Incubator escapee wiki

Interactive Disassembler

Article Discussion

Template:Short description Template:Multiple issues

{{#invoke:Infobox|infobox}}Template:Template other{{#invoke:Check for unknown parameters | check | showblankpositional=1 | unknown = Template:Main other | preview = Page using Template:Infobox software with unknown parameter "_VALUE_"|ignoreblank=y | AsOf | author | background | bodystyle | caption | collapsetext | collapsible | developer | discontinued | engine | engines | genre | included with | language | language count | language footnote | latest preview date | latest preview version | latest release date | latest release version | latest_preview_date | latest_preview_version | latest_release_date | latest_release_version | licence | license | logo | logo alt | logo caption | logo upright | logo size | logo title | logo_alt | logo_caption | logo_upright | logo_size | logo_title | middleware | module | name | operating system | operating_system | other_names | platform | programming language | programming_language | released | replaced_by | replaces | repo | screenshot | screenshot alt | screenshot upright | screenshot size | screenshot title | screenshot_alt | screenshot_upright | screenshot_size | screenshot_title | service_name | size | standard | title | ver layout | website | qid }}Template:Main other The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It can also be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executables. A decompiler plug-in, which generates a high level, C source code-like representation of the analysed program, is available at extra cost.<ref>Template:Cite book</ref><ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>

IDA is used widely in software reverse engineering, including for malware analysis<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><ref>Template:Cite book</ref> and software vulnerability research.<ref>Template:Cite book</ref><ref>Template:Cite journal</ref> IDA's decompiler is one of the most popular and widely used decompilation frameworks,<ref name=":02">Template:Cite book</ref><ref name=":1">Template:Cite journal</ref><ref name=":2">Template:Cite book</ref> and IDA has been called the "de-facto industry standard" for program disassembly and static binary analysis.<ref>Template:Cite book</ref><ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><ref>Template:Cite book</ref>

HistoryEdit

Ilfak Guilfanov began working on IDA in 1990,<ref>Template:Cite interview</ref><ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><ref name=":0">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> and initially distributed it as a shareware application. In 1996, the Belgian company DataRescue took over the development of IDA and began to sell it as a commercial product, under the name IDA Pro.<ref>Template:Citation</ref><ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>

Initial versions of IDA did not have a graphical user interface (GUI), and ran as an extended DOS, OS/2, or Windows console application.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> In 1999, DataRescue released the first version of IDA Pro with a GUI, IDA Pro 4.0.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>

In 2005, Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> In January 2008, Hex-Rays assumed the development and support of DataRescue's IDA Pro.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>

In 2022, Hex-Rays was acquired by a group of investors led by Smartfin, a European venture capital and private equity investor. Co-investors in the acquisition included the Belgian public holding company Template:Interlanguage link, and the Walloon public investment firm Regional Investment Company of Wallonia (SRIW).<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>

FeaturesEdit

IDA disassembles a compiled program back into an assembly language representation. In addition to performing basic disassembly, IDA also automatically annotates disassembled programs with information about:<ref>Template:Cite book</ref>

However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and vice versa, rename, annotate, and otherwise add information to the listing, until its functionality becomes clear.

ScriptingEdit

"IDC scripts" make it possible to extend the operation of the disassembler. Some helpful scripts are provided, which can serve as the basis for user written scripts. Most frequently scripts are used for extra modification of the generated code. For example, external symbol tables can be loaded thereby using the function names of the original source code.

Users have created plugins that allow other common scripting languages to be used instead of, or in addition to, IDC. IdaRUB<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> supports Ruby and IDAPython<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> adds support for Python. As of version 5.4, IDAPython (dependent on Python 2.5) comes preinstalled with IDA Pro.

DebuggingEdit

IDA Pro supports a number of debuggers,<ref>Template:Cite book</ref> including:

  • Remote Windows, Linux, and Mac applications (provided by Hex-Rays) allow running an executable in its native environment (presumably using a virtual machine for malware)
  • GNU Debugger (gdb) is supported on Linux and OS X, as well as the native Windows debugger
  • A Bochs plugin is provided for debugging simple applications (i.e., damaged UPX or mpress compacted executables)
  • An Intel PIN-based debugger
  • A trace replayer

VersionsEdit

The latest full version of IDA Pro is available via paid annual subscription (version 9.0sp1 as of December 2024), while a less capable version (limited to x86), named IDA Free, is available for download free of cost.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>

Supported systems/processors/compilersEdit

|CitationClass=web }}</ref>

Edit

IDA Pro's logo is a cropped image of Françoise d'Aubigné, Marquise de Maintenon. The logo image is similar to a miniature painting of Françoise d'Aubigné attested to a painter in the circle of Pierre Mignard.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>

The original greyscale version of the logo was introduced in September 1999, with the release of IDA 4.0.<ref name=":0" /> Ilfak Guilfanov has stated that the logo is not a depiction of Saint Ida of Louvain.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>

See alsoEdit

ReferencesEdit

Template:Reflist Template:Refbegin Template:Refend

Further readingEdit

External linksEdit

|CitationClass=web }}

  • {{#invoke:citation/CS1|citation

|CitationClass=web }}

Retrieved from "https://zalansite.site/mediawiki/index.php?title=Interactive_Disassembler&oldid=511264"