The Interactive Disassembler (IDA) is a
disassembler for
computer
A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...
software which generates
assembly language
In computer programming, assembly language (or assembler language, or symbolic machine code), often referred to simply as Assembly and commonly abbreviated as ASM or asm, is any low-level programming language with a very strong correspondence be ...
source code from machine-executable code. It supports a variety of
executable formats for different
processors and
operating systems. It also can be used as a
debugger for
Windows PE,
Mac OS X Mach-O, and
Linux ELF executables. A
decompiler plug-in for programs compiled with a
C/
compiler is available at extra cost. The latest full version of IDA Pro is commercial, while a less capable version is available for download free of charge (version 8.1 ).
IDA performs automatic code analysis, using cross-references between code sections, knowledge of parameters of
API calls, and other information. However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and vice versa, rename, annotate, and otherwise add information to the listing, until it becomes clear what it does.
Created as a
shareware
Shareware is a type of proprietary software that is initially shared by the owner for trial use at little or no cost. Often the software has limited functionality or incomplete documentation until the user sends payment to the software developer ...
application by
Ilfak Guilfanov
Ilfak Guilfanov (russian: Ильфак Гильфанов, born 1966) is a software developer, computer security researcher and blogger. He became well known when he issued a free hotfix for the Windows Metafile vulnerability on 31 December 20 ...
, IDA was later sold as a commercial product by DataRescue, a
Belgian company, who improved it and sold it under the name IDA Pro. In 2005, Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension. In January 2008, Hex-Rays assumed the development and support of DataRescue's IDA Pro.
Scripting
"IDC scripts" make it possible to extend the operation of the disassembler. Some helpful scripts are provided, which can serve as the basis for user written scripts. Most frequently scripts are used for extra modification of the generated code. For example, external symbol tables can be loaded thereby using the function names of the original source code.
Users have created plugins that allow other common scripting languages to be used instead of, or in addition to, IDC.
IdaRUBsupports
Ruby an
IDAPythonadds support for
Python. As of version 5.4, IDAPython (dependent on Python 2.5) comes preinstalled with IDA Pro.
Supported systems/processors/compilers
* System hosts
**
Windows x86 and ARM
** Linux x86
** x86
* Recognized executable file formats
**
COFF and derivatives, including Win32/64/generic
PE
**
ELF and derivatives (generic)
**
Mach-O (
Mach
Mach may refer to Mach number, the speed of sound in local conditions. It may also refer to:
Computing
* Mach (kernel), an operating systems kernel technology
* ATI Mach, a 2D GPU chip by ATI
* GNU Mach, the microkernel upon which GNU Hurd is bas ...
)
**
NLM (
NetWare
NetWare is a discontinued computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, using the IPX network protocol.
The original NetWare product in 19 ...
)
**
LC/LE/LX (OS/2 3.x and various DOS extenders)
**
NE (OS/2 2.x, Win16, and various DOS extenders)
**
MZ (
MS-DOS)
**
OMF and derivatives (generic)
**
AIM (generic)
** raw binary, such as a ROM image or a
COM file
* Instruction sets
**
Intel 80x86 family
**
ARM architecture
ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer (RISC) instruction set architectures for computer processors, configured ...
**
Motorola 68k and H8
**
Zilog Z80
**
MOS 6502
**
Intel i860
**
DEC Alpha
**
Analog Devices
Analog Devices, Inc. (ADI), also known simply as Analog, is an American multinational semiconductor company specializing in data conversion, signal processing and power management technology, headquartered in Wilmington, Massachusetts.
The co ...
ADSP218x
** Angstrem KR1878
** Atmel AVR series
** DEC series PDP11
** Fujitsu F2MC16L/F2MC16LX
** Fujitsu FR 32-bit Family
** Hitachi SH3/SH3B/SH4/SH4B
** Hitachi H8: h8300/h8300a/h8s300/h8500
** Intel 196 series: 80196/80196NP
** Intel 51 series: 8051/80251b/80251s/80930b/80930s
** Intel i960 series
** Intel Itanium (ia64) series
** Java virtual machine
** MIPS: mipsb/mipsl/mipsr/mipsrl/r5900b/r5900l
** Microchip PIC: PIC12Cxx/PIC16Cxx/PIC18Cxx
**
MSIL
** Mitsubishi 7700 Family: m7700/m7750
** Mitsubishi m32/m32rx
** Mitsubishi m740
** Mitsubishi m7900
** Motorola DSP 5600x Family: dsp561xx/dsp5663xx/dsp566xx/dsp56k
** Motorola ColdFire
** Motorola HCS12
** NEC 78K0/78K0S
** PA-RISC
** PowerPC
** Xenon PowerPC Family
** SGS-Thomson ST20/ST20c4/ST7
**
SPARC Family
** Samsung SAM8
** Siemens C166 series
** TMS320Cxxx series
* Compiler/libraries (for automatic library function recognition)
** Borland C++ 5.x for DOS/Windows
** Borland C++ 3.1
** Borland C Builder v4 for DOS/Windows
** GNU C++ for Cygwin
**
Microsoft C
** Microsoft
QuickC
** Microsoft
Visual C++
** Watcom C++ (16/32 bit) for DOS/OS2
** ARM C v1.2
** GNU C++ for Unix/common
Debugging
IDA Pro supports a number of debuggers,
including:
* Remote Windows, Linux, and Mac applications (provided by Hex-Rays) allow running an executable in its native environment (presumably using a virtual machine for malware)
*
GNU Debugger (gdb) is supported on Linux and OS X, as well as the native Windows debugger
* A
Bochs plugin is provided for debugging simple applications (i.e., damaged
UPX
UPX (Ultimate Packer for Executables) is a free and open source executable packer supporting a number of file formats from different operating systems.
Compression
UPX uses a data compression algorithm called UCL, which is an open-source im ...
or mpress compacted executables)
* An Intel PIN-based debugger
* A trace replayer
See also
*
Ghidra
*
JEB
*
Radare2
*
Binary Ninja
*
Cheat engine
Cheat Engine (CE) is a proprietary, source available freeware memory scanner/debugger created by Eric Heijnen ("Byte, Darke") for the Windows operating system. Cheat Engine is mostly used for cheating in computer games and is sometimes modi ...
References
Further reading
*
External links
*
*
*
* {{cite web , url= https://www.youtube.com/watch?v=hLBlck1lTUs , website= Youtube , title= CODE BLUE 2014 : Ilfak Guilfanov - Keynote : The story of IDA Pro
Disassemblers
Debuggers
Software for modeling software