I want to search for opcodes in IDA Pro like the following:
0xFF25
How can I do that?
In the "search" menu, click "sequence of bytes..." or use the default hotkey which is Alt+B.
Choose the hex radio button and type in your bytes ff 25 remembering that you will have to get the byte ordering correct for whatever type of file you are disassembling.
If you want to find all instances of that opcode, make sure to check the "Find all occurrences" button.
Related
I use CheatEngine as a debugger (and get a lot of crap for it). When I find addresses, I always write them down based on the offset from where the start of the instructions are (e.g. program.exe+402C0). It would be nice to be able to use the goto function with this method of referencing a location; is there a way to do this?
According to IDA Pro's documentation:
If the entered [goto] string can not be recognized as a hexadecimal or location name, IDA will try to interpreet it as an expression using the current script interpreter. The default interpreter is IDC.
So what you can do is define a global variable in the IDC interpreter (using the bar at the bottom of your IDA view) that identifies the base address of your module as such:
extern ModuleBaseAddress;
ModuleBaseAddress = 0x400000; // Example base address
Then whenever you want to go to the base address + offset you would simply open the Jump window (using the g-key) and type in:
ModuleBaseAddress + 0x1000 // 0x1000 is your offset
I'm new to lisp and my professor gave some .lisp files to play around with.
http://pastebin.com/eDPUmTa1 (search functions)
http://pastebin.com/xuxgeeaM (water jug problem saved as waterjug.lisp)
The problem is I don't know how to implement running functions from one file to solve problems from another. The most I've done is compiled functions from one file and played around with it in the terminal. I'm not sure how to load 2 files in this IDE as well as how I should run the function. I'm trying, for example, to run the breadth-first-search function to solve the problem to no avail.
I'm currently using emacs as the text editor SBCL as the common lisp implementation along with quicklisp and slime.
Assuming each file is in its own buffer, say f1.lisp and f2.lisp, then you only have to call slime-compile-and-load-file when you are in each buffer. This is bound by default to C-c C-k. You have to compile the first file first, because it contains definitions for the second one.
But, your second file (f2.lisp) has two problems: search for (break and (bread and remove those strings. Check if the forms around them have their parenthesis well balanced.
Take care of warning messages and errors while compiling your file.
Then, if you want to evaluate something directly from the buffer, put your cursor (the point) after the form you want to evaluate, and type C-x C-e (imagine the cursor is represented by % below):
(dump-5 (start-state *water-jug*))%
This will print the result in the minibuffer, in your case something like #<JUG-STATE {1004B61A63}>, which represents an instance of the JUG-STATE class. Keep a window open to the REPL buffer in case the functions write something to standard output (this is the case with the (describe ...) expression below).
If instead you do C-c I, this will ask you which expression you want to inspect, already filled with the form before the point. When you press enter, the inspector buffer will show up:
#<JUG-STATE {1004BD8F53}>
--------------------
Class: #<STANDARD-CLASS COMMON-LISP-USER::JUG-STATE>
--------------------
Group slots by inheritance [ ]
Sort slots alphabetically [X]
All Slots:
[ ] FIVE = 0
[ ] TWO = 2
[set value] [make unbound]
Read http://www.cliki.net/slime-howto.
I'm trying to achieve something quite simple in Quartz Composer. I'm not sure which patches to use. I'm used to Max/MSP, and I can't find an equivalent for doing something simple: send a number out of an output with a bang or toggle. In Max you just use the a float or integer object, set the number and then send it with bang. I cannot find a simple number patch, or the equivalent of a bang. Is there such a thing?
Any help would be much appreciated.
Quartz Composer isn't event-based. You'll have to manage yourself the way you want to output things.
If I understand well : you want to output a number on an event (keyboard or else, I guess) and keep it until the next event.
If you already know your values, I suggest you connect to a Number Multiplexer, for example :
keyboard -> counter -> multiplexer -> image with string -> sprite
If you don't know them :
keyboard -> sample & hold (sample input)
dynamic number -> sample & hold (value input) -> image with string -> sprite
Keyboard is there to generate your 'event'. The values won't move until the next event your throw (managed by the Counter patch Increment/Decrement inputs in the first example, by the Sample input in the second).
If I have a function that displays a large amount of output, is there a way to display it all in the terminal separately (maybe using more or less), such that, upon exiting the pager, I get the Octave's console as is?
Like so:
octave:159> retVal = func_with_lotsa_output();
octave:160>
I seem to remember a previous version of Octave doing that by default (I'm currently on 3.8.1). Right now, the output is displayed before getting the prompt at line 160 (in between 159 and 160, that is).
I tried fiddling with PAGER, but to no avail.
EDIT: I've tried PAGER("more"), PAGER("less"), PAGER("pg"). I am unsure of what flags to try in PAGER_FLAGS(). Nothing has made a difference.
"When I exit the pager, I don't want to see the pager's output lying there."
Either your pager is broken, or you just need to activate the pager, with
page_screen_output(true)
or equivalently
more on
which, according to the documentation,
Turn output pagination on or off. Without an argument, more toggles the current state. The current state can be determined via page_screen_output.
If it still does not work, try with the "less" pager:
PAGER("less")
Please take a look at Midi Event Commands, where it's explained that some events like Program Change take only one parameter.
My question is then what do you send along with this event's 2nd parameter's byte, is it 0x00? or you just entirely omit it from the event which doesn't really make sense?
Not all MIDI messages are 3 bytes long. Some are only two, and program change is one of them. For these messages, there is no second data byte.