Igor’s tip of the week #83: Decompiler options: default radix

We’ve covered the major pseudocode formatting options previously but there is one more option which can influence the output. It is the radix used for printing numbers in the pseudocode. In a positional numeral system, the radix or base is the number of unique digits, including the digit zero, used to represent numbers. For example, for […]

Igor’s tip of the week #80: Bookmarks

In addition to comments, IDA offers a few more features for annotating and quickly navigating in the database. Today we’ll cover bookmarks. Adding bookmarks Bookmarks can be added at most locations in the address-based views (disassembly listing, Hex View, Pseudocode), as well as Structures and Enums. This can be done via the Jump > Mark position… […]

Igor’s tip of the week #79: Handling variable reuse

Previously we’ve discussed how to reduce the number of variables used in pseudocode by mapping copies of a variable to one. However, sometimes you may run into an opposite problem:  a single variable can be used for different purposes. Reused stack slots One common situation is when the compiler reuses a stack location of either a […]

Igor’s tip of the week #78: Auto-hidden messages

During the work with binaries, IDA sometimes shows warnings to inform the user about unusual or potentially dangerous behavior or asks questions: Hiding messages For some of such messages there is a checkbox “Don’t Display this message again”. If you enable it before answering or confirming the message (hint: you can press ‘D’ to

Igor’s tip of the week #77: Mapped variables

Quick rename can be useful when you have code which copies data around so the variable names stay the same or similar. However, sometimes there is a way to get rid of duplicate variables altogether. Reasons for duplicate variables Even if in the source code a specific variable may appear only once, on the machine code […]

Igor’s tip of the week #76: Quick rename

One of the features added in IDA 7.6 was automatic renaming of variables in the decompiler.  Unlike PIT, it is not limited to stack variables but also handles variables stored in registers and not just calls but also assignments and some other expressions. It also tries to interpret function names which include a verb […]

Igor’s tip of the week #75: Working with unions

In C, union is a type similar to a struct but in which all members (possibly of different types) occupy the same memory, overlapping each other. They are used, for example, when there is a need to interpret the same data in different ways, or to save memory when storing data of different types […]

Igor’s tip of the week #73: Output window and logging

Output window is part of IDA’s default desktop layout and shows various messages from IDA and possibly third-party components (plugins, processor modules, scripts…). It also contains the Command-line interface (CLI) input box. Opening the Output window Although it is present by default, it is possible to close this window, or use a desktop layout without it. […]

Igor’s tip of the week #72: More string literals

We’ve covered basics of working with string constants (aka string literals) before but IDA support additional features which may be useful in some situations. Exotic string types Pascal and derived languages (such as Delphi) sometimes employ string literals which start with the length followed by the characters. Similarly to the wide (Unicode) strings, they can be […]