Numerical Systems
The commonly used numerical systems are: binary, decimal, and hexadecimal.
Binary: Represents numbers using only the characters 0 and 1.
Decimal: Represents numbers using the characters 0 to 9.
Hexadecimal: Represents numbers using the characters 0 to 9 and A to F.
In Python, if you enter 0x45 in the interactive shell, the 0x at the beginning will be interpreted as a hexadecimal number. Pressing enter will convert 0x45 to a decimal number, and the output will be 69.
To convert a decimal number to a hexadecimal number in Python, you can use the hex() function.
The bin() function converts numbers from other bases to binary. The output is 1000101. The 0b at the beginning indicates that it is a binary number.
To convert decimal and hexadecimal numbers to binary:
To convert a binary number to decimal and hexadecimal:
All directly inputted numbers will be converted to decimal after pressing enter. You can use the hex() and bin() functions in Python to convert them to hexadecimal or binary.
To make it more convenient, you can open the built-in converter in IDA by selecting VIEW-CALCULATOR from the menu. This converter can display the results of converting numbers to various bases and also shows the corresponding ASCII characters. For example, the character corresponding to 0x45 is E.
Almost all reverse engineering work involves hexadecimal numbers. The question is how to represent a negative number in 32-bit hexadecimal. In a 32-bit binary number, the first bit (bit 0) is used to represent positive numbers (0) or negative numbers (1).
In the calculator, if you add 1 to 0x7fffffff, the highest bit becomes 1 and the other bits become 0.
The IDA converter assumes all inputted numbers are positive unless we add a "-" sign in front of the number. The maximum negative number, -1, corresponds to the hexadecimal value 0xffffffff, and the minimum negative number corresponds to 0x80000000. If we don't consider positive or negative, all numbers from 0 to 0xffffffff are positive. Considering positive or negative, 0x0 to 0x7fffffff are all positive numbers, and 0xffffffff to 0x80000000 are all negative numbers.
ASCII Characters
Hexadecimal to Character
The chr() function is used to convert hexadecimal to character.
Search Function in IDA
- Next Code: This function is used to search for the next executable instruction (CODE). If there is a part that is not an executable instruction, it will be skipped.
- Next Data: This function is used to search for the next data.
- Next Explored: This function is used to search for the next executable instruction or data.
- Next Unexplored: This function is used to search for the next non-executable instruction and non-data.
Search Immediate: This function is used to search for constants in executable instructions and data.
Open a new window to display the search results.
Search Text: This function is used to search for the inputted text, supporting regular expressions. If you select a single search, you need to use Next Text to continue the search.
Search Result View
Search Sequence of Bytes: This function is used to search for the inputted sequence of bytes.
Search Result View
Clicking on the corresponding search result will take you to the disassembly view in IDA.
Search Not Function: This function is used to search for the next incomplete function.
The RET instruction at address 004013D7 cannot be recognized as a function. Sometimes, some functions cannot be recognized by IDA due to illegal instructions.