State-of-the-art binary code analysis tools
IDA supports most of the switch patterns produced by major compilers out-of-box and usually you don’t need to worry about them. However, occasionally you may encounter a code which has been produced by an unusual or a very recent compiler version, or some peculiarity of the code prevented IDA from recognizing the pattern, so it […]
IDA uses mostly standard C (and basic C++) syntax, but it also supports some extensions, in particular to represent low-level details which are not necessary for “standard” C code but are helpful for real-life binary code analysis. We’ve already covered custom types and calling conventions, but there are more extensions you may use […]
The Hex-Rays decompiler was originally created to deal with code produced by standard C compilers. In that world, everything is (mostly) nice and orderly: the calling conventions are known and standardized and the arguments are passed to function according to the ABI. However, the real life is not that simple: even in code coming […]
Although nowadays most IDA users probably use the graph view, the text view can still be useful in certain situations. In case you haven’t noticed, it has a UI element which can help you visualize code flow even without the full graph and even outside of functions (the graph view is available only for […]
Navigation band, also sometimes called the navigator, or navbar, is the UI element shown by default at the top of IDA’s window, in the toolbar area. It shows the global overview of the program being analyzed and allows to see at a quick glance how well has the program been analyzed and what areas may need […]
We covered how to search for things in choosers (list views), but what if you need to look for something elsewhere in IDA?
Hints (aka tooltips) are popup windows with text which appear when you hover the mouse cursor over a particular item in IDA. They are available in many situations.
As we’ve mentioned before, the I in IDA stands for interactive, and we already covered some of the disassembly view’s interactive features like renaming or commenting. However, other changes are possible too. For example, you can change the operand representation (sometimes called operand type in documentation). What is it about? Most assemblers (and disassemblers) […]
In one of the previous posts, we’ve discussed how to edit types of functions and variables used in the pseudocode. In most cases, you can use the standard C types: char, int, long and so on. However, there may be situations where you need a more specific type. Decompiler may also generate such types […]
IDA has a file loader named ‘hex’ which mainly supports loading of text-based file formats such as Intel Hex or Motorola S-Record. These formats contain records with addresses and data in hexadecimal encoding.