Even though most manipulations with binaries can be done directly in IDA, you may occasionally need to use other tools. For example, Binwalk for basic firmware analysis, or a hex editor/viewer to find interesting patterns in the file manually.
Let’s say you found an interesting text or byte pattern at some offset in the file and want to look at it in IDA. In case of raw binary (e.g. a firmware) loaded at 0, the solution is simple: you can use “Jump to address” action since addresses are equivalent to file offsets. But in case of a structured file like PE, ELF, or Mach-O, this can get quite complicated.
Luckily, IDA keeps a mapping of file offsets to addresses when it loads the file, so in such cases, you can use Jump > Jump to file offset… action.
You can confirm that you ended up at the correct place by checking the first field of IDA View’s status bar:
NB: in some cases the action might fail because IDA does not always load all parts of the file. For example, the PE header may not be loaded by default. Also, extra data which is not present in memory at runtime (such as file’s overlay/trailing data, debug info, or other metadata) is usually not loaded into the database. However, in some cases you can load it using manual load option.
The action may also fail if there is no 1-to-1 mapping between the file and loaded data (e.g. data on disk was compressed).
See also:
Igor’s tip of the week #20: Going places
Igor’s tip of the week #61: Status bars
Article Link: Igor’s Tip of the Week #169: Jumping to a file offset – Hex Rays