Discuss IDA Pro Tips & Tricks

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,074
78,998
2,371
How long you been coding/hacking?
5 years
IDA is such a big program, taking advantage of all it's tools is definately a learning experience

I found a few features in IDA I never used before, try them out if you haven't yet:

Function Calls SubView:
Go into a function and click Views->Subviews->Function Calls and it will list all the functions called, and all functions that call that function


Debugging with Register View:
Stack View doesn't always give you the best view of the stack variables. But Register View does:
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,294
37,938
269
My favourite ida feature is being able to fix idas xxxx ups, like fixing stack pointer and telling it where a function is or isnt, feelsgoodman gotta get that pseudocode. A close runner up is being able to rebase ida to address 0 so that you dont have to do the math to calculate offsets, they're simply what they are in ida
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,074
78,998
2,371
Load Microsoft Symbols in IDA when debugging:

Ever wonder why CheatEngine looks like this with symbols:


but IDA doesn't? Yeah me too!

So here is how you fix that

Right click My Computer -> Properties - > Advanced - > Environment Variables - > Add New System Variable



Your new system environment variable is named:
_NT_SYMBOL_PATH

And the value:
C++:
srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Now when you debug in IDA it will load the .pdb's for all the Windows files
 
  • Like
Reactions: lsz7575

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,074
78,998
2,371
Rake;40326 said:
_NT_SYMBOL_PATH
And the value:
C++:
srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Now when you debug in IDA it will load the .pdb's for all the Windows files
I found a sexier way to do this, reduce loading time in VisualStudio/IDA etc... by downloading the symbols in bulk!
https://msdn.microsoft.com/en-us/windows/hardware/gg463028.aspx


Also some quick tips I've recently used with IDA:
Static analysis sucks if your game dynamically loads modules(like a VM)! You can Click on Debugger->Take Memory Snapshot. This snapshot is like a memory dump. But if you want to go back to static analysis, make sure you remove the Snapshot

Also if you're reversing some dynamically loaded modules and looking for strings, make sure you close and re-open the strings window while dynamically analyzing or analyzing a Memory Snapshot. IDA will re-scan and include all the strings that are dynamically loaded which will not appear during static analysis. This just helped me out big time
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,074
78,998
2,371
IDA Data Inspector toolbar that represents the data as all datatypes, maybe IDA will replace cheat engine some day afterall :p

idatips.png
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
how to learn basic of idea pro for newbie like me..please give me advice
IDA Pro isn't meant for beginners. If you aren't familiar with assembler and reversing there's no point in using IDA.
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,074
78,998
2,371
want all offsets in hex all the time?

open \cfg\hexrays.cfg

set DEFAULT_RADIX to 16

save and profit
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,074
78,998
2,371
powershell script I made to clear IDA Pro history:

the third command will remove all historical records including things you've searched for, so before you run that one go to:

HKCU:\Software\Hex-Rays\IDA\

and look at the things in the History_ folders to get an idea of what it removes

Code:
Remove-Item -Path "HKCU:\Software\Hex-Rays\IDA\History" -Recurse
Remove-Item -Path "HKCU:\Software\Hex-Rays\IDA\History64" -Recurse
get-childitem "HKCU:\Software\Hex-Rays\IDA\" -Rec -EA SilentlyContinue | ForEach-Object { if ($_.PsChildName -match "History_") {remove-item $_.PsPath } }
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,074
78,998
2,371
The IDA Pro Strings Window doesn't show unicode by default, use this powershell script I made to force it to show unicode:

C++:
$path = 'HKCU:\Software\Hex-Rays\'
$name = "StrWinStringTypes"
$value = [byte]0x00,0x01,0x02

#if key path found, just add/modify the value/data pair

If (Test-Path($path))
{
    New-ItemProperty -path $path -name $name -value $value -PropertyType Binary -Force | Out-Null
}

#if key path not found, create it first before adding value/data
Else
{
    New-Item -path $path -force
    New-ItemProperty -path $path -name $name -value $value -PropertyType Binary -Force | Out-Null
}
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods