We’ve covered choosers previously and talked about searching, sorting and filtering. The default filter (Ctrl–F shortcut) is pretty simple: it performs case-insensitive match on any column of the list.
Advanced filter dialog is accessible via the context menu entry “Modify filters…” or the shortcut Ctrl–Shift–F
In the dialog you can:
- match any or a specific column;
- perform an exact match (is/is not) or partial (contains/doesn’t contain, begins/ends with);
- perform a lexicographical comparison (less than/more than);
- decide whether a specific filter excludes, includes, or highlights matches;
- disable and enable filters individually;
- use case-sensitive matching or regular expressions.
The following set of filters excludes functions which start with
sub_, or situated in segments
extern (external functions) and
.plt (PLT thunks for external functions). This way only the functions defined inside the binary which have non-dummy names are shown:
Highlight any function with name ending in _NNN where NNN is a sequence of decimal numbers:
The highlight color can be changed by clicking the “Highlight button”.
Show only functions which were detected by IDA as non-returning:
NOTE: the examples listed apply to the Functions list but these filters are available in any chooser (list view) in IDA: Imports, Exports, Names, Local Types etc.
Igor’s tip of the week #36: Working with list views in IDA