I am using IDA freeware debugger to debug an .exe file. I placed a breakpoint in the program. As shown on the image below. I need to know what value is in the "eax" register at that point (this is highlighted in yellow on the image below). Is there any way to find this value?
Asked
Active
Viewed 2,294 times
0
constantlyFlagged
- 360
- 1
- 19
1 Answers
2
The register dump is right there in the upper-right pane of the display. It shows the 64-bit registers, but EAX is just the low 32 bits of RAX (see What do the E and R prefixes stand for in the names of Intel 32-bit and 64-bit registers?). So just read the 8 rightmost hex nibbles. EAX at this point in the program has the value 0xCB7475E2.
You can likewise read off the values of the other partial registers. AX = 0x76E2, AH = 0x76, AL = 0xE2.
Nate Eldredge
- 48,811
- 6
- 54
- 82
-
Is there anyway to change the register view in IDA (let's say the Pro version) to show the 32-bit, 16-bit, and 8-bit registers in their own view? Yeah, it is possible to just look at the offset, but it would be nice if the GUI just separated it all out for you in a nice view. – Code Doggo Mar 19 '22 at 19:36
-
1@CodeDoggo: I don't know, sorry. I don't actually use IDA. You could ask a new question about this. – Nate Eldredge Mar 19 '22 at 20:43