Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Here are commands to open various windows, display information etc.
See also submenus.
In the graphical version, there is a small window with arrows on the left of the disassembly. These arrows represent the execution flow, namely the branch and jump instructions. The arrow color can be:
- red: means that the arrow source and destination do not
belong to the same function. Usually, the branches are
within functions and the red color will conspicuously
represent branches from or to different functions.
- black: the currently selected arrow. The selection
is made by moving to the beginning or the end of the
arrow using the Up or Down keys or left-clicking on the arrow
start or the arrow end. The selection is
not changed by pressing the PageUp, PageDown, Home, End keys or using
the scrollbar. This allows to trace the selected arrow far away.
- grey: all other arrowsThe arrow thickness can be:
- thick: a backward arrow. Backward arrows usually represent
loops. Thick arrows represent the loops in a clear and
notable manner.
- thin: forward arrows.Finally, the arrows can be solid or dotted. The dotted arrows represent conditional branches when the solid arrows represent unconditional branches.
You can resize the arrows window using a vertical splitter or even fully hide it. If it is hidden, the arrows window will not be visible on the screen but you can reveal it by dragging the splitter to the right. IDA remembers the current arrow window size in the registry when you close the disassembly window.
IDA opens a special non-closable window at the start. This window is called "message window". In this window you see various IDA messages.
If the message window is hidden behind other windows, you will not see the IDA messages.
You can duplicate all messages appearing in this window to a file. For this, you have to define an environment variable:
set IDALOG=logfileHere are commands to draw various graphs:
IDA uses an external program to display graphs. The program name is wingraph32.exe and it is located in the current directory.
The user can change the name of this program using the GRAPH_VISUALIZER parameter in the file.
The user can zoom the graph and move it around the window.
See also submenu.
This command displays the flow chart of the current function.
The colored edges of the flow chart represent the outcome of conditional jump instructions. Green means that the condition is satisfied, red means not satisfied.
This command displays the graph of all function calls in the program.
The functions are represented as nodes. The calls are represented as edges between nodes. Instructions outside functions are ignored.
This command displays the graph of code and data xrefs to current address/range of selected addresses in the program.
The addresses are represented as nodes. The xrefs are represented as edges between nodes.
This command displays the graph of code xrefs from the current address/range of selected addresses in the program.
In this direction, data xrefs aren't analyzed to avoid overloaded graphs.
The addresses are represented as nodes. The xrefs are represented as edges between nodes.
This command displays a user-defined graph of xrefs from/to the current address/range of selected addresses in the program.
The direction of the xrefs to analyze can be chosen. If the Recursive flag is checked, all found xrefs are themselves analyzed to find new xrefs. You can choose to search for xrefs to new referenced addresses only in the current direction. Only External, data xrefs, xrefs from library functions and to library functions can possibly be ignored.
A recursion depth can be specified. If 'Print recursion dots' is checked, and a function has others xrefs outside of the range defined by the 'recursion depth' setting, small nodes containing dots are printed.
The 'Print comments' flag causes the generated function node to also contain the function comment.
The addresses are represented as nodes. The xrefs are represented as edges between nodes. The used colors are the same as in IDA.
Action name: GraphFunc
Action name: CallFlow
Action name: ChartXrefsTo
Action name: ChartXrefsFrom
Action name: ChartXrefsUser
Action name: ShowSnapMan
This command shows the database snapshot manager. In this dialog, it is possible to restore previously saved snapshots, rename or delete them.
Note: snapshots work only with regular databases. Unpacked databases do not support them.
See also Take database snapshot commands.
This command allows you to delete a hidden range of disassembly (previously defined by using the command).
See also command.
See also submenu
In the graphical version, IDA highlights the identifier under the cursor. For example, if the cursor is on the "EAX" register, then all occurrences of "EAX" will be displayed with the yellow background. This feature is meant to make the program analysis easier by highlighting the interesting parts of the disassembly. For example, if the user wants to see all references to "EAX", he just clicks on any "EAX" on the screen and all of them will be highlighted.
The selection is made by pressing the Up, Down, Left, Right keys or by simply clicking on the identifier.
The selection is not changed by pressing the PageUp, PageDown, Home, End keys, using the scrollbar, or pressing the Alt-Up, Alt-Down, Ctrl-Up, Ctrl-Down keys.
The Alt-Up and Alt-Down keys perform a search of the currently selected identifier backward or forward respectively.
The Ctrl-Up and Ctrl-Down keys scroll the disassembly text.
IDA does not highlight the segment names at the line prefix because it is not very useful.
It is possible to turn off the highlight. The appropriate checkbox is in the tab.
Action name: DelHiddenRange
Here are commands to open various windows, display information etc.
Some windows allow you to manipulate the window contents by using the viewer commands.
See also submenu.
The "WindowOpen" command opens a new window with the disassembly. IDA automatically opens one disassembly window at the start.
If the current location is an instruction belonging to a function, then the is available. You can toggle between the text and graph view using the Space key. You can also switch to proximity view by zooming out to the callgraph using the '-' key.
Use the disassembly commands to improve the listing.
Use Shift-<arrows> or Alt-L to drop . If you have a mouse, you can drop the anchor with it too.
A double click of the mouse is equivalent to the <Enter> key.
To the left of disassembly, there is an (GUI version). Also the GUI version the current identifier.
This command opens the exports window.
You can use commands in this window.
This command opens the imports window.
You can use commands in this window.
A list of all functions in the program is displayed. You can , , functions using viewer commands.
Listed for each function are:
The last column of this window has the following format:
If a function has its color set, its line is colored using the specified color. Otherwise library and lumina functions are colored with the corresponding color. Otherwise the line is not colored.
A bold font is used for functions that have definite (user-specified) prototype. Also some plugins too may set this flag. Such prototypes are taken as is by the decompiler, while other prototypes are considered only as a starting point during decompilation.
It is possible to automatically synchronize the function list with the active disassembler, pseudocode, or hex view. For that right click on the function list and select "Turn on synchronization".
This command opens the window.
You can use commands in this window.
The GUI version displays a small icon for each name:
This command opens the signatures window.
For each signature, the following is displayed:
You can modify the planned signatures list here: add/delete library modules to be used during the disassembling.
You cannot delete an applied signature from the list.
To add a signature to the list for the application press <Ins>. You will see a list of signatures that can be applied to the program being disassembled.
Text version: Not all signature files will be displayed (for example, 32 bit signatures will not be shown for a 16 bit program). If you want to see the full list of signatures, select the first line of the list saying SWITCH TO FULL LIST OF SIGNATURES.
Signature files reside in the subdirectories of the SIG directory. Each processor has its own subdirectory. The name of the subdirectory is equal to the name of the processor module file (z80 for z80.w32, for example). Note: IBM PC signatures are located in the SIG directory itself. Note: the IDASGN environment variable can be used to specify the location of the signatures directory.
This command opens the segments window. The format of this window is explained .
You can use commands in this window.
In order to change the selector values, use window.
This command opens the segment registers window. The window will contain segment register list.
You can use commands in this window.
Depending on the current processor type, you will see DS,ES,SS with or without FS,GS.
See also submenu.
This command opens the selector window. Here you can change the "selector to base" mapping. The selector table is used to look up the selector values when the addresses that are visible in the disassembly listing.
You can use commands in this window:
This command opens the cross-references window. This window contains all references to the current location.
You can use commands in this window.
You can add and delete cross references here too by pressing Ins or Del. Right clicking on the mouse will work too.
Add a cross reference: the from and to address, as well as the xref type should be specified.
Del a cross reference: if the 'undefine if no more xrefs' is check, then the instruction at the target address will be undefined upon the deletion of the last xref. IDA undefines instructions only if they do not start a function.
Each database has a local type library embedded into it. This type library (til) is used to store types that are local to the current database. They are usually created by a header file.
This command opens the local types window. The user can manipulate local types here:
the existing types can be modified (the default hotkey is Ctrl-E, context menu Edit type...)
the existing types can be deleted (the default hotkey is Del, context menu Delete type...)
new types can be added (the default hotkey is Ins, context menu Add type...)
Please note that Ins can be used to add many types at once. For that the user just needs to enter multiple declarations, one after another in the dialog box.
However, Ctrl-E permits for editing of one type at a time. This may cause problems with complex structure types with nested types. Nested types will not be saved by Ctrl-E.
If the edited type corresponds to an idb type (struct or enum), then the corresponding type will be automatically synchronized.
Some types in this list are created automatically by IDA. They are copies of the types defined in the or views. Such types are displayed using in gray, as if they are disabled.
Types displayed in black are considered as C level types. Read .
Each type in the local type library has an ordinal number and may have a name.
Be careful when deleting existing types because if there are references to them, they will be invalidated.
A local type can be mapped to another type. Such an operation deletes the existing type and redirects all its references to the destination type. Circular dependencies are forbidden. In the case of a user mistake, a mapped type can be deleted and recreated with the correct information.
See also
Each structure must have a unique name. A field name must be unique in the structure. In order to create or delete a field, use data definitions commands (, , , , ). You may also define or comments.
In order to modify member types, use commands from the submenu. For example, to convert a structure member to an offset, use one of the following commands:
Structs-related commands available in the local types window:
This command defines a new structure or a new union. The new structure is created with zero length. You will have to add structure members using manipulation commands.
If the entered structure name denotes a standard structure type from a loaded type library, then its definition will be automatically used. In this case, the value of the 'create union' checkbox will be ignored.
This command is available when you open a .
You can add new members to the structure using the following commands:
You may also insert/delete undefined bytes into the middle of the structure by using and commands.
"Create before current structure" means that the new structure will be placed immediately before the current structure type. Otherwise, the new structure is placed after the current structure.
"Don't include in the list" means that the structure will not be included in the list of the structures which appears when the user applies the structure definition, for example, when he creates a variable of this structure type. We recommend to mark this checkbox when you have defined all variables of this structure type and want to reduce the number of choices in the list.
See also .
This command duplicate the current structure type. The new structure type will have the same members as the current one but its name will be autogenerated (something like struc_333)
By default the new structure type will be placed after the current structure type.
This command deletes the current structure. Beware, when you delete a structure, all references to it will be destroyed as well. Even if you recreate it later, you'll have to specify again all references to it.
You may use this command to delete unions also.
This command is available when you open a .
This command expands the current structure by inserting undefined bytes at the cursor location. The cursor must not be at the end of the structure. To define a member at the end of the structure, just use normal data definition commands.
This command is available when you open a .
This command shrinks the current structure by deleting undefined bytes at the cursor location. The cursor must be at an undefined byte. IDA will ask the user the number of bytes to remove.
This command is available when you open a .
This command allows the user to change the structure alignment
Structure alignment is used to calculate the number of padding bytes at the end of the structure. For example, if alignment is 4 and the last field is a byte at offset 11h, IDA will add 3 bytes of padding so that the struct size is 14h (multiple of 4).
The alignment must be a power of 2. This command is available in the .
See also .
Enums-related commands available in the local types window:
These commands allow you to define and to edit an enum type. You need to specify:
Each enum has its ID and a serial number. The ID is a number used to refer to the enum, while a serial number is used to order enums during output. Changing the serial number moves the enum to another place.
The serial number of an enum is displayed at the lower left corner of the window.
You can specify any number as a serial number, IDA will move the enum to the specified place.
You also need to specify representation of enum constants. You may choose from various number bases (hex,dec,oct,bin) and character constants.
You may specify the element width or leave it zero. Zero means the element width is not specified. The allowed widths are the powers of 2 in the range of 1..64.
Please note that you can create definitions here by checking the "bitfield" checkbox.
These command is available when you open the types .
See also .
This command deletes the current enum. Beware, when you delete an enum all references to it will be destroyed. Even if you recreate it later, you'll have to specify again all references to it.
This command is available when you open the types .
This command allows you to define an enum member. An enum member is a symbolic constant. You have to specify its name and value. You cannot define more than 256 constants with the same value in an enum.
If the current enum is a bitfield, you need to specify the bitmask. To learn about bitmasks, read about .
This command allows you to rename an enum member. An enum member is a symbolic constant. Its name must be unique in the program.
To rename an enum type name, position the cursor over the name of the enum.
Please remember that deleting a member also deletes all the information about the member, including comments, member name etc.
This command opens the problems window. The problem window contains the of all problems encountered by IDA during disassembling the program.
You can jump to a problem by pressing Enter. The selected problem will be deleted from the list.
This command opens the type libraries window. Here the user can load and unload standard type libraries.
The standard type libraries contain type definitions from the standard C header supplied with compilers. Usually, IDA tries to determine the target compiler and its type libraries automatically but if it fails, this window allows you to load the appropriate type library.
Furthermore, don't forget to specify the compiler and memory model in the dialog box.
Provide the ability to inspect the types present in a type library.
See:
This command opens the string window.
The string window contains all strings in the program. However, if a range of addresses was selected before opening the window, only the selected range will be examined for strings.
You can setup the list parameters by right-clicking (or pressing Ctrl-U in the text version) on the list.
The list always contains strings defined in the program regardless of the settings in this dialog box, but the user can ask IDA to display strings not yet explicitly defined as strings.
The following parameters are available:
Display only defined strings If checked, IDA will display only strings explicitly marked as string items (using the command). In this case, the other checkboxes are ignored. Ignore instructions/data definitions
Strict ASCII (7-bit) strings If checked, only strings containing exclusively 7-bit characters (8th bit must be zero) will be added to the list. Please note that the user can specify which characters are accepted in the strings by modifying the StrlitChars parameter in the file. This setting is ignored if 'only defined strings' is on. Allowed string types
Minimal string length
This command opens the function calls window.
All functions who call the current function are displayed at the top of the window.
All functions called from the current function are displayed at the bottom of the window.
The list is automatically refreshed when the cursor is moved to another function.
Opens a notepad window for the general notes about the current database. The entered notes will be saved in the current database.
Alt-T hotkey can be used to search for a text and Ctrl-T to repeat the last search.
The notepad is available only in the GUI version.
This command opens a window with the undo history. It is available from the Views, Open subviews submenu.
Double clicking on a line reverts the database to the state before the corresponding action.
It is possible to truncate the undo history by using the corresponding context menu command. The undo information for the selected action will be removed together with the information about all preceding actions.
The redoable user actions are displayed in italics. The current position in the undo buffers is displayed in bold, it usually denotes the first redoable user action.
See also
This command displays the internal flag values for the current item. The information appears in the .
See also submenu.
In order to provide intuitive yet powerful interface to types IDA introduces two kinds of types:
Assembler level types are the ones defined by the user using the or views.
Since the user has to specify manually the member offset and other attributes, IDA considers the member offsets to be fixed for them and never shifts members of such types. If a member of struct becomes too big and does not fit the struct anymore, IDA will delete it.
The types defined in the window are considered as C level types. For them IDA automatically calculates the member offsets and if necessary may shift members and change the total struct size.
The user may change the type level by simply editing the type from the appropriate window. For example, if a C level type is edited from the view, IDA will consider such a type as an Assembler level type in the future.
D
A
*
N
Action name: ShowFlags
- Assembler level types
- C level types In the struct/enum view:
Assembler level types are displayed using regular colors.
C level types are displayed in gray, as if they are disabled (but they are not).
In the local types view:
C level types are displayed using regular colors.
Assembler level types are displayed in gray, as if they are disabled (but they are not). Action name: CalculateA simple calculator is provided. You can enter constant C-style expressions. Syntax of the expressions is the same is the syntax of IDC expressions. The result is displayed in the message window in three forms: hexadecimal, decimal and character. All the names created during a disassembly may be used in these expressions. IDA can also pick up the name or number under the cursor and to store it into the input line.
See also:
View submenu
Action name: Hide
This command allows you to hide a part of disassembly. You can hide a function, a segment, or create a special hidden range.
If a range is specified, a special hidden range is created on this range.
If the cursor is on the segment name at the start of the segment, the segment will be hidden. IDA will display only the header of the hidden segment.
If the cursor is on a structure variable and if the target assembler has the 'can display terse structures or the INFFL_ALLASM' bit on, then the structure will be collapsed into one line and displayed in the terse form.
Otherwise, the current function will be hidden. IDA will display only the header of the hidden function.
If there is no current function then IDA will beep.
If you want to see hidden items on the screen, you may use unhide command or enable the display of the hidden items. If you want to delete a previously created hidden range, you may use del hidden range command.
See also Edit|View submenu
Action name: Unhide
This command allows you to unhide a hidden part of disassembly.
If the cursor is on the hidden function name, the function will be unhidden.
If the cursor is on the terse structure variable, the structure will be uncollapsed and displayed in the regular form.
If the cursor is on the hidden range, the hidden range will be unhidden.
If the cursor is on the hidden segment name, the segment will be unhidden.
See also hide command and setup hidden command.
See also Edit|View submenu
Action name: WindowOpen
Action name: OpenExports
Action name: OpenImports
Action name: OpenFunctions
- function name
- segment that contains the function
- offset of the function within the segment
- function length in bytes
- size (in bytes) of local variables + saved registers
- size (in bytes) of arguments passed to the function R - function returns to the caller
F - far function
L - library function
S - static function
B - BP based frame. IDA will automatically convert
all frame pointer [BP+xxx] operands to stack
variables.
T - function has type information
= - Frame pointer is equal to the initial stack pointer
In this case the frame pointer points to the bottom of the frame
M - reserved
S - reserved
I - reserved
C - reserved
D - reserved
V - reservedAction name: OpenNames
L (dark blue) - library function
F (dark blue) - regular function
C (light blue) - instruction
A (dark green) - string literal
D (light green) - data
I (purple) - imported name Action name: OpenSignatures
- name of file with the signature
- state of signature:
- Planned: the signature will be applied
- Current: the signature is being applied
- Applied: the signature has been applied
- number of functions found using the signature
- description of the signatureAction name: ShowSegments
Action name: ShowSegmentRegisters
Action name: ShowSelectors
- jump to the paragraph pointed by the selector
- add a new selector
- delete selector (if it is not used by any segment)
- change selector value (this leads to reanalysis of all program)Action name: OpenXrefs
Action name: OpenLocalTypes
Action name: AddStruct
Action name: CopyStruct
Action name: DelStruct
Action name: ExpandStruct
Action name: ShrinkStruct
Action name: EditStruct
Action name: AddEnum
Action name: EditEnum
- name of enum
- its serial number (1,2...)
- representation of enum members 1 - the current enum becomes the first enum
2 - the current enum becomes the second enum
... Action name: DelEnum
Action name: AddConst
Action name: EditConst
Action name: DelConst
Action name: OpenProblems
Action name: OpenTypeLibraries
Action name: OpenStrings
If checked, IDA will ignore instruction/data definitions
and will try to treat them as strings. If it can build a string
with the length greater than the minimal length, the string
will be displayed in the list.
This setting is ignored if 'only defined strings' is on. Allows the user to specify the string types included in the list.
This setting is ignored if 'only defined strings' is on. The minimal length the string must have to be added to the list.Action name: OpenCallers
Action name: OpenNotepad
Action name: ShowUndoHistory
This command allows you to hide:
all functions and hidden ranges if invoked in the disassembly window
IDA will display only the header of the hidden items.
If you want to see hidden items on the screen, you may use command or the display of the hidden items.
See also command.
See also submenu
This command opens the bookmarks window. This window lets the user jump to a specific place in the listing.
Action name: HideAll
Action name: OpenBookmarks
Action name: ShowRegisters
This command displays segment register contents in the message window.
You may use this command to refresh the disassembly window too.
See also Edit|Segments submenu. View submenu.
This tab of IDA Options dialog allows for editing of hint and identifier highlight related settings. There are two groups of settings.
The first group is for hints that are displayed when the mouse is hovered over some text.
The second group is for highlighting.
Number of lines for identifier hints
Delay for identifier hints
Mouse wheel resizes hint window
No hints if debugger is active
Auto highlight the current identifier
Unhide collapsed items automatically when jumping to them (gui only)
Lazy jumps (gui only)
Number of items in navigation stack drop-down menus
IDA can parse and handle simple C++ class declarations. It cannot parse templates and other complex constructs but simple standard cases can be parsed.
If a C++ class contains virtual functions, IDA will try to rebuild the virtual function table (VFT) for the class. The VFT will be linked to the class by the name: if the class is called "A", the VFT type will be "A_vtbl".
Let us consider the following class hierarchy:
IDA will create the following structures:
Please note that the VFT pointer in the class A has a special name: "__vftable". This name allows IDA to recognize the pointer as a VFT pointer and treat it accordingly.
Another example of more complex class hierarchy:
Compiling in 32-bit Visual Studio mode yields the following layout:
IDA will generate the following types:
The 'derived' class will use 2 VFTs:
IDA and Decompiler can use both VFTs and produce nice code for virtual calls.
This command allows you to unhide:
all segments, functions, and hidden ranges if invoked in the disassembly window
See also command.
See also submenu.
This command allows you to toggle the display of items.
Automatically hide library functions
Display hidden instructions
Display hidden functions
Display hidden segments
See also submenu.
Action name: UnhideAll
Action name: SetupHidden
This option hides the functions recognized by FLIRT.
If will have an effect only from the time when the option is set. If this option is set, IDA will display all the instructions
as unhidden even if they were hidden. If this options is set, IDA will display all the functions
as unhidden even if they were hidden.Caret blinking interval
Specifies how tall the hint window will be initially.
IDA may decide to display less lines than specified if the hint is
small. The user can resize the hint window using the mouse wheel. Milliseconds that pass before the hint appears when the user
hovers the mouse pointer over an identifier Permit to resize the hint window by using the mouse wheel.
Can be turned off if the user does not want to resize the hints. Hints will be disabled when the debugger is active. This may be
useful to speed of debugging: calculating hints for zero filled
ranges can be very expensivePlease note that the VFT layout will be different in g++ mode and IDA can handle it too. Therefore it is important to have the target compiler set correctly.
It is possible to build the class hierarchy manually. Just abide by the following rules:
C++ classes are marked with "__cppobj" keyword, it influences the class layout. However, this keyword is not required for VFT types.
In the case of a multiple inheritance it is possible to override a virtual table for a secondary base class by declaring a type with the following name: "CLASSNAME_XXXX_vtbl" where XXXX is the offset to the virtual table inside the derived (CLASSNAME) class.
Example: if in the above example we add one more function
then we need one more virtual table. Its name must be "derived_0008_vtbl". Please note that our parser does not create such vtables, you have to do it manually. See also Local types window.
class A { virtual int f(); int data; };
class B : public A { virtual int g(); }; struct __cppobj A {A_vtbl *__vftable;int data;}
struct A_vtbl {int (*f)(A *__hidden this);}
struct __cppobj B : A {}
struct B_vtbl {int (*f)(A *__hidden this);
int (*g)(B *__hidden this);} class base1 { virtual int b1(); int data; };
class base2 { virtual int b2(); int data; };
class der2 : public base2 { virtual int b2(); int data; };
class derived : public base1, public der2 { virtual int d(); }; If this options is set, IDA will display all the segments
as unhidden even if they were hidden. Highlight the current identifier everywhere on the screen.
IDA tries to determine if the current identifier denotes a register.
In this case it will highlight references to other parts of the
register. For example, if "AL" is highlighted, IDA will also highlight
"AH", "AX", and "EAX" (if the current processor is x86). If this option is set on, IDA will automatically
uncollapse hidden functions if the user decides to jump
to them. As soon as the user quits the function by pressing
Esc, the function is automatically collapsed again. If this option is set on, IDA will not redraw the
disassembly window if the jump target is already on the screen.
In this case, it will just move the cursor to the specified
address. This option leads to less screen redraws and
less jumpy behaviour. Specifies the number of entries in the drop-down menu for the 'Jump'
toolbar Specifies how many lines force automatic scrolling of the
disassembly view Specifies how fast the input caret blinks (in milleseconds).
Must be greater than or equal to 500, or zero.
Zero means to disable blinking class derived size(20):
+---
0 | +--- (base class base1)
0 | | {vfptr}
4 | | data
| +---
8 | +--- (base class der2)
8 | | +--- (base class base2)
8 | | | {vfptr}
12 | | | data
| | +---
16 | | data
| +---
+--- struct __cppobj base1 {base1_vtbl *__vftable /*VFT*/;int data;};
struct /*VFT*/ base1_vtbl {int (*b1)(base1 *__hidden this);};
struct __cppobj base2 {base2_vtbl *__vftable /*VFT*/;int data;};
struct /*VFT*/ base2_vtbl {int (*b2)(base2 *__hidden this);};
struct __cppobj der2 : base2 {int data;};
struct /*VFT*/ der2_vtbl {int (*b2)(der2 *__hidden this);};
struct __cppobj derived : base1, der2 {};
struct /*VFT*/ derived_vtbl {int (*b1)(base1 *__hidden this);
int (*d)(derived *__hidden this);}; offset 0: derived_vtbl
offset 8: der2_vtbl - VFT pointer must have the "__vftable" name
- VFT type must follow the "CLASSNAME_vtbl" pattern virtual int derived::b2();This options tab allows for modification of Lumina credentials and use settings.
Use the public server
Sets host and port to the default public server hosted by Hex-Rays.
No username or password is required.Use a private server
Automatically use Lumina server for analysis
Command line switch '-Olumina' overrides for ida session the primary server and '-Osecondary_lumina' the secondary one.
Use the public lumina as secondary server for this ida session
Allows for setting the name/address and port of a private server.
If username and password credentials are needed, they can be specified here. Instructs IDA to fetch function metadata from the current Lumina server,
after the initial auto-analysis is complete. This helps with the recognition
of known functions stored in the database of the Lumina server. host: lumina server host
port: lumina server port
user: username for authentification on private lumina
pass: password for authentification on private lumina
proxy_host: proxy host
proxy_port: proxy port
proxy_user: username for authentification on proxy
proxy_pass: password for authentification on proxy -Osecondary_lumina:host=lumina.hex-rays.com:port=443