When dealing with big programs or huge functions, you may want to know how various functions interact, for example where the current function is called from and what other functions it calls itself. While for the former you can use “Cross-references to”, for the latter you have to go through all instructions of the function […]
Read MoreIDA Pro for ARM64 is coming! We have ported all of IDA to run natively on Apple Silicon and it will be available in IDA 7.6. Initial analysis shows that the hype is real. IDA is consistently performing much faster on M1 macs: And a visual representation, for your viewing delight: https://www.hex-rays.com/wp-content/uploads/2020/12/split.mp4 We have also ported the mac […]
Read MorePreviously we’ve covered cross-references in the disassembly view but in fact you can also consult them in the decompiler (pseudocode) view. Local cross-references The most common shortcut (X) works similarly to disassembly: you can use it on labels, variables (local and global), function names, but there are some differences and additions: for local variables, the list of […]
Read MorePython 3.9 has been released fairly recently and it was a bit too short notice for us to ensure it works with IDA 7.5 Service Pack 3 (if you have tried it, you may have had a bad time.) We have now added support for Python 3.9 in IDAPython. Here’s how you can get it to […]
Read MoreCross references view The jump to xref actions are good enough when you have a handful of cross-references but what if you have hundreds or thousands? For such cases, the Cross references view may be useful. You can open it using the corresponding item in the View > Open Subviews menu. IDA will gather cross-references to […]
Read Morecross-reference, n. A reference or direction in one place in a book or other source of information to information at another place in the same work (from Wiktionary) To help you during analysis, IDA keeps track of cross-references (or xrefs for short) between different parts of the program. You can inspect them, navigate them […]
Read MoreLast week we’ve discussed various kinds of comments in IDA’s disassembly and pseudocode views. In fact, the comments are also available for Structures and Enums. You can add them both for the struct/enum as a whole and for individual members. Similar to the disassembly, regular and repeatable comments are supported. Repeatable comments are duplicated in the […]
Read MoreThe “I” in IDA stands for interactive, and one of the most common interactive actions you can perform is adding comments to the disassembly listing (or decompiler pseudocode). There are different types of comments you can add or see in IDA. Regular comments These comments are placed at the end of the disassembly line, delimited by an […]
Read MoreAlong with the release of Service Pack 3 for IDA 7.5, we have updated our XNU Debugging Tutorial with a new section about macOS11 kernel debugging. It has some analysis and debugging tips for the new kernelcache format in macOS11 Big Sur. We hope you will find it useful! Downloads XNU Debugging Tutorial […]
Read MoreMost of IDA users probably analyze software that uses English or another Latin-based alphabet. Thus the defaults used for string literals – the OS system encoding on Windows and UTF-8 on Linux or macOS – are usually good enough. However, occasionally you may encounter a program which does use another language. Unicode strings In case the program […]
Read More