LogoLogo
IDA 8.4
IDA 8.4
  • Welcome to Hex-Rays docs
  • User Guide
    • User Interface
      • Menu Bar
        • File
          • Load file
          • Script File
          • Script command
          • Produce output files
          • Invoke OS Shell
          • Take database snapshot
          • Save database
          • Save database as...
          • Abort IDA
          • Exit IDA
        • Edit
          • Export data
          • Undo an action
          • Redo an action
          • Clear undo history
          • Disable undo
          • Convert to instruction
          • Convert to data
          • Convert to string literal
          • Convert to array
          • Undefine a byte
          • Give Name to the Location
          • Operand types
            • Offset
            • Number
            • Perform en masse operation
            • Convert operand to character
            • Convert operand to segment
            • Complex Offset Expression
            • Convert operand to symbolic constant (enum)
            • Convert operand to stack variable
            • Change operand sign
            • Bitwise negate operand
            • User-defined operand
            • Set operand type
          • Comments
          • Functions
          • Structures
            • Enums
          • Segments
          • Patch core
          • Other
            • Rename Any Address
          • Plugins
        • Jump
          • Center current line in window
          • Problems List
        • Search
          • REGULAR EXPRESSION SYNTAX SUMMARY
        • View
          • Open subviews
          • Graphs
          • Message Window
          • Arrows window
          • Database snapshot manager
          • Highlighting identifiers
          • Browser options
          • Lumina options
          • Assembler level and C level types
          • C++ type details
          • Bookmarks window
          • Calculator
          • View segment registers
          • View Internal Flags
          • Hide
          • Unhide
          • Del hidden range
          • Hide all items
          • Unhide all items
          • Setup hidden items
        • Debugger
          • Debugger window
          • Process Control
            • Start process
            • Process options
            • Pause process
            • Terminate process
            • Step into
            • Step over
            • Run to cursor
            • Run until return
            • Attach to process
            • Detach from process
            • Set current ip
            • Show application screen
          • Breakpoints
          • Watches
          • Tracing
          • Source code view
            • Watch view (source level)
          • Process Memory
            • Take memory snapshot
            • Manual memory regions
            • Refresh memory
          • Thread list
          • Module list
          • Stack trace
          • Exceptions
          • Debugger options
          • Switch debugger
        • Lumina
        • Options
          • Low & High Suspicious Operand Limits
        • Windows
          • Rename a stack variable
          • Miscellanous Options
          • Environment variables
          • Reset Hidden Messages
          • Various dialog help messages
        • List of all menu options
      • Desktops
      • Command line
      • How To Use List Viewers in IDA
      • Licenses
        • Apache License for Ghidra
        • Apache License for LLVM
        • Common Public License Version 1.0
        • APPLE PUBLIC SOURCE LICENSE
        • PCRE2 LICENCE
        • GNU Lesser General Public License v2.1 for libiberty
      • Database conversion from idb to i64
    • Disassembler
      • Interactivity
      • Background Analysis
      • Graph view
        • Graphing tutorial
      • Proximity view
      • Navigation
        • Anchor
        • How to Enter a Segment Value
        • How to Enter a Number
        • How to Enter an Identifier
        • How to enter text
        • How to Enter an Address
      • Disassembly Gallery
        • Philips 51XA-G3
        • 6502 and 65C02 Disassembler
        • 6301, 6303, 6800, 6801 and 6803 Disassembler
        • 68040, Amiga
        • 6805 Disassembler
        • 6808 Disassembler
        • 6809 OS9 Flex Disassembler
        • 6809 Disassembler
        • 6811 Disassembler
        • 68HC12 Disassembler
        • 68HC16 Disassembler
        • 68k Amiga Disassembler
        • 68k Mac OS
        • 68k Palm Pilot
        • Unix COFF
        • NEC 78k0 and 78k0s Processor
        • 80196 Processor
        • 8051 Disassembler
        • Analog Devices 218x.
        • Alpha Processor – NT COFF
        • Alpha Processor – Unix ELF
        • Android ARM Executables (.elf)
        • ARC Processor
        • ARM Processor EPOC App
        • ARM Processor EPOC PE File
        • ARM Processor EPOC ROMFile
        • EPOC SIS File Handler
        • ARM Processor iOS (iPhone): Unlock
        • ARM Processor iOS (iPhone): Objective-C metadata
        • ARM Processor iOS (iPhone): Objective-C Instance variables
        • ARM Processor iOS (iPhone): Parameter Identification & Tracking (PIT)
        • ARM Processor iOS (iPhone): Start
        • ARM Processor iOS (iPhone): Switch statements
        • ARM Processor iOS (iPhone): C++ signatures
        • ARM Processor iOS (iPhone): Write
        • ARM Processor: Linux ELF
        • ARM Processor: AOF SDK
        • ARM Processor: Windows CE COFF Format
        • ARM Processor: Windows CE PE Format
        • ATMEL AVR Disassembler
        • C166 Processor
        • C166 Processor with ELF file
        • Rockwell C39
        • Microsoft .NET CLI Disassembler. VisualBasic library
        • CR16
        • Android Dalvik Executables (.dex)
        • Microsoft .NET CLI Disassembler
        • DSP56K
        • Fujitsu FR (.elf)
        • Gameboy
        • H8 300: COFF FILE Format
        • H8 300s: COFF FILE Format
        • H8 500
        • HPPA Risc Processor: HP-UX SOM
        • i51
        • i860
        • Intel i960
        • Intel IA-64 (Itanium)
        • Java Bytecode
        • Angstrem KR 1878
        • Renesas/Hitachi M16C
        • Renesas/Hitachi M32R
        • M740
        • M7700
        • M7900
        • MIPS Processor: Nintendo N64
        • MIPS R5900 Processor : Sony bin
        • MIPS Processor: Sony ELF
        • MIPS Processor: Sony PSX
        • MIPS Processor: Sony PSX
        • MIPS Processor: Unix COFF File Format
        • MIPS Processor: Unix ELF File Format
        • MIPS Processor: Windows CE PE File Format
        • MIPS Processor: Windows CE PE2 File Format
        • Panasonic MN102
        • Atmel OAK DSP
        • 80×86 Architecture: DOS Extender
        • 80×86 Architecture: Watcom Runtime
        • 80×86 Architecture: Geos APP
        • 80×86 Architecture: Geos DRV
        • 80×86 Architecture: Geos LIB
        • 80×86 Architecture: GNU COFF Format
        • 80×86 Architecture: OS/2 Linear Executable Format
        • 80×86 Architecture: Netware NLM
        • 80×86 Architecture: QNX Executable
        • 80×86 Architecture: Watcom Runtime
        • 80×86 Architecture: Windows OMF
        • 80×86 Architecture: Windows Portable Executable Format
        • 80×86 Architecture: Windows Virtual Device Driver
        • 80×86 Architecture: Windows 16 bits DLL
        • X-Box Disassembler
        • PDP 11: SAV File
        • PIC
        • PIC 12xx
        • Power PC AIF ECOFF file Format
        • Power PC Linux ELF
        • Mac OS PEF File
        • Mac OS X File
        • Windows NT PE File
        • Hitachi SH-1 Processor
        • Hitachi SH-3 Processor: Windows CE COFF format
        • Hitachi SH-3 Processor: Windows CE PE format
        • Hitachi SH-4 Processor: ELF File Format
        • Hitachi SH-4 Processor: Windows CE PE File Format
        • Super Nintendo Entertainement System (SNES)
        • SPARC Solaris COFF
        • SPARC Solaris ELF
        • SPARC Sun ELF
        • SPARC Sun ELF SO
        • ST 20C4
        • ST 7
        • ST 9
        • Toshiba TLCS 900
        • TMS 320c2 COFF
        • TMS 320c5
        • TMS 320c54
        • TMS 320c6 COFF File Format
        • TRICORE
        • SunPlus unSP
        • NEC V850
        • Z180 COFF File Format
        • Z380 COFF File Format
        • Z8
        • Z80
      • Supported processors
      • Supported file formats
        • Windmp file loader
      • Bitfields
        • Bit Fields tutorial
      • Structures tutorial
      • Union tutorial
      • Variable length structures tutorial
      • Data types, operands and constructs
      • Packed executables
    • Decompiler
      • Prerequisites
      • Quick primer
      • Exception handler
      • Introduction to Decompilation vs. Disassembly
        • Comparisons of ARM disassembly and decompilation
        • Comparisons of PowerPC disassembly and decompilation
        • Comparisons of MIPS disassembly and decompilation
        • Hex-Rays v7.4 vs. v7.3 Decompiler Comparison Page
        • Hex-Rays v7.3 vs. v7.2 Decompiler Comparison Page
        • Hex-Rays v7.2 vs. v7.1 Decompiler Comparison Page
      • Interactive operation
        • Rename
        • Set type
        • Set number representation
        • Edit indented comment
        • Edit block comment
        • Hide/unhide C statements
        • Split/unsplit expression
        • Force call type
        • Set call type
        • Add/del variadic arguments
        • Del function argument
        • Add/delete function return type
        • Jump to cross reference
        • Jump to cross reference globally
        • Generate HTML file
        • Mark/unmark as decompiled
        • Copy to assembly
        • Show/hide casts
        • Reset pointer type
        • Convert to struct *
        • Create new struct type
        • Split variable
        • Select union field
        • Jump to paired paren
        • Collapse/uncollapse item
        • Map to another variable
      • Batch operation
      • Configuration
      • Third party plugins
      • Floating point support
      • Support for intrinsic functions
      • Overlapped variables
      • gooMBA
      • Failures and troubleshooting
      • FAQ
      • Limitations
      • Tips and tricks
    • Debugger
      • Instant debugger
      • Remote debugging
        • Remote iOS Debugger
        • Android debugger
        • Dalvik debugger
        • Remote GDB Debugger
          • Remote GDB Debugger options
          • Debugging with gdbserver
          • Debugging with VMWare
          • Debugging with OpenOCD
          • Debugging with QEMU
          • External programs and GDB Debugger
          • Debugging code snippets with QEMU
        • PIN debugger
          • Building the PIN tool
          • Connecting a remote PIN tool instance from IDA
          • PIN support for MacOSX
        • Replayer debugger
        • Bochs debugger
          • Bochs Disk Image operation mode
          • Bochs IDB operation mode
          • Bochs PE operation mode
          • Bochs debugger FAQ
      • Local debugging
        • WinDbg Debugger
        • Linux debugger
        • Intel/ARM macOS debugger
      • Debugger tutorials
        • Debugging Dalvik Programs
        • IDA Win32 Local Debugging
        • IDA Linux Local Debugging
        • IDA Win32 to Win32 Debugging
        • IDA Win32 to Win64 Debugging
        • Debugging Mac OSX Applications with IDA Pro
        • Debugging iOS Applications with IDA Pro
        • Debugging Linux Applications locally
        • Debugging Linux/Windows Applications with PIN Tracer module
        • Debugging Windows Applications with IDA Bochs Plugin
        • Debugging Windows Applications with IDA WinDbg Plugin
        • Using the Bochs debugger plugin in Linux
        • Debugging Windows Kernel with VMWare and IDA WinDbg Plugin
        • Debugging Linux Kernel under VMWare using IDA GDB debugger
        • Windows Debugger Hub
        • Linux Debugger
        • Debugging a Windows executable locally and remotely
        • Debugging the XNU Kernel with IDA Pro
        • Remote debugging with IDA Pro
        • IDA Scriptable Debugger: overview
          • IDA Scriptable Debugger: scriptability
        • Debugging code snippets with QEMU debugger (a la IDA Bochs debugger)
        • Trace Replayer and managing traces
        • Using IDA Pro's tracing features
        • Working with PIN
        • Appcall
    • Signatures
      • FLIRT
        • IDA F.L.I.R.T. Technology: In-Depth
        • Supported Compilers
          • Turbo Pascal
          • Delphi
      • Makesig
    • Type Libraries
      • IDAClang
      • TILIB
    • Configuration
      • Configuration files
      • Command line switches
      • Keyboard macros
    • Teams
      • IDA Teams Licenses
      • Diffing and Merging Databases with IDA Teams
      • Teams lc command reference manual
      • hv command reference manual
      • Hex-Rays Vault’s visual client user manual
    • Lumina
      • lc command reference manual
    • Plugins
      • Open Plugin Architecture
      • Plugin options
      • Plugins Shipped with IDA
        • Swift plugin
        • Golang plugin
        • Rust plugin
        • picture_search
        • Objective-C Analysis Plugin
        • DYLD Shared Cache Utils
      • Plugin Contest
      • How to write your own plugin?
    • Helper Tools
  • Developer Guide
    • C++ SDK
      • C++ SDK reference
      • Using the Decompiler SDK: Decompiler Plug-In
    • IDAPython
      • IDAPython API Reference
    • IDC
      • Core concepts
        • Expressions
        • Statements
        • Functions
        • Variables
        • Constants
        • Exceptions
        • Classes
        • Predefined symbols
        • loader_input_t class
        • Slices
      • IDC API Reference
        • Index of debugger related IDC functions
        • Alphabetical list of IDC functions
          • set_selector
          • enable_tracing
          • get_prev_fixup_ea
          • del_segm
          • get_bmask_cmt
          • end_type_updating
          • Find
          • toggle_bnot
          • patch_byte
          • get_module_info
          • set_member_name
          • create_float
          • del_struc_member
          • read_dbg_memory
          • get_enum_width
          • getn_thread_name
          • del_struc
          • filelength
          • set_manual_insn
          • is_value...() functions
          • get_ip_val
          • del_extra_cmt
          • create_insn
          • op_offset_high16
          • get_cmt
          • expand_struc
          • get_idb_path
          • set_frame_size
          • get_file_ext
          • has_value
          • readshort
          • sanitize_file_name
          • get_member_flag
          • create_struct
          • ARM specific
          • Disk Write Error
          • set_enum_member_cmt
          • rename
          • set_ida_state
          • get_member_size
          • msg
          • qbasename
          • get_enum_member_enum
          • auto_mark_range
          • plan_to_apply_idasgn
          • set_named_type
          • op_offset
          • rename_entry
          • strlen
          • get_extra_cmt
          • get_enum_flag
          • fgetc
          • Internal Error
          • op_stkvar
          • get_last_index
          • get_field_ea
          • get_last_struc_idx
          • How to use the help subsystem
          • get_struc_id
          • select_thread
          • create_array
          • get_struc_cmt
          • set_array_string
          • set_func_attr
          • set_storage_type
          • get_struc_size
          • demangle_name
          • get_next_fixup_ea
          • get_next_bmask
          • delattr
          • gen_simple_call_chart
          • patch_qword
          • get_enum_name
          • loader_input_t.getc
          • get_first_struc_idx
          • get_debugger_event_cond
          • read_dbg_qword
          • define_local_var
          • generate_disasm_line
          • add_idc_hotkey
          • tolower
          • del_selector
          • set_debugger_event_cond
          • get_imagebase
          • gen_file
          • get_entry
          • find_custom_data_format
          • get_debug_name_ea
          • add_default_til
          • set_func_end
          • exit_process
          • delete_array
          • xtol
          • get_exception_code
          • detach_process
          • set_enum_cmt
          • get_wide_word
          • put_bookmark
          • is_loaded
          • add_enum_member
          • parse_decls
          • readstr
          • get_entry_qty
          • ord
          • sprintf
          • get_root_filename
          • get_enum_member_cmt
          • create_word
          • set_func_flags
          • loader_input_t.tell
          • create_align
          • read_dbg_dword
          • get_struc_idx
          • next_addr
          • get_bytes
          • batch
          • start_process
          • Cannot Create File
          • process_config_line
          • del_user_info
          • qmakefile
          • set_struc_name
          • print_decls
          • create_custom_data
          • del_enum_member
          • format_cdata
          • get_fixup_target_sel
          • get_item_size
          • loader_input_t.gets
          • get_last_bmask
          • Step Tracing Options
          • get_enum_idx
          • selector_by_name
          • Already recording a macro for...
          • get_enum_cmt
          • next_not_tail
          • prev_head
          • set_color
          • set_numbered_type
          • get_member_name
          • auto_wait
          • get_enum_member_bmask
          • fseek
          • get_segm_start
          • attach_process
          • Trace file functions
          • get_enum_member_value
          • op_stroff
          • get_next_offset
          • set_processor_type
          • get_bookmark_desc
          • Entering String for Search
          • create_data
          • lastattr
          • get_operand_value
          • collect_stack_trace
          • toupper
          • get_fixup_target_dis
          • set_cmt
          • add_entry
          • set_segm_addressing
          • qmake_full_path
          • get_source_linnum
          • fputc
          • resume_thread
          • get_func_attr
          • get_first_enum_member
          • add_sourcefile
          • get_first_bmask
          • read_selection_start
          • hasattr
          • get_member_cmt
          • gen_flow_graph
          • get_array_element
          • get_tinfo
          • loader_input_t
          • tinfo_errstr
          • TRUNC
          • add_segm_ex
          • Not enough memory available to complete operation.
          • Local types information and manipulation helpers
          • set_source_linnum
          • get_next_enum_member
          • loader_input_t.readbytes
          • set_array_params
          • jumpto
          • get_bookmark
          • set_enum_bf
          • prev_not_tail
          • toggle_sign
          • loader_input_t.size
          • Trace events functions
          • get_func_flags
          • get_gotea
          • Bad BIOS & DOS Comments Base
          • set_segm_attr
          • get_item_head
          • set_default_sreg_value
          • print_insn_mnem
          • set_member_cmt
          • get_ordinal_qty
          • set_target_assembler
          • add_user_stkpnt
          • set_local_type
          • Hidden ranges
          • del_items
          • compile_idc_text
          • Dalvik debugger extension functions
          • byte_value
          • create_dword
          • is_code
          • del_func
          • get_enum
          • make_array
          • rotate_left
          • recalc_spd
          • search_path
          • CommonBits
          • get_processor_name
          • set_func_cmt
          • get_prev_bmask
          • Hashes
          • split_sreg_range
          • process_ui_action
          • set_fixup
          • get_fixup_target_type
          • create_oword
          • get_flags
          • get_func_name
          • create_strlit
          • add_struc
          • atol
          • load_debugger
          • mkdir
          • set_struc_idx
          • sizeof
          • get_enum_member_by_name
          • save_database
          • guess_type
          • get_segm_name
          • print_operand
          • qisabspath
          • get_member_qty
          • set_struc_cmt
          • get_fixup_target_flags
          • idadir
          • object.retrieve
          • add_auto_stkpnt
          • get_numbered_type_name
          • get_enum_member_name
          • get_next_index
          • prev_addr
          • get_name_ea
          • get_sp_delta
          • set_bmask_cmt
          • get_struc_qty
          • readlong
          • set_segm_name
          • get_prev_offset
          • set_segm_alignment
          • get_strlit_contents
          • forget_exception
          • get_item_end
          • add_func
          • get_name
          • Asks
          • get_spd
          • Debugger: control
          • get_wide_byte
          • plan_and_wait
          • set_enum_flag
          • RunPythonStatement
          • del_sourcefile
          • get_prev_struc_idx
          • find_selector
          • get_frame_regs_size
          • op_num
          • define_exception
          • create_double
          • create_byte
          • read_selection_end
          • Disk Positioning Error
          • OpTypes
          • op_plain_offset
          • move_segm
          • get_member_id
          • set_segm_combination
          • get_current_thread
          • trim
          • Debugger: options
          • getn_thread
          • get_frame_id
          • typeinfo.print
          • to_ea
          • rebase_program
          • add_struc_member
          • get_exception_qty
          • get_first_index
          • import_type
          • set_segm_type
          • find_custom_data_type
          • get_next_seg
          • find_func_end
          • get_next_struc_idx
          • get_last_enum_member
          • getattr
          • get_frame_size
          • get_screen_ea
          • loader_input_t.read
          • Bad Macro
          • set_reg_value
          • Debugger: modules
          • create_pack_real
          • writestr
          • exec_idc
          • get_enum_size
          • set_enum_name
          • create_tbyte
          • sel2para
          • atoa
          • loader_input_t.close
          • add_enum
          • ltoa
          • set_enum_idx
          • substr
          • del_idc_hotkey
          • Breakpoint handling functions
          • loader_input_t.seek
          • cleanup_appcall
          • object.store
          • get_type
          • qexit
          • get_debug_name
          • get_array_id
          • Can't Open File
          • suspend_process
          • process_config_directive
          • get_entry_name
          • get_last_member
          • get_struc_name
          • clear_selection
          • fclose
          • firstattr
          • How to move/resize windows
          • create_yword
          • dbg_appcall
          • get_qword
          • patch_dword
          • begin_type_updating
          • read_dbg_byte
          • get_fpnum
          • qsleep
          • get_first_member
          • get_nsec_stamp
          • del_stkpnt
          • eval
          • savefile
          • eval_python
          • Xrefs
          • strstr
          • writeshort
          • get_sreg
          • get_segm_end
          • get_func_off_str
          • set_func_start
          • del_array_element
          • get_full_flags
          • set_exception_flags
          • rename_array
          • get_frame_args_size
          • op_flt
          • get_min_spd_ea
          • apply_type
          • get_prev_index
          • loadfile
          • retrieve_input_file_md5
          • get_wide_dword
          • patch_dbg_byte
          • Functions provided by the WinDbg debugger
          • get_original_byte
          • get_member_strid
          • call_system
          • writelong
          • get_thread_qty
          • nextattr
          • send_dbg_command
          • get_first_seg
          • get_processes
          • patch_word
          • get_manual_insn
          • ftell
          • get_entry_ordinal
          • set_array_long
          • delete_all_segments
          • TO_LONG
          • Function chunk related functions
          • Debugger: events
          • get_prev_func
          • op_seg
          • validate_idb_names
          • fprintf
          • fopen
          • strfill
          • del_fixup
          • get_bmask_name
          • Disk Read Error
          • inf_attr
          • is_bf
          • read_dbg_word
          • qdirname
          • get_segm_attr
          • func_contains
          • get_enum_qty
          • del_source_linnum
          • get_sourcefile
          • clr_database_flag
          • bTree Error
          • set_name
          • Refresh Screen
          • op_enum
          • getn_enum
          • get_db_byte
          • setattr
          • get_forced_operand
          • op_bin
          • Functions provided by the replayer debugger
          • prevattr
          • update_extra_cmt
          • get_str_type
          • op_man
          • choose_func
          • set_bmask_name
          • get_curline
          • decode_insn
          • set_segment_bounds
          • get_struc_by_idx
          • set_segm_class
          • write_dbg_memory
          • get_exception_name
          • get_enum_member
          • is_mapped
          • del_enum
          • get_frame_lvar_size
          • get_operand_type
          • set_root_filename
          • compile_idc_file
          • typeinfo.size
          • get_local_tinfo
          • get_fixup_target_off
          • is_union
          • unlink
          • get_segm_by_sel
          • set_enum_width
          • take_memory_snapshot
          • exec_python
          • get_next_func
          • get_member_offset
          • get_func_cmt
          • parse_decl
          • create_qword
          • next_head
          • suspend_thread
          • loader_input_t.getz
          • get_color
          • get_reg_value
          • load_and_run_plugin
          • set_database_flag
          • set_enum_member_name
          • set_member_type
          • get_prev_enum_member
      • IDC examples
        • Batch analysis
        • Device driver analysis
        • New file format definition
        • Structures manipulation
        • VxD analysis
        • Analyzing encrypted code
  • Admin Guide
    • Lumina server
    • Teams server
    • License server
      • Installing on Windows
      • Installing on Linux
      • Installing on OS X
Powered by GitBook
LogoLogo

Need Help?

  • FAQs
  • Support

Community

  • Forum
  • Plugins

Resources

  • Blog
  • Download center

© 2025 Copyright Hex-Rays

On this page
  • hv credentials
  • Command line
  • Environment variables
  • Registry + keychain
  • Best practices
  • Path formats
  • Examples
  • Commands
  • Sites
  • File manipulation
  • Working with worklists
  • Various information
  • Misc.
  • Administrative commands
  • Concepts
  • What is a "site"?
  • Resolving conflicts in a file
  • hvignore (and .hvignore) files
  • The registry
  • Passwords storage in the OS’s keychain
  • Managing permissions on a vault

Was this helpful?

Export as PDF
  1. User Guide
  2. Teams

hv command reference manual

Last updated 6 months ago

Was this helpful?

hv credentials

In order to connect to the vault server, hv must at least have:

  • a username

  • a password

  • a hostname

For example:

$ hv -hhexvault.acme.com:65433 -uadmin -psecret users
LastActive Adm    Login        Email
---------- --- ------------ ------------
2022-06-27  *  admin
2022-06-22     alice       Alice <alice@acme.com>
Never          bob         Bob <bob@acme.com>
...

There are 3 ways to specify credentials (in decreasing order of priority):

  • providing them as command-line arguments (as in the example above)

  • storing them in

  • storing them in (recommended)

All credentials, including usernames, are case-senstive, meaning that "Joe" and "joe" would be different users.

Command line

-uUSERNAME

specify username

-pPASSWORD

specify password

-hHOST

specify host (server:port) (if port is omitted, defaults to 65433)

-sSITENAME

specify site

--set

remember credentials. This option doesn’t require the credentials to be passed through the command line, credentials passed through environment variables will work as well

Environment variables

VAULT_HOST

the server host name

VAULT_PORT

the server port

VAULT_USER

the username to connect to the server

VAULT_PASS

the user’s password

VAULT_SITE

the site to use (most commands need a site to operate)

Registry + keychain

Credentials can be stored in the registry (and keychain) like so:

alice@alice_PC$ hv --set -ualice -palice -hvaultserver -salice_on_alicepc

For this operation to succeed, at least a user and host must be provided

Best practices

Once that is done, commands will become cleaner:

>./hv info

Hex-Rays Vault Server v1
Vault time: 2022-04-14 15:36:29, up since 2022-04-14 15:17:25
...

Path formats

Local paths refer to a file on the host file system.

Vault paths refer to a file mapped on the vault. They can start with // to refer to the root of the vault.

Some vault paths can optionally specify the revision of the path.

Special symbols were created to access specific revisions:

^

last revision available on the vault

=

current revision, that is synced on the site

*

all revisions

Special file revision symbols

subdir/

means all files in all subdirectories

subdir

means all files in all subdirectories (same as subdir/)

subdir/*

means all files in the directory

Directories and wildcards

Examples

Get the first revision of a file:

$ hv sync //malware/Ransomware.WannaCry/41aa.exe.i64#1
ok synced //malware/Ransomware.WannaCry/41aa.exe.i64#1 (838724 bytes)
ok sync completed

Sync to the last version of a file:

$ hv sync malware/Ransomware.WannaCry/41aa.exe.i64#^
ok synced //malware/Ransomware.WannaCry/41aa.exe.i64#3 (846916 bytes)
ok sync completed

Force sync to the current revision (we must specify -f to force a file transfer):

$ hv sync -f malware/Ransomware.WannaCry/41aa.exe.i64#=
ok synced //malware/Ransomware.WannaCry/41aa.exe.i64#2 (846916 bytes)
ok sync completed

Display md5 checksums of all revisions of a file:

$ hv md5 malware/Ransomware.WannaCry/41aa.exe.i64#*
ok 8F464140FA3DA4A20B03166F2E80325B //malware/Ransomware.WannaCry/41aa.exe.i64#1
ok E0F7B984151FEF497985F375C64FA5C7 //malware/Ransomware.WannaCry/41aa.exe.i64#2
ok 5C3B88306CF0D93DC35FFD67A710AE3B //malware/Ransomware.WannaCry/41aa.exe.i64#3

List Hex-Rays Vault server’s toplevel directory contents:

$ hv dir //
2022-06-02 10:29:30       140267 CL29/edit //malware/cppobj_virtcall.i64#9
2022-06-14 16:44:19      2173541 CL36/edit //iOS/dyld_ios16.i64#3

Plan to add a file to the vault:

$ hv add /path/to/local_rootdir/enable.png
ok added '//enabled.png'

Plan to add a directory:

$ hv add /path/to/local_rootdir/REsearch
ok added '//REsearch/vm2vm.dat'
ok added '//REsearch/vm2vm.exe'
ok added '//REsearch/vm2vm.i64'

Plan to delete a file:

$ hv del /path/to/local_rootdir/REsearch/*.dat
ok checked out '//REsearch/vm2vm.dat' for 'del' (worklist 1)

Show worklist to which files were added:

$ hv worklist show
WL 1 add  //REsearch/vm2vm.exe#0
WL 1 add  //REsearch/vm2vm.i64#0
WL 1 edit //cppobj_virtcall.i64#9
WL 1 add  //enabled.png#0

It is safe to interrupt a command using Ctrl-C. The file transfers in action will be gracefully terminated, so that no partially received files will be left on the disk. However, the requests that were delivered to the server will still be carried out up to the completion. For example, if the user asked to check out thousands of files for editing, this will be performed even if the user presses Ctrl-C after invoking the command.

If the command syntax specifies ellipsis (…​), it means that multiple path patterns can be specified. The path patterns can be specified using local paths or vault paths, which start with a double slash (//).

Commands

Sites

site add

site add [-u USER] SITENAME ROOTDIR [HOST]

The specified user will be the owner of the new site. If the user is not specified, the current user will own the site. Only the site owner can use a site.

Only admins can create sites for other users.

-u USER

The user (owner) of the new site, must be an existing username. Defaults to the current user. Admins can specify a different user.

SITENAME

The name of the site that will be created, it must be unique (no site can already exist with that name). It must not exceed 64 characters, and it must be composed of alphanumerics or underscore or dash. The first character cannot be a digit or a dash.

ROOTDIR

The absolute path to the directory that will hold the vault files.

HOST

The computer from which the site can be used. It can be specified as an empty string. In this case the server will let the site to be used by any computer. However, since it is a safety feature that prevents from inadvertently using a site from a wrong computer, we do not recommend to specify it as an empty string. When creating a site for the current user, the host defaults to the current computer.

Parameters

Examples:

Create a new site:

alice@alice_PC$ hv site add alicepc /home/alice/vault_site

Ensure that is exists:

alice@alice_PC$ hv sites
Site name User  Host     Last Used  Rootdir
--------- ----- -------- ---------- ------------
alicepc   alice alice_PC Never     /home/alice/vault_site

Remember the new site in the registry:

alice@alice_PC$ hv --set -salicepc
Information has been saved into the registry.

The new site is used in all future commands:

alice@alice_PC$ hv info |grep site
Client site: alicepc

site del

site del [-f] SITENAME

Deletes a site.

If -f was passed and the site has some pending worklists, they will be deleted.

This is not a reversible operation, so we recommend caution.

Only admins can delete sites that belong to other users.

-f

Force the deletion even if the site still has worklists.

SITENAME

Name of the site to delete.

Parameters

Example:

Delete the site, forcing deletion of the site’s worklists

alice@alice_PC$ hv site del alice_old_laptop
'alice_old_laptop' not empty

alice@alice_PC$ hv site del -f alice_old_laptop

site edit

site edit [-u USER] SITENAME ROOTDIR [HOST]

Admins can reassign a site to a new user or edit sites of other users.

-u USER

The new user (owner) of the site, can only be different than the previous owner if the current user is admin.

SITENAME

The name of the site that will be edited. It must exist and be owned by the current user, unless if the current user is admin.

ROOTDIR

The new absolute path to the directory that will hold the site files.

HOST

The new hostname that will be used for the site. It can be omitted if no changes are desired.

Parameters

Examples:

Change the root directory of a site:

alice@alice_PC$ hv site edit alicepc /home/alice/vault

Transfer ownership of site "local_on_shared_machine" to Bob:

alice@alice_PC$ hv site edit -u bob local_on_shared_machine /home/shared/projects re.acme.com

sites

sites [SITENAME]

Lists all sites.

Show a list of sites, and their associated information.

SITENAME

Name of the site to show.

Parameters

Example:

alice@alice_PC$ hv sites
Site name  User   Host       Last Used  Rootdir                Cur
---------- ------ ---------- ---------- ---------------------- ---
alicepc    alice  alice_PC   2022-06-22 /home/alice/vault_site  *
joe_laptop joe    ThinkPad14 2022-05-30 c:/work/vault
chrispc    chris  chris_PC   Never      W:/vault

Site filters

filt get

filt get [-s SITENAME]

Only admins can see filter tables of other users.

-s SITENAME

The sitename whose filter table should be displayed. If omitted, defaults to the current site.

Parameters

Examples:

Show the default (i.e., empty) filter table

alice@alice_PC$ hv filt get
# If the site filters were not set yet, the following info will be displayed:
alice@alice_PC$ hv filt get
# By default all vault files are visible.
# The admin can set up permissions to deny access
# to some files. The user too can set up filter
# patterns to make some files invisible. For that,
# each site has a user-controlled filter table.
#
# The below table controls vault file visibility.
# The table is scanned from the beginning to the end.
# Lines starting with '!' hide the matching files.
# Other lines make the matching files visible.
# If the first line starts with '!', all files are
# visible by default. Otherwise, all files are
# invisible by default.
# Example: !*.mov will hide all *.mov files.

Set site filters from the standard input:

alice@alice_PC$ hv filt set
/work/research/
<Ctrl-D>

Verify the new filters:

alice@alice_PC$ hv filt get
/work/research/
# The files outside of /work/research/ are not visible anymore

filt set

filt set [-s SITENAME] [@file]

Information about the format of site filters can be retrieved by issuing thecommand.

Only admins can modify filter tables of other users.

-s SITENAME

The sitename whose filter table should be set. If omitted, defaults to current site.

@file

File containing the new table.

Parameters

Examples:

Make everything in the current site hidden, but .bak files

alice@alice_PC$ echo *.bak | hv filt set

Set site filters, from a file

alice@alice_PC$ cat @tablefile
*.idb
*.exe
alice@alice_PC$ hv filt set -s site1 @tablefile

File manipulation

add

Adds new file(s) to a worklist.

The specified file(s) are not required to exist, it is possible to add a file that does not exist yet.

-s

Silent mode; do not output any messages.

-w WORKLIST_ID

The id of the worklist that the file(s) will be added to. If omitted, defaults to worklist 1.

PATH_PATTERN…​

Local path to file(s) to add to the vault.

Parameters

Examples:

alice@alice_PC$ hv add new.idb
ok added '//new.idb'

add files to worklist 2

alice@alice_PC$ hv add -w 2 cuda_demo_suite/*
ok added '//cuda_demo_suite/bandwidthTest'
ok added '//cuda_demo_suite/busGrind'
ok added '//cuda_demo_suite/deviceQuery'
ok added '//cuda_demo_suite/nbody'
ok added '//cuda_demo_suite/nbody_data_files/nbody_galaxy_20K.bin'
ok added '//cuda_demo_suite/oceanFFT'
ok added '//cuda_demo_suite/oceanFFT_data_files/ocean.frag'
ok added '//cuda_demo_suite/oceanFFT_data_files/ocean.vert'
ok added '//cuda_demo_suite/oceanFFT_data_files/ref_slopeShading.bin'
ok added '//cuda_demo_suite/oceanFFT_data_files/ref_spatialDomain.bin'
ok added '//cuda_demo_suite/randomFog'
ok added '//cuda_demo_suite/randomFog_data_files/ref_randomFog.bin'
ok added '//cuda_demo_suite/vectorAdd'

copy

Makes a copy of vault file(s).

This command creates a copy of the original file at the requested destination, and place the new file into a worklist. Once the worklist is committed, the new file will be visible to other users.

-s

Silent mode; do not output any messages.

-w WORKLIST_ID

The id of the worklist that the files will be added to. If omitted, defaults to worklist 1.

SRC_PATH

The source path.

DST_PATH

The destination path.

Parameters

Examples:

Copy newfile into the rust_samples subdirectory. The worklist #2 will hold the change.

alice@alice_PC$ hv copy -w 2 newfile rust_samples/newfile
ok copied '//newfile#1' to '//rust_samples/newfile'

Copy an entire subdirectory (note the trailing slash at the destination):

alice@alice_PC$ hv copy source_subdir/ destination/subdir/
ok copied '//source_subdir/aaa/sample.idb#1' to '//destination/subdir/aaa/sample.idb'
ok copied '//source_subdir/common.idb#1' to '//destination/subdir/common.idb'

Copy a subdirectory without recursion:

alice@alice_PC$ hv copy source_subdir/* destination/subdir/
ok copied '//source_subdir/common.idb#1' to '//destination/subdir/common.idb'

Copy a file that was just added but not yet committed, it will fail:

alice@alice_PC$ hv add test.text
ok added '//test.text'
alice@alice_PC$ hv copy test.text test.text.copy
no matching files for '//test.text'

move

Opens tracked file(s) for moving/renaming.

This is similar to performing a, followed by a: the new file will be checked out for copy while the original file will be checked out for deletion.

-s

Silent mode; do not output any messages.

-w WORKLIST_ID

The id of the worklist that the file(s) will be added to. If omitted, defaults to the worklist 1.

SRC_PATH

The source path.

DST_PATH

The destination path.

Parameters

Example:

alice@alice_PC$ hv move //VxWorks/CP05x/info.txt //VxWorks/CP05x/info.md
ok moved '//VxWorks/CP05x/info.txt#1' to '//VxWorks/CP05x/info.md'

alice@alice_PC$ hv wk show 1
WL 1 copy //VxWorks/CP05x/info.md#0
WL 1 del  //VxWorks/CP05x/info.txt#1

alice@alice_PC$ hv edit //VxWorks/CP05x/info.txt
file '//VxWorks/CP05x/info.txt' is already checked out

del

Opens tracked file(s) for deletion, adding them to a worklist.

Once the worklist is committed, the file(s) won’t be tracked anymore by the Hex-Rays Vault server, and will be removed from the local filesystem.

That this does not remove all revisions of the file on the server: that is the role of thecommand.

-s

Silent mode; do not output any messages.

-w WORKLIST_ID

The id of the worklist that the file(s) will be added to. If omitted, defaults to worklist 1.

PATH_PATTERN…​

Vault path of file(s) to delete.

Parameters

Example:

alice@alice_PC$ ls /path/to/site_rootdir/cat
/path/to/site_rootdir/cat

alice@alice_PC$ hv del -w2 cat
ok checked out '//cat' for 'del' (worklist 2)

alice@alice_PC$ ls /path/to/site_rootdir/cat
/path/to/site_rootdir/cat

alice@alice_PC$ hv commit 2 "Deleted 'cat'"
ok commit #39 completed

alice@alice_PC$ ls /path/to/site_rootdir/cat
ls: cannot access '/path/to/site/rootdir/cat': No such file or directory

edit

Opens tracked file(s) for edit, adding them to a worklist.

-s

Silent mode; do not output any messages.

-w WORKLIST_ID

The id of the worklist that the file(s) will be added to. If omitted, defaults to worklist 1.

PATH_PATTERN…​

Vault path of file(s) to checkout for edit.

Parameters

Example:

alice@alice_PC$ hv edit cat.i64
ok checked out '//cat.i64' for 'edit' (worklist 1)

(...do some work...)

alice@alice_PC$ hv commit 1 "Analyzed 'main' function"
ok commit #12 completed

scan

Reconciles the contents of the current directory (or the one(s) provided) on the local filesystem, with those of the corresponding path(s) on the server.

This command will recursively look for:

  • new files (if -a is provided)

  • deleted files (if -d is provided)

  • modified files (if -e is provided)

If any is found will create a new worklist and, add those for addition/deletion/modification.

This command is particularly useful if the user didn’t have access to the server at a time it was necessary (e.g., to issue ancommand, while flying across the Atlantic.) Users can still get work done in such cases, and once they gain access to the server again, issue ato commit the changes.

The -e option causes thecommand to compute checksums of the local files, in order to compare them against those known to the server, in order to spot modifications.

If no options were given, defaults to -e -d.

-a

Checkout for add files that are present only on the client side.

-e

Checkout for edit files that are present on both the vault and the client side but differ.

-d

Checkout for delete files that are present only on the server side.

-s

Silent mode; do not output any messages.

PATH_PATTERN…​

Local path of file(s) to scan, if omitted defaults to current directory.

Parameters

Example:

alice@alice_PC$ hv scan -a -e -d //
added worklist 3
checked out '//afile' for 'del' (worklist 3)
checked out '//Win32.Emotet/29D6161522C7F7F21B35401907C702BDDB05ED47.bin.i64' for 'edit' (worklist 3)

Working with worklists

worklists

worklists [WORKLIST_ID] [USER]

Lists information about worklists.

Show a (possibly filtered) list of pending worklists, and their metadata:

  • the timestamp of when they were last changed

  • the number of files they contain

  • the owner

  • the site

  • their description

WORKLIST_ID

Restrict to the provided worklist, defaults to showing all worklists.

USER

Restrict to user USER, defaults to the current user.

Parameters

Example:

alice@alice_PC$ hv worklists
WL 4 2022-06-27 17:24:51 2 files; $USER@$ALICE_SITE More work on L30DS2 firmware

Manipulating a worklist

The following worklist commands will also work with the shorter wk alias.

worklist add

worklist add DESCRIPTION

Creates a new worklist, with the provided description.

The worklist will initially be empty, and assigned a free ID.

DESCRIPTION

The description of the new worklist.

Parameters

Example:

alice@alice_PC$ hv worklist add "Working on the 'TMutexLocker' vtable"
added worklist 3
alice@alice_PC$ hv edit -w 3 //cppobj*
ok checked out '//cppobj_virtcall.i64' for 'edit' (worklist 3)
alice@alice_PC$ hv worklist add "vm2vm: WIP"
added worklist 4
alice@alice_PC$ hv edit -w 4 //REsearch/*
ok checked out '//REsearch/vm2vm.exe' for 'edit' (worklist 4)
ok checked out '//REsearch/vm2vm.i64' for 'edit' (worklist 4)

worklist show

worklist show [-s SITE] [-u USER] [WORKLIST_ID]

Lists worklist contents.

Show a list of files opened for editing, addition or deletion, and their associated worklist(s).

-s SITE

Restrict to site SITE. If omitted, defaults to the current site.

-u USER

Restrict to user USER. If omitted, defaults to the current user.

WORKLIST_ID

Restrict to the provided worklist, defaults to showing all worklists.

Parameters

Examples:

alice@alice_PC$ hv worklist show 3
WL 3 edit //cppobj_virtcall.i64#9
alice@alice_PC$ hv worklist show 4
WL 4 edit //REsearch/vm2vm.exe#1
WL 4 edit //REsearch/vm2vm.i64#1
alice@alice_PC$ hv worklist show
WL 4 edit //REsearch/vm2vm.exe#1
WL 4 edit //REsearch/vm2vm.i64#1
WL 3 edit //cppobj_virtcall.i64#9

Show the worklist contents of another user

alice@alice_PC$ hv worklist show -u ted
WL 4 edit //malware/unk_2022#1/6 SITE=ted_laptop
WL 2 copy //docs/onboarding.md#0 SITE=TEDPC
WL 1 del  //ida64.i64#6 SITE=TEDPC

worklist edit

worklist edit WORKLIST_ID DESCRIPTION

Edits a worklist description.

WORKLIST_ID

The worklist to modify.

DESCRIPTION

The new description for the worklist.

Parameters

Example:

change description of worklist 4

alice@alice_PC$ hv worklist edit 4 "vm2vm: resolved all offsets in 'main' function"

worklist del

worklist del WORKLIST_ID

Deletes a worklist.

This command will only succeed if the worklist is currently empty.

WORKLIST_ID

The worklist to delete.

Parameters

Example:

alice@alice_PC$ hv worklist del 3
worklist 3 is not empty
alice@alice_PC$ hv revert //cppobj*
ok reverted //cppobj_virtcall.i64
alice@alice_PC$ hv worklist del 3

Committing a worklist to the server

commit

commit [-f] [-s] WORKLIST_ID [DESCRIPTION]

Commits files to the vault (push).

This command uploads files from the local computer to the vault.

After a successful commit, the modifications made to the files contained in the worklist will be made available for other users.

A commit may fail if another user uploaded another revision of the changed files meanwhile. In this caseis necessary to merge the changes.

If the worklist does not yet have a proper description, the DESCRIPTION is mandatory.

-f

Force commit of unchanged files.

-s

Silent mode; do not output any messages.

WORKLIST_ID

The id of the worklist to commit to the vault.

DESCRIPTION

A description for the commit.

Parameters

Example:

alice@alice_PC$ hv commit 1
worklist 1 has empty description
alice@alice_PC$ hv commit 1 "more samples"
ok accepted //newfile#1 (5 bytes)
ok commit #2 completed

Syncing files, resolving & reverting

sync

Downloads the requested revisions of the files from the server, and stores them on the local filesystem.

If no paths are provided, all files from the server will be retrieved.

Requires that a site to be currently selected.

-f

Force sync. This will force a download of the files, even when the server thinks the client has the desired revision. This is a dangerous operation: any modification made to local files will be lost.

-p

The server will perform sync without really transferring files. This options is useful if the local files are already in sync but the server has stale info about them.

-s

Silent mode; do not output any messages.

@COMMIT_ID

Sync to state right after COMMIT_ID was committed, cannot be used with =REVISION.

PATH_PATTERN[=REVISION]…​

Vault path of file(s) to sync, if path is omitted, defaults to current directory, if no revision is specified, defaults to last revision available on vault (#^).

Parameters

Examples:

Sync all

alice@alice_PC$ hv sync

Sync only the specified subtree

alice@alice_PC$ hv sync -f //work/ds1_10

Sync a file to specific revision

alice@alice_PC$ hv sync //malware/Trojan.Shylock.Skype/D57D.i64#1
ok synced //malware/Trojan.Shylock.Skype/D57D.i64#1 (4374263 bytes)
ok sync completed

resolve

After the strategy is successfully applied and the local file has incorporated both the "local" and "remote" changes, it will be ready to be committed.

METHOD

One of "auto", "lmerge", "rmerge", "manual", "local" or "remote".

PATH_PATTERN

Vault path of file(s) to resolve.

Parameters

Example:

alice@alice_PC$ hv resolve lmerge depot/file1.txt

revert

Reverts opened files to their current revisions.

-a

Revert only unchanged files.

-p

The server will revert the files without transferring files.

-s

Silent mode; do not output any messages. This options is useful if the local files are already in sync but the server has stale info about them.

PATH_PATTERN…​

Vault path of file(s) to revert.

Parameters

Example:

alice@alice_PC$ hv revert -a //
ok reverted //Win32.Emotet/29D6161522C7F7F21B35401907C702BDDB05ED47.bin
ok reverted //Win32.Emotet/29D6161522C7F7F21B35401907C702BDDB05ED47.bin.asm
ok reverted //Win32.Emotet/29D6161522C7F7F21B35401907C702BDDB05ED47.bin.log

migrate

Moves opened files between worklists.

-s

Silent Mode; do not output any messages.

PATH_PATTERN…​

Vault path of file(s) to move.

WORKLIST_ID

The id of the worklist to move the files to, the worklist must already exist.

Parameters

Example:

alice@alice_PC$ hv migrate afile subdir/for/fred/interfaces 3
ok migrated //afile#1 to worklist 3
ok migrated //subdir/for/fred/interfaces#0 to worklist 3

Various information

files

Displays the list of the files present in the vault.

The command will collect files from the vault (that match the selection) and display for each file:

  • the file path

  • the revision

  • the file size if it hasn’t been deleted

  • the last commit id

  • the last action

-d

Include deleted files.

-s

Search for substring instead of using a path.

PATH_PATTERN_OR_SUBSTRING[=REVISION]…​

Vault path of file(s) to include in search or substring to search for if -s. If revision is not specified, defaults to current revision (#=). If no path is specified, defaults to the root directory of the vault.

Parameters

Examples:

alice@alice_PC$ hv files -d //malware/Ransomware.WannaCry
//malware/Ransomware.WannaCry/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe#1 (size 3514368 CL1/add)
//malware/Ransomware.WannaCry/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe.asm#2 (CL2/del)
//malware/Ransomware.WannaCry/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe.i64#1 (size 838724 CL1/add)
//malware/Ransomware.WannaCry/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe.log#2 (CL2/del)
alice@alice_PC$ hv files -s i64
//malware/EquationGroup.GrayFish/GrayFish_9B1CA66AAB784DC5F1DFE635D8F8A904.i64#1 (size 2929035 CL1/add)
//malware/Ransomware.WannaCry/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe.i64#1 (size 838724 CL1/add)
//malware/Trojan.Ransom.Petya/eefa052da01c3faa1d1f516ddfefa8ceb8a5185bb9b5368142ffdf839aea4506.i64#1 (size 4535045 CL1/add)
//malware/Trojan.Shylock.Skype/Shylock-skype_8FBEB78B06985C3188562E2F1B82D57D.i64#1 (size 4374263 CL1/add)
//malware/Win32.Emotet/29D6161522C7F7F21B35401907C702BDDB05ED47.bin.i64#1 (size 319858 CL1/add)

dir

Displays vault directory listing (current revisions).

For each file entry the command will display:

  • the timestamp of when the file was committed

  • the file size

  • the commit id

  • the type of action that was executed on the file in the commit

  • the path

  • the current revision on disk

  • an extra label if the file is unsynced

Directories will be displayed as: <subdir> PATH

-d

Include deleted files.

-s

Path patterns are simple substrings.

-u

Include unsynced files.

PATH_PATTERN_OR_SUBSTRING…​

Vault path of file(s) to include in search or substring to search for if -s.

Parameters

Examples:

alice@alice_PC$ hv dir -u -d //
1970-02-04 01:52:08       573440 CL1/add  //malware/EquationGroup.GrayFish/A904#1
2022-06-29 11:30:10            0 CL2/del  //malware/EquationGroup.GrayFish/A904.asm#0/2 UNSYNCED
1970-02-04 01:52:08      2929035 CL1/add  //malware/EquationGroup.GrayFish/A904.i64#1
2022-06-29 11:30:10            0 CL2/del  //malware/EquationGroup.GrayFish/A904.log#0/2 UNSYNCED
1970-02-04 01:52:08      3514368 CL1/add  //malware/Ransomware.WannaCry/41aa.exe#1
2022-06-29 11:30:10            0 CL2/del  //malware/Ransomware.WannaCry/41aa.exe.asm#0/2 UNSYNCED
2022-06-29 13:52:57       846916 CL3/edit //malware/Ransomware.WannaCry/41aa.exe.i64#2/3 UNSYNCED
alice@alice_PC$ hv dir "//*"
                    <subdir>              //malware

show

Writes the contents of a file on the vault to the command line.

PATH_PATTERN[=REVISION]

Vault path to file(s) to display. If no revision is specified, defaults to current revision (#=). If the file revision denotes a deleted revision of the file, the contents will not be displayed.

Parameters

Example:

alice@alice_PC$ hv show patterns/ubuntu-libgcc-10.pat
415729CE415641554D89C54154554C89CD5389D34881EC280100004C8BBC2470 FF 15C2 14AD :0000 add_and_round.constprop.0 010000F30F6F842470010000C7442474000000004C8B842480010000C7442478000000000F294424504C8B742458F30F6F8C24800100004C897C2428488B9424
415729CE415641554D89C54154554C89CD5389D34881EC280100004C8BBC2470 FF 90F7 14A0 :0000 add_and_round.constprop.0 010000F30F6F842470010000C7442474000000004C8B842480010000C7442478000000000F294424504C8B742458F30F6F8C24800100004C897C2428488B9424
415729CE415641554D89C54154554C89CD5389D34881EC380100004C8BBC2480 FF 2016 157D :0000 add_and_round.constprop.0 0100004C8B842490010000C784248400000000000000F30F6F842480010000F30F6F8C2490010000C7842488000000000000004C897C2438488B842470010000
415741564155415455534881EC780100004889542410488B9424B80100004889 FF 26D7 8168 :0000 bid128_ext_fma 4C24184C8BB424B001000048B9DDBADDBADDBADDBA4889742408488B8424C801000048..................48893C244C89F34C8B9C24C001000048898C24C0
415741564155415455534881EC780100004889542410488B9424B80100004889 FF D77A 80B0 :0000 bid128_ext_fma 4C24184C8BB424B001000048B9DDBADDBADDBADDBA4889742408488B8424C801000048..................48893C244C89F34C8B9C24C001000048898C24C0
 ...

diff

Compares two databases, will launch IDA in diff mode.

Only IDA databases (.i64, .idb) can be diffed with this command. If revisions of databases requested for comparison are currently not in the site, they will be downloaded to a temporary directory and will be deleted when IDA exits. On unix the temporary directory can be specified with $TMPDIR.

PATH[=REVISION]

Database 1.

PATH_OR_REV[=REVISION]

Database 2. If no path is specified, it will default to the path of Database 1. If no revision is specified, it will default to the current revision (#=).

Parameters

Examples:

with interfaces.i64 opened for edit and changed, this will open IDA and show the differences with the current revision on vault

alice@alice_PC$ hv diff interfaces.i64
alice@alice_PC$ hv changes interfaces.i64
CM 9 2022-06-30 23:55:33 edit alice@alicepc interfaces.i64: deobfuscated some string
CM 8 2022-06-28 23:30:17 edit john@johnpc interfaces.i64: annotated areas to inves
CM 1 1970-02-04 01:52:08 add  john@johnpc added samples
alice@alice_PC$ hv diff interfaces.i64 "#2"

md5

Prints the md5 checksum of a file on the vault.

PATH_PATTERN[=REVISION]

Vault path of file(s) to process, if no revision is specified, defaults to the current revision (#=).

Parameters

Example:

alice@alice_PC$ hv md5 Win32.Emotet/29D6161522C7F7F21B35401907C702BDDB05ED47.bin
ok D243C0B2DBA37565CE3601AD78A73E07 //Win32.Emotet/29D6161522C7F7F21B35401907C702BDDB05ED47.bin#1

info

info

Displays info about the vault and current session.

Example:

alice@alice_PC$ hv info
Hex-Rays Vault Server v1
Vault time: 2022-06-29 00:13:55, up since 2022-06-28 09:40:53
License user : Johnny Appleseed
License email: john@appleseed.net
License: IDAULTTL; 10 users out of 30; expires on 2023-10-13
MAC address: 7F:A7:B3:C1:8D:79
Vault directory: /opt/hexvault/files
Client name: john *ADMIN*
Client site: johnpc
Client host: johnpc (127.0.0.1)
Client root: /home/john/vault
Login time : 2022-06-29 00:13:55
Last active: 2022-06-29 00:13:55

changes

Displays list of commits that affect a path.

List can be refined using options.

For each commit the following info will be displayed:

  • the commit id

  • the timestamp of the commit

  • if only one file was changed, the action that was done to it (e.g. edit)

  • the user who sent the commit

  • the site from which the commit was sent

  • a description of the commit, truncated to 40 chars unless if -l is enabled

TIP

This command is also available under the alias commits.

-s SITENAME

Restrict to commits from SITENAME.

-u USERNAME

Restrict to commits from USERNAME.

-c MIN_COMMIT

Restrict to commits after commit: MIN_COMMIT.

-C MAX_COMMIT

Restrict to commits prior to commit: MAX_COMMIT.

-m MAX_REPORTED_ENTRIES

Limit number of reported commits to: MAX_REPORTED_ENTRIES.

-d MIN_DATE

Restrict to commits after MIN_DATE using format YYYY-MM-DD.

-D MAX_DATE

Restrict to commits prior to MAX_DATE using format YYYY-MM-DD.

-l

Display long (>40 characters) commit descriptions.

PATH_PATTERN…​

Filter commits by vault paths. If omitted, defaults to all files.

Parameters

Examples:

find all commits made by john

alice@alice_PC$ hv changes -u john
CM 109 2022-04-05 17:09:18 john@johnpc reverted commit 85
CM 108 2022-04-05 17:00:02 john@johnpc added more malware samples
CM 107 2022-04-05 16:37:02 john@johnpc WannaCry: annotated a few funcs
CM 106 2022-04-05 16:35:57 john@johnpc removed unused files

show last 2 commits on a file with full descriptions

alice@alice_PC$ hv changes -m 2 -l //iOS/dyld_ios16.i64
Commit 42 2022-06-14 16:44:19 edit gregm@gregpc
        iOS: dyld iOS 16 WIP

        annotated more struct members

Commit 35 2022-06-14 00:35:43 edit gregm@gregpc
        iOS: RE of ios16 split cache loading

        discovered some structures and their members

users

users

Shows users.

Example:

alice@alice_PC$ hv users
LastActive Adm Login   RealName/Email         Notes
---------- --- ------- ---------------------- -----
2022-07-27  *  admin
2022-09-16     alice   Alice <alice@acme.com>
Never          bob     Bob <bob@acme.com>

groups

groups

Displays all the existing groups and their users.

Example:

alice@alice_PC$ hv groups
malware: alice michael matt sarah jason
audit: stephen ilse
interns: russ

group show

group show GROUP_NAME

Displays the list of users in a group.

GROUP_NAME

A group name.

Parameters

Example:

alice@alice_PC$ hv group show "malware"
malware: alice michael matt sarah jason

user show

user show USERNAME

Displays the full details of a specific user.

The following details will be displayed:

  • the timestamp of when the user was last active

  • the username, with a * next to it if the user has admin privileges

  • the license id of the user

  • the full name of the user

  • the email address of the user

  • notes about the user

USERNAME

The username of the user to display.

Parameters

Example:

alice@alice_PC$ hv user show johndoe
2022-06-27     johndoe      99-9999-9999-99 John doe <johndoe@doe.net> NOTES

commit show

commit show COMMIT_ID

Displays the contents of a commit.

This will list all of the files that were changed by the commit.

For each file the following details will be displayed:

  • the action that was performed on it in the commit

  • the path

  • the revision

  • if it’s unsynced, an extra label will be displayed

  • the size of the file

COMMIT_ID

The id of the commit to display.

Parameters

Example:

alice@alice_PC$ hv commit show 5
add  //cat.i64#1 (size 503909)

Misc.

passwd

passwd PASS [USER]

Sets a new password for a user.

PASS

The new password.

USER

The username whose password should be changed. Only admins can change other users' passwords. If omitted, defaults to the current user.

Parameters

Examples:

alice@alice_PC$ hv passwd newpw
alice@alice_PC$ hv passwd newpw user1

commit edit

commit edit COMMIT_ID DESCRIPTION

Edits a commit description.

Regular users may modify only their own commits. Admins may modify any commit.

COMMIT_ID

The id of the commit to amend.

DESCRIPTION

New description of the commit.

Parameters

Example:

alice@alice_PC$ hv commit edit 42 "removed unused file, it had been wrongfully added with commit #39"

licenses

licenses

Shows active licenses

Example:

alice@alice_PC$ hv licenses
Vault licenses:
  99-9999-9999-99 IDAULTTW: used 2 out of 10 seat(s)
  Expires: 2023-04-15
  Online users: john@johnpc (99.999.99.99): 1 IDA instance(s)

borrow

borrow PRODUCT END_DATE

Borrow a license

A borrowed license can be used offline but other users will not have access to it.

A borrowed license can be returned to the vault using. If not returned earlier, it will automatically be returned to the vault at the expiration time.

PRODUCT

The product code or license id.

END_DATE

YYYY-MM-DD - exact date, +Nd - N days since now, +Nw - N weeks since now. DD-MON-YYYY can be used to specify an exact date too.

Parameters

Example:

alice@alice_PC$ hv borrow IDAULTTW 2022-07-31
License IDAULTTW 99-9999-9999-99 has been borrowed until 2022-07-31 00:00:00
alice@alice_PC$ hv borrow IDAULTTL +6d
License IDAULTTL 99-9999-9999-99 has been borrowed until 2022-07-31 13:53:23

return

return PRODUCT

Return a borrowed license

A returned license becomes available to other vault users.

PRODUCT

The product code or license id.

Parameters

Example:

alice@alice_PC$ hv return IDAULTTW
Licence 99-9999-9999-99 has been returned

Administrative commands

These commands require that the user executing them has admin privileges.

Managing users

user add

user add USERNAME REALNAME EMAIL IS_ADMIN NOTES

Adds a user.

USERNAME

The username of the user.

REALNAME

The full name of the user.

EMAIL

The email address of the user.

IS_ADMIN

Should be 1 if the user is admin, otherwise 0.

NOTES

Extra notes about the user.

Parameters

Example:

alice@alice_PC$ hv user add johndoe "John Doe" johndoe@doe.net 0 "NOTES"

user edit

user edit USERNAME REALNAME EMAIL IS_ADMIN NOTES

Edits a user definition.

USERNAME

The username of the user to modify.

REALNAME

The full name of the user.

EMAIL

The email address of the user.

IS_ADMIN

Should be 1 if the user is admin, otherwise 0.

NOTES

Extra notes about the user.

Parameters

Example:

alice@alice_PC$ hv user edit johndoe "John Doe" john_doe@doe.net 0 "NOTES"

user del

user del [-b] [-f] USERNAME

Deletes a user.

Cuation: deleting a user with borrowed licenses will make the borrowed licenses unavailable until their expiration date.

-b

Force deletion even if the user has borrowed licenses.

-f

Force deletion even if the user has checked out files.

USERNAME

The name of the user to delete from the vault.

Parameters

Example:

alice@alice_PC$ hv user del -f johndoe

Managing groups

group add

group add GROUP_NAME

Adds a new group.

An empty group with the specified name is created.

GROUP_NAME

the name of the new group.

Parameters

Example:

alice@alice_PC$ hv group add my_group

group edit

group edit GROUP_NAME USER ADD_OR_DELETE

Edits a group by adding or deleting users.

GROUP_NAME

the name of the group.

USER

the name of the user.

ADD_OR_DELETE

add or delete the specified user from the group, 0 is delete, 1 is add.

Parameters

Example:

alice@alice_PC$ hv group edit "my_group" "user1" 1
alice@alice_PC$ hv group edit "my_group" "user1" 0

group del

group del GROUP_NAME

Deletes a group.

GROUP_NAME

the name of the group to delete.

Parameters

Example:

alice@alice_PC$ hv group del my_group

Managing permissions

perm get

perm get

The current permission table is printed to the standard output.

Example:

alice@alice_PC$ hv perm get
# The permission for each vault file is determined as the result of applying
# all matching lines, from the beginning of the permission table to the end.
# An empty permission table grants all access to everyone.
# A non-empty permission table starts by denying all access to everyone.
grant user fred write //subdir-for-fred/
deny group remote list //local-secret
grant group analysts write //subdir/for/idbs/
grant user * read //subdir/for/idbs/

perm set

perm set [@FILE]

The installed permission table becomes active immediately.

We recommend usingto ensure that the new permission table works correctly.

@FILE

The file from which to set the new permissions table.

Parameters

Example:

alice@alice_PC$ hv perm set <perms.txt

perm check

The list of files that are visible to the user is printed, along with the permissions that the user has. The read access is denoted by 'r' and the write access is denoted by 'w'.

USERNAME

The USERNAME of the user whose permissions that will be tested.

PATH_PATTERN

Vault path of file(s) that will be tested.

Parameters

Example:

alice@alice_PC$ hv perm check fred
rw //subdir-for-fred/afile
rw //subdir-for-fred/anotherfile
r- //subdir/for/idbs/interfaces.i64

alice@alice_PC$ hv perm check fred //local-secret

Others

sessions

sessions

Displays the sessions info.

For each session on the vault, the following info will be displayed:

  • the site

  • the user

  • the hostname

  • the timestamp of the login time

  • the timestamp of the last activity

  • "ADM" if the user has admin privileges

  • "*" for the session executing the command

Example:

alice@alice_PC$ hv sessions
gregpc       gregm        GREGPC-554HW             LOGIN=2022-07-04 LAST=2022-07-04 ADM *
lindapc      linda        lindasmac                LOGIN=2022-07-02 LAST=2022-07-04

purge

Purges file(s) from the Vault server, permanently deleting it and all of its history.

The path patterns must be specified using full paths, starting with //

-s

Silent mode; do not output any messages.

-y

Really purge the files, without this parameter the command does a dry-run.

PATH_PATTERN…​

Vault path of file(s) to purge from the vault.

Parameters

Example:

alice@alice_PC$ hv purge -s -y //work/ds1_10 //work/more_work

Concepts

What is a "site"?

A site represents a mapping of the server files to the local filesystem. Normally each computer has a site associated with it. A site has the following attributes:

  • A site name

  • A host name

  • The path to a folder on the filesystem (a.k.a., "root directory")

  • Path filters (optional)

Root directory

The root directory is the essential attribute of a site. It denotes where all files from the vault server will be mapped to the local disk. Everything inside the root directory can potentially be uploaded to the vault server and shared with other team members.

The vault server cannot manage files located outside the root directory. However, this limitation is straightforward to overcome: create a symbolic link (or, on Windows, a junction point) from the root directory to the directory of your choice. This will make the target of the symbolic link visible as part of the root directory.

The vault server keeps track of each site’s state: what files have been downloaded to the local disk, what files have been checked out for editing, etc. This simplifies the housekeeping tasks, especially for big repositories with millions of files. Even for them, downloading the latest files or reconciling the local disk with the server, are almost instantaneous.

The host name is a security feature that prevents from using a site on a wrong computer. Since the server keeps track of the files downloaded to each site, using a wrong site may lead to an inconsistent mapping between the server and local disk. However, if the user does not want this protection, it is possible to erase the host name in the site definition.

Sites can be edited from the "Sites" view.

Path filters

By default all server files are visible, but for servers that manage gigabytes of data this can be problematic: it may be undesirable for users to download all files to their local computer.

Site filters provide a mechanism that lets users restrict the set of files their IDA Teams client works with. Users who want to work on some specific projects can set a filter that restricts the visibility only to selected subdirectories.

Each site has its own filters, that con be modified at any time. Filters do not directly affect any files on the local disk, or on the server: they are strictly about visibility.

Site filters are meant simplify a user’s life by letting them focus on specific projects. Since they can be modified by users, they should not be considered a security measure: that would be the role of the permissions system, which can only be managed by Hex-Rays Vault server administrators.

The purpose of site filters is to create a subset of the full set of files provided by the server. Site filters don’t directly affect what locally-available files (i.e., present in the site’s rootdir, but not tracked by the server) are visible by IDA Teams clients.

Examples

An empty filter

$ cat empty_filter.txt
$

Hide all files, except those in malware/

$ cat only_malware.txt
malware/
$

Show all files, except those from the pentesting team

$ cat hide_pentest.txt
!pentesting/
$

Show all files but those from the pentesting team, except their produced documents

$ cat hide_pentest_but_docs.txt
!pentesting/
pentesting/research_docs/
$

Resolving conflicts in a file

When a user needs to commit changes made to a file, but that same file has received other modifications (likely from other users) in the meantime, it is necessary to first "merge" the two sets of modifications together.

When the two sets of modifications do not overlap, merging is trivial - at least conceptually. But when they do overlap, they produce conflict(s).

Since IDA Teams focuses on collaboration over IDA database files, the rest of this section will focus on the different strategies that are available for resolving conflicts among those.

IDA Teams comes with multiple strategies to help in conflict resolution of IDA database files:

Auto-resolve (if no conflicts)

Launch IDA in a non-interactive batch mode, attempting to perform all merging automatically.

If any conflict is discovered, bail out of the merge process, and don’t modify the local database.

Auto-resolve, prefer local

Launch IDA in a non-interactive batch mode, attempting to perform all merging automatically.

If a conflict is discovered, assume that the "local" change (i.e., the current user’s change) is the correct one, and apply that.

Once all merging is done and conflicts are resolved, write those to the local database and exit IDA

Auto-resolve, prefer remote

Launch IDA in a non-interactive batch mode, attempting to perform all merging automatically.

If a conflict is discovered, assume that the "remote" change (i.e., the change made by another user) is the correct one, and apply that.

Once all merging is done and conflicts are resolved, write those to the local database and exit IDA

Interactive merge mode

Manual merge mode.

This will launch IDA in an interactive, 3-pane mode, allowing the user to decide how to resolve each conflict.

Once all merging is done and conflicts are resolved, exit IDA and write the changes to the local database.

Use local, discard remote

Select the local database, ignoring all changes in the remote database.

No IDA process is run.

Use remote, discard local

Select the remote database, ignoring all changes in the local database.

No IDA process is run.

hvignore (and .hvignore) files

IDA Teams comes with a mechanism that lets users specify what files should be ignored when adding files from their local machines to the Vault.

The main hvignore file (path/to/install-dir/hvignore)

In IDA Teams' install directory, you will find the "main" hvignore file, that is pre-populated with a list of files that you would typically not want to add to the Hex-Rays Vault server, such as .bak backup files and unpacked IDA database files: .id0, .nam, etc…​

The syntax for hvignore is very close to that of .gitignore files.

Additional .hvignore files

The registry

On Microsoft Windows, IDA Teams will store certain bits of information in the registry (host name, user name, site name.)

On macOS and Linux, it will use a pseudo-registry file, located at $HOME/.idapro/hvui.reg.

Passwords storage in the OS’s keychain

  • On Windows, the Windows Credential Store is used (therefore requiring Windows 7 or newer)

  • On macOS, the macOS Keychain is used

  • On Linux, the "Secret service" is used (through libsecret-1)

Managing permissions on a vault

Hex-Rays Vault includes a way to restrict the access of users and groups to the data stored in the Vault.

The permission file is a text file that contains the permission table. The file consists of lines that grant or deny access to certain path patterns in the vault. The syntax for an entry is the following:

grant/deny group/user NAME PERMISSION VAULT_PATH_PATTERN

Possible PERMISSION values are: list, read and write. read includes list, write includes read (and thus also includes list).

Example of a permission file:

# deny everything to everyone. no need to specify it explicitly,
# it is the default for a non-empty permission table:
# deny  user *      list  //*

deny  user *      list  //secret/   # nobody can see //secret. this line is superfluous
                                    # because everything is denied by default.
grant user hughes write //secret/   # but hughes can write to secret and its subdirs
grant user john   read  //secret/   # and john can read the entire directory.
deny  user *      list  //secret/supersecret # supersecret is not visible to anyone
grant user hughes write //secret/supersecret # but hughes can modify it (john cannot)
grant user *      write //local_files/ # everyone can work with 'local_files'
deny group remote list //local_files/  # except that the 'remote' group cannot see 'local_files'

An empty permission table means that no permissions are enforced rendering all files accessible by everyone. As soon as a non-empty permission table is specified, all access is denied to everyone by default.

Path patterns may refer to (yet) unexisting files. Users and groups too may refer to unexisting users and groups.

The order of the permission file is important as the last lines will take precedence over the preceding lines (if there are conflicts).

Admins are not affected by the permission table, they are granted all access.

To install a new permission table, use perm set

The current permissions can be retrieved using perm get

Passing credentials on the command line will always take precedence over and .

Credentials can also be passed through environment variables. They will take precedence over those possibly found in the .

Unless environment variables or command-line arguments are provided, hv will look for credentials in (and for passwords.)

The user, host (and optional site) will be persisted in , while the password will be saved to .

In order to keep the various commands' syntax as clear as possible, we will assume that the user has stored credentials (in either the or ) for the rest of this manual.

We recommend persisting credentials using .

if you login to the server using hvui and save the login information, it will end up in the , and thus hv will then be able to use that information as well.

Commands in this section manipulate .

A user must be a site in order for most commands to work correctly.

Creates a new .

To use a site, it must be specified as described in the section.

Edits an existing site’s details, such as the and the host it is bound to.

Displays the associated with the site.

Sets the associated to the site, either interactively or from @file.

add [-s] [-w WORKLIST_ID]

Issuing this command will not upload the file(s) to the server right away: the new file name(s) will be placed into a worklist, which then needs to be to the server. Once a worklist is committed, its files will be available to other users.

The files must be inside the site’s .

The files will be filtered using rules.

copy [-s] [-w WORKLIST_ID]

The source file will be downloaded from the server to the new file. If the source file was modified locally, those modifications won’t be part of the copy. This implies that if a file has just been to the Hex-Rays Vault server but not committed yet, it can’t be copied because it does not exist on the server yet.

move [-s] [-w WORKLIST_ID]

del [-s] [-w WORKLIST_ID]

edit [-s] [-w WORKLIST_ID]

This command is used to instruct the Hex-Rays Vault server that we will be working on files, so that it knows what revision of the file(s) that work will be based on and so later orcommands can work correctly.

scan [-a] [-e] [-d] [-s] []

The files found by the scan command will be filtered by .

See also

Files can be associated to that new worklist when they are marked for , , or .

sync [-f] [-p] [-s] [@COMMIT_ID] []

resolve METHOD

Resolves conflicts in a file, using the specified .

revert [-a] [-p] [-s]

migrate [-s] WORKLIST_ID

files [-d] [-s] []

dir [-d] [-s] [-u]

show

diff

md5

changes [-s SITENAME] [-u USERNAME] [-c MIN_COMMIT] [-C MAX_COMMIT] [-m MAX_REPORTED_ENTRIES] [-d MIN_DATE] [-D MAX_DATE] [-l] []

Displays .

Sets new from STDIN or from file.

perm check USERNAME

Checks for a user.

purge [-s] [-y]

site details

There is another mechanism to specify what files should not be added to the vault. See for more info.

In addition to that file, you can have .hvignore file (notice the . - dot) placed in your 's directory structure.

When found, those files' contents will be appended to the file’s contents.

While hosts, user names & are persisted to the , passwords are stored securely in the operating system’s keychain.

filter table
committed
rootdir
hvignore
cmd.diff
.hvignore
environment variables
the registry+keychain
environment variables
registry+keychain
registry+keychain
the registry
the OS’s keychain
the registry
the OS’s keychain
registry+keychain
environment variables
the registry+keychain method
the registry+keychain method
sites
using
site
credentials
rootdir
filter table
PATH_PATTERN…​
SRC_PATH
DST_PATH
added
SRC_PATH
DST_PATH
PATH_PATTERN…​
PATH_PATTERN…​
PATH_PATTERN…​
hvignore
worklist show
addition
deletion
edition
PATH_PATTERN[=REVISION]…​
PATH_PATTERN
strategy
PATH_PATTERN…​
PATH_PATTERN…​
PATH_PATTERN_OR_SUBSTRING[=REVISION]…​
PATH_PATTERN_OR_SUBSTRING…​
PATH_PATTERN[=REVISION]
PATH[=REVISION]
PATH_OR_REV[=REVISION]
PATH_PATTERN[=REVISION]
PATH_PATTERN…​
permission table
permissions table
PATH_PATTERN
permissions
PATH_PATTERN…​
Auto-resolve (if no conflicts)
Auto-resolve, prefer local
Auto-resolve, prefer remote
Interactive merge mode
Use local, discard remote
Use remote, discard local
site
main
site names
registry