Igor’s tip of the week #46: disassembly operand representation

As we’ve mentioned before, the I in IDA stands for interactive, and we already covered some of the disassembly view’s interactive features like renaming or commenting. However, other changes are possible too. For example, you can change the operand representation (sometimes called operand type in documentation). What is it about? Most assemblers (and disassemblers) […]

Igor’s tip of the week #43: Annotating the decompiler output

Last week we started improving decompilation of a simple function. While you can go quite far with renaming and retyping, some things need more explanation than a simple renamng could provide. Comments When you can’t come up with a good name for a variable or a function, you can add a comment with an explanation or […]

Igor’s tip of the week #40: Decompiler basics

The Hex-Rays decompiler is one of the most powerful add-ons available for IDA. While it’s quite intuitive once you get used to it, it may be non-obvious how to start using it. Basic information As of the time of writing (May 2021), the decompiler is not included with the standard IDA Pro license; some editions of IDA […]

Igor’s tip of the week #39: Export Data

The  Edit > Export Data command (Shift+E) offers you several formats for extracting the selected data from the database: hex string (unspaced): 4142434400 hex string (spaced): 41 42 43 44 00 string literal: ABCD C unsigned char array (hex): unsigned char aAbcd[] = { 0x41, 0x42, 0x43, 0x44, 0x00 }; C unsigned char array (decimal): unsigned char aAbcd[] = { 65, 66, […]

Igor’s tip of the week #38: Hex view

In addition to the disassembly and decompilation (Pseudocode) views, IDA also allows you to see the actual, raw bytes behind the program’s instructions and data. This is possible using the Hex view, one of the views opened by default (or available in the View > Open subviews menu). Even if you’ve used it before, there may […]

Igor’s tip of the week #36: working with list views in IDA

List views (also called choosers or table views) are used in many places in IDA to show lists of different kind of information. For example, the Function list we’ve covered previously is an example of a list view. Many windows opened via the View > Open subviews menu are list views: Exports Imports Names Strings Segments Segment registers Selectors Signatures Type libraries Local types Problems Patched […]

Igor’s tip of the week #32: Running scripts

Scripting allows you to automate tasks in IDA which can be repetitive or take a long time to do manually. We previously covered how to run them in batch (headless) mode, but how can they be used interactively? Script snippets File > Script Command… (Shift+F2) Although this dialog is mainly intended for quick prototyping and database-specific […]

Igor’s tip of the week #31: Hiding and Collapsing

You may have come across the menu items View > Hide, Unhide but possibly never used them. These commands allow you to hide, or collapse and unhide/uncollapse parts of IDA’s output. They can be used in the following situations: Hiding instructions or data items To make your database more compact and reduce clutter, you can opt to hide […]