We’re proud to release a new plug-in for IDA Pro users – SimplifyGraph – to help automate creation of groups of nodes in the IDA’s disassembly graph view.
Read more...Entries filed under 'Ida Pro'
Threat Research Blog
FireEye posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. These blog posts cover everything from exploits and vulnerabilities, to advanced malware and targeted attacks.
FLARE IDA Pro Script Series: Automating Function Argument Extraction
November 16, 2015 8:00 AM By Jay Smith | Advanced MalwareThe FireEye FLARE Team looks at reverse engineering the new IDA utility, argtracker.
Read more...FLARE IDA Pro Script Series: Applying Function Prototypes to Indirect Calls
April 17, 2015 8:00 AM By Jay Smith, Peter Kacherginsky | Advanced MalwareThe FireEye Labs Advanced Reverse Engineering (FLARE) Team examines reverse engineering tools including ApplyCalleeType and StructTyper.
Read more...FLARE IDA Pro Script Series: Automatic Recovery of Constructed Strings in Malware
August 1, 2014 3:18 PM | Advanced Malware
The FireEye Labs Advanced Reverse Engineering (FLARE) Team is dedicated to sharing knowledge and tools with the community. We started with the release of the FLARE On Challenge in early July where thousands of reverse engineers and security enthusiasts participated. Stay tuned for a write-up of the challenge solutions in an upcoming blog post. This post is the start of a series where we look to aid other malware analysts in the Read more...
Applying Function Types to Structure Fields in IDA
June 19, 2013 5:00 PM By Jay SmithIDA Pro comes with an incredibly useful array of type information gathered from various compilers. Whenever a user names a location, IDA searches its currently loaded type libraries to see if that name is a known function. If the function is found, IDA applies the function declaration to that location. For example, Figure 1 shows an array of DWORDS. During reverse engineering, I determined that these are function pointers to MS SDK API functions.
Read more...
Sign up for email update
Get information and insight on today's advanced threats from the leader in advanced threat prevention.
