Open subviews
Last updated
Was this helpful?
IDA 8.4
Last updated
Was this helpful?
Here are commands to open various windows, display information etc.
The "WindowOpen" command opens a new window with the disassembly. IDA automatically opens one disassembly window at the start.
A double click of the mouse is equivalent to the <Enter> key.
This command opens the exports window.
This command opens the imports window.
Listed for each function are:
The last column of this window has the following format:
If a function has its color set, its line is colored using the specified color. Otherwise library and lumina functions are colored with the corresponding color. Otherwise the line is not colored.
A bold font is used for functions that have definite (user-specified) prototype. Also some plugins too may set this flag. Such prototypes are taken as is by the decompiler, while other prototypes are considered only as a starting point during decompilation.
It is possible to automatically synchronize the function list with the active disassembler, pseudocode, or hex view. For that right click on the function list and select "Turn on synchronization".
The GUI version displays a small icon for each name:
This command opens the signatures window.
For each signature, the following is displayed:
You can modify the planned signatures list here: add/delete library modules to be used during the disassembling.
You cannot delete an applied signature from the list.
To add a signature to the list for the application press <Ins>. You will see a list of signatures that can be applied to the program being disassembled.
Text version: Not all signature files will be displayed (for example, 32 bit signatures will not be shown for a 16 bit program). If you want to see the full list of signatures, select the first line of the list saying SWITCH TO FULL LIST OF SIGNATURES.
Signature files reside in the subdirectories of the SIG directory. Each processor has its own subdirectory. The name of the subdirectory is equal to the name of the processor module file (z80 for z80.w32, for example). Note: IBM PC signatures are located in the SIG directory itself. Note: the IDASGN environment variable can be used to specify the location of the signatures directory.
Depending on the current processor type, you will see DS,ES,SS with or without FS,GS.
This command opens the cross-references window. This window contains all references to the current location.
You can add and delete cross references here too by pressing Ins or Del. Right clicking on the mouse will work too.
Add a cross reference: the from and to address, as well as the xref type should be specified.
Del a cross reference: if the 'undefine if no more xrefs' is check, then the instruction at the target address will be undefined upon the deletion of the last xref. IDA undefines instructions only if they do not start a function.
This command opens the structure definitions window.
You can modify structure definitions here: add/rename/delete structures, add/delete/define structure members.
In the structure header IDA displays the following info:
This command opens the enum definitions window.
You can also add a comment for the enum and for each enum member. In order to specify an enum comment, you have to stand at the enum name. Comments are set using regular commands:
This command opens the local types window. The user can manipulate local types here:
Please note that Ins can be used to add many types at once. For that the user just needs to enter multiple declarations, one after another in the dialog box.
However, Ctrl-E permits for editing of one type at a time. This may cause problems with complex structure types with nested types. Nested types will not be saved by Ctrl-E.
If the edited type corresponds to an idb type (struct or enum), then the corresponding type will be automatically synchronized. If the user modifies an idb type in the struct/enum windows, the corresponding local type will be updated too. So the type synchronization works both ways.
Each type in the local type library has an ordinal number and may have a name.
Be careful when deleting existing types because if there are references to them, they will be invalidated.
A local type can be mapped to another type. Such an operation deletes the existing type and redirects all its references to the destination type. Circular dependencies are forbidden. In the case of a user mistake, a mapped type can be deleted and recreated with the correct information.
See also
You can jump to a problem by pressing Enter. The selected problem will be deleted from the list.
This command opens the type libraries window. Here the user can load and unload standard type libraries.
The standard type libraries contain type definitions from the standard C header supplied with compilers. Usually, IDA tries to determine the target compiler and its type libraries automatically but if it fails, this window allows you to load the appropriate type library.
This command opens the string window.
The string window contains all strings in the program. However, if a range of addresses was selected before opening the window, only the selected range will be examined for strings.
You can setup the list parameters by right-clicking (or pressing Ctrl-U in the text version) on the list.
The list always contains strings defined in the program regardless of the settings in this dialog box, but the user can ask IDA to display strings not yet explicitly defined as strings.
The following parameters are available:
Minimal string length
This command opens the function calls window.
All functions who call the current function are displayed at the top of the window.
All functions called from the current function are displayed at the bottom of the window.
The list is automatically refreshed when the cursor is moved to another function.
Opens a notepad window for the general notes about the current database. The entered notes will be saved in the current database.
Alt-T hotkey can be used to search for a text and Ctrl-T to repeat the last search.
The notepad is available only in the GUI version.
This command opens a window with the undo history. It is available from the Views, Open subviews submenu.
Double clicking on a line reverts the database to the state before the corresponding action.
It is possible to truncate the undo history by using the corresponding context menu command. The undo information for the selected action will be removed together with the information about all preceding actions.
The redoable user actions are displayed in italics. The current position in the undo buffers is displayed in bold, it usually denotes the first redoable user action.
See also
Some windows allow you to manipulate the window contents by using the viewer commands.
See also submenu.
If the current location is an instruction belonging to a function, then the is available. You can toggle between the text and graph view using the Space key. You can also switch to proximity view by zooming out to the callgraph using the '-' key.
Use the disassembly commands to improve the listing.
Use Shift-<arrows> or Alt-L to drop . If you have a mouse, you can drop the anchor with it too.
To the left of disassembly, there is an (GUI version). Also the GUI version the current identifier.
You can use commands in this window.
You can use commands in this window.
A list of all functions in the program is displayed. You can , , functions using viewer commands.
This command opens the window.
You can use commands in this window.
This command opens the segments window. The format of this window is explained .
You can use commands in this window.
In order to change the selector values, use window.
This command opens the segment registers window. The window will contain segment register list.
You can use commands in this window.
See also submenu.
This command opens the selector window. Here you can change the "selector to base" mapping. The selector table is used to look up the selector values when the addresses that are visible in the disassembly listing.
You can use commands in this window:
You can use commands in this window.
Each structure must have a unique name. A field name must be unique in the structure. In order to create or delete a field, use data definitions commands (, , , , ). You may also define or comments.
In order to modify member types, use commands from the submenu. For example, to convert a structure member to an offset, use one of the following commands:
Some struct types in this window are created automatically by IDA. They are copies of some local types. Such structs are displayed in gray. They are considered as C-level types. As soon as the user edits such a type, it becomes an ASM-level type. Read .
You can modify enum definitions here: // enums, // enum members (i.e. user-defined symbolic constants)
Please note that you can create definitions here.
Each database has a local type library embedded into it. This type library (til) is used to store types that are local to the current database. They are usually created by a header file.
Some types in this list are created automatically by IDA. They are copies of the types defined in the or views. Such types are displayed using in gray, as if they are disabled.
Types displayed in black are considered as C level types. Read .
This command opens the problems window. The problem window contains the of all problems encountered by IDA during disassembling the program.
Furthermore, don't forget to specify the compiler and memory model in the dialog box.
Display only defined strings If checked, IDA will display only strings explicitly marked as string items (using the command). In this case, the other checkboxes are ignored. Ignore instructions/data definitions
Strict ASCII (7-bit) strings If checked, only strings containing exclusively 7-bit characters (8th bit must be zero) will be added to the list. Please note that the user can specify which characters are accepted in the strings by modifying the StrlitChars parameter in the file. This setting is ignored if 'only defined strings' is on. Allowed string types