Guide IDA Pro Beginner Guide

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Rake

Cesspool Admin
Administrator
Jan 21, 2014
11,661
78,998
USA
Visit site
2,330
How long you been coding/hacking?
5 years
IDA Pro or the Interactive Disassembler is one of the best disassemblers / debuggers on the market. They have a free version that does basic disassembly but the real magic is with the paid version that includes the Hex Rays Decompiler that can decompile functions to psuedocode which is amazingly useful but is no substitute for reversing it yourself.

1577675467074.png


A description from Wikipedia:
IDA performs automatic code analysis, using cross-references between code sections, knowledge of parameters of API calls, and other information. However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly listing and then convert sections from code to data and vice versa, rename, annotate, and otherwise add information to the listing, until it becomes clear what it does.

It supports many different architectures, x86, x64, ARM and many more, it can be used to disassemble all different types of executables including Linux ELF, Unix COFF, Windows PE and even firmware roms etc...

The free version does not have a decompiler, only disassembler.

Why is IDA Pro awesome?

The paid version has the Hex Ray's Decompiler plugin, which gives you C psuedo code instead of assmebly instructions, it's must easier to understand, it looks like this:
1576721758404.png


You can easily check cross references (instructions which access the variable you are looking at)
You can rename variables, and these names will populate throughout the entire database. You can reverse a few things, rename them and then as you continue to work on the binary, you will see the renamed vars come up over and over again, this is very helpful because you'll instantly know what you're looking at.

Excellent Ida Pro Book

Beginner IDA Pro Video Tutorial
We have an excellent IDA Pro tutorial to get you started. It has 4 parts, part 1 is for extreme beginners, jump to part 2 if you want to jump into the good stuff.

Most people get their hands on version 6.3, 6.7 and 6.8 but there is a new version 7 that came out recently.

Dark Theme & Class Informer
Here you will find 2 mandatory plugins, the dark theme plugins and Class Informer which is used for reversing vtables and RTTI which is incredibly useful.

GH IDA Pro Resources

GH Video Tutorials Which Feature IDA Pro
I use IDA in almost all my reversing videos, these are much more in depth then the beginner tutorials I posted above. If you're reading this guide, you should probably also read our main reversing guide Guide - Beginners Guide To Reverse Engineering Tutorial

IDA Pro Plugins

Offsite IDA Pro Resources
 
Last edited by a moderator:

Shryder

Newbie
Silenced
Aug 27, 2015
34
783
Visit site
1
Hello there !
I'm kinda new to IDA and i got some little questions:

  1. How can i edit a string? when i do Shift + F12 , i get a list of strings and i would like to edit them through IDA ... even though its possible with a hex editor but i would like to edit it with IDA , will be great.
  2. Assembling an instruction? lets say i got JMP SHORT SOMEWHERE , i would like to "NOP" it or change it to something else...
  3. saving what i've done? is there a way to save what i edited into a .exe file?

those where almost all my IDA questions. *:D

Thanks :D :KappaRoss:
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
11,661
78,998
USA
Visit site
2,330
Hello there !
I'm kinda new to IDA and i got some little questions:

  1. How can i edit a string? when i do Shift + F12 , i get a list of strings and i would like to edit them through IDA ... even though its possible with a hex editor but i would like to edit it with IDA , will be great.
  2. Assembling an instruction? lets say i got JMP SHORT SOMEWHERE , i would like to "NOP" it or change it to something else...
  3. saving what i've done? is there a way to save what i edited into a .exe file?

those where almost all my IDA questions. *:D

Thanks :D :KappaRoss:
IDA is not a replacement for cheat engine, they both have a place in your arsenal

 
  • Like
Reactions: Shryder

Lukor

ded
Meme Tier VIP
Fleep Tier Donator
Dec 13, 2013
454
4,353
Merkelz Neuland
Visit site
25
What exactly are you trying to suggest?
Owning a copy of IDA or a plugin?

IDA itself is quite expensive if you want to stay legal...
If game hacking is not what you make your money with this is maybe not possible or usefull for the most of us...
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
11,661
78,998
USA
Visit site
2,330
Anyone know is there a plugin or way to make it so, all numbers are always listed as hex?
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,279
37,938
Visit site
269
Anyone know is there a plugin or way to make it so, all numbers are always listed as hex?
are you talking about in hex rays? if so -> edit -> plugins -> hex rays decompiler -> options -> default radix -> 16 (can change default in hexrays.cfg)
 
  • Like
Reactions: Rake

Rake

Cesspool Admin
Administrator
Jan 21, 2014
11,661
78,998
USA
Visit site
2,330
are you talking about in hex rays? if so -> edit -> plugins -> hex rays decompiler -> options -> default radix -> 16 (can change default in hexrays.cfg)
Thank you!

p.s. I got a phone call at work today from "mamabar" today and for a second I was like holy shit they found me, then it was indian scammers...
 

Trigonometri

Full Member
Oct 21, 2018
6
134
Visit site
0
I've been using IDA Pro for a while without any problems and I reinstalled it last night and noticed something when i tried to open "csgo.exe"

It doesn't ask for necessary DLLs anymore, before it used to ask for files like client.dll or parsifal.dll but now it just opens it, anything wrong with it or do I have to do something else?
 

MegaByte

Newbie
Full Member
May 11, 2016
37
2,323
Visit site
2
Anyone have this or can explain how it works?
It seems like they wrap existing C or idc functions from the IDA API?

The docs found by google search are atrocious to find anything in.
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
11,661
78,998
USA
Visit site
2,330
yeah man I have had 0% luck with ida python. "The Ida Pro Book" has a bunch of information on coding in idapython. IdaPython works in 6.6 and 6.8 but getting it to work in 7.0 has been so annoying I'm just giving up at this point
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods League of Legends Accounts