Igor’s tip of the week #27: Fixing the stack pointer

As explained in Simplex method in IDA Pro, having correct stack change information is essential for correct analysis. This is especially important for good and correct decompilation. While IDA tries its best to give good and correct results (and we’ve made even more improvements since 2006), sometimes it can still fail (often due to wrong […]

Igor’s tip of the week #26: Disassembly options 2

Continuing from last week, let’s discuss other disassembly options you may want to change. Here’s the options page again: Disassembly line parts   This group is for options which control the content of the main line itself. Here is an example of a line with all options enabled: The marked up parts are: The line prefix (address of […]

Igor’s tip of the week #25: Disassembly options

By default IDA’s disassembly listing shows the most essential information: disassembled instructions with operands, comments, labels. However, the layout of this information can be tuned, as well as additional information added. This can be done via the Disassembly Options tab available via Options > General… menu (or Alt–O, G). Text and Graph views options If you open […]

Igor’s tip of the week #24: Renaming registers

While register highlighting can help tracking how a register is used in the code, sometimes it’s not quite sufficient, especially if multiple registers are used by a complicated piece of code. In such situation you can try register renaming. To rename a register: place the cursor on it and press N or Enter, or double-click it A dialog […]

Igor’s tip of the week #23: Graph view

Graph view is the default disassembly representation in IDA GUI and is probably what most IDA users use every day. However, it has some lesser-known features that can improve your workflow. Parts of the graph The graph consists of nodes (blocks) and edges (arrows between blocks). Each node roughly corresponds to a basic block. a basic block is a straight-line […]

Igor’s tip of the week #22: IDA desktop layouts

IDA’s default windows layout is sufficient to perform most standard analysis tasks, however it may not always be the best fit for all situations. For example, you may prefer to open additional views or to modify existing ones depending on your monitor size, specific tasks, or the binary being analyzed. Rearranging windows The standard operation is mostly […]

Igor’s tip of the week #21: Calculator and expression evaluation feature in IDA

When reverse-engineering, sometimes you need to perform some simple calculations. While you can always use an external calculator program, IDA has a built-in one. You can invoke it by pressing ? or via View > Calculator. The calculator shows the result in hex, decimal, octal, binary and as a character constant. This information is also duplicated […]

Igor’s tip of the week #20: Going places

Even if you prefer to move around IDA by clicking, the G shortcut should be the one to remember. The action behind it is called simply “Jump to address” but it can do many more things than what can be guessed from the name. Jump to address First up is the actual jumping to an address: enter an […]

Igor’s tip of the week #19: Function calls

When dealing with big programs or huge functions, you may want to know how various functions interact, for example where the current function is called from and what other functions it calls itself. While for the former you can use “Cross-references to”, for the latter you have to go through all instructions of the function […]