You can define a keyboard macro to automate frequent keystroke sequences. They are defined in the same manner as in the Borland IDE:
All macros are lost when you exit IDA. If you want to have a static macro which is not lost when you quit IDA, then write it down into IDATUI.CFG file. The format of a macro definition is explained here.
NOTE: keyboard macros are available only in the text version of IDA.
The configuration files are searched first in %IDADIR%\cfg, then in %IDAUSR%\cfg.
See documentation about the IDAUSR environment variable.
In the configuration files, you can use C,C++ style comments and include files. If no file is found, IDA uses default values. IDA uses the following configuration files:
In the IDATUI.CFG, you can define the hotkeys and keyboard macros for the text version of IDA. Syntax:
where value may be:
Zero scancode disables the hotkey.
To define the keyboard macros:
where key is a string (key name), char or a scancode. Example:
IDA can be launched with one of the following command lines:
Add the '64' postfix to the command name in order to start the 64-bit version of IDA. For example:
will start 64-bit graphical interface.
The following command line switches are recognized:
-a
disable auto analysis. (-a- enables it)
-A
autonomous mode. IDA will not display dialog boxes. Designed to be used together with -S switch.
-b####
loading address, a hexadecimal number, in paragraphs (a paragraph is 16 bytes)
-B
batch mode. IDA will generate .IDB and .ASM files automatically -c disassemble a new file (delete the old database)
-C####
set compiler in format name:abi
--cvt64
confirms the question 'You passed 32bit IDB file foo.idb to ida64. Do you wish to convert it to 64bit database?' more information available at Database conversion
-ddirective
A configuration directive which must be processed at the first pass. Example: -dVPAGESIZE=8192
-Ddirective
A configuration directive which must be processed at the second pass.
-f
disable FPP instructions (IBM PC only)
-h
help screen -i#### program entry point (hex)
-I#
set IDA as just-in-time debugger (0 to disable and 1 to enable)
-L####
name of the log file
-M
disable mouse (text only)
-O####
options to pass to plugins. This switch is not available in the IDA Home edition.
-o####
specify the output database (implies -c)
-p####
processor type
-P+
compress database (create zipped idb)
-P
pack database (create unzipped idb)
-P-
do not pack database (not recommended, see Abort command)
-r###
immediately run the built-in debugger format of this switch is explained here
-R
load MS Windows exe file resources
-S###
Execute a script file when the database is opened. The script file extension is used to determine which extlang will run the script. It is possible to pass command line arguments after the script name. For example: -S"myscript.idc argument1 \"argument 2\" argument3"
-T###
interpret the input file as the specified file type The file type is specified as a prefix of a file type visible in the 'load file' dialog box To specify archive member put it after the colon char, for example:
-TZIP
:classes.dex You can specify any nested paths:
-T
<ftype>[:<member>{:<ftype>:<member>}[:<ftype>]] IDA does not display the 'load file' dialog in this case
-t
create an empty database.
-W###
specify MS Windows directory
-x
do not create segmentation (used in pair with Dump database command) this switch affects EXE and COM format files only.
-z
debug:
00000001 drefs 00000002 offsets 00000004 flirt 00000008 idp module 00000010 ldr module 00000020 plugin module 00000040 ids files 00000080 config file 00000100 check heap 00000200 licensing 00000400 demangler 00000800 queue 00001000 rollback 00002000 already data or code 00004000 type system 00008000 show all notifications 00010000 debugger 00020000 dbg_appcall 00040000 source-level debugger 00080000 accessibility 00100000 network 00200000 full stack analysis (simplex method) 00400000 handling of debug info (e.g. pdb, dwarf) 00800000 lumina
-?
this screen (works for the text version)
?
this screen (works for the text version)
-h
this screen (works for the text version)
-H
this screen (works for the text version)
--help
this screen (works for the text version)
For batch mode, IDA must be invoked with the following command line:
which is equivalent to:
The text interface (idat.exe/idat) is better for batch mode because it uses less system resources. However, please note that regular plugins are not automatically loaded in batch mode because the analysis.idc file quits and the kernel has no chance to load them.
For more information, please see the analysis.idc file in the IDC subdirectory.