We’ve covered choosers previously and talked about searching, sorting and filtering. The default filter (Ctrl–F shortcut) is pretty simple: it performs case-insensitive match on any column of the list.
Advanced filters
Advanced filter dialog is accessible via the context menu entry “Modify filters…” or the shortcut Ctrl–Shift–F
In the dialog you can:
- match any or a specific column;
- perform an exact match (is/is not) or partial (contains/doesn’t contain, begins/ends with);
- perform a lexicographical comparison (less than/more than);
- decide whether a specific filter excludes, includes, or highlights matches;
- disable and enable filters individually;
- use case-sensitive matching or regular expressions.
Examples
The following set of filters excludes functions which start with sub_, or situated in segments extern (external functions) and .plt (PLT thunks for external functions). This way only the functions defined inside the binary which have non-dummy names are shown:
Highlight any function with name ending in _NNN where NNN is a sequence of decimal numbers:
The highlight color can be changed by clicking the “Highlight button”.
Show only functions which were detected by IDA as non-returning:
NOTE: the examples listed apply to the Functions list but these filters are available in any chooser (list view) in IDA: Imports, Exports, Names, Local Types etc.
See also:
Igor’s tip of the week #36: Working with list views in IDA
Article Link: Igor’s Tip of the Week #131: Advanced filters in choosers – Hex Rays