Chapter 5: The IDA Pro Disassembler

Overview

IDA Pro is an outstanding instrument for investigating executable code. The foundation for code investigation using IDA Pro is formed by the following features:

• The powerful toolset built into the disassembler is designed for investigating the executable code. IDA Pro doesn't draw its own conclusions or assumptions. The privilege of analyzing heuristically is always delegated to human investigators.

• Human investigators can participate in heuristic analysis, refine parameters of a specific program's objects, and introduce modifications. In other words, the user of this instrument becomes an active participant in the disassembling process.

• The built-in programming language, which is close to the classical C language in its structure, allows for considerable extension of the product's functionality.

This excellent product, characterized by outstanding capabilities, was extensively used throughout this book. The two main goals of this chapter are as follows:

• Provide a detailed description of the IDA Pro disassembler.

• Provide comprehensive reference information related to the use of this program. Hopefully, you will be able to investigate the executable code (at least when studying the program's capabilities) using the materials of this chapter as a reference, and consulting this book from time to time.

Unfortunately, information about this debugger is scarce. Sources other than the brief information provided in the help file supplied with this debugger are hardly available. Thus, I hope that this chapter will help you master this powerful instrument.