我怎样才能让IDA Pro“看到”外部参照字符串?
目前,我正在 IDA Pro 中反汇编 Mach-O 可执行文件。我已经浏览并找到了我感兴趣的字符串,但是当我尝试查找它的外部参照时,却找不到。我确信原始代码中引用了这些字符串,但IDA Pro似乎无法找出它们是如何引用的。
是否有任何技巧可以让 IDA Pro 查看外部参照?
Currently, I'm disassembling a Mach-O executable in IDA Pro. I've gone through and found the string I'm interested in, but when I try to find xrefs to it, none can be found. I'm sure that the strings are referenced in the original code, but IDA Pro doesn't seem to be able to find out how they are referenced.
Are there any tricks that can be performed to get IDA Pro to see the xrefs?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您是否给了它足够的时间来分析整个程序?如果有引用,可能需要一段时间才能在大型程序中找到它。
也有可能它被 IDA 找不到流路径的指令引用。这种情况可能发生在 IDA 无法猜测表大小的跳转表中。 IDA 中使用
I的原因是您查看需要判断和正确解释的指令,并将它们设置为适当的类型,以便 IDA 可以完成大部分工作。Have you given it enough time for it to have analyzed the entire program? If there is a reference, it might be some time before it finds it in a large program.
It's also possible that it is referenced by instructions for which IDA can't find a flow path to. This can happen with jump tables where IDA isn't able to guess the size of the table. The reason for the
Iin IDA is that you look at the instructions which need judgment and proper interpretation and set them to the appropriate type so IDA can do most of the work.该字符串可能属于字符串数组,并且该字符串的第一个元素被 IDA Pro 引用。
示例:
因此,尝试查找对字符串附近的字符串的引用,并查看它们是否属于表、创建数组等...
It is possible that the string belongs to a string array and the first element of the string is reference by IDA Pro.
Example:
So, try to find reference to strings near by your string, and see if they belong to a table, create an array, etc...
idc 脚本函数
add_dref()将是您正在寻找的函数。idc script function
add_dref()would be the one you are looking for.