Open subviews
Last updated
Was this helpful?
Last updated
Was this helpful?
Here are commands to open various windows, display information etc.
The "WindowOpen" command opens a new window with the disassembly. IDA automatically opens one disassembly window at the start.
A double click of the mouse is equivalent to the <Enter> key.
This command opens the exports window.
This command opens the imports window.
Listed for each function are:
The last column of this window has the following format:
If a function has its color set, its line is colored using the specified color. Otherwise library and lumina functions are colored with the corresponding color. Otherwise the line is not colored.
A bold font is used for functions that have definite (user-specified) prototype. Also some plugins too may set this flag. Such prototypes are taken as is by the decompiler, while other prototypes are considered only as a starting point during decompilation.
It is possible to automatically synchronize the function list with the active disassembler, pseudocode, or hex view. For that right click on the function list and select "Turn on synchronization".
The GUI version displays a small icon for each name:
This command opens the signatures window.
For each signature, the following is displayed:
You can modify the planned signatures list here: add/delete library modules to be used during the disassembling.
You cannot delete an applied signature from the list.
To add a signature to the list for the application press <Ins>. You will see a list of signatures that can be applied to the program being disassembled.
Text version: Not all signature files will be displayed (for example, 32 bit signatures will not be shown for a 16 bit program). If you want to see the full list of signatures, select the first line of the list saying SWITCH TO FULL LIST OF SIGNATURES.
Signature files reside in the subdirectories of the SIG directory. Each processor has its own subdirectory. The name of the subdirectory is equal to the name of the processor module file (z80 for z80.w32, for example). Note: IBM PC signatures are located in the SIG directory itself. Note: the IDASGN environment variable can be used to specify the location of the signatures directory.
Depending on the current processor type, you will see DS,ES,SS with or without FS,GS.
This command opens the cross-references window. This window contains all references to the current location.
You can add and delete cross references here too by pressing Ins or Del. Right clicking on the mouse will work too.
Add a cross reference: the from and to address, as well as the xref type should be specified.
Del a cross reference: if the 'undefine if no more xrefs' is check, then the instruction at the target address will be undefined upon the deletion of the last xref. IDA undefines instructions only if they do not start a function.
This command opens the local types window. The user can manipulate local types here:
the existing types can be modified (the default hotkey is Ctrl-E, context menu Edit type...)
the existing types can be deleted (the default hotkey is Del, context menu Delete type...)
new types can be added (the default hotkey is Ins, context menu Add type...)
Please note that Ins can be used to add many types at once. For that the user just needs to enter multiple declarations, one after another in the dialog box.
However, Ctrl-E permits for editing of one type at a time. This may cause problems with complex structure types with nested types. Nested types will not be saved by Ctrl-E.
If the edited type corresponds to an idb type (struct or enum), then the corresponding type will be automatically synchronized.
Each type in the local type library has an ordinal number and may have a name.
Be careful when deleting existing types because if there are references to them, they will be invalidated.
A local type can be mapped to another type. Such an operation deletes the existing type and redirects all its references to the destination type. Circular dependencies are forbidden. In the case of a user mistake, a mapped type can be deleted and recreated with the correct information.
See also
Structs-related commands available in the local types window:
If the entered structure name denotes a standard structure type from a loaded type library, then its definition will be automatically used. In this case, the value of the 'create union' checkbox will be ignored.
You can add new members to the structure using the following commands:
D
A
*
N
"Create before current structure" means that the new structure will be placed immediately before the current structure type. Otherwise, the new structure is placed after the current structure.
"Don't include in the list" means that the structure will not be included in the list of the structures which appears when the user applies the structure definition, for example, when he creates a variable of this structure type. We recommend to mark this checkbox when you have defined all variables of this structure type and want to reduce the number of choices in the list.
This command duplicate the current structure type. The new structure type will have the same members as the current one but its name will be autogenerated (something like struc_333)
By default the new structure type will be placed after the current structure type.
This command deletes the current structure. Beware, when you delete a structure, all references to it will be destroyed as well. Even if you recreate it later, you'll have to specify again all references to it.
You may use this command to delete unions also.
This command expands the current structure by inserting undefined bytes at the cursor location. The cursor must not be at the end of the structure. To define a member at the end of the structure, just use normal data definition commands.
This command shrinks the current structure by deleting undefined bytes at the cursor location. The cursor must be at an undefined byte. IDA will ask the user the number of bytes to remove.
This command allows the user to change the structure alignment
Structure alignment is used to calculate the number of padding bytes at the end of the structure. For example, if alignment is 4 and the last field is a byte at offset 11h, IDA will add 3 bytes of padding so that the struct size is 14h (multiple of 4).
Enums-related commands available in the local types window:
These commands allow you to define and to edit an enum type. You need to specify:
Each enum has its ID and a serial number. The ID is a number used to refer to the enum, while a serial number is used to order enums during output. Changing the serial number moves the enum to another place.
The serial number of an enum is displayed at the lower left corner of the window.
You can specify any number as a serial number, IDA will move the enum to the specified place.
You also need to specify representation of enum constants. You may choose from various number bases (hex,dec,oct,bin) and character constants.
You may specify the element width or leave it zero. Zero means the element width is not specified. The allowed widths are the powers of 2 in the range of 1..64.
This command deletes the current enum. Beware, when you delete an enum all references to it will be destroyed. Even if you recreate it later, you'll have to specify again all references to it.
This command allows you to define an enum member. An enum member is a symbolic constant. You have to specify its name and value. You cannot define more than 256 constants with the same value in an enum.
This command allows you to rename an enum member. An enum member is a symbolic constant. Its name must be unique in the program.
To rename an enum type name, position the cursor over the name of the enum.
Please remember that deleting a member also deletes all the information about the member, including comments, member name etc.
You can jump to a problem by pressing Enter. The selected problem will be deleted from the list.
This command opens the type libraries window. Here the user can load and unload standard type libraries.
The standard type libraries contain type definitions from the standard C header supplied with compilers. Usually, IDA tries to determine the target compiler and its type libraries automatically but if it fails, this window allows you to load the appropriate type library.
Provide the ability to inspect the types present in a type library.
This command opens the string window.
The string window contains all strings in the program. However, if a range of addresses was selected before opening the window, only the selected range will be examined for strings.
You can setup the list parameters by right-clicking (or pressing Ctrl-U in the text version) on the list.
The list always contains strings defined in the program regardless of the settings in this dialog box, but the user can ask IDA to display strings not yet explicitly defined as strings.
The following parameters are available:
Minimal string length
This command opens the function calls window.
All functions who call the current function are displayed at the top of the window.
All functions called from the current function are displayed at the bottom of the window.
The list is automatically refreshed when the cursor is moved to another function.
Opens a notepad window for the general notes about the current database. The entered notes will be saved in the current database.
Alt-T hotkey can be used to search for a text and Ctrl-T to repeat the last search.
The notepad is available only in the GUI version.
This command opens a window with the undo history. It is available from the Views, Open subviews submenu.
Double clicking on a line reverts the database to the state before the corresponding action.
It is possible to truncate the undo history by using the corresponding context menu command. The undo information for the selected action will be removed together with the information about all preceding actions.
The redoable user actions are displayed in italics. The current position in the undo buffers is displayed in bold, it usually denotes the first redoable user action.
See also
Some windows allow you to manipulate the window contents by using the viewer commands.
See also submenu.
If the current location is an instruction belonging to a function, then the is available. You can toggle between the text and graph view using the Space key. You can also switch to proximity view by zooming out to the callgraph using the '-' key.
Use the disassembly commands to improve the listing.
Use Shift-<arrows> or Alt-L to drop . If you have a mouse, you can drop the anchor with it too.
To the left of disassembly, there is an (GUI version). Also the GUI version the current identifier.
You can use commands in this window.
You can use commands in this window.
A list of all functions in the program is displayed. You can , , functions using viewer commands.
This command opens the window.
You can use commands in this window.
This command opens the segments window. The format of this window is explained .
You can use commands in this window.
In order to change the selector values, use window.
This command opens the segment registers window. The window will contain segment register list.
You can use commands in this window.
See also submenu.
This command opens the selector window. Here you can change the "selector to base" mapping. The selector table is used to look up the selector values when the addresses that are visible in the disassembly listing.
You can use commands in this window:
You can use commands in this window.
Each database has a local type library embedded into it. This type library (til) is used to store types that are local to the current database. They are usually created by a header file.
Some types in this list are created automatically by IDA. They are copies of the types defined in the or views. Such types are displayed using in gray, as if they are disabled.
Types displayed in black are considered as C level types. Read .
Each structure must have a unique name. A field name must be unique in the structure. In order to create or delete a field, use data definitions commands (, , , , ). You may also define or comments.
In order to modify member types, use commands from the submenu. For example, to convert a structure member to an offset, use one of the following commands:
This command defines a new structure or a new union. The new structure is created with zero length. You will have to add structure members using manipulation commands.
This command is available when you open a .
You may also insert/delete undefined bytes into the middle of the structure by using and commands.
See also .
This command is available when you open a .
This command is available when you open a .
This command is available when you open a .
The alignment must be a power of 2. This command is available in the .
See also .
Please note that you can create definitions here by checking the "bitfield" checkbox.
These command is available when you open the types .
See also .
This command is available when you open the types .
If the current enum is a bitfield, you need to specify the bitmask. To learn about bitmasks, read about .
This command opens the problems window. The problem window contains the of all problems encountered by IDA during disassembling the program.
Furthermore, don't forget to specify the compiler and memory model in the dialog box.
See:
Display only defined strings If checked, IDA will display only strings explicitly marked as string items (using the command). In this case, the other checkboxes are ignored. Ignore instructions/data definitions
Strict ASCII (7-bit) strings If checked, only strings containing exclusively 7-bit characters (8th bit must be zero) will be added to the list. Please note that the user can specify which characters are accepted in the strings by modifying the StrlitChars parameter in the file. This setting is ignored if 'only defined strings' is on. Allowed string types