Jump to content
Wikipedia The Free Encyclopedia

Interactive Disassembler

From Wikipedia, the free encyclopedia
Software reverse engineering tool
This article has multiple issues. Please help improve it or discuss these issues on the talk page . (Learn how and when to remove these messages)
This article includes a list of general references, but it lacks sufficient corresponding inline citations . Please help to improve this article by introducing more precise citations. (September 2013) (Learn how and when to remove this message)
This article may rely excessively on sources too closely associated with the subject , potentially preventing the article from being verifiable and neutral. Please help improve it by replacing them with more appropriate citations to reliable, independent sources. (September 2013) (Learn how and when to remove this message)
(Learn how and when to remove this message)
Interactive Disassembler
Portrait of Françoise d'Aubigné, whose image is used as the IDA logo
Original author Ilfak Guilfanov
Developer Hex-Rays
Initial releaseMay 21, 1991; 34 years ago (1991年05月21日)[1]
Stable release
9.1[2] / February 28, 2025; 7 months ago (2025年02月28日)
Written inC++ [3]
Operating system Microsoft Windows, Mac OS X, and Linux
Available inEnglish, Russian
Type Disassembler, Decompiler
License Proprietary
Websitehex-rays.com/ida-pro/

The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It can also be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executables. A decompiler plug-in, which generates a high level, C source code-like representation of the analysed program, is available at extra cost.[4] [5]

IDA is used widely in software reverse engineering, including for malware analysis [6] [7] and software vulnerability research.[8] [9] IDA's decompiler is one of the most popular and widely used decompilation frameworks,[10] [11] [12] and IDA has been called the "de-facto industry standard" for program disassembly and static binary analysis.[13] [14] [15]

History

[edit ]

Ilfak Guilfanov began working on IDA in 1990,[16] [17] [18] [19] and initially distributed it as a shareware application. In 1996, the Belgian company DataRescue took over the development of IDA and began to sell it as a commercial product, under the name IDA Pro.[20] [21]

Initial versions of IDA did not have a graphical user interface (GUI), and ran as an extended DOS, OS/2, or Windows console application.[22] In 1999, DataRescue released the first version of IDA Pro with a GUI, IDA Pro 4.0.[23]

In 2005, Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension.[24] [25] In January 2008, Hex-Rays assumed the development and support of DataRescue's IDA Pro.[26] [27]

In 2022, Hex-Rays was acquired by a group of investors led by Smartfin, a European venture capital and private equity investor. Co-investors in the acquisition included the Belgian public holding company The Federal Holding & Investment Company (SFPIM)  [fr], and the Walloon public investment firm Regional Investment Company of Wallonia (SRIW).[28] [29]

Features

[edit ]

IDA disassembles a compiled program back into an assembly language representation. In addition to performing basic disassembly, IDA also automatically annotates disassembled programs with information about:[30]

However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and vice versa, rename, annotate, and otherwise add information to the listing, until its functionality becomes clear.

Scripting

[edit ]

"IDC scripts" make it possible to extend the operation of the disassembler. Some helpful scripts are provided, which can serve as the basis for user written scripts. Most frequently scripts are used for extra modification of the generated code. For example, external symbol tables can be loaded thereby using the function names of the original source code.

Users have created plugins that allow other common scripting languages to be used instead of, or in addition to, IDC. IdaRUB[31] supports Ruby and IDAPython[32] adds support for Python. As of version 5.4, IDAPython (dependent on Python 2.5) comes preinstalled with IDA Pro.

Debugging

[edit ]

IDA Pro supports a number of debuggers,[33] including:

  • Remote Windows, Linux, and Mac applications (provided by Hex-Rays) allow running an executable in its native environment (presumably using a virtual machine for malware)
  • GNU Debugger (gdb) is supported on Linux and OS X, as well as the native Windows debugger
  • A Bochs plugin is provided for debugging simple applications (i.e., damaged UPX or mpress compacted executables)
  • An Intel PIN-based debugger
  • A trace replayer

Versions

[edit ]

The latest full version of IDA Pro is available via paid annual subscription (version 9.0sp1 as of December 2024), while a less capable version (limited to x86), named IDA Free, is available for download free of cost.[34]

Supported systems/processors/compilers

[edit ]
[edit ]

IDA Pro's logo is a cropped image of Françoise d'Aubigné, Marquise de Maintenon. The logo image is similar to a miniature painting of Françoise d'Aubigné attested to a painter in the circle of Pierre Mignard.[36]

The original greyscale version of the logo was introduced in September 1999, with the release of IDA 4.0.[18] Ilfak Guilfanov has stated that the logo is not a depiction of Saint Ida of Louvain.[37]

See also

[edit ]

References

[edit ]
  1. ^ Czokow, Geoffrey (2021年05月20日). "IDA: celebrating 30 years of binary analysis innovation". Hex-Rays. Retrieved 2023年03月19日.
  2. ^ "IDA 9.1" . Retrieved March 29, 2024.
  3. ^ "Hex-rays Home". Archived from the original on 2024年05月26日. Retrieved 2008年03月31日.
  4. ^ Eagle, Chris (2011). "Chapter 23: Real-World IDA Plug-ins". The IDA Pro Book: the Unofficial Guide to the World's Most Popular Disassembler (2nd ed.). San Francisco: No Starch Press. pp. 500–502. ISBN 978-1-59327-395-8. OCLC 830164382.
  5. ^ "Hex-Rays Decompiler". hex-rays.com. Retrieved 2023年03月18日.
  6. ^ Staff, S. C. (2017年09月11日). "Hex-Rays IDA Pro". SC Media. Retrieved 2023年03月13日.
  7. ^ Sikorski, Michael (2012). "Chapter 5. IDA Pro". Practical Malware Analysis: a Hands-On Guide to Dissecting Malicious Software. Andrew Honig. San Francisco: No Starch Press. ISBN 978-1-59327-430-6. OCLC 830164262.
  8. ^ Shoshitaishvili, Yan; Wang, Ruoyu; Salls, Christopher; Stephens, Nick; Polino, Mario; Dutcher, Andrew; Grosen, John; Feng, Siji; Hauser, Christophe; Kruegel, Christopher; Vigna, Giovanni (2016年05月22日). "SOK: (State of) the Art of War: Offensive Techniques in Binary Analysis". 2016 IEEE Symposium on Security and Privacy (SP). pp. 138–157. doi:10.1109/SP.2016.17. hdl:11311/1161277 . ISBN 978-1-5090-0824-7.
  9. ^ Guo, Wei; Wei, Qiang; Wu, Qianqiong; Guo, Zhimin (2022年04月01日). "CSChecker: A binary taint-based vulnerability detection method based on static taint analysis". Journal of Physics: Conference Series. 2258 (1) 012069. Bibcode:2022JPhCS2258a2069G. doi:10.1088/1742-6596/2258/1/012069 . ISSN 1742-6588.
  10. ^ Yakdan, Khaled; Eschweiler, Sebastian; Gerhards-Padilla, Elmar; Smith, Matthew (2015). No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations. doi:10.14722/ndss.2015.23185. ISBN 978-1-891562-38-9 . Retrieved 2023年03月18日. {{cite book}}: |website= ignored (help)
  11. ^ Schulte, Eric; Ruchti, Jason; Noonan, Matt; Ciarletta, David; Loginov, Alexey (2018). "Evolving Exact Decompilation". Proceedings 2018 Workshop on Binary Analysis Research. Reston, VA: Internet Society. doi:10.14722/bar.2018.23008 . ISBN 978-1-891562-50-1.
  12. ^ Liu, Zhibo; Wang, Shuai (2020年07月18日). "How far we have come: Testing decompilation correctness of C decompilers". Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. ISSTA 2020. New York, NY, USA: Association for Computing Machinery. pp. 475–487. doi:10.1145/3395363.3397370. ISBN 978-1-4503-8008-9.
  13. ^ Di Federico, Alessandro; Payer, Mathias; Agosta, Giovanni (2017年02月05日). "Rev.ng: A unified binary analysis framework to recover CFGS and function boundaries". Proceedings of the 26th International Conference on Compiler Construction. CC 2017. New York, NY, USA: Association for Computing Machinery. pp. 131–141. doi:10.1145/3033019.3033028. ISBN 978-1-4503-5233-8. In an extensive evaluation, we test our [binary analysis] tool on binaries compiled for MIPS, ARM, and x86-64 using GCC and clang and compare them to the industry's state of the art tool, IDA Pro, and two well-known academic tools, BAP/ByteWeight and angr.
  14. ^ Garcia Prado, Carlos; Erickson, Jon (April 10, 2018). "Solving Ad-hoc Problems with Hex-Rays API". FireEye Threat Research Blog. Archived from the original on June 2, 2022. Retrieved March 12, 2023. IDA Pro is the de facto standard when it comes to binary reverse engineering.
  15. ^ Andriesse, Dennis (2019). "Appendix C: List of Binary Analysis Tools". Practical binary analysis: build your own Linux tools for binary instrumentation, analysis, and disassembly. San Francisco, CA: No Starch Press, Inc. ISBN 978-1-59327-913-4. OCLC 1050453850. This [IDA Pro] is the de facto industry-standard recursive disassembler.
  16. ^ Гильфанов, Ильфак (22 May 2003). "IDA Pro - samyj moshhnyj dizassembler v mire" IDA Pro - самый мощный дизассемблер в мире [IDA Pro - the most powerful disassembler in the world] (Interview) (in Russian). Interviewed by Доля, Алексей. Компания "Ф-Центр". sec. 2.30. Archived from the original on May 15, 2021. Retrieved 14 March 2023. Он начался как хобби в далеком 1991 году, просто увлечением для себя и для друзей.
  17. ^ "IDA Pro - Часто задаваемые вопросы". Archived from the original on December 19, 2003. Первые строки для IDA были написаны в декабре 1990.
  18. ^ a b Czokow, Geoffrey (2021年05月20日). "IDA: celebrating 30 years of binary analysis innovation". Hex-Rays. Retrieved 2023年03月19日.
  19. ^ "Hex Rays - State-of-the-art binary code analysis solutions". hex-rays.com. Archived from the original on 2023年05月31日. Retrieved 2023年07月21日.
  20. ^ Guilfanov, Ilfak (22 June 2015), CODE BLUE 2014 : Ilfak Guilfanov - Keynote: The story of IDA Pro , retrieved 2023年03月16日, Datarescue converted my hobby project into a commercial program in 1996.
  21. ^ "DataRescue IDA Pro Page". DataRescue. Archived from the original on 1997年02月14日.
  22. ^ "DataRescue IDA Page: download an evaluation version". DataRescue. Archived from the original on 1997年02月14日.
  23. ^ "DataRescue IDA Pro What's new Page". DataRescue. Archived from the original on 1999年10月10日.
  24. ^ "Gegevens van de geregistreerde entiteit | KBO Public Search". kbopub.economie.fgov.be. Retrieved 2023年03月13日.
  25. ^ "Hex-Rays Decompiler". Hex-Rays. Archived from the original on 2007年10月11日.
  26. ^ "DataRescue Home Page: home of the IDA Pro Disassembler and of PhotoRescue". DataRescue. Archived from the original on 2008年02月21日. News 07/01/2008: IDA Pro moves to Hex-Rays.
  27. ^ "Hex-Rays Home Page". Hex-Rays. Archived from the original on 2008年02月12日.
  28. ^ "A consortium of investors acquires Hex-Rays – Hex Rays". 19 October 2022. Archived from the original on 2023年07月21日. Retrieved 2023年07月21日.
  29. ^ "News Industry | Smartfin led consortium acquires Hex-Rays to accelerate product innovation efforts". Help Net Security. 2022年10月20日. Archived from the original on 2023年07月21日. Retrieved 2023年07月21日.
  30. ^ Eagle, Chris (2011). "Part II. Basic IDA Usage". The IDA Pro Book: the Unofficial Guide to the World's Most Popular Disassembler (2nd ed.). San Francisco: No Starch Press. ISBN 978-1-59327-395-8. OCLC 830164382.
  31. ^ "Spoonm/Idarub". GitHub . Archived from the original on 2016年01月08日. Retrieved 2011年12月05日.
  32. ^ "Idapython [d-dome.net]". Archived from the original on 2006年01月16日.
  33. ^ Eagle, Chris (2008). The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler. No Starch Press. ISBN 978-1-59327-178-7.
  34. ^ "IDA Pro Freeware version download". Archived from the original on 2008年08月08日. Retrieved 2008年03月31日.
  35. ^ "FLIRT Compiler Support". Hex-Rays. Archived from the original on 2011年10月03日. Retrieved 2010年04月13日.
  36. ^ "Französische Schule, Nachfolge Pierre Mignard - Osterauktion 17.04.2019 - Schätzwert: EUR 1.500 bis EUR 2.600 - Dorotheum". www.dorotheum.com (in Austrian German). Archived from the original on 2023年08月14日. Retrieved 2024年07月08日.
  37. ^ Guilfanov, Ilfak (2006年04月13日). "Sainte Ida | Hex Blog". Hex Blog. Archived from the original on 2011年06月17日. Retrieved 2024年07月08日.

Further reading

[edit ]
[edit ]

AltStyle によって変換されたページ (->オリジナル) /