So far, we have seen how IDA performs analysis on our program and how it adds dummy names. The dummy names are useful, but these names do not tell the purpose of a variable. When analyzing malware, you should change the variable/function names to more meaningful names. To rename a variable or an argument, right-click on the variable name or argument and select rename (or press N); this will bring up the following dialog. After you rename it, IDA will propagate the new name to wherever that item is referenced. You can use the rename feature to give meaningful names to the functions, and variables:

Changing the name of var_4 to x and var_8 to y in the preceding code would result in the new listing shown here:

.text:00401006    mov [ebp+x], 1
.text:0040100D    mov eax, [ebp+x]
.text:00401010    mov [ebp+y], eax
.text:00401013    xor eax, eax
.text:00401018    retn

You can now translate the preceding instructions to pseudocode (as covered in the previous chapter). To do that, let's make use of the comment feature in IDA.