Tutorials & Documents
15 files
-
IDA Pro & Decompiler Demo
By Teddy Rogers
This is a demo video for IDA. The video is an analysis of a dynamic link library on a system compromised by spyware. It goes through and explains how to use some of the key features found in IDA. The Hex-Rays Decompiler converts executable programs into a human readable C-like pseudo code text.
227 downloads
0 comments
Submitted
-
Debugging with IDA
By Teddy Rogers
The truth being a little discouraged, lets a little the idea follow with tutes that venia doing so far (the one of asprotect for example and to finish it) and so far to follow something but simple, for but ahead retaking but complex when it was a little better I animate.
It will use example archives that are attached to show to some details del the operation del the IDA that many do not know and that let pass and that by all means would save many misfortunes jeje and returns and pressures of keys of but.
223 downloads
0 comments
Submitted
-
Debugging with IDA Continued
By Teddy Rogers
We continued playing a little with IDA and in this part we will amuse a little with some commandos and we will see as they work.
166 downloads
0 comments
Submitted
-
First Steps in IDA
By Teddy Rogers
Many times we have heard that IDA is a better disassembler than Wdasm, and that it is the best disassembler that exists which is correct, and in spite of not using it frequently, we will see in this first example some tips for IDA, and some differences with the listing it shows us in OLLY and in Wdasm.
To practice, we will use a typical example where we note the differences in a crackme made in VC++ or that is to say level 1 from contest 34. (Attached to this tute).
243 downloads
0 comments
Submitted
-
IDA and OllyDbg The Union
By Teddy Rogers
A paper on ways to successfully combine and better use IDA with OllyDbg.
158 downloads
0 comments
Submitted
-
IDA Plugin Writing in C++
By Teddy Rogers
After spending a lot of time going through the header files in the IDA SDK as well as looking at the source to other people's plug-ins, I figured there should be an easier way to get started with writing IDA plug-ins. Although the header file commentary is amazingly thorough, I found it a little difficult navigating and finding things when I needed them without a lot of searching and trial-and-error. I thought that I'd write this tutorial to try and help those getting started as well as hopefully provide a quick reference point for people developing plug-ins. I've also dedicated a section to setting up a development environment which should make the development process quicker to get into.
163 downloads
0 comments
Submitted
-
IDA Pro for Newbiez
By Teddy Rogers
Normally one is the first Tools, with which a Newbie argues, W32DASM. This Tool is both easy to learn and simply serve. One hears somewhat later then of a Tool named "IDA Pro", which should be better viiieeeel than W32DASM. Fact is that W32DASM is not any longer developed further, while with IDA the pro is very much much the case. In addition fact is that IDA pro possesses some features, which make the Reverse engineering easier. But we come now finally to the actual topic.
246 downloads
0 comments
Updated
-
IDA Pro Quick Reference Sheet
By Teddy Rogers
Datarescue Interactive Disassembler (IDA) Pro Quick Reference Sheet.
157 downloads
0 comments
Submitted
-
IDA Pro User Tutorial
By Teddy Rogers
This is my first tutorial and the first lesson so please don't be rude. Due to the fact that English is not my native language there may be errors. Feel free to contact me so that I can correct them.
Some people may ask why I have written this tutorial since everyone who is into cracking knows how to deal with IDA and newbies normally use W32DASM, changing later when they are advanced. I am trying a different approach. It's 2003 now. W32DASM has lots of mistakes and is less powerful than IDA. I decided to make this tutorial for newbies as a First Approach to IDA so that their first tool is a powerful and helpful one for learning how to crack programs. IDA offers Auto Comments so the Assembler language isn't as cryptic for newbies.
Of course, it is useful to have an Assembler Book as a reference but some things may become clearer by just viewing the comments that may be advanced. I won't expect any Assembler knowledge in this tutorial and Assembler will be addressed in my second tutorial. I want this tutorial to cover the most used functions in IDA. It will not be complete and won't replace the help file from IDA. Make sure to read the help file if you run into problems.
I will try to explain a lot of things with screenshots but don't expect a graphical step-by-step walkthrough for every case. I set goal of one week to complete this tutorial because in one week I promised my first lesson.
254 downloads
0 comments
Submitted
-
IDAPython: User Scripting for a Complex Application
By Teddy Rogers
Developers of today's increasingly complex software packages have to find the delicate balance between the required feature set and implementation time. One way to deal with the issue is to provide end users with means to extend and customize the software to their own needs. Application scripting is the easiest way to involve the users in customisation, with a low entry barrier.
The goal of this final year project was to integrate the Python programming language as a user scripting language into the Interactive Disassembler Pro, also known as IDA Pro, the de-facto standard disassembly tool of the computer security industry. The project is called IDAPython, and the software was implemented as plug-in to IDA Pro.
The IDAPython project used Python as a scripting language and the Simplified Wrapper Interface Generator (SWIG) for interfacing the interpreter to the host application. This report details the design, implementation and issues related to interfacing Python to a complex Application Programming Interface through SWIG, targeted for three different software platforms.
Over the years IDAPython has become a powerful tool, popular among security researchers around the world. IDAPython is available in binary and source code form for free.
112 downloads
0 comments
Submitted
-
Introduction to IDAPython
By Teddy Rogers
IDAPython is an extension for IDA, the Interactive Disassembler. It brings the power and convenience of Python scripting to aid in the analysis of binaries. This article will cover some basic usage and provide examples to get interested individuals started. We will walk through practical examples ranging from iterating through functions, segments and instructions to data mining the binaries, collecting references and analyzing their structure.
126 downloads
0 comments
Submitted
-
Playing with API Implementations with IDA and Bochs
By Teddy Rogers
It is common, when one reverser keeps talking to another, to find out new ways to use tools we already have. Sometimes, you find out how to use the tool in an unexpected way, others is just an unknown shortcut or undocumented behaviour. Lately, this had often happened while talking about using IDA and Bochs together, specially using the debugger in the special "PE mode". Bochs is one of the common environments where it is being used to run/analyze malware, we found interesting to show what you can do, what you can't and what really needs to be improved in this new debugging mode.
Just to put some context, in the current version of IDA Pro (right now is 5.5 as I wrote this), Hex-Rays included a new debugger plugin so it is possible to debug targets using Bochs x86 emulator. This new plugin allows three different ways to debug the targets:
- Disk image: You can use an image or "bochs virtual machine" to debug your target. It's probably the best way but it requires having a working virtual machine so for those who never tried, it's a slightly painful process.
- IDB: its intended use is only to select a piece of assembly code and debug it "virtually" using Bochs. Think about it like an advanced x86emu.
- PE: Quite similar to the IDB mode but where IDA provides a basic environment with a PE loader, and support for the emulation of some win32 API calls. How this emulation works and how we can play with it is the main topic of this article.
This article is focused on the 'PE mode", so let's take a look about how it works.
111 downloads
0 comments
Submitted
-
The Great IDA Primer
By Teddy Rogers
Why is IDA so useful? Because it can do anything. IDA will change the way you think about disassemblers; it will change the way you think about cracking. W32Dasm? A toy. Soft-Ice? Unnecessary. When you have a disassembler that lets you follow the flow of execution by tapping the keyboard, backtrace just as easily, name variables/addresses/functions, view the entire program as opcodes or assembly, change code to data and back again according to your whim, and even run limited C programs to perform operations on the code from searching and parsing to translating and patching...why go somewhere else?
208 downloads
0 comments
Submitted
-
TiGa IDA Series (1-12)
By TiGa
TiGa 01 - Visual Debugging with IDA
TiGa 02 - Remote Debugging with IDA Pro
TiGa 03 - Debugging a Buggy Application with IDA Pro
TiGa 04 - How to Solve CrackMes for Dummies in Video
TiGa 05 - x64 Disassembling and Fixing Obfuscated API's
TiGa 06 - TLS Callbacks and Preventing Debugger Detection
TiGa 07 - Unwrapping a Flash Video Executable
TiGa 08 - Stop Fishing and Start Keygenning!
TiGa 09 - Alien Autopsy rev. 2008
TiGa 10 - Unpacking Deroko x64 UnPackMe
TiGa 11 - Solving Pnluck x64 CrackMe
TiGa 12 - Unpacking 4 Simple Packers with IDA
1,237 downloads
Submitted
-
Unpacking Malware using IDA Pro Extensions
By Teddy Rogers
In almost all cases of today's malicious software, executable packers or crypters are used in order to obfuscate code and data. In some cases unpackers and dumpers are available. In very few cases they actually work on packed malware executables due to modifications of internal structures such as the PE header.
In the following example an unknown binary is loaded into IDA Pro...
204 downloads
0 comments
Submitted
-
Download Statistics