3.6 Zoom

The zoom is a print mode that allows you to get a global view of the whole file or memory map in a single screen. Each byte represents file_size/block_size bytes of the file. Use the pO (zoom out print mode) to use it, or just toggle 'z' in the visual mode to zoom-out/zoom-in.

The cursor can be used to scroll faster thru the zoom out view and pressing 'z' again to zoom-in where the cursor points.

zoom.byte values:
 F : number of 0xFF
 f : number of flags
 c : code (functions)
 s : strings
 t : traces (opcode traces)
 p : number of printable chars
 e : entropy calculation
 * : first byte of block

For example. let's see some examples:

[0x08049790]> pO
   offset   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0 1  0123456789ABCDEF01
0x00001790, 7fc7 0107 0141 b9e9 559b 3b85 f87d 7f89 ff05 .....A..U.;..}....
0x00007730, 04c0 8505 c78b 7555 7dc3 0584 f8b0 8985 8900 ......uU}.........
0x0000D6D0, 8b55 1485 fbff ffff ff50 83d0 6620 2020 6561 .U.......P..f   ea
0x00013670, 6918 7f57 cc74 002e 2400                     i..W.t..$.   

[0x08049790]> eval zoom.byte = printable
[0x08049790]> pO
   offset   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0 1  0123456789ABCDEF01
0x00001790, 7fc7 0107 0141 b9e9 559b 3b85 f87d 7f89 ff05 .....A..U.;..}....
0x00007730, 04c0 8505 c78b 7555 7dc3 0584 f8b0 8985 8900 ......uU}.........
0x0000D6D0, 8b55 1485 fbff ffff ff50 83d0 6620 2020 6561 .U.......P..f   ea
0x00013670, 6918 7f57 cc74 002e 2400                     i..W.t..$.        

[0x08049790]> pO
   offset   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0 1  0123456789ABCDEF01
0x00001790, 0202 0304 0505 0505 0505 0505 0505 0605 0505 ..................
0x00007730, 0505 0505 0505 0505 0505 0606 0505 0505 0605 ..................
0x0000D6D0, 0505 0405 0505 0505 0505 0505 0303 0303 0405 ..................
0x00013670, 0403 0405 0404 0304 0303                     ..........        

[0x08049790]> eval zoom.byte = flags
[0x08049790]> pO
   offset   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0 1  0123456789ABCDEF01
0x00001790, 0b04 1706 0400 0000 0000 0000 0000 0000 0000 ..................
0x00007730, 0000 0000 0000 0000 0000 0000 0000 0000 0000 ..................
0x0000D6D0, 0000 0000 0000 0000 0000 000d 1416 1413 165b .................[
0x00013670, 1701 0e23 0b67 2705 0f12                     ...#.g'...        

[0x08049790]> eval zoom.byte = FF    
[0x08049790]> pO
   offset   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0 1  0123456789ABCDEF01
0x00001790, 0000 0000 0000 0001 0000 0001 0000 0000 0200 ..................
0x00007730, 0000 0100 0000 0000 0000 0000 0000 0101 0000 ..................
0x0000D6D0, 0000 0001 0201 0202 0100 0000 0000 0000 0000 ..................
0x00013670, 0000 0000 0002 0000 0000                     ..........        

In the debugger, the zoom.from and zoom.to eval variables are defined by .!maps* to fit the user code sections of memory of the target process.

BTW you can determine the limits for performing a zoom on a range of bytes of the whole bytespace by using the zoom.from and zoom.to eval variables.

[0x465D8810]> e zoom.
zoom.from = 0x08048000
zoom.to = 0x0805f000
zoom.byte = head

NOTE: These values (0x8048000-...) are defined by the debugger to limit the zoom view while debugging to only visualize the user maps of the program.