    一款交互式的,可編輯.擴展的,多工的windows平台反匯編工具。被公認為最好的反匯編工具,實際上,IDA Pro已經是分析惡意代碼的標準,並且已經迅速成為研究弱點攻擊領域的主要工具
IDA Pro 7.6 Program Reverse Engineering

Latest Version 7.6

Apple Silicon support
IDA for macOS is now available as a native ARM64 binary which can make full use of the M1 chip’s incredible performance.
It is hard to overstate just how much IDA benefits from the new speed boost. Autoanalysis completes much quicker, the UI is noticeably snappier, and almost every other feature in IDA seems smoother when running on M1. Our beta testers reported that IDA 7.6 is “incredibly stable” and “way faster” on Apple Silicon – so it seems our excitement is not misplaced.

Golang analysis
The Go language (aka golang) from Google is getting popular thanks to its ease of use, performance, and self-contained binaries not requiring dependencies. Due to some of the language designers’ decisions the golang binaries are quite different from those produced by other compilers and some changes were required in IDA to properly support its peculiarities.
Among additions:
• parsing of golang-specific metadata to recover function names
   and boundaries.
• support for stack-based parameters and return values even on
   platfoms that usually use registers (ARM, x64).
• detection of golang-specific string literals.

Decompiler improvements
• automatic renaming of variables.
• improved recognition of stack arrays.
• empty lines for better readability.
New processor modules: RISC-V and RL78
• RISC-V is an open ISA which is starting to become available in
  various hardware such as the latest iteration of the Espressif
  Systems wireless platform, ESP32-C3.

• RL78 from Renesas is a 16-bit descendedant of the 8-bit NEC
   78k0(s) family previously supported by IDA and is used in vario
   us automotive and consumer applications.

We also added some new functionality to enrich bookmarks management in the UI.
As before, you can use Alt-M / Ctrl-M to add/jump to bookmarks, but now you can also use Ctrl-Shift-M to display a separate bookmark view that contains a global list of bookmarks that can be grouped into bookmarks.

Also, bookmarked addresses will now be highlighted in the disassembly. You can use Options>Colors to change the highlight color to whatever you want.
Other UI improvements
• Processor list in the Load File dialog is now organized using
   folder view which can be filtered using Ctrl-F.
• You can now use cut&paste in folder views instead of dragging
    things with the mouse
• The Strings list is now cached in the database. The Strings
   winow is one of the most commonly used views in IDA for
   quickreconnaissance. However, depending on the settings
   it can take a long time to scan the whole database which
   had to be repeated each time on reopening the window
   or reloading the databa    se. Now we cache the list so
   opening it the second time is almost instant.

Compressed macOS and iOS kernelcache

In the recent iOS and macOS versions, the kernelcache files are compressed. Although there are tools available which can decompress them, it’s one more thing to remember. Now IDA handles the standard compressed formats transparently so you can simply load them as standard Mach-O files. Since IDA can also handle ZIP files, you can open them directly from the IPSW updates!
Retpoline handling
Retpoline (return trampoline) is a compile-time mitigation
against the Spectre speculative execution vulnerability
disclosed in 2017. Binaries compiled with this option use
special thunk functions for indirect jumps which tend to
break standard control flow analysis. IDA now detects
and handles these thunks transparently, resulting in
nice and clean function graphs and pseudocode.

Python 3.9 support
Python 3.9 was released after IDA 7.5 and changed the layout of some internal structures leading to crashes in scripts or plugins using PyQt. IDA 7.6 adds official support for 3.9 (while still supporting previous 3.x versions and 2.7). Python 3.9.1 is also officially available for macOS on ARM64 and can be used by IDA there.
IDA highlights

IDA analyzes binaries in a matter of seconds.
Fully interactive
​​Work seamlessly and quickly with the disassembler and analyse code more intuitively.
All standard platforms supported
IDA runs on all standard platforms — MS Windows, Linux, Mac OS X both in GUI and console modes.
Multiple processor handling
Have the same interface and features to speed up the analysis process.
Handles numerous file formats
IDA loads and disassembles virtually any file format.
​​​​​Powerful debugger
IDA is also a versatile debugger, supports multiple
debugging targets and can handle remote applications.

Extend IDA in line with your own requirements through IDC or IDAPython.
​​Open plug-in architecture
IDA’s functionality can easily be extended by the use of programmable plug-ins.
Fast Library Identification and Recognition Technology identifies standard function calls for many compilers.
Code graphing provides a pictorial overview of the code structure at a glance.
Lumina server
The Lumina server holds metadata (names, prototypes, operand types, …) about a large number of well-known functions.
IDA sports a fully customizable and unified work environment on all platforms.



Microsoft Windows、Mac OS X、Linux


IDA Pro 7.6 程式逆向工程軟體


Apple Silicon支持
很難高估IDA從新的速度提升中能獲得多少收益。自動分析完成多快,用戶界面是明顯迅捷,幾乎在每一個IDA其他功能(M1)上運行時,看起來更光滑。我們的Beta測試人員報告說,IDA 7.6在Apple Silicon上“非常穩定”並且“運行得更快”,因此似乎我們的興奮並沒有錯位。

• 解析特定於golang的元數據以恢復函數名稱和邊界

• 支持基於堆棧的參數和返回值,甚至在通常使用寄

• 檢測特定於golang的字符串文字
• 自動重命名變量。
• 改善對堆棧數組的識別。
• 空行以提高可讀性。
• RISC-V是一種開放式ISA,已開始在各種硬件中使用,例如Espressif
• 瑞薩電子的RL78是先前由IDA支持的8位NEC 78k0系列的16位後代,

和以前一樣,您可以使用Alt-M / Ctrl-M來添加/跳轉到書籤,但是現在您還可以使用Ctrl-Shift-M來顯示一個單獨的書籤視圖,其中包含可以分組為書籤的全局列表。

• “加載文件”對話框中的“處理器”列表是使用文件夾視圖組織,
•  您可以在文件夾視圖中使用剪切和粘貼,而不用用鼠標拖動東西。
• “字符串”列表已緩存在數據庫中。字符串窗口是IDA中用於快速

使用retpoline thunk的示例二進製文件。

Python 3.9支持
Python 3.9在IDA 7.5之後發布,並更改了一些內部結構的佈局,導致使用PyQt的腳本或插件崩潰。IDA 7.6增加了對3.9的官方支持(同時仍支持以前的3.x版本和2.7)。Python 3.9.1也正式可用於ARM64上的macOS,並可供IDA在此使用。

IDA可在GUI和控制台模式下的所有標準平台(MS Windows,Linux,Mac OS X)上運行。
具有相同的界面和功能, 以加快分析過程。
通過IDC或IDAPython ,可以根據您自己的要求對IDA進行可編程擴展


