DataRescue IDA Pro - TechRadar UK

There are all sorts of legitimate reasons for disassembling code. You might have lost your original source code, or maybe you suspect that some recently downloaded freeware utility is secretly spying on your Internet habits and sending information back to base.

According to the executive briefing that's available on the website, IDA Pro is now the de facto standard for analysing and sharing information about new viruses.

For whatever reason, if you need to get under the hood with executable code, this is the tool of choice. You shouldn't think from the above that IDA Pro is limited to working with Windows executables. The disassembler itself is hosted only on Windows and Linux OSes, but it understands and will disassemble a huge range of different executable file formats and processor instruction sets.

This is all implemented via the plug-in architecture, and the source code for many of the plug-ins is provided to registered customers via the IDA Pro SDK. The Standard Edition supports over 20 processor families, and the Advanced Edition, boasts support of over 30. Both versions now include 64-bit support.

The most significant new feature in IDA Pro 5.0 is undoubtedly the introduction of a graphical view where the analyser attempts to divide up the code into fragments that are interconnected by arrows indicating the flow of control. Personally, we found all this distracting. Perhaps with a monitor the size of a football pitch it might be useful, but for us, it just got in our way.

You can use the space bar to toggle instantly between the conventional text view and the graph view, but because the latter doesn't display op-code bytes (which are useful) while the former does, the overall effect is disorienting. Bizarrely, you can even display this graphical view using a 'fish eye' effect and proceed to rotate it in various ways. Fortunately, all of this stuff can be turned off.

More usefully, there have been many significant improvements since 4.0, including a debugger plug-in and a Windows CE remote debugger for the ARM processor. As with previous versions, IDA Pro is still highly programmable and customisable.

But rather than more gee-whizz graphics, we'd like to see a decent decompiler. If a freebie tool such as Lutz Roder's Reflector can do it, then why not a £200 utility? Dave Jewell