State-of-the-art binary code analysis tools
Name mangling (also called name decoration) is a technique used by compilers to implement some of the features required by the language. For example, in C++ it is used to distinguish functions with the same name but different arguments (function overloading), as well as to support namespaces, templates, and other purposes. Mangled names often end up in the […]
In IDA’s disassembly, you may have often observed names that may look strange and cryptic on first sight: sub_73906D75, loc_40721B, off_40A27C and more. In IDA’s terminology, they’re called dummy names. They are used when a name is required by the assembly syntax but there is nothing suitable available, for example the input file has no […]
The user directory is a location where IDA stores some of the global settings and which can be used for some additional customization. Default location On Windows: %APPDATA%/Hex-Rays/IDA Pro On Linux and Mac: $HOME/.idapro For brevity, we’ll refer to this path as $IDAUSRin the following text. Contents/settings The directory is used to store the processor module caches (proccache.lst and proccache64.lst) as well […]
Scripting allows you to automate tasks in IDA which can be repetitive or take a long time to do manually. We previously covered how to run them in batch (headless) mode, but how can they be used interactively? Script snippets File > Script Command… (Shift+F2) Although this dialog is mainly intended for quick prototyping and […]
You may have come across the menu items View > Hide, Unhide but possibly never used them. These commands allow you to hide, or collapse and unhide/uncollapse parts of IDA’s output. They can be used in the following situations: Hiding instructions or data items To make your database more compact and reduce clutter, you can opt to hide […]
IDA has three shortcuts as an alternative to some menus which could be cumbersome to navigate. Quick view Probably the most commonly used, it is triggered by the shortcut Ctrl+1 and shows the items under the View > Open subviews menu. It can be especially useful for opening views which have no dedicated shortcut such as Notepad (although […]
The Functions list is probably one of the most familiar features of IDA’s default desktop layout. But even if you use it every day, there are things you may not be aware of. Modal version Available via Jump > Jump to function… menu, or the Ctrl–P shortcut, the modal dialog lets you see the full width of the […]
As explained in Simplex method in IDA Pro, having correct stack change information is essential for correct analysis. This is especially important for good and correct decompilation. While IDA tries its best to give good and correct results (and we’ve made even more improvements since 2006), sometimes it can still fail (often due to wrong […]
Continuing from last week, let’s discuss other disassembly options you may want to change. Here’s the options page again: Disassembly line parts This group is for options which control the content of the main line itself. Here is an example of a line with all options enabled: The marked up parts are: The line prefix (address of […]
By default IDA’s disassembly listing shows the most essential information: disassembled instructions with operands, comments, labels. However, the layout of this information can be tuned, as well as additional information added. This can be done via the Disassembly Options tab available via Options > General… menu (or Alt–O, G). Text and Graph views options If you open […]
