This may come as a surprise to many hardcore reverse engineers out there but I have actually never used DataRescue’s IDA Pro disassembler tool. Chalk it up to a general aversion to non-free software as well as the chore of having to boot into Windows for the experiment (there is supposed to be a limited Linux version available as well). Add to that the fact that it’s always hard to get myself psyched about any RE-related task, necessary though it may be.
I finally tried the program tonight. It really is every bit as amazing as I have heard about. Recognizing that the computer can not be smart enough to completely reverse engineer as program, IDA’s guiding principle is to give the reverse engineer a powerful workbench of tools to apply towards the craft. One tool maps functions in blocks of ASM instructions grouped by code branches. Another tool allows you to edit a function’s prototype, which is then taken into account in the function’s analysis. Another tool allows you to create new structure definitions to be used as functions parameters.
Fortunately, a trial version of the software that can analyze Windows PE and Linux ELF files is free for download. Unfortunately, it is set to expire after an unspecified period of time. Further, it will not allow you to save your work. The full version of the software will set you back several hundred dollars or euros. Alternatively, you could put a fresh installation of the program on a reliable computer plugged into a UPS and do as much as you can with it. I suppose another workaround is virtualization– set up a virtual environment to save and load the entire machine state.
I had no idea that IDA Pro (full version) can even process console executable files from Nintendo GameBoy and N64 games, Sony Playstation games, Sega Dreamcast games, and Microsoft Xbox games. Makes me wish there were some interesting targets there.