User:Wysholp/sandbox/Interactive Disassembler

This is the user sandbox of Wysholp. A user sandbox is a subpage of the user's user page. It serves as a testing spot and page development space for the user and is not an encyclopedia article. Create or edit your own sandbox here. Other sandboxes: Main sandbox | Template sandbox Finished writing a draft article? Are you ready to request review of it by an experienced editor for possible inclusion in Wikipedia? Submit your draft for review!

Drafting content for Interactive Disassembler here.

Features

IDA disassembles a compiled program back into an assembly language representation. In addition to performing basic disassembly, IDA also automatically annotates disassembled programs with information about:^[1]

• cross-references between code and data in the program
• function locations, function stack frames, and function calling conventions
• reconstructed data types

IDA provides interactive functionality, which allows the user to annotate, rename, comment on, and add information to the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and vice versa, rename, annotate, and otherwise add information to the listing, until its functionality becomes clear.

Decompiler

IDA's decompiler is one of the most popular and widely used decompilation frameworks^{[2][3][4][5][6]}

Microcode basics^[7]

Microcode manipulation is allowed via IDAPython^[8]

Gathering information about IDA's widespread use in industry

(for the Interactive Disassembler article, eventually)

IDA is used widely in software reverse engineering, including for malware analysis^[9][10] and software vulnerability research.^[11][12] IDA's decompiler is one of the most popular and widely used decompilation frameworks,^[3][4][5] and IDA has been called the "de-facto industry standard for static binary analysis".^[13][14][15]

1. Eagle, Chris (2011). "Part II. Basic IDA Usage". The IDA Pro Book : the Unoffical Guide to the World's Most Popular Disassembler (2nd ed.). San Francisco: No Starch Press. ISBN 978-1-59327-395-8. OCLC 830164382.
2. Yakdan, Khaled; Dechand, Sergej; Gerhards-Padilla, Elmar; Smith, Matthew (2016-05). "Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study". 2016 IEEE Symposium on Security and Privacy (SP). San Jose, CA, USA: IEEE: 158–177. doi:10.1109/SP.2016.18. ISBN 978-1-5090-0824-7. {{cite journal}}: Check date values in: |date= (help)
3. "No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations". NDSS Symposium. doi:10.14722/ndss.2015.23185. Retrieved 2023-03-18.
4. Schulte, Eric; Ruchti, Jason; Noonan, Matt; Ciarletta, David; Loginov, Alexey (2018). "Evolving Exact Decompilation". Proceedings 2018 Workshop on Binary Analysis Research. Reston, VA: Internet Society. doi:10.14722/bar.2018.23008.
5. Liu, Zhibo; Wang, Shuai (2020-07-18). "How far we have come: testing decompilation correctness of C decompilers". Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. ISSTA 2020. New York, NY, USA: Association for Computing Machinery: 475–487. doi:10.1145/3395363.3397370. ISBN 978-1-4503-8008-9.
6. Yakdan, Khaled; Eschweiler, Sebastian; Gerhards-Padilla, Elmar (2013-10). "REcompile: A decompilation framework for static analysis of binaries". 2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE). Fajardo, PR, USA: IEEE: 95–102. doi:10.1109/MALWARE.2013.6703690. ISBN 978-1-4799-2534-6. {{cite journal}}: Check date values in: |date= (help)
7. Guilfanov, Ilfak. "Decompiler internals: microcode" (PDF). Black Hat USA 2018.
8. Andreas Klopsch (2022-05-04). "Attacking Emotet's Control Flow Flattening". Sophos News. Retrieved 2023-03-20.
9. Staff, S. C. (2017-09-11). "Hex-Rays IDA Pro". SC Media. Retrieved 2023-03-13.
10. Sikorski, Michael (2012). "Chapter 5. IDA Pro". Practical Malware Analysis : a Hands-On Guide to Dissecting Malicious Software. Andrew Honig. San Francisco: No Starch Press. ISBN 978-1-59327-430-6. OCLC 830164262.
11. Shoshitaishvili, Yan; Wang, Ruoyu; Salls, Christopher; Stephens, Nick; Polino, Mario; Dutcher, Andrew; Grosen, John; Feng, Siji; Hauser, Christophe; Kruegel, Christopher; Vigna, Giovanni (2016-05-22). "SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis". 2016 IEEE Symposium on Security and Privacy (SP): 138–157. doi:10.1109/SP.2016.17.
12. Guo, Wei; Wei, Qiang; Wu, Qianqiong; Guo, Zhimin (2022-04-01). "CSChecker : A binary taint-based vulnerability detection method based on static taint analysis". Journal of Physics: Conference Series. 2258 (1): 012069. doi:10.1088/1742-6596/2258/1/012069. ISSN 1742-6588.
13. Di Federico, Alessandro; Payer, Mathias; Agosta, Giovanni (2017-02-05). "rev.ng: a unified binary analysis framework to recover CFGs and function boundaries". Proceedings of the 26th International Conference on Compiler Construction. CC 2017. New York, NY, USA: Association for Computing Machinery: 131–141. doi:10.1145/3033019.3033028. ISBN 978-1-4503-5233-8.
14. Garcia Prado, Carlos; Erickson, Jon (April 10, 2018). "Solving Ad-hoc Problems with Hex-Rays API". FireEye Threat Research Blog. Archived from the original on December 23, 2022. Retrieved March 12, 2023. IDA Pro is the de facto standard when it comes to binary reverse engineering. {{cite web}}: |archive-date= / |archive-url= timestamp mismatch; June 2, 2022 suggested (help)
15. Andriesse, Dennis (2019). "Appendix C: List of Binary Analysis Tools". Practical binary analysis : build your own Linux tools for binary instrumentation, analysis, and disassembly. San Francisco, CA. ISBN 978-1-59327-913-4. OCLC 1050453850. This [IDA Pro] is the de facto industry-standard recursive disassembler.