Contents
What kind of address space does Ida have?
Internally, IDA has 32-bit linear address space (IDA64 uses 64-bit address space). The internal addresses are called “linear addresses”. The input program is loaded into this linear address space.
What are the names of the files in IDA Pro?
On my version of IDA Pro, the loaders directory contains the following files: dbg.llx, elf.llx, macho.llx, pe.llx. In our case, it was the pe.llx that was able to recognize the analyzed file and display itself as the “Portable executable for 80386” option.
How do you create a segment in Ida?
Normally a SegmentBase is a 16bit quantity. To create a segment with base >= 0x10000, you need to use selectors. However, if you try to create a segment with a segment base >= 0x10000, IDA will automatically choose appropriately a free selector and setup for the new segment. All SegmentBases are looked up in the selector table.
Which is the most important part of IDA Pro?
The most important and basic part of IDA Pro that we need to understand is its graphical user interface, since we’ll probably be using it a lot, as otherwise we wouldn’t be reading this article. So far, after we’ve loaded the meterpreter.exe executable, IDA will look like the picture below:
What does address mean in hex IDA Pro?
This addressing mode refers to memory relative to the next instruction (not the current, because RIP points to the next instruction). If you do the math, you will see that 0x0062D15A + 0x009360C7 is 0x00F63221. To refer to bbb, you need to calculate 0x00F6322D – ( 0x0062D15A + 7 ).
Is there a free version of IDA Pro?
Although it costs a lot, there’s still a free version available. I downloaded IDA Pro 6.2 limited edition, which is free but only supports disassembly of x86 and ARM programs. Otherwise, it supports a myriad of other platforms, which we won’t need here.
How to create segments with the same virtual address in Ida?
More than that, IDA allows to create several segments with the same virtual address in them. For this, you just need to create segments with correct segment base values. Normally a SegmentBase is a 16bit quantity. To create a segment with base >= 0x10000, you need to use selectors.