Last week we’ve discussed various kinds of comments in IDA’s disassembly and pseudocode views. In fact, the comments are also available for Structures and Enums. You can add them both for the struct/enum as a whole and for individual members. Similar to the disassembly, regular and repeatable comments are supported. Repeatable comments are duplicated in the […]
The “I” in IDA stands for interactive, and one of the most common interactive actions you can perform is adding comments to the disassembly listing (or decompiler pseudocode). There are different types of comments you can add or see in IDA. Regular comments These comments are placed at the end of the disassembly line, delimited by an […]
Along with the release of Service Pack 3 for IDA 7.5, we have updated our XNU Debugging Tutorial with a new section about macOS11 kernel debugging. It has some analysis and debugging tips for the new kernelcache format in macOS11 Big Sur. We hope you will find it useful! Downloads XNU Debugging Tutorial […]
Most of IDA users probably analyze software that uses English or another Latin-based alphabet. Thus the defaults used for string literals – the OS system encoding on Windows and UTF-8 on Linux or macOS – are usually good enough. However, occasionally you may encounter a program which does use another language. Unicode strings In case the program […]
Hex-Rays announces the release of Service Pack 3 (SP3) for IDA Pro 7.5. It is glad to announce the release of the Service Pack 3 today. The release introduces a handful of new and interesting features specific to the soon-to-be-released macOS 11 (Big Sur) and provides fixes for numerous errors in IDA. We improved: macOS11 kernel debugging with […]
Sometimes you know the structure size but not the actual layout yet. For example, when the size of memory being allocated for the structure is fixed: In such cases, you can quickly make a dummy structure and then modify it as you analyze code which works with it. There are several approaches which can be used […]
When reverse engineering a big program, you often run into information stored in structures. The standard way of doing it involves using the Structures window and adding fields one by one, similar to the way you format data items in disassembly. But are there other options? Let’s look at some of them. Using already formatted data This […]
Arrays are used in IDA to represent a sequence of multiple items of the same type: basic types (byte, word, dword etc.) or complex ones (e.g. structures). Creating an array To create an array: Create the first item; Choose “Array…” from the context menu , or press *; Fill in at least the Array size field and click OK. Step 1 […]
While working in IDA, sometimes you may need to reanalyze some parts of your database, for example: after changing a prototype of an external function (especially calling convention, number of purged bytes, or “Does not return” flag); after fixing up incorrectly detected ARM/Thumb or MIPS32/MIPS16 regions; after changing global processor options (e.g. setting $gp value in MIPS or […]
We’ve briefly covered batch mode last time but the basic functionality is not always enough so let’s discuss how to customize it. Basic usage To recap, the batch mode can be invoked with this command line: ida -B -Lida.log <other switches> <filename> IDA will load the file, wait for the end of analysis, and write the full disassembly to <filename>.asm How it […]
