Search

In this menu, you can select a command to search for something in the disassembly. Searches are relatively slow and your previous position is saved in the .

You can search for:

(instructions that need your attention)
in both - (up and down).

See also

menu for fast navigating.
submenus

Search for next suspicious operand

Action    name: JumpSuspicious

Data arrays are considered to be suspicious if the first element of the data array is within the lower and upper suspicious limits. Values of other elements are not examined.

NOTE: We strongly recommend that before producing an ASM file you go through all 'suspicious' marks and get rid of them. After this you have a certain level of confidence that the file has been disassembled correctly.

Search for next code

Action    name: JumpCode

Search for next data

Action    name: JumpData

Search for next unexplored byte

Action    name: JumpUnknown

Search for next explored byte

 Action    name: JumpExplored

Search for next instruction/data with the specified operand

 Action    name: AskNextImmediate

This command searches for the first instruction or data byte that contains the specified immediate value. The command is relatively slow (but much faster than the text search), because it disassembles each instruction to find the operand values.

If the immediate value in an instruction has been logically or bitwise negated, then this command will check against the modified value. Example:

        mov al, -2

will be found if the user searches for the immediate value 2 but not when he searches for 0xFE.

If the checkbox "any untyped value" is checked, then the "value" field is ignored. IDA will look for all immediate values without type in this case.

Repeat search for instruction/data with the specified operand

 Action    name: JumpImmediate

Search for substring in the disassembly

 Action    name: AskNextText

Note that this command searches the same as what you see on your screen (and not in binary image).

Repeat search for substring in the disassembly

Action    name: JumpText

Search for substring in the file

Action    name: AskBinaryText

This command searches for the specified substring in the file being disassembled. This command can be used for fast lookups of text strings in the executable file or even to find references to a data. You can interrupt it pressing Ctrl-Break.

The substring is specified like this:

        "This is substring to search"

i.e. in the double-quotes. Also you can specify individual byte values as numbers:

        6A 10

For example, if you want to find a reference to the following string:

 35F2:106A      db 'Hello',0

you could search for number 106A in the file.

See also

Repeat search for substring in the file

Action    name: JumpBinaryText

Search for bytes not belonging to any function

Action    name: JumpNotFunction

Set Direction for Searches

 Action    name: SetDirection

The current direction for searches is displayed in the right upper corner of the screen. Using this command, you can toggle the display.

Find all suspicious operands

Action    name: FindAllSuspicious

This command searches for all suspicious operands and presents a list of them. You may use this list to examine the operands and modify them as needed.

See also

Search for next string with error

Action    name: JumpError

This commands searches for the 'error' operands. Usually, these operands are displayed with a red color.

Below is the list of probable causes of error operands:

        - reference to an unexisting address
        - illegal offset base
        - unprintable character constant
        - invalid structure or enum reference
        - and so on...

Find all errors

Action    name: FindAllErrors

This command searches for all strings containing any error and presents a list of them. You may use this list to examine errors and correct them as needed.

See also

Last updated 8 months ago

Was this helpful?