Parent: [2.0.4 AJ]
As more people are using IDA .. I think it's time to compile a list of tips. Feel free to add more.
Comments[edit | edit source]
|For FUNCTION (ie subroutine) comment||
Move cursor on first line of sub. Press ':'
Type in Function header -> OK
Blank line After_current_line:
Insert -> press Enter -> Press Ok
AND R0, R0, #0xFF
AND R0, R0, #0xFF
|On end of current ASM line||Press ':'||ADR R3, aFeb92010 ; AJ: Whats so cool about Feb 9th 2010 ?|
Data type[edit | edit source]
Force IDA to display 0x1234 rather than
|Hex -> Binary -> Decimal||Keep pressing press 'H'|
|ADD R2, SP, #0x80+var_38||In English please -> Press 'S'||ADD R2, SP, #0x48|
What calls / uses this?[edit | edit source]
|Move cursor to first line of Subroutine||Press wierd looking icon on tools bar (three thin black lines pointing down - Also called 'open cross referrences window')||
Every place in the code that calls this routine is listed.
|Move cursor to memory address of a variable (eg more to 0x1900)||
As above box. 'open xref window'.
Show every place this variable is used.
|Find me Subroutine xxx||
CONTROL-P -> Start typing routine name.
|List ALL subroutines used in this procedure||Press 'Opens function calls window' (next to xref icon, red bit in the middle)||
Window opens that lists everything. Unlike the Xref window - this one is DYNAMIC - it changes each time you are in a difference subroutine.
Getting lost?[edit | edit source]
Create a Marker to represent this point in the code:
|ALT-M -> Give this line a name||CONTROL-M -> Select from previous Markers you've setup|
|Goto an Address in the code:||Press 'G'||Enter address: eg: 0x1900|
|The Graphic Map (mini-map of whole sub) just VANISHED!||Theres a bug in IDA. You can get it back||View -> Toolbars -> Navigation -> Graph Overview|
|Map mode <-> code view||Press Space to toggle|
|In Graph mode -> It's Huge!||Press Control, now scroll mouse wheel up or down||Screen Zooms in or out|
|In Graph mode -> moving around (small amount)||Cursor on background (ie where there is no code)||Drag screen around|
|In Graph mode -> Quick||Use the Graph overview map (this ROCKs).||Put cursor on Overview, move the Block around|
|In Graph mode -> Red & Green lines||
Click on GREEN (conditional check was true),
or RED (conditional check was false)
|Screen moves to box that this line is connected to.|
How to get nice call graphs[edit | edit source]
- See http://chdk.wikia.com/wiki/IDA_Visual_Analysis
- Get dump-xrefs.idc AND scan-lib.idc from the SVN
- Make sure you download Touchgraph from the CHDK forum; the one from SourceForge doesn't work!
- You also need Java runtime installed.