The -r command line switch is used to run the built-in debugger without creating a database in advance. The format is this switch is:
-rdebname{params}:pass@hostname:port+pid
The explanation of the fields:
debname Debugger name. Should contain the debugger
module name. Examples: win32, linux. This prefix
can be shortened or even completely
omitted if there is no ambiguity
params Optional parameter for the debugger module
The parameters from the appropriate configuration file
can be specified here, separated by semicolons.
pass Password for the remote debugger server
hostname Host name or address of the remote debugger server.
IPv6 addresses need to be enclosed in [].
port Port number to use to connect to the debugger server
pid PID of the process to attach
All fields except the first one are optional. Also, the pid field can be specified as '+'. IDA will display the process list to attach. See examples below for typical command lines:
ida -rwin32 file args
Run 'file' with command line 'args' in the local debugger
We have to specify the debugger name to avoid ambiguities.
ida -rwindbg+450
Attach to process 450 on the local machine using the windbg backend
ida -rl:hippy@mycom:4567+
Connect to the remote linux computer 'mycom' at port 4567 using the
password 'hippy' and display the list of processes running on it.
Allow the user to select a process and attach to it.
ida -rl@mycom /bin/ls e*
Run '/bin/ls' command on the 'mycom' computer using the remote
debugger server on Linux. Use an empty password and the
default port number. Pass "e*" as the parameter to /bin/ls.
ida -rl@mycom whobase.idb
Run '/usr/bin/who' command on the 'mycom' computer using the
remote linux debugger server. Use an empty password and the
default port number. IDA will extract the name of the
executable from the whobase.idb file in the local current
directory. If the database does not exist, then this command
will fail.
ida "-rwindbg{MODE=1}@com:port=\\.\pipe\com_1,baud=115200,pipe,reconnect+"
Attach using windbg in kernel mode. The connection string is
"com:port=\\.\pipe\com_1,baud=115200,pipe,reconnect". A mini database
will be created on the fly.
When the -r switch is used, IDA works with the databases in the following way:
- if a database corresponding to the input file exists and
the -c switch has not been specified, then IDA will use the
database during the debugging session
- otherwise, a temporary database will be created
Temporary databases contain only meta-information about the debugged process and not the memory contents. The user can make a memory snapshot any time before the process stops. If IDA detects that a command will cause the process to exit or detach IDA, it will propose to make a snapshot.
The rest of the command line is passed to the launched process.
In the case there is no input file (when attaching to an existing process, for example), then the temporary database is created in the standard temporary directory. For Windows, this directory is usually "Local Setting\Temp" in the user profile directory.
