IDA Pro FAQ

Q How do I generate FLIRT signature from my own libraries ?

A The process is simple if you have installed the FLAIR tools. As an example, we'll use an file called api.lib. First a pattern file should be created. The command

 

plb api(.lib) api(.pat)

creates a pattern file whose format is described in our FLIRT paper. Have a look at this file with a text editor.Then we'll create a signature file with the command

 

sigmake api(.pat) api(.sig)

and copy the resulting api.sig file in the IDA Pro SIG subdirectory.

Q How do I apply my own SIGs to the disassembly ?

A Open the signature window through the View Menu. Press the INS key. Wait a few seconds until the list of available signatures is build. Move the cursor on the line containing your sig file and press the ENTER key.


Q How do I prevent IDA from applying SIGs to the disassembly ?

A Open the IDA.CFG file and modify the ANALYSIS configuration word in order to exclude the AF_FLIRT option.


Q How do I define high level structures ?

 

A See this short tutorial

Q How do I use other processors with IDA Pro ?

 

A You must specify the processor you wish to use on the command line. For example, if you want to disassemble a 8051 binary, IDA Pro should be started as follows (if you are using the Windows version of IDA Pro).

IDAW -p8051


Q How do I use IDC

A see this example


Q How do I load debugging information, MAP or SYM files into IDA ?

 

A The following procedure may be used to load debugging information, MAP and SYM files into a disassembly. This procedure is a temprarory solution, as future versions of IDA will have a built-in support of debugging information.
    Convert debugging information into text using your favorite dumper. (Borland's TDUMP.EXE is a good choice when dealing with Borland and Microsoft debugging information). Load the text into a text editor and convert it into IDC script:
    
    	static main() {
    	  MakeName(addr,name);
    	  ...........
    	}
    	
    where addr - address should be replaced be the address of the name and name is string constant. Example:
    
    	static main() {
    	  MakeName(0x10000,"name1");
    	}
    	
    Launch IDA and execute the script by pressing F2 key. The names from the SYM file will appear in the disassembly.

Q How do I save a fragment of disassembly ?

A Select the area of the disassembly that you want to save and press ALT-F10.


Q How do I view the disassembly in C/VB etc?

A This is not something IDA can do. The output is ASM. We have a decompiler product that can generate pseudo-code for some binaries (only 32-bit x86 and ARM for now)


Q How do I change the search direction ?

A By pressing the TAB key