The Interactive Disassembler (IDA) is a

disassembler A disassembler is a computer program that translates machine language into assembly language—the inverse operation to that of an assembler. A disassembler differs from a decompiler, which targets a high-level language rather than an assembly ...

for

computer A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations ( computation) automatically. Modern digital electronic computers can perform generic sets of operations known as programs. These prog ...

software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consist ...

which generates

assembly language In computer programming, assembly language (or assembler language, or symbolic machine code), often referred to simply as Assembly and commonly abbreviated as ASM or asm, is any low-level programming language with a very strong correspondence b ...

source code In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the ...

from machine-executable code. It supports a variety of executable formats for different

processor Processor may refer to: Computing Hardware * Processor (computing) **Central processing unit (CPU), the hardware within a computer that executes a program *** Microprocessor, a central processing unit contained on a single integrated circuit (I ...

s and

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...

s. It also can be used as a

debugger A debugger or debugging tool is a computer program used to test and debug other programs (the "target" program). The main use of a debugger is to run the target program under controlled conditions that permit the programmer to track its executi ...

for Windows PE, Mac OS X

Mach-O Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. It was developed to replace the a.out format. Mach-O is used by some systems based on the Mac ...

, and

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, whi ...

ELF executables. A

decompiler A decompiler is a computer program that translates an executable file to a high-level source file which can be recompiled successfully. It does therefore the opposite of a typical compiler, which translates a high-level language to a low-level l ...

plug-in for programs compiled with a C/

compiler In computing, a compiler is a computer program that translates computer code written in one programming language (the ''source'' language) into another language (the ''target'' language). The name "compiler" is primarily used for programs tha ...

is available at extra cost. The latest full version of IDA Pro is commercial, while a less capable version is available for download free of charge (version 8.1 ). IDA performs automatic code analysis, using cross-references between code sections, knowledge of parameters of API calls, and other information. However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and vice versa, rename, annotate, and otherwise add information to the listing, until it becomes clear what it does. Created as a

shareware Shareware is a type of proprietary software that is initially shared by the owner for trial use at little or no cost. Often the software has limited functionality or incomplete documentation until the user sends payment to the software developer ...

application by

Ilfak Guilfanov Ilfak Guilfanov (russian: Ильфак Гильфанов, born 1966) is a software developer, computer security researcher and blogger. He became well known when he issued a free hotfix for the Windows Metafile vulnerability on 31 December 200 ...

, IDA was later sold as a commercial product by DataRescue, a

Belgian Belgian may refer to: * Something of, or related to, Belgium * Belgians, people from Belgium or of Belgian descent * Languages of Belgium, languages spoken in Belgium, such as Dutch, French, and German *Ancient Belgian language, an extinct languag ...

company, who improved it and sold it under the name IDA Pro. In 2005, Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension. In January 2008, Hex-Rays assumed the development and support of DataRescue's IDA Pro.

Scripting

"IDC scripts" make it possible to extend the operation of the disassembler. Some helpful scripts are provided, which can serve as the basis for user written scripts. Most frequently scripts are used for extra modification of the generated code. For example, external symbol tables can be loaded thereby using the function names of the original source code. Users have created plugins that allow other common scripting languages to be used instead of, or in addition to, IDC.
IdaRUB
supports

Ruby A ruby is a pinkish red to blood-red colored gemstone, a variety of the mineral corundum ( aluminium oxide). Ruby is one of the most popular traditional jewelry gems and is very durable. Other varieties of gem-quality corundum are called ...

an
IDAPython
adds support for Python. As of version 5.4, IDAPython (dependent on Python 2.5) comes preinstalled with IDA Pro.

Supported systems/processors/compilers

* System hosts **

Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for se ...

x86 and ARM ** Linux x86 ** x86 * Recognized executable file formats **

COFF The Common Object File Format (COFF) is a format for executable, object code, and shared library computer files used on Unix systems. It was introduced in Unix System V, replaced the previously used a.out format, and formed the basis for e ...

and derivatives, including Win32/64/generic PE ** ELF and derivatives (generic) **

( Mach) ** NLM (

NetWare NetWare is a discontinued computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, using the IPX network protocol. The original NetWare product in ...

) ** LC/LE/LX (OS/2 3.x and various DOS extenders) ** NE (OS/2 2.x, Win16, and various DOS extenders) ** MZ (

MS-DOS MS-DOS ( ; acronym for Microsoft Disk Operating System, also known as Microsoft DOS) is an operating system for x86-based personal computers mostly developed by Microsoft. Collectively, MS-DOS, its rebranding as IBM PC DOS, and a few o ...

) ** OMF and derivatives (generic) ** AIM (generic) ** raw binary, such as a ROM image or a

COM file A COM file is a type of simple executable file. On the Digital Equipment Corporation (DEC) VAX operating systems of the 1970s, .COM was used as a filename extension for text files containing commands to be issued to the operating system ...

* Instruction sets **

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 ser ...

80x86 family **

ARM architecture ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer (RISC) instruction set architectures for computer processors, configured ...

** Motorola 68k and H8 **

Zilog Z80 The Z80 is an 8-bit microprocessor introduced by Zilog as the startup company's first product. The Z80 was conceived by Federico Faggin in late 1974 and developed by him and his 11 employees starting in early 1975. The first working samples were ...

MOS 6502 The MOS Technology 6502 (typically pronounced "sixty-five-oh-two" or "six-five-oh-two") William Mensch and the moderator both pronounce the 6502 microprocessor as ''"sixty-five-oh-two"''. is an 8-bit microprocessor that was designed by a small te ...

Intel i860 The Intel i860 (also known as 80860) is a RISC microprocessor design introduced by Intel in 1989. It is one of Intel's first attempts at an entirely new, high-end instruction set architecture since the failed Intel iAPX 432 from the beginning of ...

DEC Alpha Alpha (original name Alpha AXP) is a 64-bit reduced instruction set computer (RISC) instruction set architecture (ISA) developed by Digital Equipment Corporation (DEC). Alpha was designed to replace 32-bit VAX complex instruction set compute ...

Analog Devices Analog Devices, Inc. (ADI), also known simply as Analog, is an American multinational semiconductor company specializing in data conversion, signal processing and power management technology, headquartered in Wilmington, Massachusetts. The ...

ADSP218x ** Angstrem KR1878 ** Atmel AVR series ** DEC series PDP11 ** Fujitsu F2MC16L/F2MC16LX ** Fujitsu FR 32-bit Family ** Hitachi SH3/SH3B/SH4/SH4B ** Hitachi H8: h8300/h8300a/h8s300/h8500 ** Intel 196 series: 80196/80196NP ** Intel 51 series: 8051/80251b/80251s/80930b/80930s ** Intel i960 series ** Intel Itanium (ia64) series ** Java virtual machine ** MIPS: mipsb/mipsl/mipsr/mipsrl/r5900b/r5900l ** Microchip PIC: PIC12Cxx/PIC16Cxx/PIC18Cxx ** MSIL ** Mitsubishi 7700 Family: m7700/m7750 ** Mitsubishi m32/m32rx ** Mitsubishi m740 ** Mitsubishi m7900 ** Motorola DSP 5600x Family: dsp561xx/dsp5663xx/dsp566xx/dsp56k ** Motorola ColdFire ** Motorola HCS12 ** NEC 78K0/78K0S ** PA-RISC ** PowerPC ** Xenon PowerPC Family ** SGS-Thomson ST20/ST20c4/ST7 **

SPARC SPARC (Scalable Processor Architecture) is a reduced instruction set computer (RISC) instruction set architecture originally developed by Sun Microsystems. Its design was strongly influenced by the experimental Berkeley RISC system develope ...

Family ** Samsung SAM8 ** Siemens C166 series ** TMS320Cxxx series * Compiler/libraries (for automatic library function recognition) ** Borland C++ 5.x for DOS/Windows ** Borland C++ 3.1 ** Borland C Builder v4 for DOS/Windows ** GNU C++ for Cygwin **

Microsoft C Microsoft Visual C++ (MSVC) is a compiler for the C, C++ and C++/CX programming languages by Microsoft. MSVC is proprietary software; it was originally a standalone product but later became a part of Visual Studio and made available in both tria ...

** Microsoft

QuickC Microsoft QuickC is a discontinued commercial integrated development environment (IDE) product engineered by Microsoft for the C programming language, superseded by Visual C++ Standard Edition. Its main competitor was Borland Turbo C. QuickC is ...

** Microsoft

Visual C++ Microsoft Visual C++ (MSVC) is a compiler for the C, C++ and C++/CX programming languages by Microsoft. MSVC is proprietary software; it was originally a standalone product but later became a part of Visual Studio and made available in both tri ...

** Watcom C++ (16/32 bit) for DOS/OS2 ** ARM C v1.2 ** GNU C++ for Unix/common

Debugging

IDA Pro supports a number of debuggers, including: * Remote Windows, Linux, and Mac applications (provided by Hex-Rays) allow running an executable in its native environment (presumably using a virtual machine for malware) *

GNU Debugger The GNU Debugger (GDB) is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, C, C++, Objective-C, Free Pascal, Fortran, Go, and partially others. History GDB was first written ...

(gdb) is supported on Linux and OS X, as well as the native Windows debugger * A

Bochs Bochs (pronounced "box") is a portable IA-32 and x86-64 IBM PC compatible emulator and debugger mostly written in C++ and distributed as free software under the GNU Lesser General Public License. It supports emulation of the processor(s) (inc ...

plugin is provided for debugging simple applications (i.e., damaged

UPX UPX (Ultimate Packer for Executables) is a free and open source executable packer supporting a number of file formats from different operating systems. Compression UPX uses a data compression algorithm called UCL, which is an open-source i ...

or mpress compacted executables) * An Intel PIN-based debugger * A trace replayer

References

External links

* * * * {{cite web , url= https://www.youtube.com/watch?v=hLBlck1lTUs , website= Youtube , title= CODE BLUE 2014 : Ilfak Guilfanov - Keynote : The story of IDA Pro Disassemblers Debuggers Software for modeling software

Scripting

Supported systems/processors/compilers

Debugging

See also

References

Further reading

External links