The Interactive Disassembler Professional, better and heretofore known as IDA Pro or simply IDA is a product of Hex-Rays,[18] located in Liège, Belgium. The programming genius behind IDA is Ilfak Guilfanov, better known as simply Ilfak. IDA began its life over a decade ago as an MS-DOS, console-based application, which is significant in that it helps us understand something about the nature of IDA’s user interface. Among other things, non-GUI versions of IDA ship for all IDA-supported platforms[19] and continue to use the console-style interface derived from the original DOS versions.
At its heart, IDA is a recursive descent disassembler; however, a substantial amount of effort has gone into developing logic to augment the recursive-descent process. In order to overcome one of the larger shortcomings of recursive descent, IDA employs a large number of heuristic techniques to identify additional code that may not have been found during the recursive-descent process. Beyond the disassembly process itself, IDA goes to great lengths not only to distinguish data disassemblies from code disassemblies but also to determine exactly what type of data is being represented by those data disassemblies. While the code that you view in IDA is in assembly language, one of the fundamental goals of IDA is to paint a picture as close to source code as possible. IDA makes every effort to annotate generated disassemblies with not only datatype information but also derived variable and function names. These annotations minimize the amount of raw hex and maximize the amount of symbolic information presented to the user.
As an IDA user you should be aware of several facts. IDA is Hex-Rays’ flagship product; accordingly, it is very sensitive about unauthorized distribution of IDA. In the past, the company has seen a direct cause and effect relationship between releases of pirated versions of IDA and declining sales. The former publisher of IDA, DataRescue, has even gone so far as to post the names of pirates to its Hall of Shame.[20] IDA thus utilizes several antipiracy techniques in an effort to curb piracy and enforce licensing restrictions.
The first technique to be aware of: Each copy of IDA is watermarked in order to uniquely tie it to its purchaser. If a copy of IDA turns up on a warez site, Hex-Rays has the ability to track that copy back to the original buyer, who will then be blacklisted from future sales. It is not uncommon to find discussions related to “leaked” copies of IDA on the IDA support forums at Hex-Rays.
Another technique IDA uses to enforce its licensing policies involves scanning for additional copies of IDA running on the local network. When the Windows version of IDA is launched, a UDP packet is broadcast on port 23945, and IDA waits for responses to see whether other instances of IDA running under the same license key are present on the same subnet. The number of responses is compared to the number of seats to which the license applies, and if too many copies are found on the network, IDA will refuse to start. Do note, however, that it is permissible to run multiple instances of IDA on a single computer with a single license.
The final method of license enforcement centers on the use of key files tied to each purchaser. At startup, IDA searches for a valid ida.key file. Failure to locate a valid key file will cause IDA to shut down immediately. Key files are also used in determining eligibility for upgraded copies of IDA. In essence, ida.key represents your purchase receipt, and you should safeguard it to ensure that you remain eligible for future upgrades.
[18] For many years, IDA was marketed by DataRescue; however, in January 2008, Ilfak moved marketing and sales of IDA to his own company, Hex-Rays.
[19] Currently supported platforms are Windows, Linux, and OS X.
[20] The Hall of Shame has been migrated to the Hex-Rays website: http://www.hex-rays.com/idapro/hallofshame.html.