Interactive Disassembler
Encyclopedia
The Interactive Disassembler, more commonly known as simply IDA, is a disassembler
for computer
software which generates assembly language
source code
from machine-executable code. It supports a variety of executable format
s for different processor
s and operating system
s. It also can be used as a debugger
for Windows PE, Mac OS X
Mach-O
, and Linux
ELF
executables. A decompiler
plugin for programs compiled with a C
/C++
compiler
is available at extra cost. The latest full version of Ida Pro is commercial software; an earlier and less capable version is available for download free of charge (version 5.0 ).
IDA performs much automatic code analysis, using cross-references between code sections, knowledge of parameters of API
calls, and other information. However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and viceversa, rename, annotate, and otherwise add information to the listing, until it becomes clear what it does.
Created as a shareware
application by Ilfak Guilfanov
, IDA was later sold as a commercial product by DataRescue, a Belgian
company, who improved it and sold it under the name IDA Pro. In 2007 Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension. In January 2008 Hex-Rays assumed the development and support of Datarescue's IDA Pro.
Users have created plugins that allow other common scripting languages to be used instead of, or in addition to, IDC. IdaRUB supports Ruby and IDAPython adds support for Python
. As of version 5.4, IDAPython (dependent on Python 2.5) comes preinstalled with IDA Pro.
Disassembler
A disassembler is a computer program that translates machine language into assembly language—the inverse operation to that of an assembler. A disassembler differs from a decompiler, which targets a high-level language rather than an assembly language...
for computer
Computer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
software which generates assembly language
Assembly language
An assembly language is a low-level programming language for computers, microprocessors, microcontrollers, and other programmable devices. It implements a symbolic representation of the machine codes and other constants needed to program a given CPU architecture...
source code
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...
from machine-executable code. It supports a variety of executable format
Executable
In computing, an executable file causes a computer "to perform indicated tasks according to encoded instructions," as opposed to a data file that must be parsed by a program to be meaningful. These instructions are traditionally machine code instructions for a physical CPU...
s for different processor
Central processing unit
The central processing unit is the portion of a computer system that carries out the instructions of a computer program, to perform the basic arithmetical, logical, and input/output operations of the system. The CPU plays a role somewhat analogous to the brain in the computer. The term has been in...
s and operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s. It also can be used as a debugger
Debugger
A debugger or debugging tool is a computer program that is used to test and debug other programs . The code to be examined might alternatively be running on an instruction set simulator , a technique that allows great power in its ability to halt when specific conditions are encountered but which...
for Windows PE, Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
Mach-O
Mach-O
Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. A replacement for the a.out format, Mach-O offered more extensibility and faster access to information in the symbol table.Mach-O was once used by...
, and Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
ELF
Executable and Linkable Format
In computing, the Executable and Linkable Format is a common standard file format for executables, object code, shared libraries, and core dumps. First published in the System V Application Binary Interface specification, and later in the Tool Interface Standard, it was quickly accepted among...
executables. A decompiler
Decompiler
A decompiler is the name given to a computer program that performs, as far as possible, the reverse operation to that of a compiler. That is, it translates a file containing information at a relatively low level of abstraction into a form having a higher level of abstraction...
plugin for programs compiled with a C
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
/C++
C++
C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features. It was developed by Bjarne Stroustrup starting in 1979 at Bell...
compiler
Compiler
A compiler is a computer program that transforms source code written in a programming language into another computer language...
is available at extra cost. The latest full version of Ida Pro is commercial software; an earlier and less capable version is available for download free of charge (version 5.0 ).
IDA performs much automatic code analysis, using cross-references between code sections, knowledge of parameters of API
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
calls, and other information. However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and viceversa, rename, annotate, and otherwise add information to the listing, until it becomes clear what it does.
Created as a shareware
Shareware
The term shareware is a proprietary software that is provided to users without payment on a trial basis and is often limited by any combination of functionality, availability, or convenience. Shareware is often offered as a download from an Internet website or as a compact disc included with a...
application by Ilfak Guilfanov
Ilfak Guilfanov
Ilfak Guilfanov is a software developer, computer security researcher and blogger. He became well known when he issued a free hotfix for the Windows Metafile vulnerability on 31 December 2005. His unofficial patch was favorably reviewed and widely publicized because no official patch was...
, IDA was later sold as a commercial product by DataRescue, a Belgian
Belgium
Belgium , officially the Kingdom of Belgium, is a federal state in Western Europe. It is a founding member of the European Union and hosts the EU's headquarters, and those of several other major international organisations such as NATO.Belgium is also a member of, or affiliated to, many...
company, who improved it and sold it under the name IDA Pro. In 2007 Guilfanov founded Hex-Rays to pursue the development of the Hex-Rays Decompiler IDA extension. In January 2008 Hex-Rays assumed the development and support of Datarescue's IDA Pro.
Scripting
"IDC scripts" make it possible to extend the operation of the disassembler. Some helpful scripts are provided, which can serve as the basis for user written scripts. Most frequently scripts are used for extra modification of the generated code. For example, external symbol tables can be loaded thereby using the function names of the original source code. There are websites devoted to IDA scripts and offer assistance for frequently arising problems.Users have created plugins that allow other common scripting languages to be used instead of, or in addition to, IDC. IdaRUB supports Ruby and IDAPython adds support for Python
Python (programming language)
Python is a general-purpose, high-level programming language whose design philosophy emphasizes code readability. Python claims to "[combine] remarkable power with very clear syntax", and its standard library is large and comprehensive...
. As of version 5.4, IDAPython (dependent on Python 2.5) comes preinstalled with IDA Pro.
Supported systems/processors/compilers
- Operating systems
- x86 WindowsMicrosoft WindowsMicrosoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
GUIGuiGui or guee is a generic term to refer to grilled dishes in Korean cuisine. These most commonly have meat or fish as their primary ingredient, but may in some cases also comprise grilled vegetables or other vegetarian ingredients. The term derives from the verb, "gupda" in Korean, which literally... - x86 Windows console
- x86 LinuxLinuxLinux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
GUI - x86 Linux console
- x86 Mac OS XMac OS XMac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
GUI - x86 Mac OS X console
- ARMARM architectureARM is a 32-bit reduced instruction set computer instruction set architecture developed by ARM Holdings. It was named the Advanced RISC Machine, and before that, the Acorn RISC Machine. The ARM architecture is the most widely used 32-bit ISA in numbers produced...
Windows CE
- x86 Windows
- Executable file formats
- PE (Windows)
- ELF (Linux, most *BSD)
- Mach-OMach-OMach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. A replacement for the a.out format, Mach-O offered more extensibility and faster access to information in the symbol table.Mach-O was once used by...
(Mac OS X) - Netware .exeEXEEXE is the common filename extension denoting an executable file in the DOS, OpenVMS, Microsoft Windows, Symbian, and OS/2 operating systems....
- OS/2 .exe
- Geos .exe
- Dos/Watcom LE executable (without embedded dos extender)
- raw binary, such as a ROM image
- Processors
- Intel 80x86 family
- ARM, including Thumb code
- MotorolaMotorolaMotorola, Inc. was an American multinational telecommunications company based in Schaumburg, Illinois, which was eventually divided into two independent public companies, Motorola Mobility and Motorola Solutions on January 4, 2011, after losing $4.3 billion from 2007 to 2009...
68xxx/h8 - ZilogZilogZilog, Inc., previously known as ZiLOG , is a manufacturer of 8-bit and 24-bit microcontrollers, and is most famous for its Intel 8080-compatible Z80 series.-History:...
Z80 - MOS Technology 6502
- Intel i860
- DEC AlphaDEC AlphaAlpha, originally known as Alpha AXP, is a 64-bit reduced instruction set computer instruction set architecture developed by Digital Equipment Corporation , designed to replace the 32-bit VAX complex instruction set computer ISA and its implementations. Alpha was implemented in microprocessors...
- Analog DevicesAnalog DevicesAnalog Devices, Inc. , known as ADI, is an American multinational semiconductor company specializing in data conversion and signal conditioning technology, headquartered in Norwood, Massachusetts...
ADSP218x - Angstrem KR1878
- Atmel AVR series
- DEC series PDP11
- Fujitsu F2MC16L/F2MC16LX
- Fujitsu FR 32-bit Family
- Hitachi SH3/SH3B/SH4/SH4B
- Hitachi H8: h8300/h8300a/h8s300/h8500
- Intel 196 series: 80196/80196NP
- Intel 51 series: 8051/80251b/80251s/80930b/80930s
- Intel i960 series
- Intel Itanium (ia64) series
- Java virtual machine
- MIPS: mipsb/mipsl/mipsr/mipsrl/r5900b/r5900l
- Microchip PIC: PIC12Cxx/PIC16Cxx/PIC18Cxx
- MSIL
- Mitsubishi 7700 Family: m7700/m7750
- Mitsubishi m32/m32rx
- Mitsubishi m740
- Mitsubishi m7900
- Motorola DSP 5600x Family: dsp561xx/dsp5663xx/dsp566xx/dsp56k
- Motorola ColdFire
- Motorola HCS12
- NEC 78K0/78K0S
- PA-RISC
- PowerPC
- SGS-Thomson ST20/ST20c4/ST7
- SPARCSPARCSPARC is a RISC instruction set architecture developed by Sun Microsystems and introduced in mid-1987....
Family - Samsung SAM8
- Siemens C166 series
- TMS320Cxxx series
- Compiler/libraries (for automatic library function recognition)
- Borland C++ 5.x for DOS/Windows
- Borland C++ 3.1
- Borland C Builder v4 for DOS/Windows
- GNU C++ for Cygwin
- Microsoft C
- Microsoft QuickCQuickCMicrosoft QuickC was a commercial integrated development environment product engineered by Microsoft for the C programming language, superseded by Visual C++ Standard Edition. Its main competitor was Turbo C.-Version history:...
- Microsoft Visual C++Visual C++Microsoft Visual C++ is a commercial , integrated development environment product from Microsoft for the C, C++, and C++/CLI programming languages...
- Watcom C++ (16/32 bit) for DOS/OS2
- ARM C v1.2
- GNU C++ for Unix/common