IDA Pro Disassembler and Debugger (源碼恢復反組譯靜態分析工具)是一款交互式,可編程、可擴展、多處理器、交叉Windows或Linux WinCE MacOS平台主機來分析程序,。IDA Pro已經成為事實上的分析敵意代碼的標准並讓其自身迅速成為攻擊研究領域的重要工具。
License版本
Named licenses
Named licenses are linked to a specific end user and may be used on the user's laptop, and two desktop computers. They are a logical choice for private users but are also available to corporations and universities if and when only one end user uses the software.
Computer licenses
Computer licenses are linked to a specific computer and may be used by different end-users on that computer provided only one user is active at any time. This license type is suitable for corporations because they are not tied to physical persons and allow for easy license reassignment.
Floating licenses
Floating (or Network) licenses can be installed on unlimited number of computers (in one organization) but allow only a limited number of simultaneously running copies.
Teams licenses
Team licenses can be installed on an unlimited number of computers in one organization. A team of engineers can work online or offline and merge their work once they reach milestones, big or small. The vault server, which comes with team licenses, keeps track of all changes.
版本比較
IDA Teams | IDA Pro | IDA Home | IDA Free | |
Supported processors | 68 families + custom via SDK/IDAPython | 68 families + custom via SDK/IDAPython | One of: x86/x64, ARM/ARM64, MIPS/MIPS64, PowerPC/PPC64, Motorola 68K/Coldfire |
x86/x64 |
64-bit file analysis | V | V | V | V |
Debuggers | Local and Remote debuggers for: Windows, Linux, OSX, iOS, XNU, Bochs, GDBServer, WinDBG, Intel PIN, Android(Dalvik) More info |
Local and Remote debuggers for: Windows, Linux, OSX, iOS, XNU, Bochs, GDBServer, WinDBG, Intel PIN, Android(Dalvik) More info |
Local + GDBServer | Local x86/x64 |
File formats | Over 45 + custom via SDK/IDAPython | Over 45 + custom via SDK/IDAPython | About 20 processor-specific formats | PE, ELF, Mach-O |
Decompiler | x86, x64, ARM, ARM64, PPC, PPC64, MIPS, MIPS64, ARC (depending on the bundle) | x86, x64, ARM, ARM64, PPC, PPC64, MIPS, MIPS64 (purchased separately) | cloud-based x86 & x64, PPC & PPC64, ARM32 & ARM64 or MIPS & MIPS64 | cloud-based x86 & x64 |
Perpetual license | V | V | ||
Commercial usage allowed | V | V | ||
Python scripting | V | V | V | |
Headless/batch analysis | V | V | ||
Text (terminal) UI | V | V | ||
Access to C++ SDK and tools | V | V | ||
Access to public Lumina server | V | V | V | |
Access to private Lumina server | V Included in all bundles |
V Purchased separately |
||
Save your analysis work | V | V | V | V |
Floating license available | V | |||
Technical support: email, forum | V | V | V | |
Supports teamwork | V |
IDA Pro minimum system requirements
Windows
currently supported x64 OS required (Windows 8 or later, Windows 11 or higher recommended).
Linux
x64 (x86_64) CentOS 7 or later, Ubuntu 16.04 or later. Other equivalent distributions may work but not guaranteed.
OS X
macOS Catalina or later (x64 or ARM64).
Local types
MIPS16e code
Big-endian MIPS32 code
microMIPS code
List of initially availble type libraries
Sample of x86_64 user-mode code using CoreFoundation APIs
Hex-Rays Decompiler(IDA插件)適合對二進位代碼進行分析的程式設計師,他可以把執行的程式解讀成C語言的代碼,而且結構清楚、簡潔易懂。
相較於較低階的彙編語言,Hex-Rays代表的高階語言有以下幾個優點:
- 簡潔:只需花費少許時間來閱讀。
- 結構;程式邏輯較以往明顯。
- 動態:甚至可以在繁忙的工作中更改名稱和類型。
- 熟悉:沒有彙編語言的背景也沒關係
- 酷:是有史以來最先進的反編譯軟體。
虛擬程式碼文字經常在工作中產生,而我們的技術幾乎可以在極短的時間內分析99%的功能。目前,反編譯器支援從x86處理器編譯生成的32位元x86代碼。我們計劃將其轉移到其他平台,並添加一個編程式的API。
這將讓使用者能夠實現自己的分析方法。漏洞搜索、軟體驗證、涵蓋範圍測試是我們會馬上想到的分析方法。