State-of-the-art binary code analysis tools
In C, union is a type similar to a struct but in which all members (possibly of different types) occupy the same memory, overlapping each other. They are used, for example, when there is a need to interpret the same data in different ways, or to save memory when storing data of different types […]
Output window is part of IDA’s default desktop layout and shows various messages from IDA and possibly third-party components (plugins, processor modules, scripts…). It also contains the Command-line interface (CLI) input box. Opening the Output window Although it is present by default, it is possible to close this window, or use a desktop layout without it. […]
We’ve covered basics of working with string constants (aka string literals) before but IDA support additional features which may be useful in some situations. Exotic string types Pascal and derived languages (such as Delphi) sometimes employ string literals which start with the length followed by the characters. Similarly to the wide (Unicode) strings, they can be […]
The last week’s post got preempted by the IDA 7.7 release so I’ll take this opportunity to highlight (ha ha) one of the new features. In previous IDA versions we already had highlight with an option to lock it so it remains fixed while browsing the database. In IDA 7.7 it’s been improved so […]
When working with pseudocode in the decompiler, you may have noticed that variable declarations and hints have comments with somewhat cryptic contents. What do they mean? While meaning of some may be obvious, others less so, and a few appear only in rare situations. Variable location The fist part of the comment is the variable location. For stack […]
While not commonly used, full-screen mode can be useful on complex IDA layouts when working with a single monitor or on a laptop, for example when you need to read a long listing line but are tired of scrolling around. The feature is somewhat hidden, but the action is present in the View menu. By pressing F11, […]
Type libraries are collections of high-level type information for selected platforms and compilers which can be used by IDA and the decompiler. A type library may contain: function prototypes, e.g.: void *__cdecl memcpy(void *, const void *Src, size_t Size); BOOL __stdcall EnumWindows(WNDENUMPROC lpEnumFunc, LPARAM lParam); typedefs, e.g.: typedef unsigned long DWORD; BOOL (__stdcall *WNDENUMPROC)(HWND, LPARAM); standard structure and enum definitions, e.g.: struct tagPOINT { LONG […]
Today we’ll cover how keyboard modifiers (Ctr, Alt, Shift) can be used with some IDA actions to modify their behavior or provide additional functionality. Modifiers in shortcuts Obviously, some shortcuts already include modifiers as part of their key sequence, but some commonalities may be not immediately obvious. For example, the Search menu commands tend to use Alt-letter […]
We covered how to search for things in choosers (list views), but what if you need to look for something elsewhere in IDA?
As we’ve mentioned before, the I in IDA stands for interactive, and we already covered some of the disassembly view’s interactive features like renaming or commenting. However, other changes are possible too. For example, you can change the operand representation (sometimes called operand type in documentation). What is it about? Most assemblers (and disassemblers) […]