In this submenu you can:

• Load file Load file

• Script command Execute a script command

• Produce output file Generate output file

• OS shell Execute OS commands

• Save database Save database in packed form

• Save database as... Save database in packed form in another file

• Take database snapshot Take database snapshot

• Abort Abort - do not save changes

• Quit Quit to DOS - save changes

See also Menu Bar submenus.

You can enter and execute a small script written in the built-in IDC language or any other registered extlang.

Here is the list of functions.

See also:

• language overview

• Execute command

• commands

• How to use .

This command takes a database snapshot. The snapshot can be later restored from the database snapshot manager.

Note: snapshots work only with regular databases. Unpacked databases do not support them.

See also commands.

This command saves and packs the current database.

See also commands. command.

 Action    name: Shell
 

By using this command, you can temporarily quit to the operating system.

This command is not available in the MS DOS version.

The database is left open when you use this command, so be careful.

See also other File... submenu commands.

This submenu allows you to load additional files into the database.

• Reload input file

• Script file

• Binary file

• IDS file

• Debug information file

• PDB debug information file

• TDS debug information file

• FLIRT signature file

• C header file

Reload the input file

Action    name: ReloadFile

This command reloads the same input file into the database. IDA tries to retain as much information as possible in the database. All the names, comments, segmentation information and similar will be retained.

Only the values of individual bytes will be changed.

This command works for some input file types only: if the file was loaded into the database with special settings, this command may fail. In this case, use Dump database to IDC file command and reload the file manually.

See also Load... submenu commands.

Load additional file

 Action    name: LoadFile
 

This command loads a binary file. The new file is added to the current database and all existing information is retained.

The file content will appear as unexplored bytes in the program.

This command only allows you to load binary files.

See also Load... submenu commands.

Load IDS file

 Action    name: LoadIdsFile
 

This command loads an IDS file.

An IDS file contains information about well-known functions (such as functions from MS Windows API), namely:

        - their names
        - their ordinal number in the DLL
        - an eventual informative comment
        - the number of parameters passed on the stack
        - the number of parameters purged when returning

IDS files are automatically loaded if they are found in the IDS directory. This command allows you to load an IDS file from any directory, even after the main file has been loaded into the database.

See also Load... submenu commands.

Load debug information file

 Action    name: LoadDbgFile
 

This command loads a DBG file.

If the program being disassembled has a companion DBG file, then this command may be used to load information from a DBG file into the database. IDA loads DBG files automatically if it can find them in the directory with the input file.

The built-in debug information loader cannot load NB10 format files and PDB files. To load those files, please use a special plugin, PDB.DLL, which can be run manually using Edit->Plugins submenu. This plugin uses MS Windows DLLs to load the debug information and therefore has the following limitations:

        - it works only under MS Windows
        - it will load only PDBs compatible with the currently
          installed IMAGEHLP.DLL

See also Load... submenu commands.

Load PDB debug information file

 Action    name: LoadPdbFile
 

This command loads a PDB file.

If the program being disassembled has a companion PDB file, then this command may be used to load information from the PDB file into the database.

By default IDA uses in-house code to parse and load PDB files. However, our code can not parse old v2.0 PDB files. For them, IDA can fall back to using Microsoft DLLs (the default is "do not fall back"). Please read more in cfg/pdb.cfg.

Command line switch '-Opdb:option1:option2' overrides for ida session the value in cfg/pdb.cfg.

List of options

  off    : disable PDB
  pdbida : uses Hex-rays in-house code to parse and load PDB files.
  msdia  : uses Microsoft DLLs to parse and load PDB files.
           only available on Windows, for Linux/Macos you need to configure
           win32_remote.exe or win64_remote64.exe server in cfg/pdb.cfg
  fallback   : fallback from pdbida to msdia for the old 2.0 format
  nofallback : no fallback to msdia

Example

  -Opdb:off

Ida will not load PDB plugin for this session.

Load TDS debug information file

 Action    name: LoadTdsFile
 

This command loads a TDS file.

If the program being disassembled has a companion TDS file, this command may be used to load information from the TDS file into the database.

The TDS file must be placed in the same directory together with the input file.

The LoadTdsFile command launches a special plugin TDS.DLL which can be run manually using Edit->Plugins submenu.

See also Load... submenu commands.

Load FLIRT signature file

 Action    name: LoadSigFile
 

This command allows you to apply an additional signature file to the program.

A signature file contains patterns of standard runtime functions. With their help, IDA is able to recognize the standard functions and names them accordingly.

IDA attempts to detect the necessary signature files automatically but unfortunately, this is not always possible. This command adds the specified signature file into the planned signature files queue.

Signature files reside in the subdirectories of the SIG directory. Each processor has its own subdirectory. The name of the subdirectory is equivalent to the name of the processor module file (z80 for z80.w32, for example). Note: IBM PC signatures are located in the SIG directory itself. Note: the IDASGN environment variable can be used to specify the location of the signatures directory.

There is another way to load a signature file: you may insert/delete signature files in the following way:

        - open the signatures window
        - press Ins to insert a signature file to the queue
        - press Del to delete a signature file from the queue

This is a preferred way of applying signatures because useful information, such as the number of identified functions is displayed in the signature window.

See also Load... submenu commands.

Load C header

 Action    name: LoadHeaderFile
 

This command allows you to apply type declarations from a C header file to the program.

IDA reads and parses the specified header file as a C compiler does. In other words, it mimics the front-end of a C compiler with some restrictions:

        - only type declarations are allowed. The function definitions
          in the input file are skipped
        - not all C++ header files are not supported, only simple classes can
          be parsed
        - the compiler specific predefined macros are not defined,
          you have to define them manually in the header file

Don't forget to specify the compiler and memory model in the compiler setup dialog box before loading a header file.

All type declarations found in the input file are stored in the current database in the form of a type library. These type declarations can be used to define new structure and enumeration definitions by pressing "Add standard structure" or "Add standard enum" buttons in the Add enum type... and Add struct type... dialog boxes.

In the case of an error in the input file, the error messages appear in the message window. In any case, the function declarations that are already parsed are not deleted from the database. IDA stops parsing the input file when 20 errors occur.

IDA 7.7 introduced an alternative header file parser based on libclang.

See also

• Load... submenu commands.

• Local types window

• IDAClang plugin

IDAClang plugin

The IDAClang plugin is shipped with IDA, and it provides the ability to parse header files that contain arbitrarily complex C/C++/Objective-C source code using the Load C header action.

To enable the IDAClang parser, go to Options>Compiler>Source parser, and select "clang". Then use 'File>Load file>Parse C header file' to invoke the parser on a given source file.

Since IDAClang is based on the third-party libclang parser, it can only parse standalone source files that contain valid C/C++/Objective-C syntax.

See also Load C header command.

See also other File... submenu commands.

Abort IDA

 Action    name: Abort
 

This command terminates the current IDA session. The Abort command is not available if the database was not packed.

IDA will NOT save changes to the disk.

See also other File... submenu commands. Quit command.

This submenu allows you to produce various output files. It also allows you to unload the database.

The text file-producing operations below will make use of

• for output files.

Create MAP File

Please enter a file name for the map. IDA will write the following information about this file:

You can use this map file for your information, and also for debugging (for example, Periscope from Periscope Company or Borland's Turbo Debugger can read this file).

Create ASM File

Please enter a file name for the assembler text file. IDA will write the disassembled text to this file.

If some I/O problem (e.g. disk full) occurs during writing to the file, IDA will stop and a partial file will be created.

Create INC File

Please enter a file name for the assembler include file. IDA will write the information about the defined types (structures and enums) to this file.

If some I/O problem (e.g. disk full) occurs during writing to the file, IDA will stop and a partial file will be created.

Create LST File

Enter a file name for the assembler listing file. IDA will write the disassembled text to this file.

If some I/O problem (e.g. disk full) occurs during writing to the file, IDA will stop and a partial file will be created.

Create Executable File

IDA produces executable files only for:

EXE files: Output files will have the same EXE-header and relocation table as the input file. IDA will fill unused ranges of the EXE file (e.g. between relocation table and loadable pages) with zeroes.

Create Difference File

This command will prompt you for a filename and then will create a plain text difference file of the following format:

Create HTML File

Please enter a file name for the HTML file. IDA will write the disassembled text to this file.

If some I/O problem (e.g. disk full) occurs during writing to the file, IDA will stop and a partial file will be created.

This command is available only in the graphical version of IDA.

Produce flow chart GDL file

This command creates a GDL (graph description file) with the flow chart of the current function.

If there is an active selection, its flow chart will be generated.

IDA will ask for the output file name. Regardless of the specified extension, the .GDL extension will be used.

Produce call graph GDL file

This command creates a GDL (graph description file) with the graph of the function calls.

IDA will ask for the output file name. Regardless of the specified extension, the .GDL extension will be used.

Dump database to IDC file

This command saves current IDA database into a text file.

You can use it as a safety command:

This command is used when you want to switch to a new version of IDA. Usually each new version of IDA has its own database format. To create a new format database, you need:

Please note that this command does not save everything to text file. Any information about the local variables will be lost!

Create C header file

This command saves all definitions in the local types window into a C header file

Please note that that types created in the structures window will not be saved unless they are synchronized with the local types.

Dump typeinfo to IDC file

This command saves information about the user-defined types from the IDA database into a text file.

Information about enums, structure types and other user-defined types is saved in a text form as an IDC program.

You can use this command to migrate the type definitions from one database to another.

 Action    name: Execute
 

You can execute any script file supported by the built-in scripting engine (IDC or Python), or a scripting language added by a plugin. The scripting language to use is selected by the file name extension of the script.

See also Immediate execution of script commands, Load... submenu commands.

This command terminates the current IDA session. IDA will write all changes to the disk and will close all databases.

You can enable/disable database packing. When the database is packed, it consists of one file with IDB extension. When the database is not packed, it consists of several files on the disk. If packing is disabled, in the next session you cannot IDA. We do not recommend to leave the database in the unpacked form because you will not have a backup copy.

You can also perform garbage collection on the database before packing it. The garbage collection removes the unused database pages, making it smaller. However, IDA needs some free database pages when it works,therefore it will allocate them again when you reuse the database. Removing and adding free pages takes time and, what is most important, it changes the database control blocks.

Use garbage collection only when you do not intend to work with the database in the near future.

IDA will remember all information about the screen, cursor position, jump stack, etc. The following information will be lost: , the position To resume a disassembly session simply type: "ida file"

See also commands. command.