Interactive Disassembler Professional (formerly IDA Pro), a proprietary multi-platform disassembler by Hex-Rays.
IDA is arguably the most advanced disassembler on the market at the time of this writing. Created by Ilfak Guilfanov of Hex-Rays it is an invaluable tool for the reverse code engineer.
Main features/highlights
- license allows you to reverse engineer IDA Pro itself
- the interactivity which has given it its name. That is, the reverse engineer will be able to give IDA cues where the heuristics fail. Aside from that many features make the disassembly more readable (definition of structures, constants, anterior/posterior comments, repeatable comments, auto-commented opcodes).
- can be scripted: since a few releases IDA includes a version of IDAPython. Before that existed IDC, a C dialect initially, later extended to include C++-like language features.
- it is extensible: one can write plugins (even script plugins), processor modules, loaders and so on.
- it is cross-platform - run on Windows, Linux ans OS X.
- comes with a wealth of processor modules and loaders.
- highly customizable
- offering tools for static-analysis and dynamic-analysis alike, such as connectivity to various local and remote debuggers (e.g. GDB, WinDbg) and Bochs to run snippets of disassembly or whole programs in a virtualized environment.
Hex-Rays Decompiler Plugin
The decompiler plugin requires IDA Pro to run. It supports multiple architectures (as of 2017: x86, x64, ARM, ARM64 and PPC). It has to be purchased separately (not included with IDA).
It allows to create pseudo-code from functions identified inside the IDA disassembly and then interactively change aspects of that, give the decompiler further cues and so on. The pseudo-code is akin of C and will, in fact, sometimes compile out of the box on a C compiler.
Blog
Hex-Rays runs a blog called Hexblog on which employees of the company describe scenarios of and give tips concerning IDA Pro usage.
Freeware version
The biggest disadvantage to hobbyists and students would be the steep price point, but IDA's makers also offer a freeware version for download.
The freeware version of IDA Pro, available here, lacks many of the features of the paid versions such as processor modules and support for a wealth of executable file formats. It also doesn't seem to have the same plugin and SDK support that comes with the two paid versions.
Links to third-party resources
- http://www.openrce.org
- http://www.idabook.com/ - also the two dead-tree editions of the book
- http://old.idapalace.net/
