Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In this submenu you can:
Load file Load file
Script command Execute a script command
Produce output file Generate output file
Execute OS commands
Save database in packed form
Save database in packed form in another file
Take database snapshot
Abort - do not save changes
Quit to DOS - save changes
See also submenus.
This submenu allows you to load additional files into the database.
This command reloads the same input file into the database. IDA tries to retain as much information as possible in the database. All the names, comments, segmentation information and similar will be retained.
Only the values of individual bytes will be changed.
This command works for some input file types only: if the file was loaded into the database with special settings, this command may fail. In this case, use command and reload the file manually.
See also commands.
This command loads a binary file. The new file is added to the current database and all existing information is retained.
The file content will appear as unexplored bytes in the program.
This command only allows you to load binary files.
See also commands.
This command loads an IDS file.
An IDS file contains information about well-known functions (such as functions from MS Windows API), namely:
IDS files are automatically loaded if they are found in the IDS directory. This command allows you to load an IDS file from any directory, even after the main file has been loaded into the database.
See also commands.
This command loads a DBG file.
If the program being disassembled has a companion DBG file, then this command may be used to load information from a DBG file into the database. IDA loads DBG files automatically if it can find them in the directory with the input file.
The built-in debug information loader cannot load NB10 format files and PDB files. To load those files, please use a special plugin, PDB.DLL, which can be run manually using Edit->Plugins submenu. This plugin uses MS Windows DLLs to load the debug information and therefore has the following limitations:
See also commands.
This command loads a PDB file.
If the program being disassembled has a companion PDB file, then this command may be used to load information from the PDB file into the database.
By default IDA uses in-house code to parse and load PDB files. However, our code can not parse old v2.0 PDB files. For them, IDA can fall back to using Microsoft DLLs (the default is "do not fall back"). Please read more in cfg/pdb.cfg.
Command line switch '-Opdb:option1:option2' overrides for ida session the value in cfg/pdb.cfg.
Ida will not load PDB plugin for this session.
This command loads a TDS file.
If the program being disassembled has a companion TDS file, this command may be used to load information from the TDS file into the database.
The TDS file must be placed in the same directory together with the input file.
The LoadTdsFile command launches a special plugin TDS.DLL which can be run manually using Edit->Plugins submenu.
See also commands.
This command allows you to apply an additional signature file to the program.
A signature file contains patterns of standard runtime functions. With their help, IDA is able to recognize the standard functions and names them accordingly.
IDA attempts to detect the necessary signature files automatically but unfortunately, this is not always possible. This command adds the specified signature file into the planned signature files queue.
Signature files reside in the subdirectories of the SIG directory. Each processor has its own subdirectory. The name of the subdirectory is equivalent to the name of the processor module file (z80 for z80.w32, for example). Note: IBM PC signatures are located in the SIG directory itself. Note: the IDASGN environment variable can be used to specify the location of the signatures directory.
There is another way to load a signature file: you may insert/delete signature files in the following way:
This is a preferred way of applying signatures because useful information, such as the number of identified functions is displayed in the signature window.
See also commands.
This command allows you to apply type declarations from a C header file to the program.
IDA reads and parses the specified header file as a C compiler does. In other words, it mimics the front-end of a C compiler with some restrictions:
Don't forget to specify the compiler and memory model in the dialog box before loading a header file.
All type declarations found in the input file are stored in the current database in the form of a type library. These type declarations can be used to define new structure and enumeration definitions by pressing "Add standard structure" or "Add standard enum" buttons in the and dialog boxes.
In the case of an error in the input file, the error messages appear in the message window. In any case, the function declarations that are already parsed are not deleted from the database. IDA stops parsing the input file when 20 errors occur.
IDA 7.7 introduced an based on libclang.
See also
commands.
The IDAClang plugin is shipped with IDA, and it provides the ability to parse header files that contain arbitrarily complex C/C++/Objective-C source code using the action.
To enable the IDAClang parser, go to Options>Compiler>Source parser, and select "clang". Then use 'File>Load file>Parse C header file' to invoke the parser on a given source file.
Since IDAClang is based on the third-party libclang parser, it can only parse standalone source files that contain valid C/C++/Objective-C syntax.
See also command.
See also commands.
Action name: ExecuteLine
You can enter and execute a small script written in the built-in IDC language or any other registered extlang.
Here is the list of built-in functions.
See also:
IDC language overview
Execute script file command
commands
How to use .
By using this command, you can temporarily quit to the operating system.
This command is not available in the MS DOS version.
The database is left open when you use this command, so be careful.
See also commands.
Action name: Shell
Action name: ReloadFile Action name: LoadFile
Action name: LoadIdsFile
- their names
- their ordinal number in the DLL
- an eventual informative comment
- the number of parameters passed on the stack
- the number of parameters purged when returning Action name: LoadDbgFile
- it works only under MS Windows
- it will load only PDBs compatible with the currently
installed IMAGEHLP.DLL Action name: LoadPdbFile
off : disable PDB
pdbida : uses Hex-rays in-house code to parse and load PDB files.
msdia : uses Microsoft DLLs to parse and load PDB files.
only available on Windows, for Linux/Macos you need to configure
win32_remote.exe or win64_remote64.exe server in cfg/pdb.cfg
fallback : fallback from pdbida to msdia for the old 2.0 format
nofallback : no fallback to msdia -Opdb:off Action name: LoadTdsFile
Action name: LoadSigFile
- open the signatures window
- press Ins to insert a signature file to the queue
- press Del to delete a signature file from the queue Action name: LoadHeaderFile
- only type declarations are allowed. The function definitions
in the input file are skipped
- not all C++ header files are not supported, only simple classes can
be parsed
- the compiler specific predefined macros are not defined,
you have to define them manually in the header file Action name: Execute
You can execute any script file supported by the built-in scripting engine (IDC or Python), or a scripting language added by a plugin. The scripting language to use is selected by the file name extension of the script.
See also Immediate execution of script commands, Load... submenu commands.
Action name: Quit
This command terminates the current IDA session. IDA will write all changes to the disk and will close all databases.
You can enable/disable database packing. When the database is packed, it consists of one file with IDB extension. When the database is not packed, it consists of several files on the disk. If packing is disabled, in the next session you cannot abort IDA. We do not recommend to leave the database in the unpacked form because you will not have a backup copy.
You can also perform garbage collection on the database before packing it. The garbage collection removes the unused database pages, making it smaller. However, IDA needs some free database pages when it works,therefore it will allocate them again when you reuse the database. Removing and adding free pages takes time and, what is most important, it changes the database control blocks.
Use garbage collection only when you do not intend to work with the database in the near future.
IDA will remember all information about the screen, cursor position, jump stack, etc. The following information will be lost: keystroke macros, the anchor position To resume a disassembly session simply type: "ida file"
See also other File... submenu commands. Abort command.
Action name: SaveBaseSnap
This command takes a database snapshot. The snapshot can be later restored from the database snapshot manager.
Note: snapshots work only with regular databases. Unpacked databases do not support them.
See also View database snapshot manager commands.
This submenu allows you to produce various output files. It also allows you to unload the database.
The text file-producing operations below will make use of
the currently-selected encoding for output files.
Please enter a file name for the map. IDA will write the following information about this file:
You may disable the generation of the segmentation information. You may also enable or disable names in the output file.
You can use this map file for your information, and also for debugging (for example, Periscope from Periscope Company or Borland's Turbo Debugger can read this file).
Please enter a file name for the assembler text file. IDA will write the disassembled text to this file.
If you have selected a range on the screen using command, IDA will write only the selected range (from the current address to the anchor).
If some I/O problem (e.g. disk full) occurs during writing to the file, IDA will stop and a partial file will be created.
Please enter a file name for the assembler include file. IDA will write the information about the defined types (structures and enums) to this file.
If some I/O problem (e.g. disk full) occurs during writing to the file, IDA will stop and a partial file will be created.
Enter a file name for the assembler listing file. IDA will write the disassembled text to this file.
If you've selected a range on the screen using command, IDA will write only the selected range (from the current address to the anchor).
If some I/O problem (e.g. disk full) occurs during writing to the file, IDA will stop and a partial file will be created.
Enter a file name for the new executable file. Usually this command is used after patching (see commands and ) to obtain a patched version of the file.
IDA produces executable files only for:
For other file formats please create a file.
EXE files: Output files will have the same EXE-header and relocation table as the input file. IDA will fill unused ranges of the EXE file (e.g. between relocation table and loadable pages) with zeroes.
See also submenu.
This command will prompt you for a filename and then will create a plain text difference file of the following format:
See also submenu.
Please enter a file name for the HTML file. IDA will write the disassembled text to this file.
If you've selected a range on the screen using command, IDA will write only the selected range (from the current address to the anchor).
If some I/O problem (e.g. disk full) occurs during writing to the file, IDA will stop and a partial file will be created.
This command is available only in the graphical version of IDA.
This command creates a GDL (graph description file) with the flow chart of the current function.
If there is an active selection, its flow chart will be generated.
IDA will ask for the output file name. Regardless of the specified extension, the .GDL extension will be used.
This command creates a GDL (graph description file) with the graph of the function calls.
IDA will ask for the output file name. Regardless of the specified extension, the .GDL extension will be used.
This command saves current IDA database into a text file.
You can use it as a safety command:
This command is used when you want to switch to a new version of IDA. Usually each new version of IDA has its own database format. To create a new format database, you need:
Please note that this command does not save everything to text file. Any information about the local variables will be lost!
This command saves all definitions in the local types window into a C header file
Please note that that types created in the structures window will not be saved unless they are synchronized with the local types.
This command saves information about the user-defined types from the IDA database into a text file.
Information about enums, structure types and other user-defined types is saved in a text form as an IDC program.
You can use this command to migrate the type definitions from one database to another.
See also commands.
Action name: ProduceMap
- current segmentation
- list of names sorted by values Action name: ProduceAsm
Action name: ProduceInc
Action name: ProduceLst
Action name: ProduceExe
- MS DOS .exe
- MS DOS .com
- MS DOS .drv
- MS DOS .sys
- general binary
- Intel Hex Object Format
- MOS Technology Hex Object Format Action name: ProduceDiff
comment
filename
offset: oldval newval Action name: ProduceHtml
Action name: ProduceFuncGdl
Action name: ProduceCallGdl
Action name: DumpDatabase
- to protect your work from disasters
- to migrate information into new database formats of IDA. 1. to issue the 'Dump...' command for the old
database (using old version of IDA). You will
get an IDC file containing all information
from your old database.
2. to reload your database using new IDA with switch -x.
3. to compile and execute the IDC file with command
'Execute IDC file' (usually F2) Action name: ProduceHeader
Action name: DumpTypes
Action name: SaveBase
This command saves and packs the current database.
See also other File... submenu commands. Save database as... command.