Igor’s tip of the week #23: Graph view

Graph view is the default disassembly representation in IDA GUI and is probably what most IDA users use every day. However, it has some lesser-known features that can improve your workflow.

Parts of the graph

The graph consists of nodes (blocks) and edges (arrows between blocks). Each node roughly corresponds to a basic block.

basic block is a straight-line code sequence with no branches in except to the entry and no branches out except at the exit.
(from Wikipedia)

Edges indicate code flow between nodes and their color changes depending on the type of code flow:

  • conditional jumps/branches have two outgoing edges: green for branch taken and red for branch not taken (i.e. fall through to next address);
  • other kind of edges are blue;
  • edges which go backwards in the graph (which usually means they’re part of a loop) are thicker in width. 

Keyboard controls

Even though the graph is best suited to mouse, you can still do some things using keyboard:

    • W to zoom out so the whole graph fits in the visible window area;
    • 1 to zoom back to 100%;
    • CtrlUp moves to the parent node;
    • CtrlDown moves to the child node
      (if there are several candidates in either case, a selector is displayed)

Mouse controls

Besides the usual clicking around, a few less obvious mouse actions are possible:

  • double-click an edge to jump to the other side of it or hover to preview the target (source) node;
  • click and drag the background to pan the whole graph in any directions;
  • use the mouse wheel to scroll the graph vertically (up/down);
  • Alt+wheel to scroll horizontally (left/right);
  • Ctrl+wheel to zoom in/out

Rearranging and grouping the nodes

If necessary, you can move some nodes around by dragging their titles. Edges can also be moved by dragging their bending points. Use “Layout graph” from the context menu to go back to the initial layout. 

Big graphs can be simplified by grouping:

  1. Select several nodes by holding down Ctrl and clicking the titles of multiple nodes or by click-dragging a selection box. The selected nodes will have a different color from others (cyan in default color scheme);
  2. Select “Group nodes” from the context menu and enter the text for the new node. IDA will replace selected nodes with the new one and rearrange the graph;
  3. You can repeat the process as many times as necessary, including grouping already-grouped nodes;
  4. Created groups can be expanded again temporarily or ungrouped completely, going back to separate nodes. Use the context menu or new icons in the group node’s title bar for this.

 

More info: Graph view in IDA Help (also available via F1 in IDA).