I'm thinking about buying it, but only if the latest version makes things far easier with extra features, so I'm wondering if it supports a few things that the freeware version doesnt (or how difficult it would be to add such things with plugins etc). If there is a more appropriate forum for such questions, I'd appreciate pointers to it (the IDA Pro forum is only for customers, so that wasn't an option).

I would test the demo version, but the programs I need to use it on take so long to analyse that it times out shortly after it allows user interaction (maybe 2-5 minutes, depending on whatever random factors it uses to decide when to shut down).

I'm having a difficult time keeping track of functions that were (probably) only in a single compilation unit, such that they freely use whatever registers they want as input. Does IDA Pro 5.0 allow marking registers as arguments to a function, such that each call to the function will mark the line setting that register with the parameter name and/or type?

Is there some way to have the analyzer treat a 'call' as if the function called was actually in place of the call? Several functions that were probably used only in a single compilation unit end up using the stack frame of the one or two functions that call them, and that messed up analysis such that I have to figure out all the offsets myself, which is quite tedious.

How well does it's stack analysis work? Several times in IDA freeware, the program apparently misses a push or pop and throws off the use of arguments in a function so that every single one is called incorrectly. This could perhaps be caused by it's signatures having the wrong calling convention, but it happens quite rarely so it seems more likely to simply be a bug of some sort.

How well does it recognize basic structures such as 'switch' statements? In OllyDbg, most are recognized in the project I'm currently working on and it helps tremendously, but IDA Freeware doesn't seem to recognize any at all.

Are there any plugins that attempt to detect where a function is inlined and somehow mark that as an xref to the function itself? If not, how difficult would it be to make something like that? Inline functions give me a headache since I have to go comment each instance after figuring out the non-inlined version and it can take quite a while.

Another thing that bothers me is the IDA website - it has some oddities, such as the menu along the bottom not being updated to match the top menu (the bottom one takes you to and outdated news page, for example). Does such negligence reflect on a larger issue, or is it just that a bunch of programmers are trying to make a website?

Any other comments or suggestions would be greatly appreciated

In my experience, the autoanalysis seems to have gotten worse with the newer versions.
I have v3.6, 4.17, and 4.5, and from my experience the 4.17 and 4.5 seem to make more mistakes with the analysis than 3.6. That's why I've always used 3.6, it fits my needs perfectly well and works fine.

Not exactly, but you can specify a function's prototype by pressing "Y" within the function. This will sometimes cause IDA to comment the pushed arguments to the function from the caller, and sometimes works with registers for __fastcall. I've had mixed results, though


I don't believe you can easily do this, unless you tell IDA to consider the caller and callee the to be in the same procedure (not realistic if they're not next to each other in memory).


This isn't a common problem for me with IDA Pro 5.0.


Mixed results.


A *bunch* of programmers? Datarescue is a much smaller company thank you think it is

Unfortunately, __fastcall never seems to map to the same registers as are actually used for parameters, which is why I was wondering. For example, many functions seem to take ESI, EDI, and ECX as input (all class functions take ECX, for example), but fastcall seems to map to registers in alphabetic order, which is something I haven't seen actually done yet.
No IDC function or plugin call to say something like "Starting with state X, Analyze from A1 to A2, then save the state" that could be used to simulate such a thing?
Have you had the problem with previous versions, such that you could make some kind of comparative statement?
More false positives or more failures to detect?
I realize it's size, I think bunch simply has different connotation to you and me.

As all of our ToTs, IDA Pro is just a tool. As you will know, automatic analysis has its limits and there is no alternative to make use of the greatest tool ever created. Yes, I am talking about the grey matter between your ears I think your problem with inline functions could be solved if you create your own FLIRT signatures (I still have to smile a bit whenever I see this acronym). The tools that come with IDA Pro (or are available for regged users) allow extensive modifications to the original behaviour. If the money is not your main concern, then IDA Pro is definitely worth buying. However, it will not do your job for you. If you can, drop me a private message, I'd like to have a look at that unit you're working on. And last but not least, IDA Pro is no static object, it's a powerful tool that's under constant development. If I'll encounter the same problems that you had with the freeware version, I'll probably post on their forum and ask for suggestions how to solve these issues. In most cases, it can already be done with the current IDA version, it just requires a bit of extra programming.
Don't get me wrong, I'm not altruistic, but chances are that I'll run into such problems sooner or later as well, and it's always good to have a solution before the problem occurs

laola, I don't think FLIRT can be used for inline functions.

I'll never know until I try (and fail miserably, probably) *g* Even if it doesn't work with FLIRT, there has to be a way to mark them, at least semiautomatically

I should probably explain that with 'switch detection', I do not mean "correctly disassembling code produced by a switch" (the code I use it on doesn't have anything besides jump tables and conditional branch trees for switches AFAICT) but rather a nifty feature from OllyDbg that will also label likely switch statements with "Switch(Min..Max)" and then label each 'case' with the value(s) that block is called for, which makes analysis FAR easier than having to sit with pencil and paper and work out what that odd arithmetic does to the numbers before each comparison, etc.

There certainly is, but you'd have to write the code yourself

Yup, that is such a handy feature.