This window can be used to differentiate the functions based on the length as well as type. Here in text mode an arrow facing up indicates a loop, the unconditional jump is indicated by solid lines and conditional jumps are shown as dashed lines.Ĥ) Functions window shows all the functions in the executable. On the other hand, the text mode presents the entire dis-assembled code of the executable under analysis. If it is green then jump is taken, and if color is blue an unconditional jump is taken. If arrow is red, a conditional jump is not taken. In graph mode the executable is broken into blocks of functions with colored arrows showing control flow between the function blocks. Graph mode view represents program control flow. This window is available in two formats: graph mode (as shown above in figure) and text mode. Code analysis is usually done in the user-written code region.ģ) Dis-assembly window is the primary window showing the assembly level code of executable under analysis. Light blue stands for library code, red is compiler-generated code and dark blue is user-written code. It represents the address space of the executable.
Here is the screenshot of the IDA Pro Desktop:ġ) The toolbar area is the space below menu bar where the tools can be docked.Ģ) Navigation band is the horizontal color band below the toolbar area which can be used to jump to particular code region of the executable under analysis. Plug-ins can be developed and supports a variety of executable formats for different processors and operating systems.
It can be used as a local or as a remote debugger on various platforms. IDA Pro is primarily a multi-platform, multi-processor dis-assembler that translates machine executable code into assembly language source code for purpose of debugging and reverse engineering.
0 kommentar(er)
