IDA Pro 7.6 程式逆向工程軟體
- IDA Pro 7.6 程式逆向工程軟體
-
類別程式開發軟體
-
介紹一款交互式的,可編輯.擴展的,多工的windows平台反匯編工具。被公認為最好的反匯編工具,實際上,IDA Pro已經是分析惡意代碼的標準,並且已經迅速成為研究弱點攻擊領域的主要工具
IDA Pro 7.6 Program Reverse Engineering
Apple Silicon support
IDA for macOS is now available as a native ARM64 binary which can make full use of the M1 chip’s incredible performance.
It is hard to overstate just how much IDA benefits from the new speed boost. Autoanalysis completes much quicker, the UI is noticeably snappier, and almost every other feature in IDA seems smoother when running on M1. Our beta testers reported that IDA 7.6 is “incredibly stable” and “way faster” on Apple Silicon – so it seems our excitement is not misplaced.
Golang analysis
The Go language (aka golang) from Google is getting popular thanks to its ease of use, performance, and self-contained binaries not requiring dependencies. Due to some of the language designers’ decisions the golang binaries are quite different from those produced by other compilers and some changes were required in IDA to properly support its peculiarities.
Among additions:
• parsing of golang-specific metadata to recover function names
and boundaries.
• support for stack-based parameters and return values even on
platfoms that usually use registers (ARM, x64).
• detection of golang-specific string literals.
Decompiler improvements
• automatic renaming of variables.
• improved recognition of stack arrays.
• empty lines for better readability.
New processor modules: RISC-V and RL78
• RISC-V is an open ISA which is starting to become available in
various hardware such as the latest iteration of the Espressif
Systems wireless platform, ESP32-C3.
• RL78 from Renesas is a 16-bit descendedant of the 8-bit NEC
78k0(s) family previously supported by IDA and is used in vario
us automotive and consumer applications.
Bookmarks
We also added some new functionality to enrich bookmarks management in the UI.
As before, you can use Alt-M / Ctrl-M to add/jump to bookmarks, but now you can also use Ctrl-Shift-M to display a separate bookmark view that contains a global list of bookmarks that can be grouped into bookmarks.
Also, bookmarked addresses will now be highlighted in the disassembly. You can use Options>Colors to change the highlight color to whatever you want.
Other UI improvements
• Processor list in the Load File dialog is now organized using
folder view which can be filtered using Ctrl-F.
• You can now use cut&paste in folder views instead of dragging
things with the mouse
• The Strings list is now cached in the database. The Strings
winow is one of the most commonly used views in IDA for
quickreconnaissance. However, depending on the settings
it can take a long time to scan the whole database which
had to be repeated each time on reopening the window
or reloading the databa se. Now we cache the list so
opening it the second time is almost instant.
Compressed macOS and iOS kernelcache
support
In the recent iOS and macOS versions, the kernelcache files are compressed. Although there are tools available which can decompress them, it’s one more thing to remember. Now IDA handles the standard compressed formats transparently so you can simply load them as standard Mach-O files. Since IDA can also handle ZIP files, you can open them directly from the IPSW updates!
Retpoline handling
Retpoline (return trampoline) is a compile-time mitigation
against the Spectre speculative execution vulnerability
disclosed in 2017. Binaries compiled with this option use
special thunk functions for indirect jumps which tend to
break standard control flow analysis. IDA now detects
and handles these thunks transparently, resulting in
nice and clean function graphs and pseudocode.
Python 3.9 support
Python 3.9 was released after IDA 7.5 and changed the layout of some internal structures leading to crashes in scripts or plugins using PyQt. IDA 7.6 adds official support for 3.9 (while still supporting previous 3.x versions and 2.7). Python 3.9.1 is also officially available for macOS on ARM64 and can be used by IDA there.
IDA highlights
Fast
IDA analyzes binaries in a matter of seconds.
Fully interactive
Work seamlessly and quickly with the disassembler and analyse code more intuitively.
All standard platforms supported
IDA runs on all standard platforms — MS Windows, Linux, Mac OS X both in GUI and console modes.
Multiple processor handling
Have the same interface and features to speed up the analysis process.
Handles numerous file formats
IDA loads and disassembles virtually any file format.
Powerful debugger
IDA is also a versatile debugger, supports multiple
debugging targets and can handle remote applications.
Programmable
Extend IDA in line with your own requirements through IDC or IDAPython.
Open plug-in architecture
IDA’s functionality can easily be extended by the use of programmable plug-ins.
FLIRT
Fast Library Identification and Recognition Technology identifies standard function calls for many compilers.
Graphing
Code graphing provides a pictorial overview of the code structure at a glance.
Lumina server
The Lumina server holds metadata (names, prototypes, operand types, …) about a large number of well-known functions.
Customizable
IDA sports a fully customizable and unified work environment on all platforms.
系統需求
Microsoft Windows、Mac OS X、Linux
IDA Pro 7.6 程式逆向工程軟體
Apple Silicon支持
macOS的IDA現在可以作為本機ARM64二進製文件獲得,它可以充分利用M1芯片令人難以置信的性能。
很難高估IDA從新的速度提升中能獲得多少收益。自動分析完成多快,用戶界面是明顯迅捷,幾乎在每一個IDA其他功能(M1)上運行時,看起來更光滑。我們的Beta測試人員報告說,IDA 7.6在Apple Silicon上“非常穩定”並且“運行得更快”,因此似乎我們的興奮並沒有錯位。
Golang分析
Google的Go語言(又名golang)因其易用性,性能以及不需要依賴項的自包含二進製文件而變得流行。由於某些語言設計人員的決定,golang二進製文件與其他編譯器生成的二進製文件完全不同,因此IDA需要進行一些更改以正確支持其特性。
除其他內容外:
• 解析特定於golang的元數據以恢復函數名稱和邊界。
• 支持基於堆棧的參數和返回值,甚至在通常使用寄
存器(ARM,x64)的平台上。
• 檢測特定於golang的字符串文字。
反編譯器改進
• 自動重命名變量。
• 改善對堆棧數組的識別。
• 空行以提高可讀性。
新的處理器模塊:RISC-V和RL78
• RISC-V是一種開放式ISA,已開始在各種硬件中使用,例如Espressif
Systems無線平台的最新版本ESP32-C3。
• 瑞薩電子的RL78是先前由IDA支持的8位NEC 78k0系列的16位後代,
並用於各種汽車和消費類應用。
書籤
我們還添加了一些新功能,以豐富UI中的書籤管理。
和以前一樣,您可以使用Alt-M / Ctrl-M來添加/跳轉到書籤,但是現在您還可以使用Ctrl-Shift-M來顯示一個單獨的書籤視圖,其中包含可以分組為書籤的全局列表。
此外,書籤化的地址現在將在反彙編中突出顯示。您可以使用選項>顏色將突出顯示顏色更改為所需的任何顏色。
其他UI改進
• “加載文件”對話框中的“處理器”列表是使用文件夾視圖組織,
可以使用Ctrl-F進行過濾。
• 您可以在文件夾視圖中使用剪切和粘貼,而不用用鼠標拖動東西。
• “字符串”列表已緩存在數據庫中。字符串窗口是IDA中用於快速
偵察的最常用視圖之一。但是,根據設置的不同,掃描整個數據庫可能
會花費很長時間,而每次重新打開窗口或重新加載數據庫時,都必須重
複此過程。現在我們緩存列表,因此第二次打開列表幾乎是即時的。
壓縮的macOS和iOS內核緩存支持
在最新的iOS和macOS版本中,kernelcache文件已壓縮。儘管有可用的工具可以解壓縮它們,但還需要記住一件事。現在,IDA透明地處理標準壓縮格式,因此您只需將它們作為標準Mach-O文件加載即可。由於IDA還可以處理ZIP文件,因此您可以直接從IPSW更新中打開它們!
Retpoline處理
Retpoline(返回蹦床)是針對2017年披露的Spectre投機執行漏洞的編譯時緩解措施。使用此選項編譯的二進製文件使用特殊的thunk函數進行間接跳轉,這往往會破壞標準控制流分析。現在,IDA透明地檢測並處理了這些重擊,從而產生了清晰美觀的函數圖和偽代碼。
使用retpoline thunk的示例二進製文件。
Python 3.9支持
Python 3.9在IDA 7.5之後發布,並更改了一些內部結構的佈局,導致使用PyQt的腳本或插件崩潰。IDA 7.6增加了對3.9的官方支持(同時仍支持以前的3.x版本和2.7)。Python 3.9.1也正式可用於ARM64上的macOS,並可供IDA在此使用。
IDA亮點
快速
IDA只需幾秒鐘即可分析二進製文件。
完全交互式
與反彙編器無縫,快速地工作,並更直觀地分析代碼。
支持所有標準平台
IDA可在GUI和控制台模式下的所有標準平台(MS Windows,Linux,Mac OS X)上運行。
多處理器處理
具有相同的界面和功能, 以加快分析過程。
處理多種文件格式
IDA可以加載和反彙編幾乎任何文件格式。
強大的調試器
IDA還是一種多功能調試器,支持多個調試目標並可以處理遠程應用程序。
可編程
通過IDC或IDAPython ,可以根據您自己的要求對IDA進行可編程擴展
開放式插件體系結構
IDA的功能可以通過使用可編程插件輕鬆擴展。
FLIRT
快速庫識別和識別技術可識別許多編譯器的標準函數調用。
製圖
代碼製圖一目了然,提供了代碼結構的圖形概述。
Lumina服務器
Lumina服務器保存有關大量眾所周知功能的元數據(名稱,原型,操作數類型等)。
可定制的
IDA在所有平台上都具有完全可定制和統一的工作環境。
ionCube PHP Encoder 13 原始碼編碼器軟體
用於保護原始碼的ionCube PHP Encoder 13,通過編譯為字節碼,可以輕鬆保護PHP原始碼免於容易觀察,盜竊和更改。Pro和Cerberus版本中內置的PHP許可功能,允許許可PHP腳本來控制PHP代碼的運行位置,檔案也可以有時間期限,非PHP原始碼(如XML)也可以加密。
Source Insight 4 程式碼編輯工具
Source Insight是一個革命性的項目導向的程序代碼編輯器和代碼瀏覽器,具有內置的對C / C + +,C#和Java程序,以及其他語言。 源可以分析你的源代碼,並在你工作的同時動態維護它自己的符號數據庫,並自動顯示有用的上下文信息給你。 不僅是源洞察一個偉大的程序編輯器,但它也可以顯示參考的樹木,類的繼承圖和調用樹。 來源洞察功能的源代碼和任何程序編輯器的源信息的最快捷的導航。 讓source insight的鬆散您的項目,看看它使您的工作效率有什麼區別。
BullseyeCoverage C ++ 8.21 代碼覆蓋分析工具
Bullseye Coverage是Bullseye公司開發的一款C / C ++代碼覆蓋測試分析工具,支持多種的C ++編譯器,除了Unix下的編譯器之外,Windows的Borland C ++,Gnu C ++也都有支援。