A couple of years back I learned how to use IDA in a binary and malware analysis class. If you happen to study in The Netherlands, the VU University Amsterdam is where that class is at!
I'm fuzzy on my memory, but man! This was so much cooler and better than disassembling stuff on the commandline! The cool thing about IDA that I found out are:
- its scripting language (we used Python)
- its ability to show loops and branches by drawing arrows to other pieces of assembly (it's a special view you can use)
- really good search and code labeling features: if you change on register name somewhere, then that's propagated to where that register is used in the rest of the relevant code
- the ability to patch programs: you can overwrite processor instructions, mostly I used instruction 90 which is the nop instruction (meaning: no operation).
These features are not unique to IDA, but from a beginner perspective: I thought they were awesome! We used some kind of demo version for IDA.
I'm fuzzy on my memory, but man! This was so much cooler and better than disassembling stuff on the commandline! The cool thing about IDA that I found out are:
- its scripting language (we used Python)
- its ability to show loops and branches by drawing arrows to other pieces of assembly (it's a special view you can use)
- really good search and code labeling features: if you change on register name somewhere, then that's propagated to where that register is used in the rest of the relevant code
- the ability to patch programs: you can overwrite processor instructions, mostly I used instruction 90 which is the nop instruction (meaning: no operation).
These features are not unique to IDA, but from a beginner perspective: I thought they were awesome! We used some kind of demo version for IDA.