IDA Free Hex-Rays Decompilers由大眼仔旭(www.dayanzai.me)发布。Hex-Rays 是一家专注于二进制软件分析的高科技公司,成立于 2005 年,总部位于比利时列日市(Liège),致力于研发强劲的二进制分析工具,为 IT 安全市场提供最佳产品和极其出色的服务。Hex-Rays 的旗舰产品 IDA 是全球最智能、功能最完善的交互式反汇编程序,许多软件安全专家和黑客都对这款软件如雷贯耳。IDA PRO 简称 IDA(Interactive Disassembler),是一个世界顶级的交互式反汇编工具,有两种可用版本。标准版(Standard)支持二十多种处理器。高级版(Advanced)支持50多种处理器。
交互式反汇编器 IDA Pro
随着逆向工程技术的热潮,软件逆向工程也在不断发展。 逆向分析技术是软件逆向工程中的重要方法和技术,在某些领域甚至是关键和唯一的问题解决途径。逆向分析技术是指通过分析机器码或汇编码来理解代码功能,如各接口的数据结构等,然后用高级语言重新描述该代码,逆向推出源程序的思路。
二进制程序逆向分析作为程序转换的主要手段发挥着积极的作用。程序转换被广泛用于对程序的理解和代码的编译,用来检测和维护代码、检测并定位bugs、学习算法、用户干预、增加功能等。程序转换的目标之一就是在尽可能大的语言范围内,以一种规范的方式对程序进行重用。
IDA 完全使用 C++ 编写而成,适用于三大主流操作系统:Microsoft Windows、Mac OS X 和 Linux。IDA 的主要目标之一,在于呈现尽可能接近源代码的代码,而且通过派生的变量和函数名称来尽其所能地注释生成的反汇编代码,货真价实。其内核算法的高速和可扩展性,使 Hex-Rays 不仅能够在众所周知的 C/C++ 反编译问题中取得突破性的进展,还为二进制分析领域的未来发展奠定了坚实的基础。
IDA Pro 许可证类型
IDA 提供三种许可证:
Named License(指定许可证):供一名特定的最终用户使用,而且可以在这名特定最终用户所使用的多台计算机上使用。Named License 适用于小型企业和个人用户。
Computer License(计算机许可证):供一台特定的计算机使用,而且可供使用这台计算机的多名最终用户使用,只要无论何时,只有一名用户处于活动状态即可。这种许可证适用于企业,因为它不与个人绑定,允许简便地再分配许可证。
Floating License(浮动/网络许可证):可以在(一家企业)无限数量的计算机上安装,不过只允许同时运行有限数量的副本。
IDA 软件提供两个版本
IDA Starter:支持 20 多种处理器,包括流行的 x86 和 ARM 处理器。IDA Starter 不支持 64 位文件。
IDA Professional:支持 50 多种处理器,而且支持 64 位文件(包括 Intel x86-64 代码)。
这两个版本都适用于 Windows、Linux 和 Mac OS X。
注意:以下功能仅在 Windows 版本中提供:
WinDbg 和 Symbian 调试器
通过 ActiveSync 进行的 WinCE 调试
Hex-Rays 为希望了解 IDA 基本功能的用户提供了一个功能有限的特别版本,但是,该特别版本并不是工最新版本的功能。该特别版本为 IDA 的简化版,除特别版本外,Hex-Rays 还提供当前版本的功能有限的演示版。
官方主页
What’s new in IDA 8.2.221215
December 15, 2022
Processor module improvements:
Xtensa module has been extensively reworked with the addition of various optional and macro instructions (number of supported instructions almost tripled) Most common switch patterns are recognized and marked up.
Xtensa switch and options:
Stack variables are now tracked and created in functions.
Xtensa stack vars:
RISC-V module can now disassemble vector extension instructions.
RISC-V Vector instructions:
Swift:
Metadata structures generated by the Swift compiler are parsed, fomatted and labeled. Some of the simple types which can be represented in IDA are imported into Local Types.
SWIFT formatted metadata SWIFT formatted metadata 2t SWIFT imported type SWIFT imported struct
A new plugin which can search for and display images(pictures) embedded in the current binary.
UI candy:
CSS-based IDA themes now support background images in many of IDA’s views
IDA Teams and Lumina:
lumina: added support for recent MySQL versions which default to TLS connection
teams: the password for Vault is now saved securely in the OS-specific keychain
vault/lumina: allow any local MAC address to match the one specified in .lic file
Procesor modules:
XTENSA: added support for many additional instructions, registers, stack variables
XTENSA: added support for many standard switch patterns
XTENSA: detect used ABI (CALL0 or windowed)
RISC-V: added support for vector extension instructions
TRICORE: decode FTOHP and HPTOF instructions from TC1.6.2
File formats:
macho: added USE_SEG_PREFIXES option to macho.cfg, which instructs IDA to use the Mach-O segment name as a prefix for IDA segment names, e.g. “__TEXT:__text”
FLIRT / TILS / IDS:
FLIRT: added signatures for vc1434 (Visual Studio 16.11)
FLIRT: added MFC signatures for vc1434 (Visual Studio 16.11)
FLIRT: added signatures for icl 222 (Intel C++ 2021.2)
FLIRT: added signatures for icl 2221 (Intel C++ 2021.2.1)
TIL: added a type library for Aarch64 (ARM64) UEFI 2.5
idaclang: added “–idaclang-mangle-format” switch. it works similarly to the -G option for tilib when the user wants to set a custom name mangling format
Standard plugins:
PDB: on Windows, enabled fallback mode by default so that MSDIA is used to load legacy PDB files
picture_search: new plugin for finding and displaying raster images embedded in the binary
svdimport: added support for cluster, derivedFrom and dim/dimIncrement peripheral attributes
svdimport: use a folder-based tree for the plugin’s UI
swift: parse and format Swift metadata
swift: import simple types (enums, structs) into Local Types
Kernel:
kernel: added a new flag REFINFO_SELFREF for offsets (base is equal to the address of the current element)
Scripting & SDK:
IDAPython: expose the C++ SDK’s processor_t (as ida_idp._processor_t)
SDK: added capture_process_output() to capture output of an external program;
SDK: added support for lazy-loaded dirtree choosers. CH2_LAZY_LOADED flag can be used with dirtree-based choosers to load contents of a directory when it’s expanded.
SDK: deprecated qerrcode() (errno can be accessed directly instead)
UI:
UI: added an easy way to take memory snapshot of current segment
UI: improved highlighting of matching registers on platforms which use various prefixes (e.g. @r1)
UI: in the disassembly, addresses in the line prefixes of structure or array members now increase with those members’ offsets.
UI: it is now possible to attribute an image as background to the listings (IDA View, Pseudocode, …) using CSS in themes
UI: jumping to an address in the middle of a struct or an array now positions cursor on the correct line of the disassembly listing
UI: the “Wait” dialog now only shows after a certain timeout (thereby reducing the number of interfering popping dialogs)
Decompilers:
decompiler: added an action to jump to a new pseudocode windows with ‘alt+enter’ shortcut
decompiler: enabled decompiling of 32-bit files in IDA64 if a corresponding 32-bit decompiler license is available
Bugfixes:
BUGFIX: arm: “set callee” (Alt-F11) failed to create cross-references for BLR instructions
BUGFIX: alpha: ‘lda’ instructions could cause wrong sized stack variables to be created
BUGFIX: DWARF: Debug information present in .dwz companion files (pointed to by .gnu_debugaltlink) would be skipped when the link is absolute
BUGFIX: FLAIR: The pelf utility could crash when used with incorrect ‘pelf.rtb’ files
BUGFIX: IDA could crash if an array typedef was replaced by a structure of the same size
BUGFIX: IDA could fail to detect dyld (and any loaded modules) after attaching to a process on macOS 13.
BUGFIX: IDA could fail to parse Objective-C method data during debugging.
BUGFIX: IDAPython: cfunc_t.arguments array could have function arguments in wrong order
BUGFIX: IDAPython: documentation for ida_kernwin.Choose callbacks was missing
BUGFIX: IDAPython: get_reg_vals() was not usable
BUGFIX: IDAPython: using values in the range [128,255) as ‘tag’ for ida_netnode functions, would fail
BUGFIX: ios_deploy “symbols” phase would fail on iOS 14-16.
BUGFIX: lumina: private lumina server could fail starting with certain MySQL setups, due to case sensitivity in INFORMATION_SCHEMA.COLUMNS fields
BUGFIX: PC: callee target was not printed for some call instructions
BUGFIX: svdimport: fixed problem with odd (+1) start addresses in segments
BUGFIX: ui/qt: IDA could crash when passed the wrong widget to ida_kernwin.get_highlight()
BUGFIX: ui: “size” expressions in ‘Structure offset’ context menu differed from ‘T’ hotkey
BUGFIX: ui: exporting data from hex view with non-default item width could produce wrong output
BUGFIX: UI: IDA on Windows would hang if the accessibilty option “Use text cursor indicator” was enabled
BUGFIX: ui: improvements for accessibility under Windows for “Text Cursor Indicator” on “Output” widget
BUGFIX: vault: ‘hv purge’ command was not usable
BUGFIX: xtensa: write acccesses for stack variables were not shown properly
https://hex-rays.com/products/ida/news/8_1/
| IDA Free | Windows 版本 | Linux 版本 | Mac 版本 | Mac ARM 版本 | | 点击下载 | 点击下载 | 点击下载 | 点击下载 | IDA 的免费版本具有以下限制:
禁止用于商业用途
缺少IDA> v8.1中引入的所有功能
基于云的反编译器缺少某些高级命令
缺乏对许多处理器,文件格式等的支持…
没有技术支持 |
|
