This morning, much to my delight, Hex-Rays released their highly anticipated IDA 5.4. The new update includes some incredible features that continue to push IDA into ubiquity. Today, on MindshaRE, we will take a quick look at some of the new tech, and get you over to hex-rays.com to read up on the new version.

MindshaRE is our weekly look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries here by going through our blog history.

First, is the added support for new debugging modules. Ilfak has intelligently decided to include support for Bochs, GDB, and WinDBG to the IDA core debugging engine. This means greater flexibility for users who have always been a little weary of the built in IDA debugger, or exist in a diverse environment needing remote access to multiple systems.

The addition of Bochs has been in the works for a while. Using this debugging module allows you to emulate code, or whole operating systems from within IDA. This new addition alone can be worth the price of admission, especially if you frequently work with malware.

Luckily, WinDbg is another of these added modules. Using WinDbg in IDA now allows you to debug user, and kernel space from within the IDA GUI. Obviously this opens huge doors for new plugins, scripts, and integration, and I am really looking forward to trying this out. Hopefully, everything available in the WinDbg command line is seamlessly integrated in the IDA debugging view.

IDA 5.3 saw the PDB parser undergo a massive overhaul. According to the 5.4 release notes, this update is complete and tightly integrated into the loader. In the past, third party plugins were needed to rip out local variable names, and types from a symbol file. This may be a thing of the past if the default PDB loader can keep up with the pack.

The command line in IDA has existed for a long time, but with limited functionality. Because of this, I have never really cared much for it. In this new version however, Ilfak has opened it up to support all three debugging engines, and Python! You can now control, and access information through the command line very rapidly.

That's right. Python support is distributed with IDA. Gergely Erdelyi's idapython plugin will come pre-bundled with the distribution. It's always nice to see the essentials packaged in one location.

This release has had some significant updates. Time will tell if they change the way you work in IDA, or WinDbg. Regardless, it's a good thing for IDA and Hex-Rays. These significant evolutionary steps are mandatory in keeping with the rapid growth of modern software, and malware. I'm off to give this thing a spin, you should head over to the feature list for a complete dish on IDA 5.4. Have Fun and let me know what you think.

-Cody