties with dishonest or criminal intentions. The Wisconsin Safety Analyzer, for instance, is a very interesting project investigating software vulnerability where IDA Pro plays an important role.

A lot of software are developed outside the country where they are used. Since those programs are incredibly hard to verify and since complete source code audit and rebuilds aren’t always practical or possble, tools such as IDA provide a convenient way to check if a program really does what it claims to do, contains no harmful vulnerabilities and leaks no sensitive information.

Software is invading our lives at every level. Respect of essential privacy rights is a concern for many, at a time when the amount of data about individual users that can potentially be collected, sold or exploited has surged to an unprecedented level. IDA Pro helps investigate software that may cause concern, thereby protecting your essential rights.

IDA PRO version 7.5 was released in May 2020 with many new features and improvements:

Folder view

tree-like folder view is available in many IDA standard views. You can create folders and move items between them. To start with, the following views have it:

Functions and Names

Imports

Structures

Enums

Local types

For Structures and Enums, the tree panel is shown by default, for other views it can be enabled via the “Show Folders” context menu item.

You can create, rename and delete folders, and move items between them. This will help organizing information when dealing with large binaries.

new decompiler has been added to our lineup. Any 32-bit MIPS binary supported by IDA can be decompiled, including compact encodings. The infamous delay slots are handled transparently and seamlessly. A MIPS disassembler-decompiler comparison page is available and contains a few interesting examples.

Here are a few screenshots:

Big-endian MIPS32 code

Little-endian MIPS32 code

MIPS16e code

microMIPS code

We have added type libraries with most major APIs and additional frameworks from macOS and iPhone SDKs. They are especially useful when paired with the decompiler.

List of initially available type libraries

Sample of x86_64 user-mode code using CoreFoundation APIs

Sample of ARM64 kernel code using IOKit classes

In addition, we improved support for the KTRW debugger. Breakpoints and watchpoints works with it out of box using the same Corellium-ARM64 configuration.

On the decompiler side, we added support for atomic ARM64 instructions such as CAS (compare-and-swap), LDADD (atomic add) and many others. They are translated into corresponding C11 functions from stdatomic.h, so you should see fewer _asm{} blocks when dealing with code compiled for arm64e.

ARM Atomic

Lumina functionality is available for MIPS and PPC binaries.

PC: ELF binaries employing Intel CET (Control-flow Enforcement Technology) are becoming very common due to Debian enabling this compiler option by default, followed by Fedora and other Linux distros. We now support such binaries out of box, including in the decompiler. We have also added support for several new instructions that were added recently to Intel and AMD processors.

Intel CET

ARM: Recent compilers targeting 32-bit ARM code prefer using MOVW and MOVT instruction pairs to load 32-bit constants and addresses instead of constant pool as was common in the past. While IDA already handled such pairs when they were placed together, advanced optimizations can place these pairs apart, preventing IDA from combining them, discovering the full value and adding a cross-reference to the destination. We have improved our heuristics to handle such scattered pairs and added an option so analysis can be tuned to be more or less aggressive depending on your specific binary.

ARM MOVT

ARM MOVT

ARM MOVT

 

  • ARM:
    • Decode ARMv8.5-A BTI instruction
    • Support ARMv8.4-RCPC instructions (LDAPUR, STLUR)
    • Support ARMv8.5-A Memory Tagging Extension (MTE) instructions

    Decompiler:

    • Improved recognition of signed divisions via multiplication by magic constant

    MACHO:

    • Handle dyld slide info v4 (used in WatchOS dyld_shared_cache_arm64_32)
    • Handle LC_DYLD_EXPORTS_TRIE in macOS11/iOS14 binaries
    • Improve analysis of dyldcache files from macOS11/iOS14
    • Parse LC_DYLD_CHAINED_FIXUPS for arm64e binaries
    • Support new MH_FILESET kernelcache format from macOS 11

    OBJC:

    • Improve Objective-C metadata parsing for macOS11/iOS14 (specifically __objc_methlist structures)

    TIL:

    • Introduce type libraries for MacOSX11.0.sdk and iPhoneOS14.0.sdk

    Bugfixes:

    • Decompiler: global xref cache might become stale after a user action that was changing only the line numbers (like adding a comment)
    • Decompiler: the decompiler could crash when displaying the global xref list if the cache was stale
    • Decompiler: wrmsr instruction could be decompiled wrongly (value of edx was unused)
    • IDA could crash when using undo in Local Types editor
    • IDA would create many useless *_hidden segments when loading kernelcaches/dyldcaches
    • IDAPython: ‘coding: ‘ comments were not respected when loading a script file
    • Loading single modules from a dyldcache was unusually slow on macOS Catalina
    • Mac debugger would show “Input file is missing” error when debugging a dyldcache lib on macOS11
    • Types could be duplicated in the folder view of ‘Local types’ window
    • UI/QT: when in folders mode, fast jumping by row number wouldn’t work
    • UI/QT: while debugging, detaching an unsynchronized & invisible “Pseudocode-A” tab could crash IDA
    • UI: “fast searches” in a folder view, could cause IDA to freeze, or crash in certain cases
    • UI: a long, unbreakable line in the “Output window” would cause other long (but breakable) lines to not be laid out according to the viewport size, and thus require scrolling
    • UI: Hex View’s in databases using certain encodings (typically UTF-8), could show a glitch in the rendering of ‘combining’ unicode codepoints
    • UI: in the “Output window”, if a long line had to be broken up into multiple ‘physical’ lines, clicking in the middle of one of those physical lines would place the cursor to its beginning
    • UI: scrolling in the navigation band could jitter with very segmented address spaces
    • UI: when folders were enabled on certain widgets, and the IDB was saved (e.g., by clicking on the ‘save’ icon), but then not saved again when closing, the widget would show up in no-folders mode
    • UI: zooming in the navigation band could lose current position

This service pack contains enhancements and fixes to the 7.5 version. IDA 7.5 SP1 is designed to improve user experience especially for newly released features such as the tree-like folder view function and the MIPS decompiler.

  • Decompilers:
    • MIPS: added support of indexed instructions such as ‘luxc1’ or ‘lwxs’
    • MIPS: improve decompilation of references to MIPS16/microMIPS functions
    • MIPS: improve decompilation of MIPS16 position-independent code
    • MIPS: improve recognition of arguments passed to function calls

    IDAPython:

    • Added Anaconda 2020.02 to the list of ignored Python installs on Windows to prevent silent exits

    UI:

    • It is now possible to expand/collapse multiple folders at once, using Ctrl+Numpad+/Ctrl+Numpad-

    ELF:

    • Handle files with MIPS16 or microMIPS code at the entry point

    Kernel / Misc.:

    • Demangler: add c++20 spaceship and co_await operators for VC++ and GCC
    • KERNEL: add std::_Xlength_error() to the list of no-returning functions
    • Lumina: Lumina functionality is available for MIPS and PPC binaries

    Kernel:

    • Better detection of MIPS16 code in the main() function

    Bugfixes:

    • Decompiler could crash with division overflow when optimizing some expressions
    • Decompiler could hang due to an endless loop
    • Decompiler could produce an error on unrecognized Thumb or microMIPS switches
    • Decompiler could produce an error when restoring cached microcode from the database
    • Decompiler: shifted pointers with negative offsets were not always applicable
    • Huge functions could cause simplex algorithm failure
    • IDA could crash at the end of debugging if certain manipulations were performed on functions while folders were enabled in Functions list
    • IDA could produce internal error 1237 when importing certain type from DWARF or PDB debug info
    • IDA Home could incorrectly impose 1MB limitation on input files (when multiple IDA Home licenses were purchased)
    • IDA Home for PPC would display a warning due to missing xml files for GDB debugger
    • IDAPython: using ida_kernwin.set_nav_colorizer() could cause IDA to crash at the exit-time
    • Macho: loader could fail to pick the correct SDK til in some cases
    • Macho: rebasing a dyldcache idb could break the analysis because relocations were not applied to pointers in the slide info
    • DSCU: rebasing a dyldcache database would break the dscu plugin
    • MIPS: ‘search for register access’ could cause IDA to hang
    • Objc plugin could trigger “invalid cref” warning during decompilation
    • Objc plugin could fail to create structures in the database after a rebase operation.
    • Objc analysis could fail due to arm64e tagged pointers.
    • PPC: e_ori. with the condition record bit was wrongly simplified to e_nop
    • SDK: IDAPython 7.5 could fail to build from source
    • UI: calling delete_menu() could cause IDA to crash at the exit-time
    • UI: in “Structures” and “Enums”, creating a new type when the tree selection is not a folder, would create the type at the toplevel instead of in the folder in which the current selection is set
    • UI: in folders view, triggering a rename, but not actually renaming (by e.g., leaving the name untouched, or clicking somewhere else), would cause an annoying message in the “Output window”
    • UI: in the “Structures” or “Enums” widget, jumping to a structure or enum that’s currently not selected, could either fail, or cause the companion folder tree to be out-of-sync
    • UI: in the “Structures” or “Enums” widget, selecting a folder containing items, and deleting that folder, wouldn’t properly update the listing contents
    • UI: In the “Structures” or “Enums” widget, the listing could be missing types after an undo operation
    • UI: incremental search (i.e., typing beginning of a string) in tabular/tree views would select wrong rows
    • UI: rebasing (manual or during debugging) could cause IDA to show empty entries in views with enabled folders
    • UI: sorting folders would only sort folders contents, but not the folders themselves
    • UI: the “Current line” message could fail to display in some views, when folders were enabled
    • UI: “undo” wouldn’t cause previously-rebased ‘Imports’ to get their original address back
    • UI: when folders are enabled in tabular views, ‘Copy/Copy all’ could fail to work as expected
    • Undoing after rebase could cause empty entries to appear in the name list

This release fixes some immediate issues with the new macOS11/iOS14 binaries and focuses principally on enhancing the static analysis for new file formats.

MH_FILESET kernelcache format

The new MH_FILESET kernelcache format from macOS 11 is now fully supported.

Kernelcache – before

Kernelcache – after

 

Analysis of dyldcache files from macOS11/iOS14

IDA 7.5 Service pack 2 improves the analysis of dyldcache files from macOS11/iOS14

Dyldlcache – before

Dyldcache – after

 

Objective-C

SP2 also improves the analysis of Objective-C metadata in binaries compiled with XCode 12 (specifically __objc_methlist sections)

objc – before

objc – after

  • ARM:
    • Decode ARMv8.5-A BTI instruction
    • Support ARMv8.4-RCPC instructions (LDAPUR, STLUR)
    • Support ARMv8.5-A Memory Tagging Extension (MTE) instructions

    Decompiler:

    • Improved recognition of signed divisions via multiplication by magic constant

    MACHO:

    • Handle dyld slide info v4 (used in WatchOS dyld_shared_cache_arm64_32)
    • Handle LC_DYLD_EXPORTS_TRIE in macOS11/iOS14 binaries
    • Improve analysis of dyldcache files from macOS11/iOS14
    • Parse LC_DYLD_CHAINED_FIXUPS for arm64e binaries
    • Support new MH_FILESET kernelcache format from macOS 11

    OBJC:

    • Improve Objective-C metadata parsing for macOS11/iOS14 (specifically __objc_methlist structures)

    TIL:

    • Introduce type libraries for MacOSX11.0.sdk and iPhoneOS14.0.sdk

    Bugfixes:

    • Decompiler: global xref cache might become stale after a user action that was changing only the line numbers (like adding a comment)
    • Decompiler: the decompiler could crash when displaying the global xref list if the cache was stale
    • Decompiler: wrmsr instruction could be decompiled wrongly (value of edx was unused)
    • IDA could crash when using undo in Local Types editor
    • IDA would create many useless *_hidden segments when loading kernelcaches/dyldcaches
    • IDAPython: ‘coding: ‘ comments were not respected when loading a script file
    • Loading single modules from a dyldcache was unusually slow on macOS Catalina
    • Mac debugger would show “Input file is missing” error when debugging a dyldcache lib on macOS11
    • Types could be duplicated in the folder view of ‘Local types’ window
    • UI/QT: when in folders mode, fast jumping by row number wouldn’t work
    • UI/QT: while debugging, detaching an unsynchronized & invisible “Pseudocode-A” tab could crash IDA
    • UI: “fast searches” in a folder view, could cause IDA to freeze, or crash in certain cases
    • UI: a long, unbreakable line in the “Output window” would cause other long (but breakable) lines to not be laid out according to the viewport size, and thus require scrolling
    • UI: Hex View’s in databases using certain encodings (typically UTF-8), could show a glitch in the rendering of ‘combining’ unicode codepoints
    • UI: in the “Output window”, if a long line had to be broken up into multiple ‘physical’ lines, clicking in the middle of one of those physical lines would place the cursor to its beginning
    • UI: scrolling in the navigation band could jitter with very segmented address spaces
    • UI: when folders were enabled on certain widgets, and the IDB was saved (e.g., by clicking on the ‘save’ icon), but then not saved again when closing, the widget would show up in no-folders mode
    • UI: zooming in the navigation band could lose current position

The Service Pack 3 introduces a handful of new and interesting features specific to the soon-to-be-released macOS 11 (Big Sur) and provides fixes for numerous minor issues.

  • Debugger:

    • Improved macOS 11 kernel debugging

    MACHO:

    • Improve handling of threaded pointers in iOS kernelcaches
    • Support symbolication of macOS11 kernelcaches that link against the boot/sys kext collection. see BOOT_KC_PATH in macho.cfg for an overview

    Bugfixes:

    • 78K0S: opcode D5 was incorrectly decoded as INC (should be DEC)
    • A crafted IDB file could trigger a use-after-free in IDA
    • Chooser: the ui_get_chooser_item_attrs event was called with the wrong CHOOSER argument
    • Cloning script snippets could corrupt the database
    • Debugger: ios debugger was broken on iOS14
    • Debugger: ios debugger could fail to fetch the process list on iOS 14
    • Debugger: mac/ios/xnu debuggers would create tons of meaningless debugger segments
    • Debugger: mac debugger could fail to load symbols from system dylibs
    • Debugger: PIN: get rid of warning “Unexpected addrsize of the debugged program”, permit remote PIN to be started by Debug->Attach
    • Debugger: linux: debugger could interr when handling program with many short-lived threads
    • Debugger: xnu debugger would fail to demangle c++ names after attaching with an empty database
    • Decompiler: “create new struct type” could generate a new struct type with forbidden characters, like <
    • Decompiler: “push esp/pop reg” was decompiled incorrectly
    • Decompiler: automapping variables was too aggressive in some cases
    • Decompiler: changing the type of a structure field would cause the loss of the __cppobj attribute
    • Decompiler: decompile() would crash if asked to decompile an unexisting function (nullptr)
    • Decompiler: fixed a crash on corrupted idbs
    • Decompiler: fixed false alarm ‘ignored garbage at the end of the blob…’
    • Decompiler: fixed interr 50902
    • Decompiler: in some cases the action “Reset pointer type” was not working (had no effect)
    • Decompiler: in some cases the decompiler would add a suffix to the user-defined names (myvar->myvara)
    • Decompiler: jumping to the pseudocode from another window (for example, from the local types) would fail to activate the window in some cases
    • Decompiler: on macOS, the decompiler would use shortcut “Ins” instead of “I” for the “Edit block comment” action
    • Decompiler: PPC: if addresses are subtracted assume that the size is being calculated
    • Decompiler: renaming a structure field would cause the loss of the __cppobj attribute
    • Decompiler: some xrefs to enum members would be missed by Ctrl-Alt-X
    • DWARF: IDA could try to allocate too much memory on corrupted files before dying with out-of-memory error
    • DWARF: The DWARF plugin could crash IDA (null pointer dereference) with some specially-crafted files
    • DWARF: The DWARF plugin could INTERR with specially crafted files
    • DWARF: The plugin could cause IDA to crash (stack exhaustion) with some specially crafted input files
    • DWARF: The plugin could loop (seemingly) endlessly when encountering a DW_TAG_namespace with a (broken) name whose first character is ‘#’
    • DWARF: The plugin could perform a use-after-free during stack unwinding, on some DWARF input files
    • DWARF: The plugin could perform a use-after-free on some specially crafted files
    • DWARF: validate size of compressed sections before trying to load them
    • IDA could complain about “corrupted database” (bad srrange) when opening a rebased and saved database
    • IDA could crash when loading a corrupted elf file
    • IDA could crash when parsing corrupted PDB files
    • IDA could crash when performing certain manipulations with script snippets
    • IDA could crash when restoring function information from a corrupted database
    • IDA could endlessly loop on some corrupted idbs
    • IDA could fail with internal error 20078 on corrupted ELF files
    • IDA would crash when loading an ARM64 driver if the default debugger was set to windbg
    • IDA would try to allocate huge amount of memory when loading a corrupted elf file
    • IDAPython: IDA could exit silently on startup if the Python runtime called exit() during initialization
    • IDAPython: ida_bytes.bin_search documentation was lacking
    • IDAPython: ida_bytes.next_visea, ida_bytes.prev_visea were not available
    • IDAPython: ida_ida.AF_FINAL had value -0x80000000 instead of 0x80000000
    • IDAPython: ida_name.MNG_* and ida_name.MT_* values were not exposed
    • IDAPython: ida_search.SEARCH_UNICODE was not available after IDA 7.0, while ida_search.find_binary() still is
    • IDAPython: if a ‘nav colorizer’ would return a long that couldn’t be converted into 32-bits, IDA would fail reporting the issue in a timely manner, leaving it for later Python code to fail
    • IDAPython: internal error 30615 could happen if Python intialization failed
    • IDAPython: using ida_kernwin.choose_find() with a non-IDAPython chooser, would crash IDA
    • IDAPython: when using Python 2, scripts with magic ‘encoding’ comment could fail to run
    • INTERR 1983 could happen in some situations after rebasing
    • LUMINA: fixed “Unsupported OpenSSL version” error on macOS11
    • Modifying an attribute of a function argument (e.g. adding __hidden) would be saved in the database but would not be immediately reflected in the disassembly
    • On windows idat would let the operating system to handle some Ctrl- keys, rendering them unusable in IDA
    • Opening IDA without an IDB and opening the script snippets dialog, and then loading an IDB with snippets, would fail to properly load that database’s snippets
    • PC: changes in processor specific options were not undone upon Ctrl-Z
    • PC: parse_reg_name() could return wrong register types for XMM/YMM/ZMM registers
    • PC: some FMA instructions were not decoded in 32-bit mode
    • Rebasing the program by an odd number of bytes was not forbidden (and led to problems later)
    • Renaming a local type by pressing F2 would lead to its removal from all use sites
    • Searching for all occurrences of a byte sequence would not work without an open disassembly view
    • Types: creating a c++ structure with a __vftable member in the struct view was not marking the structure as having vftable; only doing so from local types was working
    • UI/QT: during auto-analysis, typing in the quick filter (e.g., in the ‘Functions window’) could result in loss of certain characters
    • UI/QT: hiding columns when in ‘folders’ mode wouldn’t work
    • UI/QT: if entries in the “Structures” or “Enums” widgets were sorted, scrolling by using the scrollbar would jump over some entries
    • UI/QT: renaming folders in the “Local types”, would show the editor on the wrong cell (in the ‘Name’ column, even though the folder name is in first column, named ‘Ordinal’.)
    • UI/QT: right-click would crash IDA on macOS11 beta7 and later
    • UI/QT: the “Command palette” could refuse to keep the user selection, making it hard to use
    • UI/QT: the decompiler action “Jump to local type” could fail to select the proper type when the “Local types” view was sorted
    • UI/QT: when searching for text in sorted folders views, IDA could loop endlessly
    • UI/TXT: it was impossible to “Import” snippets in the ‘Script snippets’ dialog
    • UI: Alt+T/Ctrl+T searches in tabular/tree views, wouldn’t wrap around as they should
    • UI: choosers starting in “folder” mode, might not have the user-desired sizes for columns
    • UI: Cmd+M would not minimize the IDA window on macOS, per convention
    • UI: debugger stack view could display values with wrong bitness (e.g. 32-bit values for 64-bit programs)

E-SPIN Value Proposition

Feel free to contact E-SPIN for your specific project or operation requirements, so we can assist you on the exact requirement in the packaged solutions that you may require for your operation or project needs. From software to value added services such as computing hardware, 3rd party complementary software, training and managed services.

Hex-Rays IDA Pro

ABOUT IDA Pro The IDA Pro Disassembler and Debugger is an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X. IDA has become the de-facto standard for the analysis of hostile code, vulnerability research and commercial-off-the-shelf validation. IDA Pro is a disassembler Capable of creating maps of their execution to show
Tagged under:

Webinar Hex-Rays IDA Pro and Decompiler

This is a routine hour long technical overview, highly essential and recommended for customers,  who are considering to running Webinar Hex-Ray IDA Pro and Decompilers product. Hex-Rays SA focuses on the development of fast, stable, and robust binary analysis tools for the IT security market and is independent of governmental agencies and stock market pressure.

Hex-Rays Decompiler

HEX-RAYS DECOMPILER The Hex-Rays Decompiler brings binary software analysis within reach of millions of programmers. It converts native processor code into a readable C-like pseudocode text. Unlike disassemblers, which perform the same task at a lower level, the decompiler output is concise, closer to the standard way programmers use to write applications. This alone can
Qualys Secure Seal Product Overview by E-SPIN
E-SPIN business partner Hex-Rays IDA Pro is the most regard and famous software analysis tool, which is a de facto standard in the software security industry, is an indispensable item in the toolbox of any serious software analyst and binary reverse engineer or malware analyst. Hex-Rays will continue to maintain IDA and ensure its continuous evolution
With security researchers at Kasperksy Lab recent uncared a sophisticated cybercrime outfit called Dark Tequila, which targets banking customers in Mexico and other Latin American nations. Dark Tequila malware just uncovered exist since 2013, with all the antivirus house and platform of sophisticated technologies being deployed and make every endpoint and server being protected. Kaspersky
RecordTS for Citrix XenApp

Hex-Rays Decompiler

E-SPIN business partner Hex-Rays Hex-Rays Decompiler brings binary software analysis within reach of millions of programmers by converts native processor executable programs and code into a human readable C-like pseudocode text on the fly. In comparison to low level assembly language, high level language representation in the Decompiler has several advantages: concise: requires less time
Tagged under: ,

E-SPIN and Hex-Rays

Hex-Rays Founded in 2005, privately held, Belgium based, Hex-Rays SA focuses on the binary software analysis technology development for the IT security market. The company two flagship product line IDA Pro and Hex-Rays DeComplier work hand in hand to to provide malware analysis and reverse engineering (MARE) professionals, researcher and analysts with the industry de
E-SPIN Notice for Supplier Hex-Rays Global Price Increase effective 17 August 2017 Please be inform that supplier Hex-Rays global price increase effective 17 August 2017. As such, all the official quotation from that date onward will governance by the new price rate. As informed by Supplier Hex-Rays, they have been keeping the same USD prices
Tagged under:

Hex-Rays IDA Pro Product Overview Seminar

Product Overview seminar session video capture summary and highlight. For those who attend or miss the event organized by E-SPIN, you may watch the video above for flashback or cover the key usage, benefits and highlight of IDA Pro for software analysis, malware analysis and binary reverse engineering (MARE). For those who are new to
Vandyke Software Technical Overview by E-SPIN
Hex-Rays Decompiler, brings binary software analysis within reach of millions of programmers. It converts native processor code into a human readable C-like pseudocode text. In comparison to low level assembly language, high level language representation in the Decompiler has several advantages: concise: requires less time to read it structured: program logic is more obvious dynamic:

IDA updates and releases

IDA Pro 7.5 released

IDA 7.5.200519
May 19, 2020

Hex-Rays announces the release of IDA Pro 7.5.

IDA Pro is certainly the fastest and most reliable software solution to support professionals in their reverse-engineering work. Version 7.5 has been developed to improve the IDA experience further. It notably introduces the following features:

  • Tree folder structure: you can now organize your work in a hierarchical tree structure and gain more efficiency
  • MIPS Decompiler: A new decompiler for MIPS is now available
  • Lumina: MIPS and PPC processors are now also available in Lumina
  • Debugger: coverage extended to 4 additional processors

A lot of work has taken place since the previous release of IDA. Below is quick visual overview of the number of significant changes between 7.4SP1 and 7.5. and cumulatively since version 6.0.

TOP