Pages

Links

IDA Pro: rEVERSE eNGIEERING

At the present time, the number of hackers has significantly increased so it has become vital to be able to defend against their threats and viruses. That is the reason why such powerful software as IDA Pro was developed. IDA Pro reverse engineering software is the part and parcel of reverse engineering.IDA stands for Interactive Disassembler and it is used for reverse engineering. According to the official definition it is a programmable, interactive, and multi-processor disassembler. It can be utilized as a debugger as well as a disassembler. Well, if you are not a geek, let’s talk about peculiarities of IDA Pro so that to understand its nature. In a few words I would say that though IDA Pro is not a decompiler, it contains a debugger and can analyze high level programs.

The first function of IDA is a disassembler function which means exploring binary programs. Here I can’t but mentioning assembly language that is the way to represent instructions the processor carries out. Unlike most programming languages, it is rather a group of languages than a single one. The representation of instructions is based on mnemonics (abbreviations) and defined as a rule by a hardware manufacturer. However, assembly language is very hard to work with, that has led to preferable utilizing of more legible codes in the latest software including IDA Pro.

But functioning of IDA Pro as a disassembler would be useless without its debugger function. The reason is clear, working with hostile code you come up with numerous worms and viruses. So the static analysis capabilities of the software should be complemented with step by step investigating. IDA Pro is a powerful tool that features the latest implementations.

IDA Pro perfectly fits the needs of modern companies the rights of which need to be protected. That’s why the program has gained such an enormous popularity. As a rule, IDA Pro is used by anti-virus companies, software development companies, some agencies and military organizations. The spheres it is highly used in are software security auditing and reverse engineering.

Necessary to mention that as early as 2001 IDA Pro was recognized one of the best softwares for Technical Excellence.

Among numerous advantages of the software, the first place goes to interactivity. Unlike the majority of similar programs, it allows to improve disassemblies in real time. It is a really unique feature which is highly appreciated by professionals. It provides us with the possibility to cancel decisions and even gives us hints. Moreover, interactivity features a time saving function.

The main task of IDA Pro reverse engineering software is transforming binary codes into a readable text. But each new version was complemented with such unique features as developed navigation system, IDC in-built programming language, open and module architecture, compatibility with the overwhelming majority of file formats, work with high level data arrays and architectures, in-built debugger for Win 32.

By the way, IDA Pro can be used for the operating systems listed below:

·        X86 Windows GUI

·        x86 Windows console

·        x86 Linux console

·        x86 Mac OS X

·        ARM Windows CE

The last version of IDA Pro software was launched as early as June, 2009. Among the main features and innovations in it there are:

·         New dockable interface. This interface has an improved hex viewer. And in general, it is simpler and more pliant to use.

·         Improvements of processor modules

·         Bochs debugger

·         User contribution

·         Sparse storage method

·         Windows Crash Dump Loader

Talking about more down-to-earth and common things, IDA Pro reverse engineering software was developed by Ilfak Guilfanov. He studied at Lomonosov Moscow State University where he got interested in programming. It was then that the developer understood his vocation. Today Ilfak Guilfanov works for Datarescue, a Belgian company. Among all his projects, the interactive disassemble developing and modifying is the main one.

It amazes that such a program as IDA Pro, according to the words of Ilfak Guilfanov, can’t be created by a limited number of programmers. Lots of users helped them to work on its developing.

The processors that support IDA are the following:

  • Intel 80x86 family
  • ARM, including thumb code
  • Motorola 68xxx/h8
  • Zilog Z80
  • MOS Technology 6502
  • Intel i860
  • DEC Alpha
  • Analog Devices ADSP218x
  • Angstrem KR1878
  • Atmel AVR series
  • DEC series PDP11
  • Fujitsu F2MC16L/F2MC16LX
  • Fujitsu FR 32-bit Family
  • Hitachi SH3/SH3B/SH4/SH4B
  • Hitachi H8: h8300/h8300a/h8s300/h8500
  • Intel 196 series: 80196/80196NP
  • Intel 51 series: 8051/80251b/80251s/80930b/80930s
  • Intel i960 series
  • Intel ia64 series
  • Java virtual machine
  • MIPS: mipsb/mipsl/mipsr/mipsrl/r5900b/r5900l
  • Microchip PIC: PIC12Cxx/PIC16Cxx/PIC18Cxx
  • MSIL
  • Mitsubishi 7700 Family: m7700/m7750
  • Mitsubishi m32/m32rx
  • Mitsubishi m740
  • Mitsubishi m7900
  • Motorola DSP 5600x Family: dsp561xx/dsp5663xx/dsp566xx/dsp56k
  • Motorola ColdFire
  • Motorola HCS12
  • NEC 78K0/78K0S
  • PA-RISC
  • PowerPC
  • SGS-Thomson ST20/ST20c4/ST7
  • SPARC Family
  • Samsung SAM8
  • Siemens C166 series
  • TMS320Cxxx series