Although nowadays most IDA users probably use the graph view, the text view can still be useful in certain situations. In case you haven’t noticed, it has a UI element which can help you visualize code flow even without the full graph and even outside of functions (the graph view is available only for […]
Read MoreNavigation band, also sometimes called the navigator, or navbar, is the UI element shown by default at the top of IDA’s window, in the toolbar area. It shows the global overview of the program being analyzed and allows to see at a quick glance how well has the program been analyzed and what areas may need […]
Read MoreWe covered how to search for things in choosers (list views), but what if you need to look for something elsewhere in IDA?
Read MoreHints (aka tooltips) are popup windows with text which appear when you hover the mouse cursor over a particular item in IDA. They are available in many situations.
Read MoreAs we’ve mentioned before, the I in IDA stands for interactive, and we already covered some of the disassembly view’s interactive features like renaming or commenting. However, other changes are possible too. For example, you can change the operand representation (sometimes called operand type in documentation). What is it about? Most assemblers (and disassemblers) […]
Read MoreA second 2021 IDA training session will take place online on 13-17 and 20-22 September 2021, EDT time. The session is devised to help professional reverse engineers master IDA Pro, the top notch software disassembly tool and take their reversing skills to the next level. Provided by the experts behind IDA, the training offers its […]
Read MoreIn one of the previous posts, we’ve discussed how to edit types of functions and variables used in the pseudocode. In most cases, you can use the standard C types: char, int, long and so on. However, there may be situations where you need a more specific type. Decompiler may also generate such types […]
Read MoreIDA has a file loader named ‘hex’ which mainly supports loading of text-based file formats such as Intel Hex or Motorola S-Record. These formats contain records with addresses and data in hexadecimal encoding.
Read MoreLast week we started improving decompilation of a simple function. While you can go quite far with renaming and retyping, some things need more explanation than a simple renamng could provide. Comments When you can’t come up with a good name for a variable or a function, you can add a comment with an explanation or […]
Read MorePreviously we’ve covered how to start using the decompiler, but unmodified decompiler output is not always easy to read, especially if the binary doesn’t have symbols or debug information. However, with just a few small amendments you can improve the results substantially. Let’s look at some basic interactive operations available in the pseudocode view. Renaming Although […]
Read More