You are browsing the archive for IDA/Hex-Rays.

…and the most 1337 #lolbin is…

July 4, 2019 in IDA/Hex-Rays, Living off the land, LOLBins

idaX.exe -Otest: test – DLL inside Ida’s plugins directory (with the appropriate filext DLL, PLW, P64) idaX – ida[wtq](64)? depending on the version btw. Ida says: Loading plugin C:\ida\plugins\test.plw… C:\ida\plugins\test.plw: […]

IDA, hotpatched functions and signatures that don’t work…

April 7, 2017 in IDA/Hex-Rays, Malware Analysis, Reversing

In my recent post, I described issues related to signatures of functions prefixed with 0xCC (int 3). It turns out that there is one more issue that causes sigs to […]