Those aren’t the best names for the functions, arguments and local variables, since we can’t remember then easily. These parameters are prefixed with arg_, while the local variables are prefixed with var_. Another automatic name assignment happens with parameters of the function and its local variables. We know that Ida chooses the default name for functions, where each function is pre-appended with the prefix loc_ followed by the virtual address of the function. The basic thing that we can change in the disassembly is the default names.
THE IDA PRO BOOK ARCHIVE
The binary search dialog box is presented on the picture below:īecause Ida uses its own representation of the program disassembly stored in the archive database, we can easily make changes to it so that they are distributed to all views accordingly. Ida has a binary search algorithm that can be invoked by choosing Search > sequence of bytes. The above feature lets us search for text only but we can also search for specific bytes in the executable. The “Find all occurrences” option will find and display all the occurrences of the inputted string on the screen.
We can even enter the regular expression to search for. The new dialog lets us type in the string we would like to search for and also choose other options to guide the search algorithm. To search for the text in the disassembly view, we need to select Search > Text, which opens the dialog box presented on the picture below: We can see all of the options of the search menu below: We can search for text in the disassembly view by using one of the options presented in the Search menu of Ida. There are also two buttons in the shortcut toolbar that can be used to do the same and are presented on the picture below:īesides jumping to the previous/next location, it can also provide a drop-down list of the virtual addresses where we might like to jump. The shortcut for the “jump to previous position” is ESC, while the shortcut to “jump to next position” is Ctrl+Enter. Each jump position is remembered by Ida and will be used by the previous/next jump buttons. Ida remembers every jump we make using the “Jump to address” functionality and provides us with additional options “Jump to previous position” and “Jump to next position” (also located in the Jump Menu), which can be quite helpful when we want to jump to one of the previous positions. Once we press the OK button, we’ll be immediately taken to that address so we can set the breakpoint that we want. On the picture below, we can see that we entered the address 0x00401337. To go to that virtual address we can use the Jump > Jump to address and enter the address where we would like to jump.
We can do this by first traversing to that virtual address and then setting the breakpoint. First, we must set a breakpoint at that virtual memory. The best way to do that is to set a breakpoint on that location and run the program, and then examine the program when after hits the breakpoint. Let’s say we’re looking at the instruction “call address” and we would like to know what the function at that address does. There are many options in the Jump menu and it’s good to understand them all to jump around the executable efficiently.