Igor’s tip of the week #21: Calculator and expression evaluation feature in IDA

When reverse-engineering, sometimes you need to perform some simple calculations. While you can always use an external calculator program, IDA has a built-in one. You can invoke it by pressing ? or via View > Calculator.

The calculator shows the result in hex, decimal, octal, binary and as a character constant. This information is also duplicated in the Output window in case you need to copy it to somewhere else.

In addition to plain numbers, you can use names from the database, as well as register values during debugging similarly to the “Jump to address” dialog from the previous tip.

By the way, the number, address, or identifier under cursor is picked up automatically when you press ? so there’s no need to copy or type it manually.

In fact, the expression evaluation feature is provided by the IDC language interpreter built-in into IDA. You can use expressions in almost any place in IDA that accepts numbers: Jump to address, Make array, User-defined offset and so on.

You can also use any of the available IDC functions. For example, expressions like the following are possible during debugging:

get_qword(__security_cookie)^RSP

Article Link: https://www.hex-rays.com/blog/igors-tip-of-the-week-21-calculator-and-expression-evaluation-feature-in-ida/