How can I get IDA Pro to “see” xrefs to a string?
https://stackoverflow.com/questions/1932129
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Currently, I'm disassembling a Mach-O executable in IDA Pro. I've gone through and found the string I'm interested in, but when I try to find xrefs to it, none can be found. I'm sure that the strings are referenced in the original code, but IDA Pro doesn't seem to be able to find out how they are referenced.
Are there any tricks that can be performed to get IDA Pro to see the xrefs?
Solution
Have you given it enough time for it to have analyzed the entire program? If there is a reference, it might be some time before it finds it in a large program.
It's also possible that it is referenced by instructions for which IDA can't find a flow path to. This can happen with jump tables where IDA isn't able to guess the size of the table. The reason for the I in IDA is that you look at the instructions which need judgment and proper interpretation and set them to the appropriate type so IDA can do most of the work.
OTHER TIPS
It is possible that the string belongs to a string array and the first element of the string is reference by IDA Pro.
Example:
str_table dd offset str1 ; ^xrefs: display_message(int idx)
dd offset str2
dd offset 0x1234 (if you press ctrl+o it may resolve to mystr)
mystr db "Hello world"
So, try to find reference to strings near by your string, and see if they belong to a table, create an array, etc...
idc script function add_dref() would be the one you are looking for.
