|
Q How do I generate FLIRT signature from my own libraries ?
A The process is simple if you have installed the FLAIR tools. As an example, we'll use an file called api.lib. First a pattern file should be created. The command
plb api(.lib) api(.pat)
creates a pattern file whose format is described in our FLIRT paper. Have a look at this file with a text editor.Then we'll create a signature file with the command
sigmake api(.pat) api(.sig)
and copy the resulting api.sig file in the IDA Pro SIG subdirectory. |
|
|
Q How do I apply my own SIGs to the disassembly ?
A Open the signature window through the View Menu. Press the INS key. Wait a few seconds until the list of available signatures is build. Move the cursor on the line containing your sig file and press the ENTER key.
|
|
| Q How do I prevent IDA from applying SIGs to the disassembly ?
A Open the IDA.CFG file and modify the ANALYSIS configuration word in order to exclude the AF_FLIRT option.
|
|
|
Q How do I define high level structures ?
A See this short tutorial |
|
| Q How do I use other processors with IDA Pro ?
A You must specify the processor you wish to use on the command line. For example, if you want to disassemble a 8051 binary, IDA Pro should be started as follows (if you are using the Windows version of IDA Pro).
IDAW -p8051
|
|
|
Q How do I use IDC
A see this example
|
|
| Q How do I load debugging information, MAP or SYM files into IDA ?
A The following procedure may be used to load debugging information, MAP and SYM files into a disassembly. This procedure is a temprarory solution, as future versions of IDA will have a built-in support of debugging information.
Convert debugging information into text using your favorite dumper. (Borland's TDUMP.EXE is a good choice when dealing with Borland and Microsoft debugging information). Load the text into a text editor and convert it into IDC script:
static main() {
MakeName(addr,name);
...........
}
where addr - address should be replaced be the address of the name and name is string constant. Example:
static main() {
MakeName(0x10000,"name1");
}
Launch IDA and execute the script by pressing F2 key. The names from the SYM file will appear in the disassembly.
|
|
| Q How do I save a fragment of disassembly ?
A Select the area of the disassembly that you want to save and press ALT-F10.
|
|
| Q How do I view the disassembly in C/VB etc?
A You must create a file called sissy.ini and add the line "LANG_C=Yes". Jokes aside, this is not something IDA can do. The output is ASM.
|
|
|
Q How do I change the search direction ?
A By pressing the TAB key
|