- Joined
- Jan 9, 2008
- Messages
- 818
- Reaction score
- 847
Heya,
This option is available for almost 2 years now, and only 2 people use it. Here you have a quick explanation how to show the strings inside IDA instead of their IDs, copy pasted from Skype lol:
[0:37:45] Diamondo25: Inside STREDIt
[0:37:45] Diamondo25: Under File
[0:37:51] Diamondo25: you can export to an enumeration file
[0:37:53] Diamondo25: Do that
[0:37:57] Diamondo25: Copy the location
[0:38:01] Diamondo25: of the header file
[0:38:04] Diamondo25: Then, in IDA
[0:38:04] Diamondo25: File -> Load File -> Parse C header file
[0:38:33] Diamondo25: (Ctrl + F9)
[0:38:50] Diamondo25: when this is done, a new enum should be called (StringPoolStrings)
[0:42:15] Diamondo25: Open up StringPool::GetString inside pseudocode
[0:42:53] Diamondo25: Right click 'a2' (the argument for stringpool ID)
[0:43:03] Diamondo25: 'Set lvar type'
[0:43:17] Diamondo25: Value: StringPoolStrings
Now, every call to StringPool::GetString should show you this:
Sometimes, values are temporary saved to a register (vNN), then used as argument to StringPool::GetString. You can manually convert them by right clicking on them, and say 'Enum' (and selecting the StringPoolStrings again).
This option is available for almost 2 years now, and only 2 people use it. Here you have a quick explanation how to show the strings inside IDA instead of their IDs, copy pasted from Skype lol:
[0:37:45] Diamondo25: Inside STREDIt
[0:37:45] Diamondo25: Under File
[0:37:51] Diamondo25: you can export to an enumeration file
[0:37:53] Diamondo25: Do that
[0:37:57] Diamondo25: Copy the location
[0:38:01] Diamondo25: of the header file
[0:38:04] Diamondo25: Then, in IDA
[0:38:04] Diamondo25: File -> Load File -> Parse C header file
[0:38:33] Diamondo25: (Ctrl + F9)
[0:38:50] Diamondo25: when this is done, a new enum should be called (StringPoolStrings)
[0:42:15] Diamondo25: Open up StringPool::GetString inside pseudocode
[0:42:53] Diamondo25: Right click 'a2' (the argument for stringpool ID)
[0:43:03] Diamondo25: 'Set lvar type'
[0:43:17] Diamondo25: Value: StringPoolStrings
Now, every call to StringPool::GetString should show you this:
Sometimes, values are temporary saved to a register (vNN), then used as argument to StringPool::GetString. You can manually convert them by right clicking on them, and say 'Enum' (and selecting the StringPoolStrings again).