allthingsida
@allthingsida
Followers
4K
Following
576
Media
107
Statuses
334
All things IDA, security, reverse engineering, programming, AI and more. Friend and fan of Hex-Rays but non-official.
Joined March 2023
Try the ask_ida/c++ GPT [ ] for IDA SDK related questions in C/C++.
8
153
534
In this video we take a simple Windows 32bits malware and reverse engineer it in IDA. We cover topics such as:. - Debugging malware with Bochs.- Self modifying code.- Using Appcall to resolve API names hashes.- Anti emulation / debugger tricks.- SEH.- HW.
1
127
521
Video walkthrough of Mandiant's #Flareon10 Yoda challenge: - Full CTF logic explained.- Dealing with instruction shuffling and chunked functions.- Dealing with obfuscated API calls.- Reverse engineering and decompiling ROP chains into regular functions.-.
6
98
323
Understanding how shellcode resolves APIs w/o using GetProcAddress() via the _PEB, _PEB_LDR_DATA, and _LDR_DATA_TABLE_ENTRY structures. Video: Code link:
1
51
198
Understanding the PE+ File Format - Part 4: Entry Points and TLS Callbacks. We will learn how to locate and analyze entry points (including TLS callbacks) manually using IDA Pro, Hiew then using an IDAPython script.
1
45
187
Kicking off a new series on understanding the PE+ file format from the ground up using IDA. No PE loaders involved. This series will be educational on several fronts and should also help you learn some handy IDA tricks along the way. Let's do it! 🍿.
1
49
185
Here are my slides for REcon 2024 talk entitled: “A Tale of Reverse Engineering 1001 GPTs: The good, the bad And the ugly”. Beware of your IP address being leaked when using custom GPTs.
0
63
181
Do you know what that means?. You can now play with all 3 IDA GPTs without being a paid customer:.- - -
3
50
175
Debugging with IDA: Emulating code from crash dumps - defeating VMP's obfuscated imports
0
56
161
IDA 9.0?. If you're an IDA customer, you must have received this exciting announcement email today!. Some highlights:. - Enhanced Python API for a more Pythonic experience. - Launching library mode for scalable job execution without needing `idat`. - Expanding FLIRT signatures to.
3
21
126
I hope that by using a practical example (the Hex-Rays CTF challenge 2023), this video can serve as a nice introduction into the Z3 Solver library.
0
19
113
Ready to master debugging with IDA and WinDbg? Let's get started with the setup video.
0
21
111
Here's the ask_ida/IDAPython GPT: (It should be slightly better than vanilla ChatGPT).
1
26
107
In Part 5 of the PE+ file format's video series, I discuss and explain the relocation table in details and cover IDA SDK's relocation (fixup) APIs.
1
31
106
It is not "all things ida" unless we talk about the decompiler. Here's the first introductory video to the Hex-Rays Decompiler. Enjoy!.
2
23
98
Continuing with the PE+ file format and this time we explain the imports directory
1
20
95
Debugging with IDA: Understanding how user mode API hooks work and how to detect them in IDA.
0
33
85
Who said IDA debugging is just about single stepping or breakpoints? Nope, there's more. Let's dive into Appcall with the first video from this series.
0
21
89
If IDA UI hangs on you, this hack plugin might be able to save the day:
3
16
88
Curious about how to 'reverse engineer' OpenAI's GPTs? I will be talking about:. - Creating and understanding GPTs.- Prompting techniques.- Exfiltrating instructions and files.
1
21
84
✅ Learned how to use the Bochs emulator + Windows Crash dumps.✅ Learned how to use script debuggers.✅ Understand PE format.❌ Automating VMP import de-obfuscation with IDAPython: #LearningTech #CodingJourney.
0
20
82
In this final video about the VMProtect automatic import de-obfuscation, we complete the last missing tasks:. ❌ Patch and fix the import address table.❌ Test our snippets on a newer version of VMProtect. Code snippets coming soon.
3
24
78
From One to Now: The 30+ Years Journey of IDA Pro. Explore the evolution of IDA from its first version in the late 1990s to the present day in this video walkthrough. Watch here:
0
24
80
Debugging with IDA: Learn how to "Run" crash dumps, analyze modules, take debug segment snapshots, etc.
0
14
75
Let's understand how EAT hooks work and how to detect them under an IDA debugging session (or from a user mode crash dump)
2
23
76
An introduction to event hooks and callbacks with hook notification points🪝. This knowledge will help us extend IDA programmatically in countless ways.
0
14
73
Ever wondered how to nicely disassemble embedded code or VM code/P-code of a different architectures than your input database in IDA?. In this video, I show how we can nicely have an x86 database nicely disassemble ARMv8 and RISC-V shellcode. Then you should be able to add your.
5
15
69
In this video, we cover the basics of breakpoints in IDA. We explore absolute, module relative, symbolic, source, and hardware breakpoints, as well as conditional breakpoints with practical applications like a mock file monitor. Additionally, we discuss organizing,.
0
26
65
Working with the Decompiler's Ctree in C++ and IDAPython: Learning with Examples.
1
23
65
How to analyze main input file & its dependencies in a single IDA database.
1
12
61
Scripting concepts and productivity tips for IDAPython & IDC -
0
13
62
New video dropped. How to inspect data base items, read bytes, strings and more
0
16
57
IDA 8.4: Highlights of the new features, improvements and fixes.
0
10
57
Let's continue with the VMProtect automatic import de-obfuscation:. ✅ Obfuscated API primer.✅ Identified all import calls.❌ Resolve all the obfuscated API calls using the Bochs debugger and single stepping.❌ Group and identify the resolved API calls and match them to the.
1
11
54
Learn how to build IDAPython on Windows. Now you have no excuse not to contribute to the project on GitHub ;)
0
10
53
Let's learn how to extend IDAPython with C++ and also how to call Python from C++ programmatically. This approach avoids having to change the IDAPython source code and recompiling it.
0
13
49
Let's start working with the debugger from IDAPython. Easy topics first: process state, debugger modules and debug names.
0
11
47
I put together a GPT this weekend to help recommend a plugin from the @HexRaysSA plugins repo. Just type in what you want and ask_ida/plugins will try to recommend something for you. Try it out:
5
8
48
A re-run of my REcon 2018 presentation: "StarCraft Remastered: Emulating a buffer overflow for fun and profit".
1
15
45
Nice writeup on reverse engineering #Rust binaries by Ben Herzog (@_CPResearch_). #reverseengineering #rustlang
0
3
44
Manually 'reconstruct' a packed PE file from a crash dump in IDA.
0
10
43
How to get IDA global information? min and max addresses, entry point, main, other configuration values, etc.
0
11
41
Crafting practical security GPTs: From in-context learning to prompt engineering, we're explaining it all. Learn how all of the ask_ida GPTs were made:
0
12
39
Let's dive into how to use Appcall with IDAPython, just like we did in our previous two episodes with IDC.
0
6
39
Let's learn how to store and retrieve structured data using IDAPython in this concluding video of our Appcall series.
2
12
39
Going forward, relevant code snippets from the channel will be posted here:
0
4
40
IDAPython: Generating disassembly lines and instruction decoding.
0
8
38
Inside IDA's Bochs Debugger Plugin: the lost REcon 2012 talk. A recreation of the "Designing a minimal operating system to emulate 32/64bits x86 code snippets, shellcode or malware in Bochs" talk that was presented at REcon Montreal in 2012. Highly informative talk about the.
0
6
37
Hiew is an indispensable tool for reverse engineers and a vital first step before using the big guns (IDA Pro/Decompiler). Let's get started with the first video in our Hiew learning journey and see how to quickly get information about executable files.
1
5
34
Let's get started with function flowcharts with IDAPython (part 1).
0
7
32
What are imports and how to programmatically work with them.
0
11
31
Can we use large language models (LLMs) with IDA? Let's cover ChatGPT, Bard, the Gepetto plugin and the upcoming ask_ida plugin!
0
7
31
Ever wondered how to pass command line arguments to your IDC or IDAPython script and retrieve them when IDA runs?.
0
6
30
I took Satoshi’s course last year and it was great for beginners. Satoshi is a great and patient teacher. I am sure his course keeps improving each time. Highly recommended!.
Solidify your understanding of virtualization technology and hypervisor implementations for reversing, fuzzing, tooling or your low-level thirst!. The 4-day long remote class with in-depth discussions and hands-on exercises in the comfort of your home🏠
0
1
28
Let's continue with the Appcall series. In part 2, we cover variadic functions, passing by reference and exception handling.
0
5
27
IDAPython: Working with x-refs - Finding out the most popular functions.
0
6
29
Let's write a debugger loop with IDAPython. That can be handy for debugger automation and scripting.
0
6
27
Now that a lot of IDAPython concepts have been covered, let's explore our first IDAPython plugin.
0
7
26
Different ways to patch with IDA, IDAPython, Keystone, Keypatch, Hiew, etc.
0
4
27
Introduction to "actions" and "action_handlers". These basic concepts will allow us in the future to add new menu items, popup menu items, hotkeys or toolbar icons.
0
5
25
Did you know you can do source level and pseudo-code level debugging in IDA?.
1
7
23
What is the vivisect framework? . and can we use it with IDAPython?
0
4
22
How does Appcall work and how to troubleshoot it? Let's find out!.
0
6
20
Just as IDA Pro dissects binaries, GPT-Analyst dissects GPTs. (I know you reverse engineers will appreciate this).
0
5
18
Some individuals have shown curiosity about the ask_ida plugin. With this brief update video, I aim to provide answers to some of the questions that may have arisen.
1
3
18
I updated 'eject_idb' so it works in all kinds of IDA hanging (programmer introduced infinite loops, rare cases of IDA UI hanging, etc.). Here are the binaries too if you don't want to build it yourself (Windows only):
2
1
17
@taviso has done a good job documenting Hiew:. - <-- great resource!. Also check my previous video intro:
I wasted my afternoon writing an introduction to the Hiew hex editor😆 .
0
5
14
First 8.3 beta dropped today. Thanks team @HexRaysSA for the hard work as usual.
Are you a true IDA fan? Keen on trying out pre-release versions and features of our products? Do you want to be a part of the evolution of #IDA? Join our Beta Program today 🌐 #BetaProgram #HexRays #BetaTester
1
2
14
Thank you Stephen for hosting me. I enjoyed it.
Live now! You just don't get someone more knowledgeable with IDA Pro and Hex-Rays than @allthingsida! @HexRaysSA The stream will be available on YouTube once finished!.
2
0
13
Say “Apple Intelligence” one more time, I dare you, I double dare you. —Pulp Fiction.
0
0
12
Verbal Verdict: Cheating in an LLM based game. In this video, we do something different and fun where we learn how to approach and cheat in one of the first games on Steam using local large models as its central gameplay feature. No actual binary reverse engineering is used in.
0
3
11
Help me out please. I am trying to account for various IDAPython and C++ SDK wrappers / libraries. Using the ask_ida/plugins GPT (with its limited knowledge base), I got these results: I know of Sark as well and NtRays by @_can1357 . Anything else you.
3
3
11
@lauriewired Fair and square. Can’t beat a hardware number generator. Very creative presentation.
0
0
11
@lolzareverser @taviso @angealbertini Thanks for the mention! ;) Also the extensibility for Python support: Been using Hiew since at least 1996 ;).
1
0
10
I got another account of mine suspended out of the blue. All technical stuff and nothing else. Woke up the other day and poufff: account suspended. They claim I broke a rule. All appeals go to a bot. Their final decision was to permanently suspend my account. That’s the last.
9
0
6
Now we are talking. Excellent work.
Our research artifacts, including datasets, source code, and models, are open-sourced. Explore our work:
0
0
10
IDA 8.4 sp1, with lots of bug fixes. More details here:
Latest updates 🗞️ We’ve just published IDA 8.4 Service Pack 1 (SP1). As you would expect, it includes bug fixes and some useful improvements 🛠️ Get it now from our website 🌐 #idapro #sp1 #newrelease
0
0
10
Is my script running in IDA or IDA64? What about the input file bitness? What about IDA UI / GUI?
0
2
9
Great quality and learning material by the GH team. Highly recommended.
✅The Game Hacking Bible.☑️CS420 Game Hacking Course.✅Game Hacking Shenanigans.☑️Python Game Hacking Course.✅Java Game Hacking Course.☑️Browser Game Hacking Course.👉
1
1
9
@dan__mayer I use Altap Salamander file manager: It is fast and has a lot of features. Windows Explorer is not for power users. I use Source Insight to read and browse large code bases (.For development, I use Visual Studio for C++ and VS Code.
0
1
7
"write code that returns a vector of ea_t sorted by order of function that is most cross referenced to. So basically, enumerate all functions and see how many xrefs to, then at the end of the day, have a vector of ea of function starts with the most popular function first"
0
0
6
YouTube’s what’s new / update be like: “took the afternoon off.”
0
0
5
ChatGPT gpt4o voice/iOS system prompt:. You are ChatGPT, a large language model trained by OpenAI, based on the GPT-4 architecture. Follow every direction here when crafting your response:. 1. Use natural, conversational language that are clear and easy to follow (short.
0
2
7
Axel, thanks for sharing. As usual useful and professional tools.
Here is a tool that helped me looking for tricky ROP gadgets when manual search failed 🔎. Grab a Windows user-dump of your target, write a pre/post condition and let it try to emulate every candidate in the address space.
1
0
5
@Malcoreio While this is a joke, IMHO, it depends on what you want from that choice. A long NOP can be useful for alignment, a 2 bytes NOP or equivalent can be used for hot patching later, etc. Nonetheless, they should cost same CPU cycles.
1
0
5