Description
IDA (Interactive Disassembler) is the industry-standard disassembler and debugger. IDA Free supports x86/x64 binaries with limited features. IDA Pro adds decompiler, more architectures, and scripting.
Installation
BASH
# Download IDA Free from https://hex-rays.com/ida-free/
# Run installer
chmod +x idafree_*.run && ./idafree_*.runBasic Usage
BASH
# Open binary
ida64 binary # 64-bit
ida binary # 32-bit
# Navigation
# G - Go to address
# X - Cross references
# N - Rename
# ; - Add comment
# Space - Toggle graph/text view
# Analysis
# Wait for auto-analysis to complete
# Functions list: View → Open subviews → Functions
# Strings: View → Open subviews → StringsAdvanced Usage
BASH
# IDAPython scripting
import idautils
import idc
# List all functions
for func in idautils.Functions():
print(hex(func), idc.get_func_name(func))
# Find xrefs
for xref in idautils.XrefsTo(addr):
print(hex(xref.frm))
# Patch bytes
idc.patch_byte(addr, 0x90) # NOP
# Decompiler (IDA Pro only)
# F5 - Decompile function
# Debugging
# F9 - Run
# F7 - Step into
# F8 - Step over
# F2 - Toggle breakpointCommon Workflows
BASH
# Binary analysis
# 1. Load binary in IDA
# 2. Let auto-analysis finish
# 3. Start at entry/main
# 4. View → Strings for interesting strings
# 5. X on strings to find references
# 6. Trace execution flow
# 7. Rename functions/variables for clarity