State-of-the-art binary code analysis tools
When dealing with structure instances in disassembly, sometimes you may want to change how IDA displays them, but how to do it is not always obvious. Let’s have a look at some examples. Win32 section headers Let’s say you have loaded the PE file header using manual load, or found an embedded PE file in your […]
When disassembling, you are probably more interested in seeing the code (disassembly or pseudocode) rather than the raw file data, but there may be times you need to see what actually lies behind the instructions. One option is to use the Hex View, possibly docked and synchronized with IDA View. But probably a simpler solution is […]
When performing a search in IDA, it by default starts from the current position and continues up to the maximum address in the database (or to the minimal for searches “Up”). This works well enough for small to average files, but can get pretty slow for big ones, or especially in case of debugging […]
For most IDA widgets, a custom background was already possible using standard Qt stylesheets (examples, reference). But since the IDA 8.2 release you can also do it for disassembly listings! (and “Structures”, “Enums”, “Pseudocode”, …) To achieve this, you would typically want to define a new theme that extends an existing one and adds […]
The address details pane is a rather recent addition to IDA so probably not many users are familiar with it yet. However, it can be a quite useful addition to the standard workflow, permitting you to perform some common tasks faster. Address details view On invoking View > Open subview > Address details (you can also use […]
In addition to comments, IDA offers a few more features for annotating and quickly navigating in the database. Today we’ll cover bookmarks. Adding bookmarks Bookmarks can be added at most locations in the address-based views (disassembly listing, Hex View, Pseudocode), as well as Structures and Enums. This can be done via the Jump > Mark position… […]
Many of IDA’s windows have status bars and they contain useful information and functionality which may not be always obvious. Main window status bar The status bar at the bottom of IDA’s main window contains: Autoanalysis progress indicator. See IDA Help: Analysis options for possible values you may see there. Search direction indicator for “Next search” commands […]
Although nowadays most IDA users probably use the graph view, the text view can still be useful in certain situations. In case you haven’t noticed, it has a UI element which can help you visualize code flow even without the full graph and even outside of functions (the graph view is available only for […]
Navigation band, also sometimes called the navigator, or navbar, is the UI element shown by default at the top of IDA’s window, in the toolbar area. It shows the global overview of the program being analyzed and allows to see at a quick glance how well has the program been analyzed and what areas may need […]
We covered how to search for things in choosers (list views), but what if you need to look for something elsewhere in IDA?