Hello,

I'm using IDA Pro 5.5 and when I'm looking at function i can see only sub_xxxxxxx when in several demos that I saw there are real names to the function, from my Google search I've understood that it might be something about "symbols" but I couldn't fully understand it. Could you please help me understand the problem?

Thanks,

I can help with this one.

Let's say I'm writing an app, and I create a function like this:



If I compile this into an app in debug mode, and then run it through IDA, my function name will show up. When I select to compile the program for "release mode", one of the options is normally for the compiler to NOT generate debugging info (which is called symbols). So, when IDA reads through the app, my function name is nowhere to be found, and that being the case, it assigns the address to the function. So, if this function compiles to $401000, it'll be called sub_401000 in IDA. And, there's nothing you can do to get the symbols, they're simply just not there.

Does that make sense?

It make sense, but, i still didn't fully got it...what options in IDA should I use to get the symbols if they are there? and as I understood there is something called "Windows symbols" that need to be downloaded when to get the fucntion names of windows dll for example, is it true?

Thanks for the help

You shouldn't be using IDA if you cannot understand symbols/debug data stripping/PDB-DBG conflicts/export names vs variable names.

You need to understand compiling with and without debug symbols. Get a good book on debugging, understand the first couple of chapters, THEN try out IDA.

Your work will be much easier and faster.

Peace.

Have Phun

If you are interested in obtaining symbols for a Windows binary then a decent place to start is here:

http://www.microsoft.com/whdc/DevTools/Debugging/debugstart.mspx

Additionally, if a program has been linked with debugging symbols IDA typically prompts you to attempt downloading symbols if they are available. If IDA fails to locate them but you are successful you can open a symbol file (often with the extension .pdb) within IDA by clicking File->Load file->PDB file. Aside from this, I recommend you take a look at the IDA Pro Book by Chris Eagle. It is extremely well written and despite covering an older version of IDA contains a plethora of valuable information for the new reverser.