IDA: Cross References / Xrefs

by Dejan Lukan
Oct. 8, 2017 0 comments INFOSEC Institute Encryption & Authentication

Cross references can help us determine where certain functions were called from, which can be useful for a number of reasons. Let’s say that we found the function we’re interested in for whatever reason: maybe it contains a vulnerable code, we could use to execute malicious shellcode or maybe it does the actual encryption of the data we’re interested in. Once we’ve located the function, we must determine how the program execution leads to the execution of that function. Usually, we would have to set a breakpoint at that function and run the program and let the breakpoint be caught; then we would have to check the previous stack frames to determine which functions were previously called that led to the current function. We would have to backtrace the program execution function by function, manually, which can take a lot of time. But Ida can help us by doing that automatically with the use of cross references.