State-of-the-art binary code analysis tools

Even if you prefer to move around IDA by clicking, the G shortcut should be the one to remember. The action behind it is called simply “Jump to address” but it can do many more things than what can be guessed from the name.

Jump to address

First up is the actual jumping to an address: enter an address value to jump to. You can prefix it with 0x to denote hexadecimal notation but this is optional: in the absence of a prefix, the entered string is parsed as a hexadecimal number.

In architectures with segmented architecture (e.g. 16-bit x86), a segment:offset syntax can be used. Segment can a be symbolic name (seg001, dseg) or hexadecimal (F000); the offset should be hexadecimal. If the current database contains both segmented and linear (flat) addressed segments (e.g. a legacy 16-bit bootloader with 32-bit protected mode OS image in high memory), a “segment” 0 can be used to force the usage of linear address (0:1000000).

Jump relative to current location

If the entered value is prefixed with + or -, it is treated as relative offset from the cursor’s position. Once again, the 0x prefix is optional: +100 jumps 256 bytes forward and -10000 goes 64KiB(65536 bytes) backwards.

Jump to a name

A name (function or global variable name, or a label) in the program can be entered to jump directly to it. Note that the raw name should be entered as it’s used in the program with any possible special symbols, for example _main for main() or [email protected][email protected] for operator new().

Jump to an expression

A C syntax expression can be used instead of a bare address or a name. Just like in C, the hexadecimal numbers must use the 0x prefix – otherwise decimal is assumed. Names or the special keyword here can be used (and are resolved to their address). Some examples:

  • here + 32*4: skip 32 dwords. Equivalent to +80
  • _main - 0x10: jump to a position 0x10 bytes before the function main()
  • f2 + (f4-f3): multiple symbols can be used for complicated situations

Using registers

During debugging, you can use register names as variables, similarly to names in preceding examples. For example, you can jump to EAX, RSP, ds:si(16-bit x86), X0+0x20(ARM64) and so on. This works both in disassembly and the hex view.