In December 2010, Hex-Rays released a significant upgrade to its free version of IDA, moving from version 4.9 to version 5.0. The freeware version of IDA is a reduced-capability application that typically lags behind the latest available version of IDA by several generations and contains substantially fewer capabilities than the commercial equivalent of the same version. Thus, not only does the freeware version lack any features introduced in more recent versions of IDA, it also contains fewer capabilities than the commercial version of IDA version 5.0.
The intent of this appendix is to provide an overview of the capabilities of IDA freeware and point out some of the differences in behavior that you may expect to encounter between the freeware version and the uses of IDA described throughout this book (which targets the latest commercial version of IDA). Before getting started, note that Hex-Rays also makes available a demo version of the latest commercial version of IDA that is reduced in functionality in many of the same ways as the freeware version, with the additional hindrance that it is not possible to save your work using a demo version of IDA. Also, the demo version will time out at random intervals, requiring that you restart it (without saving your work!) if you wish to resume the demonstration.
If you wish to use the freeware version of IDA, you must abide by (and, perhaps, put up with) the following restrictions and reduced functionality:
The freeware version is for noncommercial use only.
The freeware version is available only in a Windows GUI version.
The freeware version lacks all features introduced in later versions of IDA, including all SDK and scripting features that were introduced in versions 5.1 and later.
On startup, a help file page touting the virtues of the latest version of IDA will be displayed. You can disable this feature for subsequent startups.
The freeware version ships with substantially fewer plug-ins than the commercial versions.
The freeware version can disassemble only x86 code (it has only one processor module).
The freeware version ships with only eight loader modules that cover common x86 file types, including PE, ELF, Mach-O, MS-DOS, COFF, and a.out. Loading files in binary format is also supported.
The freeware version includes only a few type libraries common to x86 binaries, including those for GNU, Microsoft, and Borland compilers.
The freeware version ships with significantly fewer IDC scripts, and it ships with no Python scripts because version 5.0 predates the integration of IDAPython.
Add-ons such as the FLAIR tools and the SDK are not included.
Debugging is enabled only for local Windows processes/binaries. No remote debugging capability is available.
The look and feel of IDA’s freeware version reflects the look and feel of all commercial versions. For the features that are present in the freeware version, the behaviors are similar, if not identical, to the behaviors described throughout the book regarding the commercial versions of IDA. Thus, IDA freeware is an excellent way to get acquainted with IDA prior to committing to a purchase. In noncommercial settings such as academic environments, IDA freeware offers an outstanding opportunity to learn the basics of disassembly and reverse engineering as long as the restriction to x86 is not a problem.