IDA Pro 5.0 - The graph is too big more than 1000 nodes) to be displayed on screen
I'm trying to disassemble a huge function but IDA refuses to display the function's graph due to its size.
How can IDA 5.0 be configured to display more than 1000 nodes?
This is for the free version which does not allow you to adjust the threshold.
1) Open IDA itself (idaq.exe) in IDA.
2) Go to the strings window, search for "The graph is too big" and you will find the format string that is responsible for the message.
3) Jump to its cross-reference.
4) A few lines above the instruction that pushes the format string, we see a "cmp eax, 3E8h". Since 3E8h is 1000 in decimal, we can be pretty sure that this is the part of the code that checks for the number of nodes and then don't display the graph if the number is more than 1000 nodes.
5) Now there are many ways to fix this. We could just change the "jbe" instruction to a "jmp", or replace 3E8h with some larger number such as FFFFFFFFh.
6) Since we cannot patch the file in IDA, we have to use a hex editor to open up idaq.exe. Search for the instruction "3D E8 03 00 00" and we find the location (its at 150EF for my version). For me, I just changed the "E8 03" to "FF FF".
And there you have it, removal of this arbitrary limitation.