I decided to create a very simple, user friendly guide on using IDA Pro to dissasmble simple programs (exe), this guide is based at covering the
very basic functions of IDA Pro. Sorry if this guide appears to mock your intelligence.
~~
I have also included the Visual C++ source files for VisualCalc.exe, for those who want to compare the dissasmbled VisualCalc.exe to the original source, etc..
Programs Needed:
IDA Pro FULL:
IDA Pro Install Notes:
*Unpack the .rar
*Install using the provided .exe
*Enjoy the full version with SDK
*Uploaded and tested by me, enjoy another fine upload.
VisualCalc and Source Files:
VisualCalc_and_Sour***iles.rar - FileFront.com
1. First install IDA Pro (that explains itself) next extract
VisualCalc and Sour***iles.rar to your desktop.
2. Next run IDA Pro, when the application loads you will recieve this image, click "new"
3. The next step you will be faced with selecting a new dissasembly database, for this example we will be keeping things simple. Click the windows tab and selected
PE Executable and press OK.
4. Next it will bring up a window asking you to select a file to dissasemble, navigate your way to the "TEST" folder you extracted and open up VisualCalc.exe.
5.The next window will ask you to select your processor type and their will be a list of Many processors to choose from. To find what type your processor is click start and right click
my computer and select
Manage.
6. From here expand system tools and click
device manager under the list. Next Locate the section
processor amongst the many other devices. Right click processors and select properties, next click the detail tab. Besides the processor icon it shows that i have a Penium ® 4 (p4) processor and under the device instance id i see that my processor is part of the X86 family. From this information I know I have a p4 thats part of the X86 family. Remeber your processor information most likely
WIll NOT be the same as mine use the similar method i used to identify your own processor.
7. Next go back to IDA Pro and scroll through the list of processor types, press set and ok. After doing these settings you will have to exit IDA Pro load IDA Pro again;
Repeat steps 2 - 4! 
8. Now a PE executable file loading wizard will appear continue to click next and make sure you have these settings.
9. After pressing finish let the program run until it is
completley finished This may take a very long time depending on your computer etc.. When the program is finished you will see something like this (don't be overwhelmed were not doing any analysis in this guide):
notice at the bottom it says: The initial autoanalysis has been finished this indicates the program is done this step.
10. Shortly after this you will get a popup like this, click OK
11. The next step is just a little verification debugging to make sure things are running ok, press F9, and click YES to this debugger warning that appears:
12. After it runs you should see a little calculator appear in your IDA Pro window, or its minimized, this is a good sign to continue ^_^:
13. Next after all your hard work you may want to save this for further analysis press File > save, Ida should save what your currently working on in the VisualCalc's folder.
14. Now to save our dissasembled progress into assembly language in this case ASM, click File > produce file > Create ASM file.
15.Save your program as whatever you want, in this case I called mine calculatorASM.
16. IT may take a long time to save you should see this while its saving your work to ASM, pay close attention at the bottom to the number of lines for even a small program such as this.
17. Finally when your done with IDA Pro and want to exit, make sure you follow these settings for the popup and click OK:
18. The final files should all be located in the VisualCalc.exe's folder which you opened in step 4, and look like this:
And thats all, hope you find the tut useful more to come.
I have also included the Visual C++ source files for VisualCalc.exe, for those who want to compare the dissasembled exe to the original source, etc..
Linear Mode
