Igor’s tip of the week #16: Cross-references

cross-reference, n. A reference or direction in one place in a book or other source of information to information at another place in the same work (from Wiktionary) To help you during analysis, IDA keeps track of cross-references (or xrefs for short) between different parts of the program. You can inspect them, navigate them […]

Igor’s tip of the week #14: Comments in IDA

The “I” in IDA stands for interactive, and one of the most common interactive actions you can perform is adding comments to the disassembly listing (or decompiler pseudocode). There are different types of comments you can add or see in IDA. Regular comments These comments are placed at the end of the disassembly line, delimited by an […]

Igor’s tip of the week #13: String literals and custom encodings

Most of IDA users probably analyze software that uses English or another Latin-based alphabet. Thus the defaults used for string literals – the OS system encoding on Windows and UTF-8 on Linux or macOS – are usually good enough. However, occasionally you may encounter a program which does use another language. Unicode strings In case the program […]

Igor’s tip of the week #12: Creating structures with known size

Sometimes you know the structure size but not the actual layout yet. For example, when the size of memory being allocated for the structure is fixed: In such cases, you can quickly make a dummy structure and then modify it as you analyze code which works with it. There are several approaches which can be used […]

Igor’s tip of the week #11: Quickly creating structures

When reverse engineering a big program, you often run into information stored in structures. The standard way of doing it involves using the Structures window and adding fields one by one, similar to the way you format data items in disassembly. But are there other options? Let’s look at some of them. Using already formatted data This […]

Igor’s tip of the week #10: Working with arrays

Arrays are used in IDA to represent a sequence of multiple items of the same type: basic types (byte, word, dword etc.) or complex ones (e.g. structures). Creating an array To create an array: Create the first item; Choose “Array…” from the context menu , or press *; Fill in at least the Array size field and click OK. Step 1 […]

Igor’s tip of the week #06: IDA Release notes

With every IDA release, we publish detailed release notes describing various new features, improvements and bugfixes. While some of the additions are highlighted and therefore quite visible, others are not so obvious and may require careful reading. Having a closer look at these release notes, you will be surprised to see many small but […]

Igor’s tip of the week #05: Highlight

In IDA, highlight is the dynamic coloring of a word or number under the cursor as well as all matching substrings on the screen. In the default color scheme, a yellow background color is used for the highlight. Highlight is updated when you click on a non-whitespace location in the listing or move the cursor with […]

Igor’s tip of the week #04: More selection!

In the previous post we talked about the basic usage of selection in IDA. This week we’ll describe a few more examples of actions affected by selection. Firmware/raw binary analysis When disassembling a raw binary, IDA is not always able to detect code fragments and you may have to resort to trial & error for finding the code […]

Igor’s tip of the week #03: Selection in IDA

This week’s post is about selecting items in IDA and what you can do with the selection. As a small change from the previous posts with mainly keyboard usage, we’ll also use the mouse this time! Actions and what they are applied to When an action is performed in IDA, by default it is applied only to the […]