► Introduction

IDA is the disassembler I use for several years now.
Why this one and not another ?

  • a lot of processors supported
  • renaming functions/vars is a timer saver
  • ability to create my own loader/script/custom function

Unfortunaly, it also comes with a lot of cons

  • basic license is 1000$ (!!)..unless you're looking for x86 (free version)
  • API is a pain to understand...when you finally find a doc !
  • API changes every version
  • born as a DOS software, so it still uses DOS hotkeys
  • no UNDO (save often!)

► Use it

Basically, you load a binary, select a processor and start analysis.
Sometimes, IDA is able to define the exact format of the binary (EXE, ELF,..) and so exactly knows where the code start.
If not, move to the code start and press C (code).
Or, better one, you can create your own loader (see below)
I won't explain the basis in process here. I suggest you read
this BlackHat training
or, if you're looking for more,
the IDA Pro Book, 2nd Edition

And yes, I still use 6.1, it's the more "common" version, which mean a better compatibility rate with freely available plugins

► Loader

If you deal with old systems, apart Arcade which often use raw binary, it's almost sure the program format isn't handle by IDA.
The processor is probably available (Z80, 6502, 68000) but it doesn't understand the header (segments def, interrupt vectors, rom header)
According the complexity of the header, it's in fact easy to explain it to IDA : you need to write your own loader.
The loader will tell to IDA what to load and where to start code analysis.
But you could even make something more useful : define the BIOS functions, which will make easy to read the disassembled code.
To do this, you need the know these BIOS functions of course so get your system dev doc!

Official exemple

► Plugin

Sometimes, you need to convert a lot of bytes to something more.
The easiest way to do it, if it's something you do 'often', is to write a plugin.
This plugin could be called from menu and/or hotkeys to act of selected code or whatever you need
Here, we jump to the hardest part of IDA. Be sure to do it only if you need it AND you'll use it more than once (and you'll share it)
It allows you to add code on IDA, with a new GUI if needed

Official exemple
GUI details
Scramble