State-of-the-art binary code analysis tools

The last week’s post got preempted by the IDA 7.7 release so I’ll take this opportunity to highlight (ha ha) one of the new features.

In previous IDA versions we already had highlight with an option to lock it so it remains fixed while browsing the database. In IDA 7.7 it’s been improved so that you can have several highlights active at the same time!

Setting highlights

Basic usage remains the same: highlight any string you want (by clicking on a word, dragging mouse, or with Shift-arrows), then click the Lock/unlock current highlight button (initially displaying A on a yellow background). 

On the first glance the effect seems to be the same: the current highlight is locked and stays on as you browse. However, if you click on another word, you’ll see that the dynamic highlight now uses another color, and the lock button changes color too.

Now, if you click the button again, the second highlight gets locked and the dynamic highlight switches to the next color. You can keep doing this up to the limit (currently 8 color slots).

Removing highlights

Removing a locked highlight is pretty straightforward: click on a currently highlighted item in the listing and click on the toolbar button to unlock it. Alternatively, you can use the dropdown menu next to the button to see the currently assigned highlights and clear a specific one by picking the corresponding entry.

Changing highlight colors

The highlight colors, like most others, can be changed in the Options > Colors… dialog. Select one of the  “Highlight background” entries in the “Background colors” dropdown, then click “Change color” to set the new color.


As can be seen in the screenshot of the dropdown menu, each highlight color has a corresponding shortcut Ctrl+Alt+digit (digit=1,2,..8), which can be used to set or clear the corresponding highlight directly.

Other views

The multiple highlight feature is available not only in the disassembly but also in other text-based views of IDA: Structures, Enums, Pseudocode, and even the Hex View, although some of them may be more or less useful that others.

Hopefully you’ll find this little feature useful in your work!