Difference between revisions of "HOWTO-Reverse Engineering"

=== Naming Methods ===

=== Naming Methods ===

Methods can be renamed using the general 'N' hotkey (as well as via the menus), and the 'Y' can be used to specify a C-like prototype for a method. This is particularly useful when some of the parameters for a method are passed using registers. By explicitly documenting what the method expects, it makes it easier to remember later on when you're reversing methods that call it. Standard methods where parameters are passed via the stack are easy, since IDA can automatically set up the function prototype for you. If a method does have parameters passed in registers, prototypes like the below can be used:

Methods can be renamed using the general 'N' hotkey (as well as via the menus), and the 'Y' can be used to specify a C-like prototype for a method. This is particularly useful when some of the parameters for a method are passed using registers. By explicitly documenting what the method expects, it makes it easier to remember later on when you're reversing methods that call it. Standard methods where parameters are passed via the stack are easy, since IDA can automatically set up the function prototype for you. If a method does have parameters passed in registers, prototypes like the below can be used:

int __usercall sub_100FB<ax>(__int8 param1<al>, int param2<bx>)

int __usercall sub_100FB<ax>(__int8 param1<al>, int param2<bx>)

</source>

</source>

When dealing with data, you'll frequently see cases like

When dealing with data, you'll frequently see cases like

mov bx, 30h

mov bx, 30h

mul bx

mul bx