{"id":458,"date":"2016-03-17T06:32:55","date_gmt":"2016-03-16T22:32:55","guid":{"rendered":"http:\/\/akl-it.com\/home\/?page_id=458"},"modified":"2020-12-21T16:15:46","modified_gmt":"2020-12-21T08:15:46","slug":"ida-pro","status":"publish","type":"page","link":"https:\/\/akl-it.com\/home\/products\/forensics-security\/forensic-software\/ida-pro\/","title":{"rendered":"IDA Pro"},"content":{"rendered":"\n

IDA Pro is a disassembler<\/h3>\n\n\n\n

A disassembler is a piece of software used to translate machine code into a human-readable format called assembly language.<\/span><\/p><\/blockquote>\n\n\n\n

The source code of the software we use on a daily basis isn\u2019t always available. A disassembler like IDA Pro is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation called assembly language. This disassembly process allows software specialists to analyse programs that are suspected to be nefarious in nature, such as spyware or malware. However, assembly language is hard to read and make sense of. That is why advanced techniques have been implemented into IDA Pro to make that complex code more readable. In some cases, it is possible to revert the binary program back, to a quite close level, to the original source code that produced it. The map of the program\u2019s code can then be post-processed for further investigation.<\/span><\/p>\n\n\n\n

IDA Pro is a debugger<\/span><\/h3>\n\n\n\n

A Debugger is a computer program that assists in the detection and correction of errors in other computer programs.<\/span><\/p><\/blockquote>\n\n\n\n

In software analysis \u2013 as in real life \u2013 things are rarely simple and obvious. Hostile code usually does not cooperate with the analyst. Creators of viruses, worms and trojans often write their code in an obfuscated way, making it extremely hard to read and analyse. More powerful tools are thus required to efficiently help analysts. The debugger in IDA Pro complements the static analysis capabilities (examining the code without executing the program) of the disassembler by allowing users to single step through the code being investigated; this way, the debugger often bypasses the obfuscation and helps obtain data that the more powerful static disassembler will be able to process in depth.<\/span><\/p>\n\n\n\n

IDA Pro runs on Windows, Linux and Mac OS X and can debug a large array of specific platforms (Windows 32\/64-bit, Linux 32\/64-bit, OS X x86\/x64, iOS, Android, etc.). This can be carried out either locally or remotely. Remote debuggers are very useful to safely dissect potentially harmful programs. Some IDA debuggers can also run the application in a virtual environment makinges malware analysis even safer.<\/span><\/p>\n\n\n\n

IDA Pro is interactive<\/span><\/h3>\n\n\n\n

Because no computer can currently beat the human brain when it comes to exploring the unknown, IDA Pro is fully interactive. IDA always allows the human analyst to override its decisions or to provide hints. A built-in programming language and an open plugin architecture pushes interactivity even further.<\/span><\/p>\n\n\n\n

Plugin architecture allows a program to call external code at certain points without knowing all the details of that code in advance, therefore adding functionalities to the calling program.<\/span><\/p><\/blockquote>\n\n\n\n

IDA Pro is programmable<\/span><\/h3>\n\n\n\n

IDA Pro is a complete integrated development environment. It consists of a very powerful macro-like language that can be used to automate simple to medium complexity tasks. For more advanced tasks, the open plugin architecture allows external developers to enhance IDA Pro\u2019s functionalities.<\/span><\/p>\n\n\n\n

Functions of IDA Pro<\/span><\/span><\/h3>\n\n\n\n

Hostile Code analysis<\/span><\/h4>\n\n\n\n

Given the speed and complexity of today\u2019s hostile code, a powerful analysis solution is required. IDA Pro has become such a standard in the field of malware analysis that information about new viruses is often exchanged under the form of \u201cIDA Databases\u201d. IDA Pro is used daily by anti-virus, malware and spyware analysts to investigate new virus sample threats and to provide timely solutions.<\/span><\/p>\n\n\n\n

Vulnerability research<\/span><\/h4>\n\n\n\n

The topic of vulnerability disclosure remains quite controversial but the software is, as a matter of fact, unfortunately often vulnerable to outside attacks. IDA Pro is the ideal tool to investigate such vulnerabilities. If they aren\u2019t fixed they could be exploited by third-parties with dishonest or criminal intentions. The Wisconsin Safety Analyzer, for instance, is a very interesting project investigating software vulnerability where IDA Pro plays an important role.<\/span><\/p>\n\n\n\n

Commercial-off-the-shelf (COTS) validation<\/span><\/h4>\n\n\n\n

A lot of software is developed outside the country where they are used. Since those programs are incredibly hard to verify and since complete source code audit and rebuilds aren\u2019t always practical or possible, tools such as IDA provide a convenient way to check if a program really does what it claims to do, contains no harmful vulnerabilities and leaks no sensitive information.<\/span><\/p>\n\n\n\n

Privacy protection<\/span><\/h4>\n\n\n\n

Software is invading our lives at every level. Respect of essential privacy rights is a concern for many, at a time when the amount of data about individual users that can potentially be collected, sold or exploited has surged to an unprecedented level. IDA Pro helps investigate software that may cause concern, thereby protecting your essential rights.<\/span><\/p>\n\n\n\n

Other uses<\/span><\/h4>\n\n\n\n

IDA Pro has generated quite a lot of interest in academic circles. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

IDA Pro is a disassembler A disassembler is a piece of software used to translate machine code into a human-readable format called assembly language. The source code of the software we use on a daily basis isn\u2019t always available. A disassembler like IDA Pro is capable of creating maps of their execution to show the…
Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":453,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"fullwidth.php","meta":[],"_links":{"self":[{"href":"https:\/\/akl-it.com\/home\/wp-json\/wp\/v2\/pages\/458"}],"collection":[{"href":"https:\/\/akl-it.com\/home\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/akl-it.com\/home\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/akl-it.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/akl-it.com\/home\/wp-json\/wp\/v2\/comments?post=458"}],"version-history":[{"count":7,"href":"https:\/\/akl-it.com\/home\/wp-json\/wp\/v2\/pages\/458\/revisions"}],"predecessor-version":[{"id":3076,"href":"https:\/\/akl-it.com\/home\/wp-json\/wp\/v2\/pages\/458\/revisions\/3076"}],"up":[{"embeddable":true,"href":"https:\/\/akl-it.com\/home\/wp-json\/wp\/v2\/pages\/453"}],"wp:attachment":[{"href":"https:\/\/akl-it.com\/home\/wp-json\/wp\/v2\/media?parent=458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}