The Functions list is probably one of the most familiar features of IDA’s default desktop layout. But even if you use it every day, there are things you may not be aware of. Modal version Available via Jump > Jump to function… menu, or the Ctrl–P shortcut, the modal dialog lets you see the full width of the […]
As explained in Simplex method in IDA Pro, having correct stack change information is essential for correct analysis. This is especially important for good and correct decompilation. While IDA tries its best to give good and correct results (and we’ve made even more improvements since 2006), sometimes it can still fail (often due to wrong […]
Continuing from last week, let’s discuss other disassembly options you may want to change. Here’s the options page again: Disassembly line parts This group is for options which control the content of the main line itself. Here is an example of a line with all options enabled: The marked up parts are: The line prefix (address of […]
By default IDA’s disassembly listing shows the most essential information: disassembled instructions with operands, comments, labels. However, the layout of this information can be tuned, as well as additional information added. This can be done via the Disassembly Options tab available via Options > General… menu (or Alt–O, G). Text and Graph views options If you open […]
While register highlighting can help tracking how a register is used in the code, sometimes it’s not quite sufficient, especially if multiple registers are used by a complicated piece of code. In such situation you can try register renaming. To rename a register: place the cursor on it and press N or Enter, or double-click it A dialog […]
Graph view is the default disassembly representation in IDA GUI and is probably what most IDA users use every day. However, it has some lesser-known features that can improve your workflow. Parts of the graph The graph consists of nodes (blocks) and edges (arrows between blocks). Each node roughly corresponds to a basic block. a basic block is a straight-line […]
IDA’s default windows layout is sufficient to perform most standard analysis tasks, however it may not always be the best fit for all situations. For example, you may prefer to open additional views or to modify existing ones depending on your monitor size, specific tasks, or the binary being analyzed. Rearranging windows The standard operation is mostly […]
When reverse-engineering, sometimes you need to perform some simple calculations. While you can always use an external calculator program, IDA has a built-in one. You can invoke it by pressing ? or via View > Calculator. The calculator shows the result in hex, decimal, octal, binary and as a character constant. This information is also duplicated […]
Even if you prefer to move around IDA by clicking, the G shortcut should be the one to remember. The action behind it is called simply “Jump to address” but it can do many more things than what can be guessed from the name. Jump to address First up is the actual jumping to an address: enter an […]
When dealing with big programs or huge functions, you may want to know how various functions interact, for example where the current function is called from and what other functions it calls itself. While for the former you can use “Cross-references to”, for the latter you have to go through all instructions of the function […]
