Enhancing Disassembly
One of IDA Pro’s best features is that it allows you to modify its disassembly to suit your goals. The changes that you make can greatly increase the speed with which you can analyze a binary.
Warning
IDA Pro has no undo feature, so be careful when you make changes.
Renaming Locations
IDA Pro does a good job of automatically naming virtual address and stack variables, but you
can also modify these names to make them more meaningful. Auto-generated names (also known as
dummy names) such as sub_401000
don’t
tell you much; a function named ReverseBackdoorThread
would be a lot more useful. You should rename these dummy names to something more meaningful. This will also help ensure that you reverse-engineer a function only once. When ...
Get Practical Malware Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.