Igor’s tip of the week #47: Hints in IDA
Hints (aka tooltips) are popup windows with text which appear when you hover the mouse cursor over a particular item in IDA. They are available in many situations.
Igor’s tip of the week #46: Disassembly operand representation
As we’ve mentioned before, the I in IDA stands for interactive, and we already covered some of the disassembly view’s interactive features like renaming or commenting. However, other changes are possible too. For example, you can change the operand representation (sometimes called operand type in documentation). What is it about? Most assemblers (and disassemblers) […]
Igor’s tip of the week #45: Decompiler types
In one of the previous posts, we’ve discussed how to edit types of functions and variables used in the pseudocode. In most cases, you can use the standard C types: char, int, long and so on. However, there may be situations where you need a more specific type. Decompiler may also generate such types […]
Igor’s tip of the week #44: Hex dump loader
IDA has a file loader named ‘hex’ which mainly supports loading of text-based file formats such as Intel Hex or Motorola S-Record. These formats contain records with addresses and data in hexadecimal encoding.
Igor’s tip of the week #43: Annotating the decompiler output
Last week we started improving decompilation of a simple function. While you can go quite far with renaming and retyping, some things need more explanation than a simple renamng could provide. Comments When you can’t come up with a good name for a variable or a function, you can add a comment with an explanation or […]
Igor’s tip of the week #42: Renaming and retyping in the decompiler
Previously we’ve covered how to start using the decompiler, but unmodified decompiler output is not always easy to read, especially if the binary doesn’t have symbols or debug information. However, with just a few small amendments you can improve the results substantially. Let’s look at some basic interactive operations available in the pseudocode view. Renaming Although […]
Igor’s tip of the week #41: Binary file loader
IDA supports more than 40 file formats out of box. Most of them are structured file formats – with defined headers and metadata – so they’re recognized and handled automatically by IDA. However, there are times when all you have is just a piece of a code without any headers (e.g. shellcode or raw firmware) […]
Igor’s tip of the week #40: Decompiler basics
The Hex-Rays decompiler is one of the most powerful add-ons available for IDA. While it’s quite intuitive once you get used to it, it may be non-obvious how to start using it. Basic information As of the time of writing (May 2021), the decompiler is not included with the standard IDA Pro license; some editions of IDA […]
Igor’s tip of the week #39: Export Data
The Edit > Export Data command (Shift+E) offers you several formats for extracting the selected data from the database: hex string (unspaced): 4142434400 hex string (spaced): 41 42 43 44 00 string literal: ABCD C unsigned char array (hex): unsigned char aAbcd[] = { 0x41, 0x42, 0x43, 0x44, 0x00 }; C unsigned char array (decimal): unsigned char aAbcd[] = { 65, 66, […]
Igor’s tip of the week #38: Hex view
In addition to the disassembly and decompilation (Pseudocode) views, IDA also allows you to see the actual, raw bytes behind the program’s instructions and data. This is possible using the Hex view, one of the views opened by default (or available in the View > Open subviews menu). Even if you’ve used it before, there may […]