-
#idatips Ever get a pointer to the middle of a struct? Just add the __shifted keyword to the variable's type definition! pic.twitter.com/zvYs3dTU7w
-
#idatips how to disable arm macro instruction? Options>General…>Analysis>Kernel option3>Enable macro, uncheck it. -
In order to convert disassembled CFG in
#IDA_Pro to#graph visualization format files, like dot, you can use Flow chart feature. You can export a function's CFG in GDL format and use graph_easy to convert it to other#graph visualization formats. https://metacpan.org/pod/distribution/Graph-Easy/bin/graph-easy …#idatips pic.twitter.com/iwZj5ssWpq
-
Remember that you can trigger actions in IDA's UI using idaapi.process_ui_action(action_name) (get the name from the shortcuts window) https://www.hexblog.com/?p=921
#idapython#idatips@idatipspic.twitter.com/9KzYeX3OQs
-
Tired of decimal supremacy? Depressed that you recognize -2147483648? Try changing the default radix in hexrays! - change DEFAULT_RADIX in your hexrays.cfg to 16 More info: https://www.hex-rays.com/products/decompiler/manual/config.shtml … Thanks to
@angel_killah for this tip!#idatips -
Married to an old .clr color theme? Can't work unless your colours are just right? - In <=IDA7.2, load a .clr and run idaapi.reg_write_int('PortedToCss', 0), then open a file in IDA7.3 to convert - Or run: https://www.hex-rays.com/products/ida/support/tutorials/port_clr72_to_css.py … More info: https://www.hex-rays.com/products/ida/support/tutorials/themes.shtml …
#idatipsPrikaži ovu nit -
-
-
Cuando corten cebolla mastiquen chicle para no llorar
#idatips
https://twitter.com/vale_vergara02/status/1129178008189906945 … -
Do you write IDApy only to hate it later? amtal wrote up a quick cheat sheet for cleaner IDApy! Check it out here: https://gist.github.com/amtal/2c3d2bbc630101271263f472dcc644f8#file-idapython-cheatsheet-md …
#idatips -
Hate creating and editing structures in IDA? Try doing it through the local types view using C syntax! - Shift + F1 to open the local types view - Insert to add a new structure - Right click, sync to IDB Thanks to @WantedPol151 for this tip!
#idatips https://twitter.com/idatips/status/1051603178607632384/photo/1pic.twitter.com/dlHUzWMI1e pic.twitter.com/5XgoLq7nnZ
-
Working with standard constants which aren't imported by default? Before spending forever trying to create a clean header to import remember to check the local types view! - Use a reference (MSDN, manpages, etc) to identify your type - Search in local types - Sync
#idatips pic.twitter.com/AnytwwDIqj
-
Reversing C++ and want to trim the horizontal width of your basic blocks? Maybe you're tired of manged names? Get IDA to display them... marginally nicer! - Options -> Demangled names... - Select 'Names' Thanks to
@tekwizz123 for finding this in a paper by gorlist#idatips pic.twitter.com/705cEZBUFr
-
We love IDA's navigation bar, but did you know it can visualize more than the default categories? - Click the menu on the right - Select what you're interested in, e.g. xrefs to LoadFile - Click Ok - Enjoy your visual xref locations! Thanks to
@elvanderb for this tip!#idatips pic.twitter.com/hUyRt49BrS
-
Spelunking around inside a PE and need to create an RVA? def make_rva(ea): create_dword(ea) op_offset(ea, 0, ida_nalt.REFINFO_RVAOFF | ida_nalt.REF_OFF64, idaapi.BADADDR, idaapi.get_imagebase(), 0) Thanks to
@_lucas_georges_ for this tip!#idatips pic.twitter.com/x70kH6Npd7
-
Break your mouse playing Overwatch? Use a laptop with a non-Apple trackpad? Set and use more shortcuts! - Cntrl + Shift + P to view defaults - Options -> Shortcuts... to modify Try adding Shift-X as OpenXrefs for persistent xrefs! Thanks to
@elvanderb for this tip!#idatips pic.twitter.com/bGwbLfAWbk
-
Reversing something with a friend without a fancy ida collab plugin? Have copies of the same function in a few places? Leave the address as a trailer on function names! - E.g. sub_1234 -> strlen_1234 Makes it easier to deal with dupes and share snippets!
#idatips -
Use naming conventions to indicate how confident you are in your reversing, then rename more things! - Some people (me) use maybe/probably as a function/struct prefix (e.g. maybe_keycheck) - Some people append a number of question marks (e.g. keycheck??) - Others?
#idatips -
Still using 'ScreenEA()' in your idapy like some neanderthal out of the 90s? Try using 'here()' instead! - Use here() instead of ScreenEA() - You can now write idapy at least twice as fast, and you didn't even have to install gentoo!
#idatips pic.twitter.com/rHa8B81NSv
-
Got a new version of A Thing and need to migrate your types between IDBs? Want to share your meticulously crafted structs but not your IDB? Try dumping the typeinfo! - Export: File -> Produce File -> Dump typeinfo to IDC file... - Import: Alt + F7 -> select your IDC!
#idatips pic.twitter.com/UyaNKHdLQh
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.