The real interest of a disassembler is that it shows the instructions that are actually executed by the processor in a symbolic representation called assembly language. A disassembler can reveal it what all your freshly installed softwares are actually doing and if some of them are spying on your data. However, assembly language is hard to comprehend and analyse. That's why advanced techniques have been implemented into IDA Pro to make that code more readable, in some cases, quite close to the original source code that produced the binary program. IDA Pro also works as a debugger. Hostile code usually does not cooperate with the analyst. Viruses, worms and trojans are often armored and obfuscated. More powerful tools are required. The debugger often bypasses the obfuscation and helps obtain data that the more powerful static disassembler will be able to process in depth.
Here are some more ways in which IDA Pro makes itself useful:
- A completely interactive user interface: IDA Pro is fully interactive in sharp contrast with its predecessors, IDA always allows the human analyst to override its decisions or to provide hints so that you can do what you want instead of having an action be forcefully executed by a software
- An extensively programmable software: IDA Pro contains a complete development environment that consists of a very powerful macro-like language that can be used to automate simple to medium complexity tasks. For more advanced tasks, IDA’s open plugin architecture puts no limits on what external developers can do to enhance IDA Pro's functionality.
- COTS validation: Most of the software solutions now a days are developed out of the national area where it is actually used. Since programs are extremely difficult to verify, since complete source code audit and rebuilds aren't always practical, tools, such as IDA provide a convenient means to check if a program really does what it claims to do for you.