The Interactive Disassembler (IDA) is a
disassembler
A disassembler is a computer program that translates machine language into assembly languageāthe inverse operation to that of an assembler. A disassembler differs from a decompiler, which targets a high-level language rather than an assembly l ...
for
computer software
Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work.
...
which generates
assembly language source code
In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the w ...
from machine-executable code. It supports a variety of
executable formats for different
processor
Processor may refer to:
Computing Hardware
* Processor (computing)
**Central processing unit (CPU), the hardware within a computer that executes a program
*** Microprocessor, a central processing unit contained on a single integrated circuit (I ...
s and
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also i ...
s. It also can be used as a
debugger
A debugger or debugging tool is a computer program used to test and debug other programs (the "target" program). The main use of a debugger is to run the target program under controlled conditions that permit the programmer to track its executi ...
for
Windows PE
Windows Preinstallation Environment (also known as Windows PE and WinPE) is a lightweight version of Windows used for the deployment of PCs, workstations, and servers, or troubleshooting an operating system while it is offline. It is intended t ...
,
Mac OS X
macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...
Mach-O
Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. It was developed to replace the a.out format.
Mach-O is used by some systems based on the ...
, and
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...
ELF
An elf () is a type of humanoid supernatural being in Germanic mythology and folklore. Elves appear especially in North Germanic mythology. They are subsequently mentioned in Snorri Sturluson's Icelandic Prose Edda. He distinguishes "ligh ...
executables. A
decompiler
A decompiler is a computer program that translates an executable file to a high-level source file which can be recompiled successfully. It does therefore the opposite of a typical compiler, which translates a high-level language to a low-level l ...
plug-in for programs compiled with a
C/
compiler
In computing, a compiler is a computer program that translates computer code written in one programming language (the ''source'' language) into another language (the ''target'' language). The name "compiler" is primarily used for programs tha ...
is available at extra cost. The latest full version of IDA Pro is commercial, while a less capable version is available for download free of charge (version 8.1 ).
IDA performs automatic code analysis, using cross-references between code sections, knowledge of parameters of
API
An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...
calls, and other information. However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and vice versa, rename, annotate, and otherwise add information to the listing, until it becomes clear what it does.
Created as a
shareware application by
Ilfak Guilfanov, IDA was later sold as a commercial product by DataRescue, a
Belgian
Belgian may refer to:
* Something of, or related to, Belgium
* Belgians, people from Belgium or of Belgian descent
* Languages of Belgium, languages spoken in Belgium, such as Dutch, French, and German
*Ancient Belgian language, an extinct languag ...
company, who improved it and sold it under the name IDA Pro. In 2005, Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension. In January 2008, Hex-Rays assumed the development and support of DataRescue's IDA Pro.
Scripting
"IDC scripts" make it possible to extend the operation of the disassembler. Some helpful scripts are provided, which can serve as the basis for user written scripts. Most frequently scripts are used for extra modification of the generated code. For example, external symbol tables can be loaded thereby using the function names of the original source code.
Users have created plugins that allow other common scripting languages to be used instead of, or in addition to, IDC.
IdaRUBsupports
Ruby
A ruby is a pinkish red to blood-red colored gemstone, a variety of the mineral corundum ( aluminium oxide). Ruby is one of the most popular traditional jewelry gems and is very durable. Other varieties of gem-quality corundum are called ...
an
IDAPythonadds support for
Python
Python may refer to:
Snakes
* Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia
** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia
* Python (mythology), a mythical serpent
Computing
* Python (pro ...
. As of version 5.4, IDAPython (dependent on Python 2.5) comes preinstalled with IDA Pro.
Supported systems/processors/compilers
* System hosts
**
Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ser ...
x86 and ARM
** Linux x86
** x86
* Recognized executable file formats
**
COFF
The Common Object File Format (COFF) is a format for executable, object code, and shared library computer files used on Unix systems. It was introduced in Unix System V, replaced the previously used a.out format, and formed the basis for ex ...
and derivatives, including Win32/64/generic
PE
**
ELF
An elf () is a type of humanoid supernatural being in Germanic mythology and folklore. Elves appear especially in North Germanic mythology. They are subsequently mentioned in Snorri Sturluson's Icelandic Prose Edda. He distinguishes "ligh ...
and derivatives (generic)
**
Mach-O
Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. It was developed to replace the a.out format.
Mach-O is used by some systems based on the ...
(
Mach)
**
NLM (
NetWare)
**
LC/LE/LX (OS/2 3.x and various DOS extenders)
**
NE (OS/2 2.x, Win16, and various DOS extenders)
**
MZ (
MS-DOS
MS-DOS ( ; acronym for Microsoft Disk Operating System, also known as Microsoft DOS) is an operating system for x86-based personal computers mostly developed by Microsoft. Collectively, MS-DOS, its rebranding as IBM PC DOS, and a few ope ...
)
**
OMF and derivatives (generic)
**
AIM (generic)
** raw binary, such as a ROM image or a
COM file
A COM file is a type of simple executable file. On the Digital Equipment Corporation (DEC) VAX operating systems of the 1970s, .COM was used as a filename extension for text files containing commands to be issued to the operating system (simi ...
* Instruction sets
**
Intel
Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...
80x86 family
**
ARM architecture
**
Motorola 68k
The Motorola 68000 series (also known as 680x0, m68000, m68k, or 68k) is a family of 32-bit complex instruction set computer (CISC) microprocessors. During the 1980s and early 1990s, they were popular in personal computers and workstations and w ...
and H8
**
Zilog Z80
The Z80 is an 8-bit microprocessor introduced by Zilog as the startup company's first product. The Z80 was conceived by Federico Faggin in late 1974 and developed by him and his 11 employees starting in early 1975. The first working samples were ...
**
MOS 6502
The MOS Technology 6502 (typically pronounced "sixty-five-oh-two" or "six-five-oh-two") William Mensch and the moderator both pronounce the 6502 microprocessor as ''"sixty-five-oh-two"''. is an 8-bit microprocessor that was designed by a small te ...
**
Intel i860
The Intel i860 (also known as 80860) is a RISC microprocessor design introduced by Intel in 1989. It is one of Intel's first attempts at an entirely new, high-end instruction set architecture since the failed Intel iAPX 432 from the beginning of ...
**
DEC Alpha
Alpha (original name Alpha AXP) is a 64-bit reduced instruction set computer (RISC) instruction set architecture (ISA) developed by Digital Equipment Corporation (DEC). Alpha was designed to replace 32-bit VAX complex instruction set compute ...
**
Analog Devices ADSP218x
** Angstrem KR1878
** Atmel AVR series
** DEC series PDP11
** Fujitsu F2MC16L/F2MC16LX
** Fujitsu FR 32-bit Family
** Hitachi SH3/SH3B/SH4/SH4B
** Hitachi H8: h8300/h8300a/h8s300/h8500
** Intel 196 series: 80196/80196NP
** Intel 51 series: 8051/80251b/80251s/80930b/80930s
** Intel i960 series
** Intel Itanium (ia64) series
** Java virtual machine
** MIPS: mipsb/mipsl/mipsr/mipsrl/r5900b/r5900l
** Microchip PIC: PIC12Cxx/PIC16Cxx/PIC18Cxx
**
MSIL
** Mitsubishi 7700 Family: m7700/m7750
** Mitsubishi m32/m32rx
** Mitsubishi m740
** Mitsubishi m7900
** Motorola DSP 5600x Family: dsp561xx/dsp5663xx/dsp566xx/dsp56k
** Motorola ColdFire
** Motorola HCS12
** NEC 78K0/78K0S
** PA-RISC
** PowerPC
** Xenon PowerPC Family
** SGS-Thomson ST20/ST20c4/ST7
**
SPARC
SPARC (Scalable Processor Architecture) is a reduced instruction set computer (RISC) instruction set architecture originally developed by Sun Microsystems. Its design was strongly influenced by the experimental Berkeley RISC system develope ...
Family
** Samsung SAM8
** Siemens C166 series
** TMS320Cxxx series
* Compiler/libraries (for automatic library function recognition)
** Borland C++ 5.x for DOS/Windows
** Borland C++ 3.1
** Borland C Builder v4 for DOS/Windows
** GNU C++ for Cygwin
**
Microsoft C
Microsoft Visual C++ (MSVC) is a compiler for the C (programming language), C, C++ and C++/CX programming languages by Microsoft. MSVC is proprietary software; it was originally a standalone product but later became a part of Microsoft Visual Stu ...
** Microsoft
QuickC
Microsoft QuickC is a discontinued commercial integrated development environment (IDE) product engineered by Microsoft for the C programming language, superseded by Visual C++ Standard Edition. Its main competitor was Borland Turbo C.
QuickC is ...
** Microsoft
Visual C++
Microsoft Visual C++ (MSVC) is a compiler for the C, C++ and C++/CX programming languages by Microsoft. MSVC is proprietary software; it was originally a standalone product but later became a part of Visual Studio and made available in both tri ...
** Watcom C++ (16/32 bit) for DOS/OS2
** ARM C v1.2
** GNU C++ for Unix/common
Debugging
IDA Pro supports a number of debuggers,
including:
* Remote Windows, Linux, and Mac applications (provided by Hex-Rays) allow running an executable in its native environment (presumably using a virtual machine for malware)
*
GNU Debugger
The GNU Debugger (GDB) is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, C, C++, Objective-C, Free Pascal, Fortran, Go, and partially others.
History
GDB was first written ...
(gdb) is supported on Linux and OS X, as well as the native Windows debugger
* A
Bochs
Bochs (pronounced "box") is a portable IA-32 and x86-64 IBM PC compatible emulator and debugger mostly written in C++ and distributed as free software under the GNU Lesser General Public License. It supports emulation of the processor(s) (includin ...
plugin is provided for debugging simple applications (i.e., damaged
UPX or mpress compacted executables)
* An Intel PIN-based debugger
* A trace replayer
See also
*
Ghidra
Ghidra (pronounced gee-druh; ) is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at RSA Conference in March 2019; the sources were published one mo ...
*
JEB
*
Radare2
Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer soft ...
*
Binary Ninja
Binary Ninja is a reverse-engineering platform developed by Vector 35 Inc. It can disassemble a binary and display the disassembly in linear or graph views. It performs automated in-depth analysis of the code, generating information that helps to ...
*
Cheat engine
References
Further reading
*
External links
*
*
*
* {{cite web , url= https://www.youtube.com/watch?v=hLBlck1lTUs , website= Youtube , title= CODE BLUE 2014 : Ilfak Guilfanov - Keynote : The story of IDA Pro
Disassemblers
Debuggers
Software for modeling software