Igor’s tip of the week #20: Going places
Even if you prefer to move around IDA by clicking, the G shortcut should be the one to remember. The action behind it is called simply “Jump to address” but it can do many more things than what can be guessed from the name.
Jump to address
First up is the actual jumping to an address: enter an address value to jump to. You can prefix it with
0x to denote hexadecimal notation but this is optional: in the absence of a prefix, the entered string is parsed as a hexadecimal number.
In architectures with segmented architecture (e.g. 16-bit x86), a segment:offset syntax can be used. Segment can a be symbolic name (
dseg) or hexadecimal (
F000); the offset should be hexadecimal. If the current database contains both segmented and linear (flat) addressed segments (e.g. a legacy 16-bit bootloader with 32-bit protected mode OS image in high memory), a “segment”
0 can be used to force the usage of linear address (
Jump relative to current location
If the entered value is prefixed with
-, it is treated as relative offset from the cursor’s position. Once again, the
0x prefix is optional:
+100 jumps 256 bytes forward and
-10000 goes 64KiB(65536 bytes) backwards.
Jump to a name
A name (function or global variable name, or a label) in the program can be entered to jump directly to it. Note that the raw name should be entered as it’s used in the program with any possible special symbols, for example
[email protected][email protected] for
Jump to an expression
A C syntax expression can be used instead of a bare address or a name. Just like in C, the hexadecimal numbers must use the
0x prefix – otherwise decimal is assumed. Names or the special keyword
here can be used (and are resolved to their address). Some examples:
here + 32*4: skip 32 dwords. Equivalent to
_main - 0x10: jump to a position 0x10 bytes before the function main()
f2 + (f4-f3): multiple symbols can be used for complicated situations
During debugging, you can use register names as variables, similarly to names in preceding examples. For example, you can jump to
X0+0x20(ARM64) and so on. This works both in disassembly and the hex view.