This article covers free IDA PRO alternatives, IDA HOME alternatives and IDA-like alternatives that are in active development, are somewhat rival to IDA PRO, suitable either for static or dynamic analysis and has a disassembler and debugger.
If you're looking for free IDA alternatives. I would start off with Ghidra and the HEX DEREF if you need to do dynamic analysis as it has one of the most fastest, if not the fastest code dissection feature (an initial analysis in IDA PRO).
Here is a list of free alternatives to IDA that are currently included in the article: HEX DEREF and GHIDRA
Depending on your reverse engineering task, often you will have to do a full analysis by combining both techniques. A protected executable must be dumped from memory and the IAT may need to be fixed before a binary can be properly analysed statically despite tools used. Therefore a direct comparison static vs dynamic analysis is not that straightforward. Dynamic vs static analysis
The author of this article assumes you're already familiar with IDA HOME or IDA PRO. Therefore, I am not going to provide any of IDA tricks nor plugins in this article but here is a quick review of IDA PRO:
OFFICAL SITE: IDA PRO
- Probably the best software for static analysis if you can afford the professional version and decompiler plugin.
- The free version of IDA is more or less useless because the free Ghidra comes with a pseudo C decompiler plugin
- Not suitable for beginners due to the complexity of the software.
- Plugin support
Free IDA PRO alternatives for dynamic malware analysis
OFFICAL SITE: HEX DEREF
- Free closed-source written in C#/C++. Currently supports only x64 (64-bit) processes
- Fully dynamic memory viewer with multi-threaded IDA like 64-bit disassembler. Some of the functionality of the disassembler is equivalent to IDA PRO.
- The "Dump strings" tool provides more results than the IDA equivalent
- The disassembler includes a built-in feature that generates unique assembly signatures for the entire process unlike the community made IDA signature maker plugin
- Includes two different 64-bit debuggers. Windows debug API's and a VEH debugger. The following breakpoint methods are supported in both debugger modes: HWBP, INT3 and page faults
- The import address table (IAT) auto-detect feature that attempts to detect also redirected IAT's without the need to use WINAPI functions.
- As a bonus includes Cheat Engine core functionality with AVX2 optimized memory scanner
Free alternatives to IDA PRO for static malware analysis
- Free open source software written in Java by the NSA.
- The tool is like an IDA with a similar functionality including built-in scripting support. Mastering Ghidra
- The software comes with pseudo C decompiler plugin which is free alternative to IDA decompiler plugin
- Pretty much rival to IDA PRO
- The only thing I do not like is the fact that the tool is made by a government unlimited budget which distorts competition
- IDA PRO vs Ghidra