Latest available version: IDA and decompilers v8.4.240320 see all releases
Hex-Rays logo State-of-the-art binary code analysis tools
email icon

  Posted on:   23 Jul 2021

  By:   Igor Skochinsky

  Categories:  IDA Pro

  Tags:  idapro idatips UI

Navigation band, also sometimes called the navigator, or navbar, is the UI element shown by default at the top of IDA’s window, in the toolbar area.

It shows the global overview of the program being analyzed and allows to see at a quick glance how well has the program been analyzed and what areas may need attention.

Colors

The colors are explained in the legend; the default color scheme uses the following colors:

  1. Cyan/turquose: Library functions, i.e. functions which have been recognized by a FLIRT signature. Usually such functions cone from the compiler or third party libraries and not the code written by the programmer, so they can often be ignored as a known quantity;
  2. Blue: Regular functions, i.e. functions not recognized by FLIRT or Lumina. These could contain the custom functionality, specific to the program;
  3. Maroon/brown: instructions(code) not belonging to any functions. These could appear when IDA did not detect or misdetected function boundaries, or hint at code obfuscation being employed which could prevent proper function creation. It could also be data incorrectly being treated as code.
  4. Gray: data. This color is used for all defined data items (string literals, arrays, individual variables). 
  5. Olive: unexplored bytes, i.e. areas not yet converted to either code or data.
  6. Magenta: used to mark functions or data imported from other modules (including wrapper thunks for imported functions).
  7. Lime green: functions recognized by Lumina. They could be either library functions, or custom functions seen previously in other binaries and uploaded by users to the public Lumina server.

Colors can be changed when changing the color scheme, or individually in Options > Colors… , Navigation band.

Indicators

In addition to the colors, there may be additional indicators on the navigation band. The yellow arrow is the current cursor position in the disassembly (IDA View), while the small orange triangle on the opposite side shows the current autoanalysis location (it is only visible while autoanalysis is in progress).

Additional display

The combobox (dropdown) at the right of the navigation band allows you to add some additional markers to it. For example, you can show:

The markers show up as red circles and can be clicked to navigate.

Configuration

 The control can be hidden or shown via View > Toolbars > Navigator, or the same item in the toolbar’s context menu.

It can be placed at any of the four sides of IDA’s window by using the drag handle.

In the horizontal position, you can show or hide the legend and the additional display combobox from the context menu.

Navigation and zooming

By default, the navigation band shows the complete program, however you can zoom in to see a more detailed view of a specific part. Zooming can be done by Ctrl + mouse wheel, or from the context menu. The numerical options specify how many bytes of the program are represented by one pixel on the band.

Once zoomed in, the visible part can be scrolled with the mouse wheel or by clicking the arrow buttons at either end of the band. You can click into any part of the band to navigate there in the disassembly view.