[IDA] Show the StringPool strings instead of IDs

[Diamondo25]

Heya,

This option is available for almost 2 years now, and only 2 people use it. Here you have a quick explanation how to show the strings inside IDA instead of their IDs, copy pasted from Skype lol:

[0:37:45] Diamondo25: Inside STREDIt
[0:37:45] Diamondo25: Under File
[0:37:51] Diamondo25: you can export to an enumeration file
[0:37:53] Diamondo25: Do that
[0:37:57] Diamondo25: Copy the location
[0:38:01] Diamondo25: of the header file
[0:38:04] Diamondo25: Then, in IDA
[0:38:04] Diamondo25: File -> Load File -> Parse C header file
[0:38:33] Diamondo25: (Ctrl + F9)

[0:38:50] Diamondo25: when this is done, a new enum should be called (StringPoolStrings)

[0:42:15] Diamondo25: Open up StringPool::GetString inside pseudocode
[0:42:53] Diamondo25: Right click 'a2' (the argument for stringpool ID)
[0:43:03] Diamondo25: 'Set lvar type'
[0:43:17] Diamondo25: Value: StringPoolStrings

Now, every call to StringPool::GetString should show you this:

Sometimes, values are temporary saved to a register (vNN), then used as argument to StringPool::GetString. You can manually convert them by right clicking on them, and say 'Enum' (and selecting the StringPoolStrings again).

 

[Chikn]

On topic: Nice. A useful release :

Off topic: How can we (noobs at IDA) can name the functions in IDA faster? There is anyway? Can we use aob to do it? Can you write a guide about it? Pl0x.

 

[Diamondo25]

On topic: Nice. A useful release :

Off topic: How can we (noobs at IDA) can name the functions in IDA fasters? There is anyway? Can we use aob to do it? Can you write a guide about it? Pl0x.

You can use my other release (IDC script with the names) for a quick analyze. You can add AoB's to find more functions easier.
Also, FLIRT signatures are possible.

 

[Fraysa]

Very cool, wasn't aware of this. Thanks for sharing!

 

[sunnyboy]

LMAO. You showed me over skype and just pasted the chat logs on how to GG