Parent: [2.0.4 AJ]
As more people are using IDA .. I think it's time to compile a list of tips. Feel free to add more.
Comments[]
For FUNCTION (ie subroutine) comment |
Move cursor on first line of sub. Press ':' Type in Function header -> OK |
|
Blank line After_current_line:
Insert -> press Enter -> Press Ok |
Before change AND R0, R0, #0xFF |
After change AND R0, R0, #0xFF
|
On end of current ASM line | Press ':' | ADR R3, aFeb92010 ; AJ: Whats so cool about Feb 9th 2010 ? |
Data type[]
Force IDA to display 0x1234 rather than
|
Press 'Q' | |
Hex -> Binary -> Decimal | Keep pressing press 'H' | |
ADD R2, SP, #0x80+var_38 | In English please -> Press 'S' | ADD R2, SP, #0x48 |
What calls / uses this?[]
Move cursor to first line of Subroutine | Press wierd looking icon on tools bar (three thin black lines pointing down - Also called 'open cross referrences window') |
Every place in the code that calls this routine is listed.
|
Move cursor to memory address of a variable (eg more to 0x1900) |
As above box. 'open xref window'.
|
Show every place this variable is used.
|
Find me Subroutine xxx |
CONTROL-P -> Start typing routine name.
|
|
List ALL subroutines used in this procedure | Press 'Opens function calls window' (next to xref icon, red bit in the middle) |
Window opens that lists everything. Unlike the Xref window - this one is DYNAMIC - it changes each time you are in a difference subroutine.
|
Getting lost?[]
Create a Marker to represent this point in the code: |
ALT-M -> Give this line a name | CONTROL-M -> Select from previous Markers you've setup |
Goto an Address in the code: | Press 'G' | Enter address: eg: 0x1900 |
The Graphic Map (mini-map of whole sub) just VANISHED! | Theres a bug in IDA. You can get it back | View -> Toolbars -> Navigation -> Graph Overview |
Map mode <-> code view | Press Space to toggle | |
In Graph mode -> It's Huge! | Press Control, now scroll mouse wheel up or down | Screen Zooms in or out |
In Graph mode -> moving around (small amount) | Cursor on background (ie where there is no code) | Drag screen around |
In Graph mode -> Quick | Use the Graph overview map (this ROCKs). | Put cursor on Overview, move the Block around |
In Graph mode -> Red & Green lines |
Click on GREEN (conditional check was true), or RED (conditional check was false) |
Screen moves to box that this line is connected to. |
How to get nice call graphs[]
- See http://chdk.wikia.com/wiki/IDA_Visual_Analysis
- Get dump-xrefs.idc AND scan-lib.idc from the SVN
- Make sure you download Touchgraph from the CHDK forum; the one from SourceForge doesn't work!
- You also need Java runtime installed.