Tricky jump tables

Just a quick post to announce that we have published a small plugin to specify jump table information. When IDA misses them, the flow charts are virtually useless – they fall apart into several loosely connected components and the logic is completely hidden. This plugin is especially useful for rarely used processors with unusual switch […]

Debugger and process memory

Just a small note about the debugger plugins and events. Many users who try to develop a plugin for the debugger notice that IDA behaves slightly differently in the notification callbacks than anywhere else. For example, IDA might claim that EIP points to an address without a segment, or none of exported names of a loaded DLL are available.

Jump tables

It is an endless story: regardless of how many different jump table types IDA supports, there will be a new unhandled twist. Be it the instruction scheduler, which rearranged the instructions in an unexpected manner, or the compiler, which learned a new optimization trick, it is the same for IDA: jump tables are missed and […]

IDA and Microcontrollers

If you ever used IDA to analyze embedded stuff, you would immediately notice its pc-centric nature. While any embedded SDK targets specific devices with real-world part numbers, IDA just provides you with a universal analysis framework. You are supposed to know how the device works, its idiosyncrasies, programming model, memory organization, and all other practical […]

Negated structure offsets

A month ago I received a support request: If I have an instruction like mov eax, [edi-0ch] and I know that that’s really the sum of an offset to a structure not at edi and the offset of a member within that structure, how do I get IDA to display it as such without using […]

Very simple custom viewer

As promised, here is the plugin which demonstrates how to create a very simple custom viewer in IDA Pro. When run, it displays this text on the screen:

Dynamic coloring

IDA v5.1 introduces the notion of dynamic colors. Plugins can install a callback which dynamically calculates colors and provides them to the user interface. In the previous versions of IDA plugins were forced to change the item color in the database thus overwriting any user-defined colors. The new IDA makes it possible to calculate colors on the fly.

On batch analysis

Ever tried to run many instances of IDA simultaneously? I mean, not only one or two, but much more, tens of them at the same time? Not everyone needs it but sometimes a whole directory must be analyzed. Imagine you have created a plugin which finds something interesting in binaries…

Adding cross references

Did you know that you can add your own cross-references to the listing? There are even several different methods for that: Open xrefs window and press Ins Write an IDC script Write a plugin Adding xrefs is very useful if IDA missed some of them and the graph looks ugly. Another benefit is replicated comments. See a […]