Magic Lantern Firmware Wiki
Advertisement

Parent: [2.0.4 AJ]

As more people are using IDA .. I think it's time to compile a list of tips. Feel free to add more.

Comments[]

For FUNCTION (ie subroutine) comment

Move cursor on first line of sub. Press ':'

Type in Function header -> OK

.------------------------------------------------------------.
.AJ_StartIntermediatePassMagnify_x5x10().
.------------------------------------------------------------.
AJ_StartIntermediatePassMagnify_x5x10

Blank line After_current_line:


Shift + Insert -> press Enter -> press OK


Blank line Before_current_line

Insert -> press Enter -> Press Ok

Before change

AND R0, R0, #0xFF
BL TH_DebugMsg
STR R5, [R4,#0x20]

After change

AND R0, R0, #0xFF
BL TH_DebugMsg


STR R5, [R4,#0x20]

On end of current ASM line Press ':' ADR R3, aFeb92010 ; AJ: Whats so cool about Feb 9th 2010 ?

Data type[]

Force IDA to display 0x1234 rather than


the variable at 0x1234 in memory

Press 'Q'
Hex -> Binary -> Decimal Keep pressing press 'H'
ADD R2, SP, #0x80+var_38 In English please -> Press 'S' ADD R2, SP, #0x48

What calls / uses this?[]

Move cursor to first line of Subroutine Press wierd looking icon on tools bar (three thin black lines pointing down - Also called 'open cross referrences window')

Every place in the code that calls this routine is listed.


NOTE: IDA has a bug - sometimes you have to do this TWICE (and it only works on the second time).

Move cursor to memory address of a variable (eg more to 0x1900)

As above box. 'open xref window'.


xref is your friend!

Show every place this variable is used.


NOTE: IDA bug above - you may need to do this twice.

Find me Subroutine xxx

CONTROL-P -> Start typing routine name.


Or, CONTROL-P -> ALT-T -> Search for part of routine name -> then used CONTROL-T to move to next routine name

List ALL subroutines used in this procedure Press 'Opens function calls window' (next to xref icon, red bit in the middle)

Window opens that lists everything. Unlike the Xref window - this one is DYNAMIC - it changes each time you are in a difference subroutine.


I use this to find any UN-NAMED subroutines.

Getting lost?[]

Create a Marker to represent this point in the code:

ALT-M -> Give this line a name CONTROL-M -> Select from previous Markers you've setup
Goto an Address in the code: Press 'G' Enter address: eg: 0x1900
The Graphic Map (mini-map of whole sub) just VANISHED! Theres a bug in IDA. You can get it back View -> Toolbars -> Navigation -> Graph Overview
Map mode <-> code view Press Space to toggle
In Graph mode -> It's Huge! Press Control, now scroll mouse wheel up or down Screen Zooms in or out
In Graph mode -> moving around (small amount) Cursor on background (ie where there is no code) Drag screen around
In Graph mode -> Quick Use the Graph overview map (this ROCKs). Put cursor on Overview, move the Block around
In Graph mode -> Red & Green lines

Click on GREEN (conditional check was true),

or RED (conditional check was false)

Screen moves to box that this line is connected to.

How to get nice call graphs[]

  • See http://chdk.wikia.com/wiki/IDA_Visual_Analysis
  • Get dump-xrefs.idc AND scan-lib.idc from the SVN
  • Make sure you download Touchgraph from the CHDK forum; the one from SourceForge doesn't work!
  • You also need Java runtime installed.

IDA Scripting[]

  • IDC scripting (a language similar to C, i.e. with too many braces). Cool scripts from CHDK here, documented here.
  • IDAPython for those who don't like curly braces :)
Advertisement