Although in general case the problem of correct disassembly is unsolvable, in practice it can get pretty close. IDA uses various heuristics to improve the disassembly and make it more readable, such as converting numerical values to offsets when it “looks plausible”. However, this is not always reliable or successful and it may miss some. To help you improve things manually, in some cases IDA can give you a hint.
Suspiciousness Limits
In IDA’s Options dialog on the Disassembly tab, there are two fields: Low suspiciousness limit and High suspiciousness limit. What do they mean?
Whenever IDA outputs an instruction operand with the numerical value in that range, and it does not yet have an explicitly set type (i.e. it has the default AKA void type), it will use a special color (orange in the default color scheme):
In such situation, you could, for example, hover your mouse over the value to see if the target looks like a valid destination, and convert it to an offset either using a hotkey (O) or via the context menu.
Changing the Suspiciousness Limits
Initial values of the limits are taken from the input file’s loaded address range. If the valid address range changes (for example, if you rebase the database or create additional segments), it may make sense to update the ranges so you can see more of potential addresses. Conversely, you can also change the values to exclude some ranges which are unlikely to be valid addresses to reduce the false positives.
See also: IDA Help: Low & High Suspicious Operand Limits
Article Link: Igor’s tip of the week #90: Suspicious operand limits – Hex Rays