After the executable has been loaded, you will be presented with the disassembly window (also known as the IDA-view window). This is the primary window, and it displays the disassembled code. You will mostly be using this window for analyzing binaries.
IDA can show the disassembled code in two display modes: Graph view and Text view. Graph view is the default view, and when the disassembly view (IDA-view) is active, you can switch between the graph and text views by pressing the spacebar button.
In the graph view mode, IDA displays only one function at a time, in a flowchart-style graph, and the function is broken down into basic blocks. This mode is useful to quickly recognize branching and looping statements. In the graph view mode, the color and the direction of the arrows indicate the path that will be taken, based on a particular decision. The conditional jumps use green and red arrows; the green arrow indicates that the jump will be taken if the condition is true, and the red arrow indicates that the jump will not be taken (normal flow). The blue arrow is used for an unconditional jump, and the loop is indicated by the upward (backward) blue arrow. In the graph view, the virtual addresses are not displayed by default (this is to minimize the amount of space required to display each basic block). To display virtual address information, click on Options | General and enable line prefixes.
The following screenshot shows the disassembly of the main function in the graph view mode. Notice the conditional check at the addresses 0x0040100B and 0x0040100F. If the condition is true, then the control is transferred to the address 0x0040101A (indicated by a green arrow), and if the condition is false, the control gets transferred to 0x00401011 (indicated by a red arrow). In other words, the green arrow indicates jump and the red arrow indicates the normal flow:
In the text view mode, the entire disassembly is presented in a linear fashion. The following screenshot shows the text view of the same program; the virtual addresses are displayed by default, in the <section name>:<virtual address> format. The left-hand portion of the text view window is called the arrows window; it is used to indicate the program's nonlinear flow. The dashed arrows represent conditional jumps, the solid arrows indicate unconditional jumps, and the backward arrows (arrows facing up) indicate loops:
