Q How do I generate FLIRT signature from my own libraries ?

A The process is simple if you have installed the FLAIR tools. As an example, we'll use an file called api.lib. First a pattern file should be created. The command


plb api(.lib) api(.pat)

creates a pattern file whose format is described in our FLIRT paper. Have a look at this file with a text editor.Then we'll create a signature file with the command


sigmake api(.pat) api(.sig)

and copy the resulting api.sig file in the IDA Pro SIG subdirectory.

Q How do I apply my own SIGs to the disassembly ?

A Open the signature window through the View Menu. Press the INS key. Wait a few seconds until the list of available signatures is build. Move the cursor on the line containing your sig file and press the ENTER key.

Q How do I prevent IDA from applying SIGs to the disassembly ?

A Open the IDA.CFG file and modify the ANALYSIS configuration word in order to exclude the AF_FLIRT option.

Q How do I define high level structures ?


A See this short tutorial

Q How do I use other processors with IDA Pro ?


A You must specify the processor you wish to use on the command line. For example, if you want to disassemble a 8051 binary, IDA Pro should be started as follows (if you are using the Windows version of IDA Pro).

IDAW -p8051

Q How do I use IDC

A see this example

Q How do I load debugging information, MAP or SYM files into IDA ?


A The following procedure may be used to load debugging information, MAP and SYM files into a disassembly. This procedure is a temprarory solution, as future versions of IDA will have a built-in support of debugging information.
    Convert debugging information into text using your favorite dumper. (Borland's TDUMP.EXE is a good choice when dealing with Borland and Microsoft debugging information). Load the text into a text editor and convert it into IDC script:
    	static main() {
    where addr - address should be replaced be the address of the name and name is string constant. Example:
    	static main() {
    Launch IDA and execute the script by pressing F2 key. The names from the SYM file will appear in the disassembly.

Q How do I save a fragment of disassembly ?

A Select the area of the disassembly that you want to save and press ALT-F10.

Q How do I view the disassembly in C/VB etc?

A This is not something IDA can do. The output is ASM. We have a decompiler product that can generate pseudo-code for some binaries (only 32-bit x86 and ARM for now)

Q How do I change the search direction ?

A By pressing the TAB key