Introduction
Interactive Disassembler Professional, commonly referred to as IDA Pro or IDA for short. It is the best static decompilation software and an indispensable tool for many members of the 0day world and ShellCode security analysts! IDA Pro is an interactive, programmable, scalable, multiprocessor, cross Windows or Linux WinCE MacOS platform host for analyzing programs, widely recognized as the best reverse engineering tool that can be purchased for money. IDA Pro has become a de facto standard for analyzing malicious code and rapidly becoming an important tool in the field of attack research. It supports dozens of CPU instruction sets, including Intel x86, x64, MIPS, PowerPC, ARM, Z8068000, c8051, and more.
Anti Piracy Strategy
IDA is the flagship product of Hex-Rays. Therefore, they deeply detest the practice of using IDA without authorization. In the past, the company found a direct causal relationship between the release of pirated IDAs and the decline in company sales. For this reason, the former publisher of IDA, DataRrscus, even posted the names of the pirates on his "Hall of Shame". To combat piracy, IDA has adopted several anti piracy technologies and implemented licensing restrictions.
The first technique that users need to understand is that each IDA contains a watermark to correspond it one-on-one with the buyer. If an IDA appears on a pirated software site, Hex-Rays can track the buyer through watermarks and blacklist them for sale. We can often find discussions about the "leaked" version of IDA on the IDA support forum of Hex-Rays.
Another technology used by IDA to implement licensing policies is to scan other IDA programs running on the local area network. For example, after the Windows version of IDA starts, it will broadcast a UDP packet on port 23945 and wait for a response to see if there are other IDA instances running on the same subnet using the same license key. Then, IDA will compare the number of responses received with the number of users using the license. If too many IDA instances are found in the network, IDA will refuse to start, but it should be noted that users can run multiple IDA instances on the same computer using the same license.
The final method for implementing a licensing policy by IDA is to use a key file to associate each buyer with the product. At startup, IDA will search for a valid ida. key file. If a valid key file cannot be located, IDA will immediately close. The key file is also used to qualify users for upgrading IDA. Basically, the ida. key file is like a user's purchase receipt, and in order to qualify for upgrades in the future, users must keep this file safe.
Permit
IDA has two types of licenses. One type is a named license that is related to a specific user and can be installed on any number of computers used by that user. Another type is a computer license, which is related to a specific computer. Any user who uses that computer can use this license, but only one user can be allowed to use it at a time. Note that although named licenses allow you to install IDA software on any number of computers, only you can run these IDA software. Moreover, for a single license, IDA can only run on one of the computers at a given time.
Unlike many other proprietary software licenses, IDA's license specifically grants users the right to reverse engineer IDA.
Upgrade IDA
After the release of a new version of IDA, Hex-RAYS usually publishes the upgrade link and requirements during the upgrade process on the IDA website, which generally includes the product purchase date applicable to the upgrade. In general, during the upgrade process, users must submit the ida. key file to Hex-Rays. Then, Hex-Rays will verify the user's key and provide detailed information on how to obtain the upgraded version. If you find that your IDA version is too low and you are not eligible to upgrade, please remember to use the discount upgrade price provided by Hex-Rays to expired users.
If you accidentally lose the key file, unauthorized users may impersonate you to make an upgrade request, causing you to be unable to upgrade IDA
Finally, it is strongly recommended to backup the existing IDA version when upgrading IDA, or install the upgraded version to a completely different directory to avoid losing any configuration files you have modified. In order to restore any changes you have made before, you may need to edit the corresponding files in the upgraded version. Similarly, you also need to recompile or obtain a new version of the IDA custom plugin in its own form.
User interface
The features inherited by IDA from MS-DOS are still very obvious. Regardless of which interface (text interface or GUI) is used, IDA heavily uses hotkeys. Although this is not a bad thing, if you take it for granted that you are using text input mode and find that almost every click leads to quite unexpected consequences, then it indicates that IDA has performed some kind of hotkey operation. For example, when using a GUI, if you position the cursor to make modifications and want all of your input to appear at the cursor position, there may be unexpected situations (IDA is not like a word processor).
From the perspective of data input, IDA accepts all inputs through a dialog box. Therefore, if you wish to enter any data in IDA, you must call up the dialog box for inputting data.
Finally, it should be remembered that IDA does not provide undo functionality because you cannot find it at all. Similarly, you cannot find the command history list to identify the operation you just performed.
If you are a non Windows user and want to use IDA's GUI interface, basically, you have two options. Linux users can consider using WINE. It is said that IDA can successfully run under WINE. As for the second option, use the virtual software of the host operating system to run IDA on a Windows virtual machine. Regardless of which option is used, it is necessary to run the Windows version of IDA. Therefore, if you choose to use IDA's built-in debugger for local debugging (for remote debugging below), you can only debug Windows executable files.
