makesig plugin overview The makesig plugin was introduced in the IDA 8.4 release, and it is a convenient tool for generating FLIRT signatures from a current database. As you probably already know, FLIRT stands for Fast LibrarybIdentification and Recognition Technology, allowing IDA to recognize standard library functions generated by supported compilers. This technology improves […]
Read MoreWe’ve covered simple enums previously, but there is a different kind of enum that you may sometimes encounter or need to create manually. They are used to represent various bits (or flags) which may be set in an integer value. For example, the file mode on Unix filesystems contains Access Permission bits (you can […]
Read MoreIDA 8.4 Service Pack 1 (SP1) is now live and ready to download. This release includes mainly bug fixes and refinements. How to request the new versions All new versions are free for users with an active support plan. Please use the “Help > Check for free update” menu item in IDA. It is also possible to […]
Read MoreThis is a guest entry written by Arnaud Gatignol and Julien Staszewski from the THALIUM team. The views and opinions expressed in this blog post are solely those of the authors and do not necessarily reflect the views or opinions of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed […]
Read MoreIn the past, we’ve seen how structure instance representation can be changed by editing the structure in the Structures window. In IDA 8.4, a new unified view was introduced for Local Types and the same operations can (and should) be done in that window. Instead of comments, additional custom attributes are printed now: In addition […]
Read MoreWe heard you and have developed a cheaper and optimized online training program that provides fundamental knowledge about IDA Pro. Our new sessions take just one day of your time. Still, their content is carefully curated to provide you with all the necessary information to feel confident using IDA Pro and reverse engineer simple binaries […]
Read MoreIn one of the past tips we mentioned the __unused attribute which can be applied to function arguments. When can it be useful? Let’s consider this code from Apple’s dyld: v19 is passed as fist argument to dyld4::ProcessConfig::PathOverrides::setString(). Since its name looks like a class method, the decompiler assigned the class type to the first argument […]
Read MoreA handful of our users have already requested information regarding the Qt 5.15.2 build, that is shipped with IDA 8.4. The Qt sources used by IDA are: based on Qt 5.15.2, to which the KDE Qt5 patch collection has been added, plus a few custom patches/fixes Rebuilding Qt from source In order to obtain compatible libs, the simplest way forward is to Read More
Previously, we discussed a situation where the decompiler wrongly used a combined stack slot for two separate variables. We could solve it because each variable had a distinct stack location, so editing the stack frame to split them worked. However, modern optimizing compilers can actually reuse the same stack location for different variables active at […]
Read MoreIt is official! IDA 8.4 has now been released, and we are beyond excited to share the new features and improvements with you. This new version combines enhanced support for a bunch of processors, Mach-O file improvements, some signature boosts, standard plugin updates, and a shiny new set of UI refinements that will make your analysis […]
Read More