Its interactivity allows you to improve disassemblies in real time Written by Andreea Matei on January 18th, 2013
IDA or the Interactive Disassembler, is a multi-processor debugger designed to disassemble binary programs in order to generate maps of execution. With possibilities to unpack and analyze applications that don’t have their source code attached, IDA remains one of the most reliable disassemblers on the market.
IDA features support for more than fifty families of processors and can be run on various platforms, including Windows, Linux and MAC OS X. Bent on analyzing hostile code and researching security vulnerabilities, IDA is often the first choice of antivirus companies and even military organizations.
IDA is a complex application, but as far as requirements are concerned, the software is not that picky. What’s more, the installation process doesn’t take that long and the load time of the application is quite decent. The interface is simple, yet organized and professional looking. It hosts a few menus that occupy a small area, compared to the actual disassembly area, which takes almost all of the allocated space.
As soon as you open a file (in EXE format), IDA starts the disassembly process almost right away and displays various characteristics of the source program, such as HEX view, Structures, Enums, Imports and Exports (with details about the memory address and associated libraries).
Being an interactive disassembler, the analysis and debugging process for the code is not done automatically. However, it may offer you several hints related to unsolved issues and suspicious lines, but it can only proceed if instructed properly. You can always turn to the extensive help file if in need of advice.
To conclude, IDA mostly concentrates on disassembling and debugging applications and its main purpose is to analyze and detect vulnerabilities, in order to help developers to repack the code into a much stronger, more secure program.
IDA (formerly IDA PRO) description Limitations: · It only supports the 80x86 family : IDA support a large number of other processors. · It will only load Windows 32 PE files. The full version of IDA will accept virtually any file, from Atmel ROMs to OS/2 LX executables. See our DISASSEMBLY GALLERY for information about the additional processors, operating systems and file formats we support. · Only the Windows GUI version is included in the archive. IDA runs natively as a Windows GUI or console application, as an OS/2 console application and as an Extended DOS application. · The only compiler signatures included are the ones that can be used to produce Windows 32 PE files; the only type information included is for Visual C++ 6 and Borland C++ Builder you will not be able to save your work, it will time out after some use, it will not disassemble itself.
What's New in This Release: [ read full changelog ]
· Improved iPhone support · Much improved ARM and PowerPC support · Much improved PowerPC module · Easy debugger scripts in IDC · Improved type support