Part of the horde working on a BlueKeep exploit with IDA on GNU+Linux? Don't know how to organize your PDB's without _NT_SYMBOL_PATH? Set PDBSYM_DOWNLOAD_PATH in $IDAUSR/cfg/pdb.cfg to keep things organized! Thanks to F4b for this tip! #idatips

Make a mistake? IDA 7.3 has undo! - Screw something up, this should be second nature by now - Hit Control-Z - Wow I'd like to take this moment to thank Ilfak Guilfanov and co for ruining an Aprils fools joke I put nine months of hard labor into >:( #idatips

Tired of decimal supremacy? Depressed that you recognize -2147483648? Try changing the default radix in hexrays! - change DEFAULT_RADIX in your hexrays.cfg to 16 More info: hex-rays.com/products/decom… Thanks to angel_killah for this tip! #idatips

Remember that you can trigger actions in IDA's UI using idaapi.process_ui_action(action_name) (get the name from the shortcuts window) hexblog.com/?p=921 #idapython #idatips idatips

New IDA 7.4 and Decompilers released! Changelog: - IdaPython move to Python 3 - New Local Types editor - Improved GDB support (iOS 13) - Multiple improvements in decompiler engine - Global xrefs directly in pseudocode hex-rays.com/products/ida/7… hex-rays.com/products/decom… #REhints

#idatips how to disable arm macro instruction? Options>General…>Analysis>Kernel option3>Enable macro, uncheck it.

Friday night tweetin' github.com/cseagle/blc for those that want their Ida and their Ghidra too. Chock full o' bugs no doubt.

#idatips Ever get a pointer to the middle of a struct? Just add the __shifted keyword to the variable's type definition!

IDA pro tip: For custom calling convention, many people know __usercall (args / retval). But did you know __spoils for preserved and volatile registers? hex-rays.com/products/ida/s…

-Reversing Tip 25/30- Get the best from both IDA’s decompiler & disassembler by overlaying the C code on the ASM in graph view (by clicking the “/” key) #BinReversingTips

-Reversing Tip 28/30- IDA auto-analysis missed a function arg because it was passed in an “unexpected” register? Use the “__usercall” call convention with “@<register_name>” to declare args & their location: #BinReversingTips #idaTips

Everyone has mashed escape to find that one function they forgot to bookmark, but did you know you can go forward too? Try it with Control + Enter! #idatips

In case Hex-Rays output seems way too partial, try annotating one the variables with the 'volatile' keyword, then decompile again. Chances are the decompiler went overly aggressive and eliminated the memory reference altogether 🙃 See hex-rays.com/products/decom… for the full details

I'm happy to announce the first public release of IDACode! Execute and debug all your IDA scripts from VS Code :) You can find the extension on the VS Code marketplace and the IDA plugin in the repository along with some information: github.com/ioncodes/idaco…

This is a useful thread!

Is the Hex-Rays microcode API powerful? Yes. But the real magic is how receptive the core analysis of the decompiler is to our own extensions. The results are stunning. 7 Days to Lift: A Mission in Microcode: blog.ret2.io/2020/07/22/ida…

Alex Ionescu Igor Skochinsky (@[email protected]) Did you try Shift-Alt-Up/Down? While not exactly the same, these hotkeys search for the closest def/use of the highlighted register. Exists since IDA 7.5, after our conversation :)

I finally found a good use for Hex-Rays "Decompile as call", albeit a pretty niche one.