# Basic Usage

## Basic Usage

In this document, we'll explore the essentials of IDA capabilities to kickstart your journey and disassemble your first binary file.

### Prerequisites

Your IDA instance is [installed and running](https://docs.hex-rays.com/8.5/getting-started/install-ida).

## Before you begin

### What files and processors are supported?

IDA natively recognizes plenty of [file formats](https://docs.hex-rays.com/8.5/user-guide/disassembler/supported-file-formats) and [processors](https://docs.hex-rays.com/8.5/user-guide/disassembler/supported-processors).

If you later realize that's not enough, you can always use one of our community plugins that add additional formats or processor types or try to write your own with [C++ SDK](https://docs.hex-rays.com/8.5/developer-guide/c++-sdk).

### What are IDA database files?

IDA stores the analysis results in the IDA Database files (called IDB), with the extension `.i64`. This allows you to save your work and continue from the same point later. After loading a file at the beginning, IDA does not require access to the binary.

Any modifications you make are saved in the database and do not affect the original executable file.

**Dive deeper**

* **Blog**: :pencil: Check what exactly IDB contains in [Igor's tip of the week](https://hex-rays.com/blog/igors-tip-of-the-week-174-ida-database-idbdetails/) about IDA database.

### What decompilers can I work with?

IDA provides decompilers designed to work with multiple processor architectures. The number of decompilers and their type (local or remote) available in your IDA instance depends on your chosen product and subscription plan and affects your ability to produce C-like pseudocode.

### Where can I find exemplary binaries to work with?

Check [CrackMe](https://crackmes.one/), from where you can download executable files to test your reverse engineering skills.

## Part 1: Loading your file

When you launch IDA, you will see a Quick Start dialog that offers three ways to continue. For now, we'll focus on loading a new file and proceeding to disassembly results.

1. Launch IDA and in the **Quick start** dialog (1), click **New**.
2. Specify the path for your binary file.
3. In the **Load a new file** dialog (2), IDA presents loaders that are suited to deal with a selected file. Accepting the loader default selection and then the processor type is a good strategy for beginners. Click **OK** to confirm your selection.

![Quick start](https://1800237466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmbcivpLb9jyc0Sv4VOMC%2Fuploads%2Fgit-blob-92ba07b66e08ca46bba9c38c4a7030d2a7d94522%2Fquick-start.png?alt=media)

4. IDA begins autoanalysis of your binary file.

After completion, you will be present with the default IDA desktop layout, that we'll describe in the [next part](#part-2-ui-overview).

**Dive deeper**

* **Video**: :video\_camera: Watch different ways of [loading files](https://www.youtube.com/watch?v=eGbLP7_XDFM) in our [channel](https://www.youtube.com/@HexRaysSA).

## Part 2: UI overview

After autoanalysis is done, you'll see the main IDA desktop with the initial results. Let's examine the default desktop layout and commonly used UI elements.

![UI overview](https://1800237466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmbcivpLb9jyc0Sv4VOMC%2Fuploads%2Fgit-blob-f8023c6b0b492b97a4475eaf57987f8b8afc9400%2Fui-overview.png?alt=media)

1. Main menu bar (1)
2. Toolbar (2)
3. Navigation band (3)
4. Subviews (4)
5. Output (5)
6. Status bar (6)

### Main menu bar

The main menu bar provides quick access to essential features. Moreover, almost all menu commands can be quickly accessible via customizable [shortcuts](https://docs.hex-rays.com/8.5/user-guide/configuration/shortcuts).

![Main Menu Bar](https://1800237466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmbcivpLb9jyc0Sv4VOMC%2Fuploads%2Fgit-blob-37f80aefcd28387dc807ecdf9bee9881c2880d80%2Fmain-menu-bar.png?alt=media)

For a handy cheatsheet of all commands and their hotkeys, check **Options -> Show command palette...**.

**Dive deeper**

* **Docs**: :book: Check our [User Guide](https://docs.hex-rays.com/8.5/user-guide/user-interface/menu-bar) for a comprehensive description of all menu items.

### Toolbar

Below the main menu bar, you will see a toolbar with icons that give you quick access to common functionalities (available also via the main menu/shortcuts). It has just one line by default, but you can customize it by adding or rearranging your actions.

![Toolbar](https://1800237466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmbcivpLb9jyc0Sv4VOMC%2Fuploads%2Fgit-blob-5648aef16854728242ea9d1db10f5feb53683405%2Ftoolbar.png?alt=media)

**Dive deeper**

* **Video**: :video\_camera: Curious about practical ways to set up your toolbar? Watch our [video tutorial](https://www.youtube.com/watch?v=Hlq0eDArW-A).

### Navigation band

The navigation band shows the graphical representation of the analyzed binary file and gives a short overview of its contents and which areas may need your attention. The yellow arrow (indicator) shows where the cursor is currently positioned in the disassembly view.

![Navigation band](https://1800237466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmbcivpLb9jyc0Sv4VOMC%2Fuploads%2Fgit-blob-dd7121d6ab85e0d3b30be418b0340d5b87bb4117%2Fnavigation-band.png?alt=media)

As you'll soon recognize, the colors used in the nav band match those in other views.

**Dive deeper**

* **Blog**: :pencil: A detailed navigation band overview with the full colors legend you can found in [Igor's tip of the week](https://hex-rays.com/blog/igors-tip-of-the-week-49-navigation-band/).

### Output

The output window is a place where various messages and logs are displaying, often describing what currently IDA is doing, like analyzing data or running a script. In the CLI box you can type commands in [IDC language](https://docs.hex-rays.com/8.5/developer-guide/idc/core-concepts) or [IDAPython](https://docs.hex-rays.com/8.5/developer-guide/idapython/idapython-getting-started).

### Status bar

At the bottom left corner of the IDA window, you can see the status bar, which contains:

* analysis indicator `AU`, which shows the actual status of autoanalysis (1). In our case, it is `idle`, which means the autoanalysis is already finished.
* search direction indicator (2)
* remaining free disk space (3)

![Status bar](https://1800237466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmbcivpLb9jyc0Sv4VOMC%2Fuploads%2Fgit-blob-7a9321c5043f13bc63b5a6a43ae5b69249e70f0b%2Fstatus-bar.png?alt=media)

Right-clicking on the status bar brings up a context menu that allows you to **reanalyze the program**.

**Dive deeper**

* **Docs**: :book: To check all possible values and their meaning, take a look at [analysis options](https://docs.hex-rays.com/8.5/user-guide/user-interface/menu-bar/options#analysis-options).

### Subviews

The **subviews** are one of the most prominent parts of your everyday work with IDA. These additional views (behaving like tabs) give a different perspective and information on the binary file, but the number of native IDA subviews may be a bit overwhelming. Here, we will focus on the most versatile and common subviews for beginners, where you'll spend most of the time, like:

* IDA View
* Pseudocode
* Hex Dump View
* Local Types
* Functions View

![Subviews](https://1800237466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmbcivpLb9jyc0Sv4VOMC%2Fuploads%2Fgit-blob-5894d93cc33562a084bdfcea040afb3389a2fec3%2Fsubviews.png?alt=media)

#### IDA View / Disassembly Window

When autoanalysis is done, you will see a **graph view** inside an IDA View by default. This flowchart graph should help you to understand the flow of the functions.

{% hint style="info" %}
The graph view is available only for the part of the binary that IDA has recognized as functions.
{% endhint %}

IDA view has three modes:

* **graph view** (1), that shows instructions grouped in blocks,
* **linear view** (2), that lists all instructions and data in order of their addresses,
* and **proximity view** (3), which allows you to see relations between functions, global variables, and other parts of the program.

![IDA view modes](https://1800237466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmbcivpLb9jyc0Sv4VOMC%2Fuploads%2Fgit-blob-64d1392c51090888ac87fe78ea087711c4473dfa%2Fida-view-modes.png?alt=media)

{% hint style="info" %}
Press `Space` to switch between graph and linear mode. Proximity view is available from the context menu in IDA view.
{% endhint %}

**Dive deeper**

* **Video**: :video\_camera: Check our [video tutorial](https://www.youtube.com/watch?v=R1GKm-7WfCU) covering the basics of graph view.
* **Blog**: :pencil: Read the [graph mode overview](https://hex-rays.com/blog/igors-tip-of-the-week-23-graph-view/) in Igor's tip of the week.

#### Hex View Window

In hex view, you can see the raw bytes of the program's instructions.

There are two ways of highlighting the data in this view:

1. **Text match highlight**, which shows matches of the selected text anywhere in the views.
2. **Current item highlight**, which shows the bytes group constituting the current item.

![Hex view](https://1800237466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmbcivpLb9jyc0Sv4VOMC%2Fuploads%2Fgit-blob-6a6fec9016e281349d4886b649fdbfe9659f9fe3%2Fhex-view.png?alt=media)

{% hint style="info" %}
The IDA view, pseudocode, and hex view can be synchronized, meaning that they highlight the same part of the analyzed program, and changes made inside one of the views are visible in the others.
{% endhint %}

**Dive deeper**

* **Video**: :video\_camera: Listen about hex view and others in our [video tutorial](https://www.youtube.com/watch?v=v8TAg873d_k).
* **Blog**: :pencil: Detailed [overview of the hex view](https://hex-rays.com/blog/igors-tip-of-the-week-38-hex-view/) you can read in Igor's tip of the week.

#### Pseudocode Window

Generated by the famous `F5` shortcut, the pseudocode shows the assembly language translated into human-readable, C-like pseudocode. Click `Tab` to jump right into the Pseudocode view.

![Pseudocode Window](https://1800237466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmbcivpLb9jyc0Sv4VOMC%2Fuploads%2Fgit-blob-8cc0b2020ee1f7191e7c19ea8e8ad3ecfff6ffdc%2Fpseudocode-window.png?alt=media)

#### Local Types Window

This view shows the high-level types used in databases, like structs or enums.

**Dive deeper**

* **Docs**: :book: Check our manual giving an overview of [Local Types window](https://docs.hex-rays.com/8.5/user-guide/user-interface/menu-bar/view/open-subviews#local-types-window).

#### Functions Window

This window displays all the functions recognized by IDA, along with key details for each:

* **Function name**
* **Segment** the segment that contains the function
* **Start**: the function starting address
* **Length**: the size of the function in bytes
* **Local**: the amount of stack space taken by local variables
* **Arguments**: the amount of stack space taken by arguments

By default, the entire window is not visible, so you may scroll horizontally to see the hidden elements. As you probably noticed, the colors in Functions window match the colors in navigation band; in our example, green highlighting shows functions recognized by [Lumina](https://hex-rays.com/lumina).

![Functions view](https://1800237466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmbcivpLb9jyc0Sv4VOMC%2Fuploads%2Fgit-blob-2d4a973b4858170be4eed8a63e74ff291e92209f%2Ffunctions.png?alt=media)

This view is read-only, but you can automatically synchronize the function list with the IDA view, pseudocode, or hex view. Click to open the context menu and select **Turn on synchronization**.

**Dive deeper**

* **Docs**: :book: Read the manual explaining all of the [function window](https://docs.hex-rays.com/8.5/user-guide/user-interface/menu-bar/view/open-subviews#functions-window) columns in detail.
* **Video**: :video\_camera: Watch our [video tutorial](https://www.youtube.com/watch?v=DA7dTADDbc8) exploring the functions view.

## Part 3: Basic navigation

A crucial step in mastering IDA is learning how to navigate quickly to specific locations in the output. To help you get started, we'll cover essential commands and hotkeys commonly used for efficient navigation in IDA.

### Double-click and jump to the location

When you double-click on an item, such as a name or address, IDA automatically jumps to that location and relocate the display.

### Jump to address

1. Go to **Jump -> Jump to address..** or press `G` hotkey
2. Enter the item name or hex address in the dialog box, then click **OK**.

To jump back to the previous position, press `Esc`. To jump to the next position, press `Ctrl + Enter`. You can also navigate using the arrows in the toolbar.

### See the list of cross-references

1. Position the cursor on a function or instruction, then go to **Jump -> Jump to xref to operand...** or press `X` to see the dialog with listed all cross-references to this identifier.
2. Select an item from the list and click **OK** to jump to that location.

**Dive deeper**

* **Video**: :video\_camera: Explore the rest of the jump commands in our [video tutorial](https://www.youtube.com/watch?v=uKu3T5Rt1F8)

## Part 4: Manipulate your disassembly results

Now that the initial autoanalysis is done and you’ve mastered the basics of navigation, it’s time to explore the basic interactive operations that reveal the true power of IDA in transforming your analysis.

### Rename a stack variable

One of the first steps you might take is to enhance readability by assigning meaningful names to local or global variables, but also functions, registers and other objects that IDA initially assigned a dummy name.

1. In the IDA View, right-click on the variable you want to rename and click **Rename** or press `N` when the variable is cursor-highlighted.
2. In the newly opened dialog, insert a new name and click **OK**.

If at any point you want to go back to the original dummy name given by IDA, leave the field blank and click **OK**. It will reset the name to the default one.

{% hint style="info" %}
Once you change the name, IDA will propagate the changes through the decompiler and Pseudocode view.
{% endhint %}

**Dive deeper**

* **Docs**: :book: Check the details on renaming items in the [User Guide](https://docs.hex-rays.com/8.5/user-guide/user-interface/menu-bar/edit/give-name-to-the-location)
* **Video**: :video\_camera: Watch our [step-by-step tutorial](https://www.youtube.com/watch?v=_CkyWaInIjM) on renaming techniques.
* **Blog**: :pencil: Check [Igor's tips of the week](https://hex-rays.com/blog/igors-tip-of-the-week-42-renaming-and-retyping-in-the-decompiler/?utm_source=Social-Media-Post\&utm_medium=Youtube\&utm_campaign=ida-pro-tutorial-12) for expert advice on renaming.

### Add a comment

Adding comments may be a useful way to annotate your work.

1. Highlight the line where you want to insert a comment and press `:`.
2. In the dialog box, type your comment (you can use multiple lines) and click **OK**. This will add a regular (non-repeatable) comment to the location.

{% hint style="info" %}
If you want to add a repeatable comment in every location that refers to the original comment, press ';'.
{% endhint %}

**Dive deeper**

* **Video**: :video\_camera: Watch our [tutorial](https://www.youtube.com/watch?v=zUo5BnuqfDQ) about commenting.

## Part 5: Customizing IDA

Nearly every UI element is customizable, allowing you to rearrange and align widgets to suit your habits. You can save your personalized desktop layout by going to **Windows -> Save desktop**.

Most of the basic appearance you can change under **Options** menu.

* To change the colors or theme, go to **Options -> Colors**.
* To change the font, go to **Options -> Fonts**.

If you need more control over customization settings, you may check the [IDA configuration files](https://docs.hex-rays.com/8.5/user-guide/configuration/configuration-files).

## Part 6: Debug your file

If you are ready to delve into dynamic analysis and start debugging your programs, here are some key steps to get you started:

1. **Select the right debugger and complete the setup**: Go to **Debugger -> Select debugger...** and pick up one of the available debuggers. Under **Debugger -> Debugger options**, you can configure the setup in detail.
2. **Add breakpoints**: Right-click on the line where you want to stop the execution and select **Add breakpoint** from the context menu, or press `F2`.
3. **Start the process**: Run the debugging session by pressing `F9` or click a green arrow on the tooltip.

**Dive Deeper**

* **Docs**: :book: Read our User Guide for [local](https://docs.hex-rays.com/8.5/user-guide/debugger/local-debugging) and [remote](https://docs.hex-rays.com/8.5/user-guide/debugger/remote-debugging) debugging manuals, or check step-by-step tutorials for specific debuggers.

## Part 7: Install a plugin

One of the most common way of extending IDA capabilities is to use one of our community-developed plugins.

### Where can I find IDA plugins?

You can find a variety of plugins in the official Hex-Rays [plugin repository](https://plugins.hex-rays.com/)

### Installing your plugin

For this guide purposes, we'll walk you through general installation steps.

{% hint style="info" %}
The installation process can vary depending on the plugin and some of them may required installing dependencies or further configuration. Don't hesitate to refer to the specific instructions provided by the plugin author.
{% endhint %}

#### Load your plugin

1. Copy your plugin folder to the plugins directory inside your IDA installation directory.
2. Alternatively, you can load the plugin from the command line in IDA by using **File -> Script file...** and selecting `app.entry.py` file.

#### Run your plugin

1. Navigate to **Edit -> Plugins -> your\_plugin\_name** or use the assigned hotkey.

{% hint style="info" %}
You may need to restart IDA to see your plugin in the list.
{% endhint %}

**Dive deeper**

* **Docs**: :book: Want to learn about writing your own plugins? Check our Developer Guide on how to create a plugin in [IDAPython](https://docs.hex-rays.com/8.5/developer-guide/idapython/how-to-create-a-plugin) or with [C++ SDK](https://docs.hex-rays.com/8.5/developer-guide/c++-sdk/how-to-create-a-plugin).

## Key hotkeys cheatsheet

Here's a handy list of all of the shortcuts we used so far.

* `Space` Switches between graph and linear mode in the IDA View
* `F5` Generates pseudocode
* `Tab` Jumps into pseudocode View
* `G` Opens **Jump to address** dialog
* `Esc` Jumps back to the previous position
* `Ctrl + Enter` Jumps to the next position
* `X` Shows the list of all cross-references
* `N` Opens dialog to rename the current item
* `;` Adds repeatable comment
* `:` Adds regular comment