Here are commands to draw various graphs:

• Display function flow-chart

• Display function call graph

• Display chart of xrefs to addresses

• Display chart of xrefs from addresses

• Display user-defined chart of xrefs

IDA uses an external program to display graphs. The program name is wingraph32.exe and it is located in the current directory.

The user can change the name of this program using the GRAPH_VISUALIZER parameter in the IDA.CFG file.

The user can zoom the graph and move it around the window.

See also View submenu.

Display function flow-chart

Action    name: GraphFunc
 

This command displays the flow chart of the current function.

The colored edges of the flow chart represent the outcome of conditional jump instructions. Green means that the condition is satisfied, red means not satisfied.

Display function call graph

Action    name: CallFlow
 

This command displays the graph of all function calls in the program.

The functions are represented as nodes. The calls are represented as edges between nodes. Instructions outside functions are ignored.

Display chart of xrefs to addresses

Action    name: ChartXrefsTo
 

This command displays the graph of code and data xrefs to current address/range of selected addresses in the program.

The addresses are represented as nodes. The xrefs are represented as edges between nodes.

Display chart of xrefs from addresses

Action    name: ChartXrefsFrom
 

This command displays the graph of code xrefs from the current address/range of selected addresses in the program.

In this direction, data xrefs aren't analyzed to avoid overloaded graphs.

The addresses are represented as nodes. The xrefs are represented as edges between nodes.

Display used-defined chart of xrefs

Action    name: ChartXrefsUser
 

This command displays a user-defined graph of xrefs from/to the current address/range of selected addresses in the program.

The direction of the xrefs to analyze can be chosen. If the Recursive flag is checked, all found xrefs are themselves analyzed to find new xrefs. You can choose to search for xrefs to new referenced addresses only in the current direction. Only External, data xrefs, xrefs from library functions and to library functions can possibly be ignored.

A recursion depth can be specified. If 'Print recursion dots' is checked, and a function has others xrefs outside of the range defined by the 'recursion depth' setting, small nodes containing dots are printed.

The 'Print comments' flag causes the generated function node to also contain the function comment.

The addresses are represented as nodes. The xrefs are represented as edges between nodes. The used colors are the same as in IDA.

In order to provide intuitive yet powerful interface to types IDA introduces two kinds of types:

  - Assembler level types
  - C level types

Assembler level types are the ones defined by the user using the Struct or Enum views.

Since the user has to specify manually the member offset and other attributes, IDA considers the member offsets to be fixed for them and never shifts members of such types. If a member of struct becomes too big and does not fit the struct anymore, IDA will delete it.

The types defined in the Local types window are considered as C level types. For them IDA automatically calculates the member offsets and if necessary may shift members and change the total struct size.

The user may change the type level by simply editing the type from the appropriate window. For example, if a C level type is edited from the Struct view, IDA will consider such a type as an Assembler level type in the future.

 In the struct/enum view:
  Assembler level types are displayed using regular colors.
  C level types are displayed in gray, as if they are disabled (but they are not).

 In the local types view:
  C level types are displayed using regular colors.
  Assembler level types are displayed in gray, as if they are disabled (but they are not).

Lumina options

Lumina dialog box options

This options tab allows for modification of Lumina credentials and use settings.

Use the public server

        Sets host and port to the default public server hosted by Hex-Rays.
        No username or password is required.

Use a private server

        Allows for setting the name/address and port of a private server.
        If username and password credentials are needed, they can be specified here.

Automatically use Lumina server for analysis

        Instructs IDA to fetch function metadata from the current Lumina server,
        after the initial auto-analysis is complete. This helps with the recognition
        of known functions stored in the database of the Lumina server.

Lumina command line options

Command line switch '-Olumina' overrides for ida session the primary server and '-Osecondary_lumina' the secondary one.

List of options

         host: lumina server host
         port: lumina server port
         user: username for authentification on private lumina
         pass: password for authentification on private lumina
         proxy_host: proxy host
         proxy_port: proxy port
         proxy_user: username for authentification on proxy
         proxy_pass: password for authentification on proxy

Example

  -Osecondary_lumina:host=lumina.hex-rays.com:port=443

Use the public lumina as secondary server for this ida session

 Action    name: ShowSnapMan
 

This command shows the database snapshot manager. In this dialog, it is possible to restore previously saved snapshots, rename or delete them.

Note: snapshots work only with regular databases. Unpacked databases do not support them.

See also Take database snapshot commands.

Here are commands to open various windows, display information etc.

• Open disassembly window

• Open exports window

• Open imports window

• Open functions window

• Open names window

• Open signatures window

• Open segments window

• Open segment registers window

• Open selectors window

• Open cross references window

• Open structures window

• Open enums window

• Open local types window

• Open problems window

• Open type libraries window

• Open strings window

• Open function calls window

• Open notepad

• Open undo history

Some windows allow you to manipulate the window contents by using the list viewer commands.

See also View submenu.

Disassembly window

Action    name: WindowOpen
 

The "WindowOpen" command opens a new window with the disassembly. IDA automatically opens one disassembly window at the start.

If the current location is an instruction belonging to a function, then the graph view is available. You can toggle between the text and graph view using the Space key. You can also switch to proximity view by zooming out to the callgraph using the '-' key.

Use the disassembly editing commands to improve the listing.

Use Shift-<arrows> or Alt-L to drop anchor. If you have a mouse, you can drop the anchor with it too.

A double click of the mouse is equivalent to the <Enter> key.

To the left of disassembly, there is an arrows window (GUI version). Also the GUI version highlights the current identifier.

Exports window

Action    name: OpenExports
 

This command opens the exports window.

You can use list viewer commands in this window.

Imports window

Action    name: OpenImports
 

This command opens the imports window.

You can use list viewer commands in this window.

Functions window

 Action    name: OpenFunctions
 

A list of all functions in the program is displayed. You can add, delete, modify functions using list viewer commands.

Listed for each function are:

        - function name
        - segment that contains the function
        - offset of the function within the segment
        - function length in bytes
        - size (in bytes) of local variables + saved registers
        - size (in bytes) of arguments passed to the function

The last column of this window has the following format:

        R - function returns to the caller
        F - far function
        L - library function
        S - static function
        B - BP based frame. IDA will automatically convert
            all frame pointer [BP+xxx] operands to stack
            variables.
        T - function has type information
        = - Frame pointer is equal to the initial stack pointer
            In this case the frame pointer points to the bottom of the frame
        M - reserved
        S - reserved
        I - reserved
        C - reserved
        D - reserved
        V - reserved

If a function has its color set, its line is colored using the specified color. Otherwise library and lumina functions are colored with the corresponding color. Otherwise the line is not colored.

A bold font is used for functions that have definite (user-specified) prototype. Also some plugins too may set this flag. Such prototypes are taken as is by the decompiler, while other prototypes are considered only as a starting point during decompilation.

It is possible to automatically synchronize the function list with the active disassembler, pseudocode, or hex view. For that right click on the function list and select "Turn on synchronization".

Names window

Action    name: OpenNames
 

This command opens the names window.

You can use list viewer commands in this window.

The GUI version displays a small icon for each name:

        L (dark blue)   - library function
        F (dark blue)   - regular function
        C (light blue)  - instruction
        A (dark green)  - string literal
        D (light green) - data
        I (purple)      - imported name

Signatures window

 Action    name: OpenSignatures
 

This command opens the signatures window.

For each signature, the following is displayed:

        - name of file with the signature
        - state of signature:
                - Planned: the signature will be applied
                - Current: the signature is being applied
                - Applied: the signature has been applied
        - number of functions found using the signature
        - description of the signature

You can modify the planned signatures list here: add/delete library modules to be used during the disassembling.

You cannot delete an applied signature from the list.

To add a signature to the list for the application press <Ins>. You will see a list of signatures that can be applied to the program being disassembled.

Text version: Not all signature files will be displayed (for example, 32 bit signatures will not be shown for a 16 bit program). If you want to see the full list of signatures, select the first line of the list saying SWITCH TO FULL LIST OF SIGNATURES.

Signature files reside in the subdirectories of the SIG directory. Each processor has its own subdirectory. The name of the subdirectory is equal to the name of the processor module file (z80 for z80.w32, for example). Note: IBM PC signatures are located in the SIG directory itself. Note: the IDASGN environment variable can be used to specify the location of the signatures directory.

Segments window

Action    name: ShowSegments
 

This command opens the segments window. The format of this window is explained here.

You can use list viewer commands in this window.

In order to change the selector values, use selectors window.

Segment registers window

Action    name: ShowSegmentRegisters
 

This command opens the segment registers window. The window will contain segment register change points list.

You can use list viewer commands in this window.

Depending on the current processor type, you will see DS,ES,SS with or without FS,GS.

See also Edit|Segments submenu.

Selectors window

 Action    name: ShowSelectors
 

This command opens the selector window. Here you can change the "selector to base" mapping. The selector table is used to look up the selector values when calculating the addresses that are visible in the disassembly listing.

You can use list viewer commands in this window:

        - jump to the paragraph pointed by the selector
        - add a new selector
        - delete selector (if it is not used by any segment)
        - change selector value (this leads to reanalysis of all program)

Cross references window

Action    name: OpenXrefs
 

This command opens the cross-references window. This window contains all references to the current location.

You can use list viewer commands in this window.

You can add and delete cross references here too by pressing Ins or Del. Right clicking on the mouse will work too.

Add a cross reference: the from and to address, as well as the xref type should be specified.

Del a cross reference: if the 'undefine if no more xrefs' is check, then the instruction at the target address will be undefined upon the deletion of the last xref. IDA undefines instructions only if they do not start a function.

Structures window

Action    name: OpenStructures
 

This command opens the structure definitions window.

You can modify structure definitions here: add/rename/delete structures, add/delete/define structure members.

Each structure must have a unique name. A field name must be unique in the structure. In order to create or delete a field, use data definitions commands (data, string literal, array, undefine, Rename). You may also define regular or repeatable comments.

In order to modify member types, use commands from the Edit|Operand types... submenu. For example, to convert a structure member to an offset, use one of the following commands:

• Convert to offset (automatic)

• Convert to offset (from a segment base)

• Convert to offset (complex offset expression)

Some struct types in this window are created automatically by IDA. They are copies of some local types. Such structs are displayed in gray. They are considered as C-level types. As soon as the user edits such a type, it becomes an ASM-level type. Read more.

In the structure header IDA displays the following info:

  - the structure size in bytes
  - the alignment
  - for C level types: copyof_XX where XX is the ordinal type number.
  - for ASM level types: mappedto_XX where XX is the ordinal type number.
    It is possible to jump to the corresponding local type by pressing Enter.
  - for types copied from standard type libraries: "standard type"

Enums window

Action    name: OpenEnums
 

This command opens the enum definitions window.

You can modify enum definitions here: add/edit/delete enums, add/edit/delete enum members (i.e. user-defined symbolic constants)

Please note that you can create bitfield definitions here.

You can also add a comment for the enum and for each enum member. In order to specify an enum comment, you have to stand at the enum name. Comments are set using regular commands:

• Regular comments

• Repeatable comments

Local types window

Action    name: OpenLocalTypes
 

Each database has a local type library embedded into it. This type library (til) is used to store types that are local to the current database. They are usually created by parsing a header file.

This command opens the local types window. The user can manipulate local types here:

  - the existing types can be modified (the default hotkey is Ctrl-E)
  - the existing types can be deleted (the default hotkey is Del)
  - new types can be added (the default hotkey is Ins)

Please note that Ins can be used to add many types at once. For that the user just needs to enter multiple declarations, one after another in the dialog box.

However, Ctrl-E permits for editing of one type at a time. This may cause problems with complex structure types with nested types. Nested types will not be saved by Ctrl-E.

If the edited type corresponds to an idb type (struct or enum), then the corresponding type will be automatically synchronized. If the user modifies an idb type in the struct/enum windows, the corresponding local type will be updated too. So the type synchronization works both ways.

Some types in this list are created automatically by IDA. They are copies of the types defined in the Struct or Enum views. Such types are displayed using in gray, as if they are disabled.

Types displayed in black are considered as C level types. Read more.

Each type in the local type library has an ordinal number and may have a name.

Be careful when deleting existing types because if there are references to them, they will be invalidated.

A local type can be mapped to another type. Such an operation deletes the existing type and redirects all its references to the destination type. Circular dependencies are forbidden. In the case of a user mistake, a mapped type can be deleted and recreated with the correct information.

See also

• Type libraries window

• C++ type details

Problems window

Action    name: OpenProblems
 

This command opens the problems window. The problem window contains the list of all problems encountered by IDA during disassembling the program.

You can jump to a problem by pressing Enter. The selected problem will be deleted from the list.

Type libraries window

Action    name: OpenTypeLibraries
 

This command opens the type libraries window. Here the user can load and unload standard type libraries.

The standard type libraries contain type definitions from the standard C header supplied with compilers. Usually, IDA tries to determine the target compiler and its type libraries automatically but if it fails, this window allows you to load the appropriate type library.

Furthermore, don't forget to specify the compiler and memory model in the compiler setup dialog box.

Strings window

Action    name: OpenStrings
 

This command opens the string window.

The string window contains all strings in the program. However, if a range of addresses was selected before opening the window, only the selected range will be examined for strings.

You can setup the list parameters by right-clicking (or pressing Ctrl-U in the text version) on the list.

The list always contains strings defined in the program regardless of the settings in this dialog box, but the user can ask IDA to display strings not yet explicitly defined as strings.

The following parameters are available:

Display only defined strings If checked, IDA will display only strings explicitly marked as string items (using the create string literal command). In this case, the other checkboxes are ignored. Ignore instructions/data definitions

        If checked, IDA will ignore instruction/data definitions
        and will try to treat them as strings. If it can build a string
        with the length greater than the minimal length, the string
        will be displayed in the list.
        This setting is ignored if 'only defined strings' is on.

Strict ASCII (7-bit) strings If checked, only strings containing exclusively 7-bit characters (8th bit must be zero) will be added to the list. Please note that the user can specify which characters are accepted in the strings by modifying the StrlitChars parameter in the ida.cfg file. This setting is ignored if 'only defined strings' is on. Allowed string types

        Allows the user to specify the string types included in the list.
        This setting is ignored if 'only defined strings' is on.

Minimal string length

        The minimal length the string must have to be added to the list.

Function calls window

Action    name: OpenCallers
 

This command opens the function calls window.

All functions who call the current function are displayed at the top of the window.

All functions called from the current function are displayed at the bottom of the window.

The list is automatically refreshed when the cursor is moved to another function.

Notepad

Action    name: OpenNotepad
 

Opens a notepad window for the general notes about the current database. The entered notes will be saved in the current database.

Alt-T hotkey can be used to search for a text and Ctrl-T to repeat the last search.

The notepad is available only in the GUI version.

Show undo history

Action    name: ShowUndoHistory
 

This command opens a window with the undo history. It is available from the Views, Open subviews submenu.

Double clicking on a line reverts the database to the state before the corresponding action.

It is possible to truncate the undo history by using the corresponding context menu command. The undo information for the selected action will be removed together with the information about all preceding actions.

The redoable user actions are displayed in italics. The current position in the undo buffers is displayed in bold, it usually denotes the first redoable user action.

See also

• Undo

• Redo

• Reset Undo

• Disable Undo

Here are commands to open various windows, display information etc.

See also submenus.

IDA opens a special non-closable window at the start. This window is called "message window". In this window you see various IDA messages.

If the message window is hidden behind other windows, you will not see the IDA messages.

You can duplicate all messages appearing in this window to a file. For this, you have to define an environment variable:

• Convert operand to number

• Convert operand to hex number

• Convert operand to decimal number

• Convert operand to octal number

• Convert operand to binary number

• Convert operand to floating point number

• Toggle leading zeroes

Convert operand to number

 Action    name: OpNumber
 

This command converts immediate operand(s) type of the current instruction/data to a number. That way, you can delete suspicious mark of the item.

The number is represented in the default radix for the current processor (usually hex, but octal for PDP-11, for example).

When you use this command, IDA deletes the manually entered operand.

If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.

Convert operand to hexadecimal number

 Action    name: OpHex
 

This command converts immediate operand(s) type of the current instruction/data to hex number. So you can delete suspicious mark of the item.

When you use this command, IDA deletes the manually entered operand.

If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.

Convert operand to decimal number

 Action    name: OpDecimal
 

This command converts the immediate operand(s) type of the current instruction/data to decimal. Therefore, it becomes a 'number'.

When you use this command, IDA deletes the manually entered operand.

If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.

Convert operand to octal number

 Action    name: OpOctal
 

This command makes the current instruction or data operand type octal. IDA always uses 123o notation for octal numbers even if the current assembler does not support octal numbers.

When you use this command, IDA deletes the manually entered operand.

If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.

Convert operand to binary number

 Action    name: OpBinary
 

This command makes the current instruction or data operand type binary. IDA always uses 123b notation for binary numbers even if the current assembler does not support binary numbers.

When you use this command, IDA deletes the manually entered operand.

If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.

Convert operand to floating point number

 Action    name: OpFloat
 

This command makes the current operand type floating point.

When you use this command, IDA deletes the manually entered operand.

If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.

Toggle leading zeroes

 Action    name: ToggleLeadingZeroes
 

This command displays or hides the leading zeroes of the current operand. Example: if the instruction looked like this:

        and     ecx, 40h

then after applying the command it will look like this:

        and     ecx, 00000040h

If you prefer to see leading zeroes in all cases, then open the calculator and enter the following expression: set_inf_attr(INF_GENFLAGS, get_inf_attr(INF_GENFLAGS) | INFFL_LZERO); This will toggle the default for the current database and all numbers without leading zeroes will become numbers with leading zeroes, and vice versa.

See also Edit|Operand types submenu.

IDA can parse and handle simple C++ class declarations. It cannot parse templates and other complex constructs but simple standard cases can be parsed.

If a C++ class contains virtual functions, IDA will try to rebuild the virtual function table (VFT) for the class. The VFT will be linked to the class by the name: if the class is called "A", the VFT type will be "A_vtbl".

Let us consider the following class hierarchy:

  class A { virtual int f(); int data; };
  class B : public A { virtual int g(); };

IDA will create the following structures:

  struct __cppobj A {A_vtbl *__vftable;int data;}
  struct A_vtbl {int (*f)(A *__hidden this);}
  struct __cppobj B : A {}
  struct B_vtbl {int (*f)(A *__hidden this);
                 int (*g)(B *__hidden this);}

Please note that the VFT pointer in the class A has a special name: "__vftable". This name allows IDA to recognize the pointer as a VFT pointer and treat it accordingly.

Another example of more complex class hierarchy:

  class base1 { virtual int b1(); int data; };
  class base2 { virtual int b2(); int data; };
  class der2 : public base2 { virtual int b2(); int data; };
  class derived : public base1, public der2 { virtual int d(); };

Compiling in 32-bit Visual Studio mode yields the following layout:

  class derived size(20):
        +---
   0    | +--- (base class base1)
   0    | | {vfptr}
   4    | | data
        | +---
   8    | +--- (base class der2)
   8    | | +--- (base class base2)
   8    | | | {vfptr}
  12    | | | data
        | | +---
  16    | | data
        | +---
        +---

IDA will generate the following types:

  struct __cppobj base1 {base1_vtbl *__vftable /*VFT*/;int data;};
  struct /*VFT*/ base1_vtbl {int (*b1)(base1 *__hidden this);};
  struct __cppobj base2 {base2_vtbl *__vftable /*VFT*/;int data;};
  struct /*VFT*/ base2_vtbl {int (*b2)(base2 *__hidden this);};
  struct __cppobj der2 : base2 {int data;};
  struct /*VFT*/ der2_vtbl {int (*b2)(der2 *__hidden this);};
  struct __cppobj derived : base1, der2 {};
  struct /*VFT*/ derived_vtbl {int (*b1)(base1 *__hidden this);
                               int (*d)(derived *__hidden this);};

The 'derived' class will use 2 VFTs:

  offset 0: derived_vtbl
  offset 8: der2_vtbl

IDA and Decompiler can use both VFTs and produce nice code for virtual calls.

Please note that the VFT layout will be different in g++ mode and IDA can handle it too. Therefore it is important to have the target compiler set correctly.

It is possible to build the class hierarchy manually. Just abide by the following rules:

  - VFT pointer must have the "__vftable" name
  - VFT type must follow the "CLASSNAME_vtbl" pattern

C++ classes are marked with "__cppobj" keyword, it influences the class layout. However, this keyword is not required for VFT types.

In the case of a multiple inheritance it is possible to override a virtual table for a secondary base class by declaring a type with the following name: "CLASSNAME_XXXX_vtbl" where XXXX is the offset to the virtual table inside the derived (CLASSNAME) class.

Example: if in the above example we add one more function

        virtual int derived::b2();

then we need one more virtual table. Its name must be "derived_0008_vtbl". Please note that our parser does not create such vtables, you have to do it manually. See also Local types window.

In the graphical version, IDA highlights the identifier under the cursor. For example, if the cursor is on the "EAX" register, then all occurrences of "EAX" will be displayed with the yellow background. This feature is meant to make the program analysis easier by highlighting the interesting parts of the disassembly. For example, if the user wants to see all references to "EAX", he just clicks on any "EAX" on the screen and all of them will be highlighted.

The selection is made by pressing the Up, Down, Left, Right keys or by simply clicking on the identifier.

The selection is not changed by pressing the PageUp, PageDown, Home, End keys, using the scrollbar, or pressing the Alt-Up, Alt-Down, Ctrl-Up, Ctrl-Down keys.

The Alt-Up and Alt-Down keys perform a search of the currently selected identifier backward or forward respectively.

The Ctrl-Up and Ctrl-Down keys scroll the disassembly text.

IDA does not highlight the segment names at the line prefix because it is not very useful.

It is possible to turn off the highlight. The appropriate checkbox is in the Options, General, Browser tab.

This tab of IDA Options dialog allows for editing of hint and identifier highlight related settings. There are two groups of settings.

The first group is for hints that are displayed when the mouse is hovered over some text.

The second group is for highlighting.

Number of lines for identifier hints

        Specifies how tall the hint window will be initially.
        IDA may decide to display less lines than specified if the hint is
        small. The user can resize the hint window using the mouse wheel.

Delay for identifier hints

        Milliseconds that pass before the hint appears when the user
        hovers the mouse pointer over an identifier

Mouse wheel resizes hint window

        Permit to resize the hint window by using the mouse wheel.
        Can be turned off if the user does not want to resize the hints.

No hints if debugger is active

        Hints will be disabled when the debugger is active. This may be
        useful to speed of debugging: calculating hints for zero filled
        ranges can be very expensive

Auto highlight the current identifier

        Highlight the current identifier everywhere on the screen.
        IDA tries to determine if the current identifier denotes a register.
        In this case it will highlight references to other parts of the
        register. For example, if "AL" is highlighted, IDA will also highlight
        "AH", "AX", and "EAX" (if the current processor is x86).

Unhide collapsed items automatically when jumping to them (gui only)

        If this option is set on, IDA will automatically
        uncollapse hidden functions if the user decides to jump
        to them. As soon as the user quits the function by pressing
        Esc, the function is automatically collapsed again.

Lazy jumps (gui only)

        If this option is set on, IDA will not redraw the
        disassembly window if the jump target is already on the screen.
        In this case, it will just move the cursor to the specified
        address. This option leads to less screen redraws and
        less jumpy behaviour.

Number of items in navigation stack drop-down menus

        Specifies the number of entries in the drop-down menu for the 'Jump'
        toolbar

Number of lines for auto scroll

        Specifies how many lines force automatic scrolling of the
        disassembly view

Caret blinking interval

        Specifies how fast the input caret blinks (in milleseconds).
        Must be greater than or equal to 500, or zero.
        Zero means to disable blinking

 Action    name: ShowFlags
 

This command displays the internal flag values for the current item. The information appears in the message window.

See also View submenu.

In the graphical version, there is a small window with arrows on the left of the disassembly. These arrows represent the execution flow, namely the branch and jump instructions. The arrow color can be:

        - red: means that the arrow source and destination do not
        belong to the same function. Usually, the branches are
        within functions and the red color will conspicuously
        represent branches from or to different functions.
        - black: the currently selected arrow. The selection
        is made by moving to the beginning or the end of the
        arrow using the Up or Down keys or left-clicking on the arrow
        start or the arrow end. The selection is
        not changed by pressing the PageUp, PageDown, Home, End keys or using
        the scrollbar. This allows to trace the selected arrow far away.
        - grey: all other arrows

The arrow thickness can be:

        - thick: a backward arrow. Backward arrows usually represent
        loops. Thick arrows represent the loops in a clear and
        notable manner.
        - thin: forward arrows.

Finally, the arrows can be solid or dotted. The dotted arrows represent conditional branches when the solid arrows represent unconditional branches.

You can resize the arrows window using a vertical splitter or even fully hide it. If it is hidden, the arrows window will not be visible on the screen but you can reveal it by dragging the splitter to the right. IDA remembers the current arrow window size in the registry when you close the disassembly window.

 Action    name: OpenBookmarks
 

This command opens the bookmarks window. This window lets the user jump to a specific place in the listing.

 Action    name: ShowRegisters
 

This command displays segment register contents in the message window.

You may use this command to refresh the disassembly window too.

See also Edit|Segments submenu. View submenu.

This command allows you to hide a part of disassembly. You can hide a function, a segment, or create a special hidden range.

If a range is specified, a special hidden range is created on this range.

If the cursor is on the segment name at the start of the segment, the segment will be hidden. IDA will display only the header of the hidden segment.

If the cursor is on a structure variable and if the target assembler has the 'can display terse structures or the ' bit on, then the structure will be collapsed into one line and displayed in the terse form.

Otherwise, the current function will be hidden. IDA will display only the header of the hidden function.

If there is no current function then IDA will beep.

If you want to see hidden items on the screen, you may use command or the display of the hidden items. If you want to delete a previously created hidden range, you may use command.

See also submenu

This command allows you to delete a hidden range of disassembly (previously defined by using the command).

See also command.

See also submenu

This command allows you to unhide:

See also command.

See also submenu

This command allows you to hide:

IDA will display only the header of the hidden items.

If you want to see hidden items on the screen, you may use command or the display of the hidden items.

See also command.

See also submenu

 Action    name: SetupHidden
 

This command allows you to toggle the display of hidden items.

Automatically hide library functions

        This option hides the functions recognized by FLIRT.
        If will have an effect only from the time when the option is set.

Display hidden instructions

        If this option is set, IDA will display all the instructions
        as unhidden even if they were hidden.

Display hidden functions

        If this options is set, IDA will display all the functions
        as unhidden even if they were hidden.

Display hidden segments

        If this options is set, IDA will display all the segments
        as unhidden even if they were hidden.

See also View submenu.

 Action    name: Unhide
 

This command allows you to unhide a hidden part of disassembly.

If the cursor is on the hidden function name, the function will be unhidden.

If the cursor is on the terse structure variable, the structure will be uncollapsed and displayed in the regular form.

If the cursor is on the hidden range, the hidden range will be unhidden.

If the cursor is on the hidden segment name, the segment will be unhidden.

See also hide command and setup hidden command.

See also Edit|View submenu