2

I'm new with IDA pro and currently running with debugger, I have few questions:

  1. How can I jump on previous instruction? Undo the latest instruction ?
  2. Is it possible in IDA to examine memory of an executable ? Like it is in Immunity Debugger? Something like this and examine each segment briefly like it is in Immunity Debugger ?
perror
  • 19,083
  • 29
  • 87
  • 150
Rasty
  • 129
  • 2
  • check those: https://reverseengineering.stackexchange.com/questions/1909/how-to-display-memory-zones-content-on-ida-pro or https://reverseengineering.stackexchange.com/questions/11869/how-to-change-address-in-the-hex-view-in-ida-debugger or https://reverseengineering.stackexchange.com/questions/12087/how-to-display-dump-data-in-ida-debugger – PhoeniX May 26 '17 at 17:24
  • 3
    To jump back to a previous instruction in the disassembly view, just press ESC – Martin Jun 25 '17 at 20:08

2 Answers2

1

As for the first point, in order to go back to instruction that was already executed (under the debugger), one needs to use a feature called reverse debugging (or Time Travel Debugging). As far as I know IDA's debugger doesn't have this.

Some other tools that you could use to do a reverse debugging:

Paweł Łukasik
  • 4,912
  • 1
  • 14
  • 27
0

Debugging a program means executing its instruction on your CPU, "undoing" the last instruction is usually not possible with a standard debugger.

But you can debug your program in a virtual machine, take memory snapshots at given points while debugging, and restore those snapshots.

user2823000
  • 565
  • 2
  • 9