Comments are useful to remind you of something important in the program. To add a regular comment, place the cursor on any line in the disassembly listing, and press the hotkey colon (:), this will bring up the comment entry dialog where you can enter the comments. The following listing shows the comments (starting with ;) describing individual instructions:
.text:00401006 mov [ebp+x], 1 ; x = 1
.text:0040100D mov eax, [ebp+x] ; eax = x
.text:00401010 mov [ebp+y], eax ; y = eax
.text:00401013 xor eax, eax ; return 0
.text:00401018 retn
The regular comments are particularly useful for describing a single line (even though you can enter multiple lines), but it would be great if we could group the preceding comments together to describe what the main function does. IDA offers another type of comments called function comments, which allow you to group comments and display them at the top of the function's disassembly listing. To add a function comment, highlight the function name, such as _main shown at ➐ in the previous disassembly listing, and press colon (:). The following shows the pseudocode added at the top of the _main function at ➑ as a result of using a function comment. The pseudocode can now remind you of the function's behavior:
.text:00401000 ; x = 1 ➑
.text:00401000 ; y = x ➑
.text:00401000 ; return 0 ➑
.text:00401000 ; Attributes: bp-based frame
.text:00401000
.text:00401000 ; int __cdecl main(int argc, const char **argv, const char **envp)
.text:00401000 _main proc near ; CODE XREF: ___tmainCRTStartup+194p
Now that we have used some of IDA's features to analyze the binary, wouldn't it be nice if there was a way to save the name of the variable and the comments that we added, so that next time, when you load the same binary into IDA, you don't have to follow these steps all over again?. In fact, whatever manipulation was done earlier (like renaming or adding a comment) was done to the database, not to the executable; in the next section, you will learn how easy it is to save the database.