For better readability, IDA highlights various parts of the disassembly listing using different colors; however these are not set in stone and you can modify most of them to suit your taste or situation. Let’s have a look at the different options available for changing colors in IDA. Themes In case you are not aware, IDA supports […]
Read MoreThe Functions list is probably one of the most familiar features of IDA’s default desktop layout. But even if you use it every day, there are things you may not be aware of. Modal version Available via Jump > Jump to function… menu, or the Ctrl–P shortcut, the modal dialog lets you see the full width of the […]
Read MoreAs explained in Simplex method in IDA Pro, having correct stack change information is essential for correct analysis. This is especially important for good and correct decompilation. While IDA tries its best to give good and correct results (and we’ve made even more improvements since 2006), sometimes it can still fail (often due to wrong […]
Read MoreContinuing from last week, let’s discuss other disassembly options you may want to change. Here’s the options page again: Disassembly line parts This group is for options which control the content of the main line itself. Here is an example of a line with all options enabled: The marked up parts are: The line prefix (address of […]
Read MoreBy default IDA’s disassembly listing shows the most essential information: disassembled instructions with operands, comments, labels. However, the layout of this information can be tuned, as well as additional information added. This can be done via the Disassembly Options tab available via Options > General… menu (or Alt–O, G). Text and Graph views options If you open […]
Read MoreWhile register highlighting can help tracking how a register is used in the code, sometimes it’s not quite sufficient, especially if multiple registers are used by a complicated piece of code. In such situation you can try register renaming. To rename a register: place the cursor on it and press N or Enter, or double-click it A dialog […]
Read MoreGraph view is the default disassembly representation in IDA GUI and is probably what most IDA users use every day. However, it has some lesser-known features that can improve your workflow. Parts of the graph The graph consists of nodes (blocks) and edges (arrows between blocks). Each node roughly corresponds to a basic block. a basic block is a straight-line […]
Read MoreIDA’s default windows layout is sufficient to perform most standard analysis tasks, however it may not always be the best fit for all situations. For example, you may prefer to open additional views or to modify existing ones depending on your monitor size, specific tasks, or the binary being analyzed. Rearranging windows The standard operation is mostly […]
Read MoreWhen reverse-engineering, sometimes you need to perform some simple calculations. While you can always use an external calculator program, IDA has a built-in one. You can invoke it by pressing ? or via View > Calculator. The calculator shows the result in hex, decimal, octal, binary and as a character constant. This information is also duplicated […]
Read MoreEven if you prefer to move around IDA by clicking, the G shortcut should be the one to remember. The action behind it is called simply “Jump to address” but it can do many more things than what can be guessed from the name. Jump to address First up is the actual jumping to an address: enter an […]
Read More