IDA Pro DisAssembler

22/06/2011 16:02

 

The IDA Pro Disassembler and Debugger is an interactive, programmable, extendible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X. IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and COTS validation. See this executive overview for a summary of its features and uses.


What is IDA Pro?
The official line is: IDA Pro combines an interactive, programmable, multi-processor
disassembler coupled to a local and remote debugger and augmented by a complete plugin
programming environment. Quite a mouthful, isn't it? We are aware that the above speaks only to
geeks. The “raison d'être” of this small document is to clarify the nature and the purpose of IDA to
the non-technical user.


IDA Pro is a disassembler
As a disassembler, IDA Pro explores binary programs, for which source code isn't always available,
to create maps of their execution. The real interest of a disassembler is that it shows the instructions that are
actually executed by the processor in a symbolic representation called assembly language. If the friendly
screen saver you have just installed is spying on your e-banking session or logging your e-mails, a
disassembler can reveal it. However, assembly language is hard to make sense of. That's why advanced
techniques have been implemented into IDA Pro to make that code more readable, in some cases, quite close
to the original source code that produced the binary program. The map of the program's code then be
postprocessed for further investigations. Some people have used it as the root of a genomic classification of
viruses. (
digital genome mapping – advanced malware analysis)


Download: 
http://www.hex-rays.com/idapro/idadown.htm
Note; Only 5.0 version is free, can be located here: 
http://www.hex-rays.com/idapro/idadownfreeware.htm.
 I recommend getting a slightly newer version.