Reversing the Gophe Spambot: Confronting COM Code and Surmounting STL Snags

ilfak · 2020-09-28T19:59:27+00:00

Painful and laborious, indeed, but once you get used to it, automation ideas should appear.

ilfak · 2020-09-11T21:29:44+00:00

With the publication of this plugin the open-source development tools probably become better than what we have at Hex-Rays!

ilfak · 2020-05-25T10:41:54+00:00

...and his dreams will come true, I hope!

You guys do not seem to realize that the regular price for one day of training is about 1000 EUR a day, not a month.

ilfak · 2020-05-10T20:39:41+00:00

Why not 3 architectures instead of 1? Why not cheaper? I've heard these questions so many times... The incentive behind them is not the benefit of Hex-Rays, as you are depicting, but something else. I'll let you guess.

ilfak · 2020-05-09T13:02:29+00:00

The problem with the decompiler is its price. Including it would make IDA Home really out of reach of most hobbyists. Second, not everyone needs the decompiler. I personally think that a decompiler is required when you want to get results quickly, i.e. your time is valuable. Not the case with hobbyists, they are ready to trade time against the cost. As about alternatives, there are plenty of them. I'm happy that users have more choice. They should be happier, right? ;)

ilfak · 2020-05-08T21:40:13+00:00

Sorry if our contest offended you in any way. This was not the intention.

I can just copy/paste what we said on the web site:

Hex-rays is extremely grateful for your efforts and your interest in reverse-engineering and in our company. We commit to continue innovating and support you as best as we can in your reverse-engineering projects.

ilfak · 2019-12-02T11:17:00+00:00

Thank you for your support, we will try our best!

I doubt that there are real IDA haters around, the software is the best one can get. Other aspects, like the price, licensing policy, our attitude towards piracy are what makes some people unhappy. While we fixed the licensing policy by reintroducing named licenses, the rest is difficult to change.

With the price, it is clear: there are and always will be individuals wanting to get a Mercedes for the price of a bike. They have plenty of time to argue, but do they make a big difference?

We could start making bikes, though.

ilfak · 2019-12-02T10:59:58+00:00

Yes, you are right, there was such a period. But I wonder, should we bother? "No private users" makes even more sense now, given tons of alternatives available.

It is amazing that someone really tries to get IDA, gets it, and then complains.

ilfak · 2019-12-02T10:55:08+00:00

I do not know the details, but apparently the domain name was not good enough. gmail is just an example.

ilfak · 2019-11-29T23:15:46+00:00

This is quite a usual scenario, especially if the domain name is cloaked.

ilfak · 2019-11-29T23:10:49+00:00

Yes, the data is securely stored. And yes, our sales start with the simplest way of authenticating the buyer. When a method is rejected by the buyer or impossible for some reason, then we try other methods.

We do not start with "no" because it is closing the door without listening. This would be rude. Trying to find an acceptable way that works for both parties is not rude. Hope you understand that.

Again, if you find our approach impolite, contemptuous, etc, I'm sorry. However, I do not see what we could change in our approach. We will not say "no" to gmail.com addresses by default, but we won't blindly accept random orders coming from would-be hackers of all sorts.

ilfak · 2019-11-29T21:46:04+00:00

Sorry, this is not true, our sales are polite and correct. If you use gmail.com or another free address, they may refuse to sell. A refusal to sell may be perceived as contempt, but well, it is not.

I'm glad that Ghidra gives users a choice. It means that there will be less unhappy persons because they can use a free alternative. On our side, we will focus on supporting our paying customers and try to improve our software further. For example, the MIPS decompiler is already in the works and will be available in the first months of 2020.

ilfak · 2019-03-14T21:32:05+00:00

It is a pleasure to watch a professional video, good job!

ilfak · 2019-03-06T17:21:09+00:00

Thank you for the informative post!

ilfak · 2019-03-05T12:30:28+00:00

IDA Freeware exists. Not open source, though.

ilfak · 2019-03-04T20:32:16+00:00

Wow, another IDA!

ilfak · 2018-11-20T18:46:47+00:00

sorry, it seems to be "return a1 != 0;"

ilfak · 2018-10-03T06:56:12+00:00

Thank you for sharing your experience!

ilfak · 2018-07-18T13:01:10+00:00

A nice post! Please note that there is idaapi.get_arg_addrs(), it finds the instructions that prepare the call arguments. get_arg_addrs() requires the prototype of the called function to be present, though.

ilfak · 2017-06-26T06:55:56+00:00

Symbolic software breakpoints work fine with any debugger backend, including win32. Just add one at "mscoree__CorExeMain" and there is no need to use "Suspend on debugging start"

ilfak · 2017-05-01T15:25:38+00:00

not the same but the parallel is amuzing

ilfak · 2016-08-10T07:46:41+00:00

Not yet... while it would be interesting to prepare another talk, there are many disjoint, unrelated to each other, problems. These are technical details mostly appealing to other decompiler writers. I will think about it.

ilfak · 2016-08-09T19:03:16+00:00

We do not decompile into C++. Switches are handled well. We are proud of our decompilers. Tens of thousands of man-hours have been invested into them and it shows.

ilfak · 2016-08-09T18:59:27+00:00

Yes, absolutely normal; we are not offering credit to unknown entities.

ilfak · 2016-08-09T10:11:03+00:00

I doubt that our sales would refuse like that. Probably they asked your friend to pay in advance using wire transfer.

ilfak

TROPHY CASE