// Config file for the graphical mode user interface // ************************************************* // Screen configuration // -------------------- SCREEN_CURSOR = 0 // = 0 normal cursor // = 1 block cursor RECENT_SCRIPTS_MODAL = NO // Open "Recent scripts" window as a modal window AUTOSAVE = 100 // After 100 user actions // IDA flushes its buffers to disk // The windows version of IDA determines the directory // automatically. The following parameter isn't needed anymore. // WINDIR = "c:\\windows" // Default directory to look up for // MS Windows DLL files // IDA will search subdirs // "dll" // "system" // "system32" // of this dir automatically OS2DIR = "c:\\os2" // OS/2 main directory (is used to // look up DLLs) HELPFILE = "sample.hlp" // Name of help file used by Ctrl-F1 // Please change it as shown below: //HELPFILE = "WIN32.HLP" ASK_EXIT_UNPACKED = YES // Ask confirmation if the user // wants to exit the database without // packing it ASK_EXIT = YES // Ask confirmation if the user // wants to exit OPEN_DEFAULT_IDC_PATH = NO // YES: The dialog box to select an // IDC script always starts in // the IDC subdirectory // NO: The dialog box opens in the // current/last directory DISPLAY_COMMAND_LINE = YES // Display the expressions/IDC command line // To turn on/off the command line, // right click on the main toolbar after // setting this parameter to YES #define CONFIRM_UNDEFINE_NO -1 // Never confirm #define CONFIRM_UNDEFINE_YES 0 // Always confirm #define CONFIRM_UNDEFINE_BLOCK 1 // Confirm only if an area has been selected CONFIRM_UNDEFINE_COMMAND = CONFIRM_UNDEFINE_YES // Confirm the "undefine" command CONFIRM_SETFUNCEND_COMMAND = YES // Confirm the "set function end" command (E hotkey) HISTORY_LENGTH = 10 // Maximum length of file->history // Possible value is from 1 to 100 // This can set global binary path mappings. // However, they will be discarded in case the IDB has its own mappings // DEBUG_BINARY_PATHS="/home/user/binaries;C:\\binaries;/home/user/binaries2;C:\\binaries2" // // Note: You might want to not be bothered for requests for // a mapping for binaries in a particular directory. In that case, use the special "" token. E.g., // DEBUG_BINARY_PATH="/home/user/binaries;C:\\binaries;/usr/lib;" #ifdef __QT__ #ifdef __NT__ EXTERNAL_EDITOR = "notepad.exe" #endif #ifdef __LINUX__ EXTERNAL_EDITOR = "gedit" #endif #ifdef __MAC__ EXTERNAL_EDITOR = "/Applications/TextEdit.app/Contents/MacOS/TextEdit" #endif #endif #ifdef __QT__ // 1=YES and 0=NO overwrite the default (-1) behavior for individual dialogs ASK_TEXT_ACCEPTS_TABS = -1 #endif // Built-in window ids #define BWN_EXPORTS 0x00000001 // exports #define BWN_IMPORTS 0x00000002 // imports #define BWN_NAMES 0x00000004 // names #define BWN_FUNCS 0x00000008 // functions #define BWN_STRINGS 0x00000010 // strings #define BWN_SEGS 0x00000020 // segments #define BWN_SEGREGS 0x00000040 // segment registers #define BWN_SELS 0x00000080 // selectors #define BWN_SIGNS 0x00000100 // signatures #define BWN_TILS 0x00000200 // type libraries #define BWN_LOCTYPS 0x00000400 // local types #define BWN_CALLS 0x00000800 // function calls #define BWN_PROBS 0x00001000 // problems #define BWN_BPTS 0x00002000 // breakpoints #define BWN_THREADS 0x00004000 // threads #define BWN_MODULES 0x00008000 // modules #define BWN_TRACE 0x00010000 // trace view #define BWN_STACK 0x00020000 // call stack trace #define BWN_XREFS 0x00040000 // xrefs #define BWN_SEARCHS 0x00080000 // search results #define BWN_FRAME 0x02000000 // function frame #define BWN_NAVBAND 0x04000000 // navigation band #define BWN_ENUMS 0x08000000 // enumerations #define BWN_STRUCTS 0x10000000 // structures #define BWN_DISASMS 0x20000000 // disassembly views #define BWN_DUMPS 0x40000000 // hex dumps #define BWN_NOTEPAD 0x80000000 // notepad CLOSED_BY_ESC = 0x1A000000 // Mask of all windows that are closed by Esc. // If a windows is not closed by Esc, // it can be closed by Alt-F3. // default value 0x1A000000 - stack, enumerations, structures // f.e. 0x9A0FFFFF - all windows but disasm/hexdump/navband can be closed by Esc) #ifdef __QT__ OTHER_CLOSED_BY_ESC = YES // Behavior for all windows not specified by CLOSED_BY_ESC TOOL_CLOSED_BY_ESC = NO // Behavior for tool windows like the Output window PROXIMITY_SHOW_DATA_REFS = YES // Display xrefs to data in proximity view? PROXIMITY_HIDE_LIBRARIES = NO // Hide library functions in proximity view? PROXIMITY_UNLIMITED_RECURSION = NO // Unlimited child recursion in proximity view? PROXIMITY_RECURSE_LIBRARIES = NO // Show childs of library functions in proximity view? PROXIMITY_SHOW_COLLAPSED_NODES = YES // Show collapsed parent/children (i.e., '+') nodes in proximity view? PROXIMITY_MAX_PARENTS_RECURSION = 2 // Maximum level of parents recursion PROXIMITY_MAX_CHILDS_RECURSION = 2 // Maximum level of childs recursion PROXIMITY_MAX_NODES_PER_LEVEL = 0 // Maximum number of nodes to show per level // Specify Qt pixmap cache size, in MB. Bigger cache might speed rendering, // but it's obviously at the expense of memory usage.. // Defaults to a value computed from the display resolution. // (E.g., ~= 30MB on a 1024x768 screen.) // QT_PIXMAP_CACHE_SIZE = 100 // If set to NO, calling msg() causes a refresh of the output window at every call MSG_DELAYED_UPDATE = YES // Specify the limit for lines in the output window (0 - unlimited) MSG_MAXIMUM_LINE_COUNT = 10000 // Specify the percentage of the number of lines for cleaning when the limit is reached MSG_LINE_CLEAN_PERCENT = 10 // By default, IDA uses the native OS file input dialogs. // Uncomment the following to use Qt's implementation. // NATIVE_FILE_DIALOG = NO // This can set global source path mappings. // However, they will be discarded in case the IDB has its own mappings // SOURCE_DEBUG_PATHS="C:\\src_dir1;C:\\dst_dir1;C:\\src_dir2;C:\\dst_dir2" #else TAB_STYLE = "Themed" // One of Default, Enhanced, Flat, OfficeXP, Standard, Themed, VS2005 #endif // // Keyboard hotkey definitions // --------------------------- // #ifdef __QT__ "NewInstance" = 0 // Open a new instance of IDA #endif "ReloadFile" = 0 // Reload the same input file "LoadNewFile" = 0 // Load additional file into database "LoadIdsFile" = 0 // Load IDS file "LoadDbgFile" = 0 // Load DBG file "LoadPdbFile" = 0 // Load PDB file "LoadTdsFile" = 0 // Load TDS file "LoadSigFile" = 0 // Load SIG file "LoadHeaderFile" = "Ctrl-F9" // Load C header file "RecentScripts" = "Alt-F9" // Recent scripts "Execute" = "Alt-F7" // Execute script file "ExecuteLine" = "Shift-F2" // Execute IDC line "About" = 0 "SaveBase" = "Ctrl-W" "SaveBaseAs" = 0 #ifdef __QT__ "SaveBaseSnap" = "Ctrl-Shift-W" // Save database snapshot #endif "Abort" = 0 // Abort IDA, don't save changes "Quit" = "Alt-X" // Quit to DOS, save changes #ifdef __QT__ "QuickStart" = 0 #endif "ReanalyzeProgram" = 0 // Reanalyze the program "ProduceMap" = 0 // Produce MAP file "ProduceAsm" = "Alt-F10" // Produce assembler text file "ProduceInc" = 0 // Produce assembler include file "ProduceLst" = 0 // Produce listing file "ProduceHeader" = 0 // Produce header file from local types "ProduceExe" = 0 // Produce executable file "ProduceDiff" = 0 // Produce difference file "ProduceHtml" = 0 // Produce HTML file "ProduceFuncGdl" = 0 // Produce flow chart GDL "ProduceCallGdl" = 0 // Produce call graph GDL "DumpDatabase" = 0 // Dump database to IDC file // This IDC file contains all // information to recreate // the database from scratch // (executable file will be // needed) "DumpTypes" = 0 // Dump typeinfo to IDC file "JumpAsk" = 'g' "JumpName" = "Ctrl-L" "JumpSegment" = "Ctrl-S" "JumpSegmentRegister" = "Ctrl-G" "JumpQ" = "Ctrl-Q" "JumpPosition" = "Ctrl-M" "JumpXref" = "Ctrl-X" "JumpXrefFrom" = "Ctrl-J" "JumpOpXref" = "X" "JumpFunction" = "Ctrl-P" "JumpEntryPoint" = "Ctrl-E" "JumpFileOffset" = 0 "JumpError" = "Ctrl-F" "JumpEnter" = "Enter" // jump to address under cursor "JumpEnterNew" = "Alt-Enter" // jump to address under cursor // in a new window "CenterInWindow" = "NumpadClear,Clear" "Return" = "Esc" "UndoReturn" = "Ctrl-Enter" // undo the last Esc "EmptyStack" = 0 // make the jumps stack empty "SetDirection" = 0 "MarkPosition" = "Alt-M" "FindAllSuspicious" = 0 "JumpSuspicious" = "Ctrl-V" "JumpCode" = "Alt-C" "JumpData" = "Ctrl-D" "JumpUnknown" = "Ctrl-U" "JumpExplored" = "Ctrl-A" "AskNextImmediate" = "Alt-I" "JumpImmediate" = "Ctrl-I" "AskNextText" = "Alt-T" "JumpText" = "Ctrl-T" "AskBinaryText" = "Alt-B" "JumpBinaryText" = "Ctrl-B" "JumpNotFunction" = 0 "NavFlatPanUp" = "Ctrl+Up" "NavFlatPanDown" = "Ctrl+Down" "NavGraphJumpLinkedNeighborUp" = "Ctrl+Up" "NavGraphJumpLinkedNeighborDown" = "Ctrl+Down" "NavJumpWindowTop" = "Ctrl+Home,Shift+Ctrl+Home" "NavJumpWindowBottom" = "Ctrl+End,Shift+Ctrl+End" "NavJumpHome" = "Home,Shift+Home" "NavJumpEnd" = "End,Shift+End" "NavJumpListingStart" = "Ctrl+PgUp,Shift+Ctrl+PgUp" "NavJumpListingEnd" = "Ctrl+PgDown,Shift+Ctrl+PgDown" "NavLeft" = "Left,Shift+Left" "NavRight" = "Right,Shift+Right" "NavWordLeft" = "Ctrl+Left,Shift+Ctrl+Left" "NavWordRight" = "Ctrl+Right,Shift+Ctrl+Right" "NavLineUp" = "Up,Shift+Up" "NavLineDown" = "Down,Shift+Down" "NavPageUp" = "PgUp,Shift+PgUp" "NavPageDown" = "PgDown,Shift+PgDown" "SearchHighlightUp" = "Alt+Up,Shift+Alt+Up" "SearchHighlightDown" = "Alt+Down,Shift+Alt+Down" "MakeAlignment" = 'L' "ManualInstruction" = "Alt-F2" "ColorInstruction" = 0 "ToggleBorder" = 0 "ToggleRenderer" = "Space" "MakeCode" = 'C' "MakeData" = 'D' "MakeStrlit" = 'A' "MakeArray" = "Numpad*,*" "MakeUnknown" = 'U' "MakeName" = 'N' "ManualOperand" = "Alt-F1" "MakeFunction" = 'P' "EditFunction" = "Alt-P" "AppendFunctionTail" = 0 "RemoveFunctionTail" = 0 "DelFunction" = 0 "FunctionEnd" = 'E' "OpenStackVariables" = "Ctrl-K" // open stack variables window "ChangeStackPointer" = "Alt-K" // change value of SP "RenameRegister" = 'V' "SetType" = 'Y' "MakeComment" = ':' "MakeRptCmt" = ';' #ifdef __MAC__ "MakeExtraLineA" = "I" "MakeExtraLineB" = "Shift-I" #else "MakeExtraLineA" = "Ins" "MakeExtraLineB" = "Shift-Ins" #endif "OpNumber" = '#' "OpHex" = 'Q' "OpDecimal" = 'H' "OpOctal" = 0 "OpBinary" = 'B' "ToggleLeadingZeroes" = 0 "OpFloat" = 0 "OpChar" = 'R' "OpSegment" = 'S' "OpOffset" = 'O' "OpOffsetCs" = "Ctrl-O" "OpAnyOffset" = "Alt-R" "OpUserOffset" = "Ctrl-R" "OpStructOffset" = 'T' "OpStackVariable" = 'K' "OpEnum" = 'M' // commented out because the french/italian versions of windows complain. // if you want, you may uncomment it - anyway it doesn't make big difference //"ChangeSign" = "Shift+-" //"BitwiseNegate" = '~' "SetOpType" = 0 "CreateSegment" = 0 "EditSegment" = "Alt-S" "KillSegment" = 0 "MoveSegment" = 0 "RebaseProgram" = 0 "SegmentTranslation" = 0 "SetSegmentRegister" = "Alt-G" "SetSegmentRegisterDefault" = 0 #ifdef __QT__ "OutputWindow" = "Alt-0" "GraphOverview" = 0 #endif "ShowRegisters" = "Ctrl-Space" #ifdef __QT__ "QuickView" = "Ctrl-1" "QuickRunPlugins" = "Ctrl-3" #endif "OpenNotepad" = 0 "WindowOpen" = 0 "OpenFunctions" = "Shift-F3" // open functions window "OpenExports" = 0 "OpenImports" = 0 "OpenNames" = "Shift-F4" "OpenSignatures" = "Shift-F5" // open signatures window "OpenSegments" = "Shift-F7" "OpenSegmentRegisters" = "Shift-F8" "OpenSelectors" = 0 "OpenXrefs" = 0 "OpenStructures" = "Shift-F9" // open structures window "OpenEnums" = "Shift-F10" // open enums window "OpenProblems" = 0 "OpenTypeLibraries" = "Shift-F11" "GraphFunc" = "F12" // display function flow-chart "CallFlow" = "Ctrl-F12" // display function call graph "PrintFlowLabels" = 0 "ChartXrefsTo" = 0 // display referenced items "ChartXrefsFrom" = 0 // display referencing items "ChartXrefsUser" = 0 // display referenced/referencing items "OpenStrings" = "Shift-F12" "OpenCallers" = 0 // display function call list "OpenLocalTypes" = "Shift-F1" "PatchByte" = 0 "PatchWord" = 0 "Assemble" = 0 "ApplyPatches" = 0 // apply patches to input file "Options" = 0 // show the general options dialog "SetColors" = 0 // show the colors configuration dialog #ifdef __QT__ "SetFont" = 0 // show the fonts configuration dialog #endif "SetStrlitStyle" = "Alt-A" // set strings style "SetDirectives" = 0 // setup assembler directives "ToggleDump" = 0 // show dump or normal view "SetNameType" = 0 // show the name representation type dialog "SetupCompiler" = 0 // show the compiler setup dialog "SetDemangledNames" = 0 "Calculate" = '?' "ShowFlags" = 'F' #ifdef __QT__ "ShowSnapMan" = "Ctrl-Shift-T" // show the database snapshot manager #endif "SetupHidden" = 0 "Hide" = "Ctrl-Numpad-" "UnHide" = "Ctrl-Numpad+" "HideAll" = 0 "UnHideAll" = 0 "DelHiddenRange" = 0 #ifdef __QT__ #ifdef __MAC__ "FullScreen" = "Meta-Shift-F" #else "FullScreen" = "F11" #endif #endif #ifdef __QT__ "ShowHelp" = "F1" #else "KeyboardHelp" = 0 #endif #ifdef __NT__ "ExternalHelp" = "Ctrl-F1" #endif #ifdef __QT__ "WindowsList" = 0 "WindowsListNext" = "Ctrl-Tab" "WindowsListPrev" = "Ctrl-Shift-Tab" #endif "NextWindow" = "F6" "PrevWindow" = "Shift-F6" "CloseWindow" = "Alt-F3" "FocusCLI" = '.' // focus command line "FocusCLI2" = "Ctrl-." // focus command line (from anywhere in IDA) #ifdef __QT__ "BasicMode" = 0 "AdvancedMode" = 0 #endif // // Structure manipulation commands // #ifdef __MAC__ "AddStruct" = "I" // add struct type #else "AddStruct" = "Ins" // add struct type #endif "DelStruct" = "Del" // del struct type "ExpandStruct" = "Ctrl-E" // expand struct type "ShrinkStruct" = "Ctrl-S" // shrink struct type "EditStruct" = 0 // edit struct type "DeclareStructVar" = "Alt-Q" // declare struct variable "ZeroStructOffset" = "Ctrl-Z" // force zero field offset "SelectUnionMember" = "Alt-Y" // select union member "CreateStructFromData" = 0 // create struct from data "CopyFieldsToPointers" = 0 // copy field info to pointers // // Enum manipulation commands // #ifdef __MAC__ "AddEnum" = "I" // add enum #else "AddEnum" = "Ins" // add enum #endif "DelEnum" = "Del" // del enum "EditEnum" = "Ctrl-E" // edit enum "AddConst" = "N" // add new enum member "EditConst" = "Ctrl-N" // edit enum member "DelConst" = "U" // delete enum member // // Debugger manipulation commands // #ifdef __QT__ "QuickDbgView" = "Ctrl-2" #endif "Debugger" = "Ctrl-Alt-C" // open debugger window "ProcessStart" = "F9" // start a new process in the debugger "ProcessPause" = 0 // pause the debugged process "ProcessExit" = "Ctrl-F2" // terminate the debugged process "ProcessAttach" = 0 // Attach to a process "ProcessDetach" = 0 // Detach from the debugged process "TakeSnapshot" = 0 // Take a memory snapshot to the database "RefreshMemcfg" = 0 // Refresh memory "ThreadStepInto" = "F7" // step into the current instruction "ThreadStepOver" = "F8" // step over the current instruction "ThreadRunUntilReturn" = "Ctrl-F7" // execute instructions until execution returns from the current function "ThreadRunToCursor" = "F4" // execute instructions until cursor is reached "ThreadSetCurrentIp" = "Ctrl-N" // set new EIP (execution pointer) "Threads" = 0 // open threads window "BreakpointAdd" = 0 // add a breakpoint "BreakpointDel" = 0 // del a breakpoint "BreakpointToggle" = "F2" // toggle a breakpoint "BreakpointEdit" = 0 // edit breakpoint settings "BreakpointEnable" = 0 "BreakpointDisable" = 0 "Breakpoints" = "Ctrl-Alt-B" // open breakpoints window //"WatchList" = "Ctrl-Alt-W" // open the watch list "AddWatch" = 0 // add watch "DelWatch" = "Del" // del watch "StackTrace" = "Ctrl-Alt-S" // open stack trace window "TraceWindow" = 0 // open trace window "ClearTrace" = 0 // clear trace window "SetupTracing" = 0 // open setup tracing window "ToggleTraceInstructions" = 0 // toggle instructions tracing "ToggleTraceFunctions" = 0 // toggle functions tracing "ExecTraceAdd" = 0 // add execution trace "WriteTraceAdd" = 0 // add write trace "ReadWriteTraceAdd" = 0 // add read/write trace "SwitchDebugger" = 0 // switch the current debugger #ifdef __QT__ "SwitchToSource" = 0 // switch from disassembly to source view #endif // Graph view commands "GraphZoomMode" = 0 // Switch to zoom mode "GraphSelectMode" = 0 // Switch to select mode "GraphMoveMode" = 0 // Switch to move mode "GraphZoom100" = '1' // Zoom 100% "GraphZoomFit" = 'W' // Fit window "GraphZoomIn" = "Ctrl-Shift-Numpad+" // Zoom in "GraphZoomOut" = "Ctrl-Shift-Numpad-" // Zoom out "GraphSetupOptions" = 0 // Setup graph options "GraphSetupColors" = 0 // Setup graph colors "GraphPrint" = 0 // Print graph "GraphLayout" = 0 // Layout graph "GraphFlatView" = 0 // Switch to flat disassembly view "GraphGraphView" = 0 // Switch to graph view #ifdef __QT__ "GraphProximityBack" = "Numpad+" // Back to previous view from proximity view "GraphProximityView" = "Numpad-" // Switch to proximity view #endif "GraphGroup" = 0 // Group nodes "GraphUngroup" = 0 // Ungroup nodes "GraphHideGroup" = 0 // Hide group "GraphUnHideGroup" = 0 // Unhide group "GraphHideAllGroups" = 0 // Hide all groups "GraphUnHideAllGroups" = 0 // Unhide all groups "GraphColor" = 0 // Set node color "GraphColor1" = 0 // Set node color 1 "GraphColor2" = 0 // Set node color 2 "GraphDefaultColor" = 0 // Set node color to default // Desktop "LoadDesktop" = 0 "SaveDesktop" = 0 "ResetDesktop" = 0 "DeleteDesktop" = 0 "ResetHiddenMessages" = 0 "WindowActivate1" = "Alt-1" "WindowActivate2" = "Alt-2" "WindowActivate3" = "Alt-3" "WindowActivate4" = "Alt-4" "WindowActivate5" = "Alt-5" "WindowActivate6" = "Alt-6" "WindowActivate7" = "Alt-7" "WindowActivate8" = "Alt-8" "WindowActivate9" = "Alt-9" // Miscellaneous "StringC" = 0 "StringDOS" = 0 "StringPascal1" = 0 "StringPascal2" = 0 "StringDelphi" = 0 "StringUnicode" = 0 "StringUnicodePascal2" = 0 "StringUnicodePascal4" = 0 "SearchNext" = 0 "Function" = 0 "LockHighlight" = 0 // // Others // ------ // "Analysis" = 0 // "Anchor" = "Alt+L" // "CLICopyAddress" = 0 // "CLICopySize" = 0 // "ClearMark" = 0 // "CloseBase" = 0 // "CopyStruct" = 0 // Make a copy of structure/union type "EditCopy" = "Ctrl+C" // "FindAllErrors" = 0 // "GraphCircleLayout" = 0 // "GraphDigraphLayout" = 0 // "GraphNewProximityView" = 0 // Open new proximity browser "GraphOrthogonalLayout" = 0 // "GraphPolarLayout" = 0 // "GraphProximityAddGraph" = 0 // Expand children "GraphProximityAddNode" = 0 // Add name "GraphProximityAddParents" = 0 // Expand parents "GraphProximityDelChilds" = 0 // Collapse children "GraphProximityDelNode" = 0 // Hide node "GraphProximityDelParents" = 0 // Collapse parents "GraphProximityExpand" = 0 // Expand node "GraphProximityExpandCurrent" = "+" // Expand current node "GraphProximityFindPath" = 0 // Find path "GraphProximityReset" = 0 // Reset graph "GraphRadialLayout" = 0 // "GraphSelectColor" = 0 // Select nodes with the same color as the current node "GraphTreeLayout" = 0 // "JumpNewDump" = 0 // "JumpToIP" = 0 // "LoadFile" = 0 // Load additional binary file "Locals" = 0 // Open local variables window "Modules" = 0 // Open modules window "NewFile" = 0 // Create a new database "OpenSourceFile" = 0 // Open a source file "SelectAll" = 0 // "SelectIdentifier" = "Shift+Enter" // "SetupData" = "Alt+D" // "SetupDebugger" = 0 // "SetupProcess" = 0 // "SetupSrcPaths" = 0 // Setup source paths "ShortcutEditor" = 0 // Edit shortcuts "StackView" = 0 // "ToggleSourceDebug" = 0 // "ToggleTraceBasicBlocks" = 0 // Toggle basic block tracing "WatchList" = 0 // Open the watch list window "WatchView" = 0 // Open a new watch window "PatchedBytes" = "Ctrl+Alt+P" // Patched bytes "ExportData" = "Shift+E" // Export data "BuyIDA" = 0 "Homepage" = 0 "SupportForum" = 0 "CheckFreeUpdate" = 0 "BugReport" = 0 "CommandPalette" = "Ctrl+Shift+P" // Open command palette "RepeatLastPaletteCommand" = "Ctrl+Shift+R" // Repeat last command // // Menus layout // ------------ // MENUS_LAYOUT = [ { "label" : "&File", "name" : "File", "actions" : [ "NewInstance", "LoadNewFile", { "label" : "&Load file", "actions" : [ "ReloadFile", "LoadFile", "LoadIdsFile", "LoadPdbFile", "LoadDbgFile", "LoadTdsFile", "LoadSigFile", "LoadHeaderFile" ] }, { "label" : "&Produce file", "actions" : [ "ProduceMap", "ProduceAsm", "ProduceInc", "ProduceLst", "ProduceExe", "ProduceDiff", "ProduceHtml", "ProduceFuncGdl", "ProduceCallGdl", "ProduceHeader", "", "DumpDatabase", "DumpTypes" ] }, "Execute", "ExecuteLine", "SaveBase", "SaveBaseAs", "SaveBaseSnap", "CloseBase", "", "QuickStart", "Quit" ] }, { "label" : "&Edit", "name" : "Edit", "actions" : [ "EditCopy", "Anchor", "SelectAll", "SelectIdentifier", "", "ExportData", "", "MakeCode", "MakeData", "DeclareStructVar", { "label" : "St&rings", "name" : "Strings", "icon" : 0, "actions" : [ "MakeStrlit", "", "StringC", "StringDOS", "StringPascal1", "StringPascal2", "StringDelphi", "StringUnicode", "StringUnicodePascal2", "StringUnicodePascal4" ] }, "MakeArray", "MakeUnknown", "MakeName", "", { "label" : "&Operand type", "actions" : [ { "label" : "&Offset", "name" : "OpTypeOffset", "icon" : 23, "actions" : [ "OpOffset", "OpOffsetCs", "OpAnyOffset", "OpUserOffset", "OpStructOffset" ] }, { "label" : "&Number", "name" : "OpTypeNumber", "icon" : 4, "actions" : [ "OpNumber", "OpHex", "OpDecimal", "OpOctal", "OpBinary", "OpFloat", "", "ToggleLeadingZeroes" ] }, "OpChar", "OpSegment", "OpEnum", "OpStackVariable", "ChangeSign", "BitwiseNegate", "ManualOperand", "SetOpType" ] }, { "label" : "Co&mments", "actions" : [ "MakeComment", "MakeRptCmt", "MakeExtraLineA", "MakeExtraLineB" ] }, { "label" : "&Segments", "actions" : [ "CreateSegment", "EditSegment", "KillSegment", "MoveSegment", "RebaseProgram", "SegmentTranslation", "SetSegmentRegister", "SetSegmentRegisterDefault" ] }, { "label" : "S&tructs", "actions" : [ "DeclareStructVar", "ZeroStructOffset", "SelectUnionMember", "CreateStructFromData", "CopyFieldsToPointers" ] }, { "label" : "&Functions", "actions" : [ "MakeFunction", "EditFunction", "AppendFunctionTail", "RemoveFunctionTail", "DelFunction", "FunctionEnd", "OpenStackVariables", "ChangeStackPointer", "RenameRegister", "SetType" ] }, { "label" : "&Patch program", "actions" : [ "PatchByte", "PatchWord", "Assemble", "PatchedBytes", "ApplyPatches" ] }, { "label" : "Ot&her", "actions" : [ "MakeAlignment", "ManualInstruction", "ColorInstruction", "ToggleBorder" ] }, { "label" : "Plu&gins", "name" : "Plugins", "actions" : [] } ] }, { "label" : "&Jump", "name" : "Jump", "actions" : [ "JumpEnter", "JumpEnterNew", "Return", "UndoReturn", "EmptyStack", "", "JumpAsk", "JumpName", "JumpFunction", "JumpSegment", "JumpSegmentRegister", "JumpQ", "JumpXref", "JumpXrefFrom", "JumpOpXref", "JumpEntryPoint", "JumpFileOffset", "", "MarkPosition", "JumpPosition", "ClearMark" ] }, { "label" : "Searc&h", "name" : "Search", "actions" : [ "JumpCode", "JumpData", "JumpExplored", "JumpUnknown", "AskNextImmediate", "JumpImmediate", "AskNextText", "JumpText", "AskBinaryText", "JumpBinaryText", "JumpNotFunction", "JumpSuspicious", "JumpError", "FindAllSuspicious", "FindAllErrors", "", "SetDirection" ] }, { "label" : "&View", "name" : "View", "actions" : [ { "label" : "&Open subviews", "name" : "Subviews", "actions" : [ "QuickView", "", "WindowOpen", "GraphNewProximityView", "ToggleDump", "", "OpenExports", "OpenImports", "OpenNames", "OpenFunctions", "OpenStrings", "", "OpenSegments", "OpenSegmentRegisters", "OpenSelectors", "", "OpenSignatures", "OpenTypeLibraries", "", "OpenStructures", "OpenEnums", "OpenLocalTypes", "", "OpenXrefs", "OpenCallers", "", "OpenNotepad", "OpenProblems", "PatchedBytes" ] }, { "label" : "&Graphs", "actions" : [ "GraphFunc", "PrintFlowLabels", "", "CallFlow", "ChartXrefsTo", "ChartXrefsFrom", "ChartXrefsUser" ] }, { "label" : "&Toolbars", "name" : "Toolbars", "actions" : [] }, "Calculate", "FullScreen", "GraphOverview", "RecentScripts", "ShowSnapMan", "", "ShowRegisters", "ShowFlags", "", "Hide", "UnHide", "HideAll", "UnHideAll", "DelHiddenRange", "SetupHidden" ] }, { "label" : "", // The debugger menu labels are replaced automatically according to what menu is visible "name" : "DebuggerSelected", "visible_initially" : false, "actions" : [ "QuickDbgView", "", { "label" : "&Debugger windows", "name" : "DebuggerWindows", "actions" : [ "Debugger", "Threads", "Modules", "Locals", "StackView", "StackTrace", "WatchView" ] }, { "label" : "&Breakpoints", "actions" : [ "Breakpoints", "BreakpointAdd", "BreakpointDel" ] }, { "label" : "&Watches", "actions" : [ "WatchList", "AddWatch", "DelWatch" ] }, { "label" : "Tracin&g", "actions" : [ "TraceWindow", "ClearTrace", "", "ToggleTraceInstructions", "ToggleTraceBasicBlocks", "ToggleTraceFunctions", "", "WriteTraceAdd", "ReadWriteTraceAdd", "ExecTraceAdd", "", "SetupTracing" ] }, "", "ProcessStart", "ProcessAttach", "SetupProcess", "ProcessPause", "ProcessExit", "ProcessDetach", "RefreshMemcfg", "TakeSnapshot", "", "ThreadStepInto", "ThreadStepOver", "ThreadRunUntilReturn", "ThreadRunToCursor", "", "SwitchToSource", "ToggleSourceDebug", "OpenSourceFile", "", "SetupDebugger", "SwitchDebugger" ] }, { "label" : "", "name" : "DebuggerUnselected", "visible_initially" : false, "actions" : [ "SwitchDebugger" ] }, { "label" : "", "name" : "DebuggerRunToAndAttach", "actions" : [ { "label" : "&Run", "name" : "DebuggerRunTo", "actions" : [] }, { "label" : "&Attach", "name" : "DebuggerAttach", "actions" : [] } ] }, { "label" : "&Options", "name" : "Options", "actions" : [ "Options", "SetColors", "SetFont", "ShortcutEditor", "CommandPalette", "RepeatLastPaletteCommand", "SetDirectives", "SetNameType", "SetDemangledNames", "SetupCompiler", "SetStrlitStyle", "SetupCompiler", "SetStrlitStyle", "SetupData", "SetupSrcPaths" ] }, { "label" : "&Windows", "name" : "Windows", "actions" : [ "LoadDesktop", "SaveDesktop", "DeleteDesktop", "ResetDesktop", "", "ResetHiddenMessages", "", "WindowsList", "NextWindow", "PrevWindow", "CloseWindow", "FocusCLI2", "", "OutputWindow", "WindowActivate1", "WindowActivate2", "WindowActivate3", "WindowActivate4", "WindowActivate5", "WindowActivate6", "WindowActivate7", "WindowActivate8", "WindowActivate9" ] }, { "label" : "Help", "name" : "Help", "actions" : [ "ShowHelp", #ifdef __NT__ "ExternalHelp", #endif "About", "", "BuyIDA", "Homepage", "SupportForum", "CheckFreeUpdate", "BugReport" ] }, // ------------------ // "Structures" menus // ------------------ { "label" : "&Edit", "name" : "Struct:Edit", "present_initially" : false, "actions" : [ "EditCopy", "", "AddStruct", "CopyStruct", "EditStruct", "DelStruct", "", "ExpandStruct", "ShrinkStruct", "", "MakeData", "DeclareStructVar", "MakeStrlit", "MakeArray", "MakeUnknown", "MakeName", "SetType", "CreateStructFromData", "", { "label" : "&Field type", "name" : "FieldType", "actions" : [ { "label" : "&Offset", "icon" : 23, "actions" : [ "OpOffset", "OpOffsetCs", "OpUserOffset", "OpStructOffset" ] }, { "label" : "&Number", "icon" : 4, "actions" : [ "OpNumber", "OpHex", "OpDecimal", "OpOctal", "OpBinary", "OpFloat" ] }, "OpChar", "OpSegment", "OpEnum", "ChangeSign", "BitwiseNegate" ] } ] }, { "label" : "&Jump", "name" : "Struct:Jump", "present_initially" : false, "actions" : [ "JumpName", "JumpXref", "", "MarkPosition", "JumpPosition", "ClearMark" ] }, { "label" : "Searc&h", "name" : "Struct:Search", "present_initially" : false, "actions" : [ "AskNextText", "JumpText", "", "SetDirection" ] }, // ------------- // "Enums" menus // ------------- { "label" : "&Edit", "name" : "Enum:Edit", "present_initially" : false, "actions" : [ "EditCopy", "", "AddEnum", "EditEnum", "DelEnum", "", "AddConst", "EditConst", "DelConst", "", { "label" : "Comments", "actions" : [ "MakeComment", "MakeRptCmt" ] } ] }, { "label" : "&Jump", "name" : "Enum:Jump", "present_initially" : false, "actions" : [ "JumpName", "", "MarkPosition", "JumpPosition", "ClearMark" ] }, { "label" : "Searc&h", "name" : "Enum:Search", "present_initially" : false, "actions" : [ "AskNextText", "JumpText", "", "SetDirection" ] } ] // // Toolbars layout // --------------- // TOOLBARS_LAYOUT = [ { "label" : "File", "name" : "FileToolBar", "basic_mode" : true, "actions" : [ "LoadNewFile", "SaveBase" ] }, { "label" : "Jump", "name" : "JumpToolBar", "basic_mode" : true, "actions" : [ "Return", "UndoReturn" ] }, { "label" : "Search", "name" : "SearchToolBar", "basic_mode" : true, "actions" : [ "AskNextImmediate", "AskNextText", "AskBinaryText", "", "SearchNext", "", "SetDirection", "", "LockHighlight" ] }, { "label" : "Hide/Unhide", "name" : "HideToolBar", "actions" : [ "Hide", "UnHide", "DelHiddenRange" ] }, { "label" : "Analysis", "name" : "AnalysisToolBar", "basic_mode" : true, "actions" : [ "OpenProblems", "Analysis" ] }, { "label" : "Views", "name" : "ViewsToolBar", "actions" : [ "WindowOpen", "ToggleDump", "Debugger" ] }, { "label" : "Graph view", "name" : "GraphViewToolBar", "actions" : [ "GraphFlatView", "GraphGraphView", "GraphProximityView", "", "GraphZoom100", "GraphZoomFit", "GraphLayout", "GraphPrint", "GraphSetupOptions", "GraphSetupColors" ] }, { "label" : "Lists", "name" : "ListsToolBar", "actions" : [ "OpenExports", "OpenImports", "OpenNames", "OpenFunctions", "OpenStrings" ] }, { "label" : "Signatures/Types", "name" : "SignTypesToolBar", "actions" : [ "OpenSignatures", "OpenTypeLibraries" ] }, { "label" : "Structures/Enumerations", "name" : "StructEnumToolBar", "actions" : [ "OpenStructures", "OpenEnums" ] }, { "label" : "Cross references", "name" : "CrossReferencesToolBar", "actions" : [ "OpenXrefs", "OpenCallers" ] }, { "label" : "Segments", "name" : "SegmentsToolBar", "actions" : [ "OpenSegments", "OpenSegmentRegisters", "OpenSelectors" ] }, "", // Toolbar break { "label" : "Edit", "name" : "EditToolBar", "basic_mode" : true, "actions" : [ "MakeCode", "MakeData", "DeclareStructVar", "@MakeStrlit", "MakeArray", "MakeName", "MakeUnknown" ] }, { "label" : "Operand type", "name" : "OperandTypeToolBar", "actions" : [ "@OpOffset", "@OpNumber", "OpChar", "OpSegment", "OpEnum", "OpStackVariable", "ChangeSign", "BitwiseNegate", "ManualOperand" ] }, { "label" : "Utilities", "name" : "UtilitiesToolBar", "actions" : [ "Calculate", "OpenNotepad", "ExecuteLine", "Execute" ] }, { "label" : "Functions", "name" : "FunctionsToolBar", "actions" : [ "Function", "OpenStackVariables", "SetType" ] }, { "label" : "Enumerations", "name" : "EnumerationsToolBar", "actions" : [ "AddEnum", "EditEnum", "DelEnum", "", "AddConst", "EditConst", "DelConst" ] }, { "label" : "Structures", "name" : "StructuresToolBar", "actions" : [ "AddStruct", "CopyStruct", "EditStruct", "DelStruct", "", "ExpandStruct", "ShrinkStruct" ] }, { "label" : "Comments", "name" : "CommentsToolBar", "actions" : [ "MakeComment", "MakeRptCmt", "MakeExtraLineA", "MakeExtraLineB" ] }, { "label" : "Graphs", "name" : "GraphsToolBar", "actions" : [ "GraphFunc", "CallFlow", "ChartXrefsTo", "ChartXrefsFrom", "ChartXrefsUser" ] }, "", // Toolbar break { "label" : "Debug", "name" : "DebugToolBar", "basic_mode" : true, "actions" : [ "ProcessStart", "ProcessPause", "ProcessExit", "@DebuggerList", "", "SwitchToSource", "ToggleSourceDebug" ] }, { "label" : "Debugger commands", "name" : "DbgCommandsToolBar", "actions" : [ "ThreadStepInto", "ThreadStepOver", "ThreadRunUntilReturn", "ThreadRunToCursor", "", "Threads", "Modules" ] }, { "label" : "Breakpoints", "name" : "BreakpointsToolBar", "basic_mode" : true, "actions" : [ "Breakpoints", "BreakpointAdd", "BreakpointDel" ] }, { "label" : "Watches", "name" : "WatchesToolBar", "actions" : [ "WatchList", "AddWatch", "DelWatch" ] }, { "label" : "Tracing", "name" : "TracingToolBar", "actions" : [ "TraceWindow", "", "ToggleTraceInstructions", "ToggleTraceFunctions", "", "StackTrace" ] } ] // // File extension definitions // -------------------------- // // IDA extensions #ifdef __EA64__ #define IDB_EXT "*.i64;*.id0" #else #define IDB_EXT "*.id?" #endif // Identifier, Name, Extension(s) FILE_EXTENSIONS = { // file formats: // Windows EXE_WIN, "PE Executables", "*.exe" DLL_WIN, "PE Dynamic Libraries", "*.dll" OCX_WIN, ".ocx PE ActiveX Controls", "*.ocx" DRV_WIN, "PE/LE/NE Device Drivers", "*.sys;*.vxd;*.386;*.drv" OBJ_WIN, "COFF/OMF Object Files", "*.obj" LIB_WIN, "COFF/OMF Static Libraries", "*.lib" // DOS EXE_DOS, "MZ/LE/DJGPP-COFF/Watcom-W32RUN Executables", "*.exe" EXE_COM_DOS, ".com Executables", "*.com" DRV_DOS, ".sys Device Drivers", "*.sys" OVR_DOS, ".ovr Overlay Files", "*.ovr" OBJ_DOS, "OMF Object Files", "*.obj" LIB_DOS, "OMF Static Libraries", "*.lib" EXE_PHARLAP, ".exp PharLap Protected Mode Executables", "*.exp" // Unix EXE_UNIX, "ELF/COFF/A.OUT/QNX/SOM Executables", "*" DLL_UNIX, "ELF/COFF Dynamic Libraries", "*.so;*.so.*" OBJ_UNIX, "ELF/COFF/SOM Object Files", "*.o" LIB_UNIX, "ELF/COFF Static Libraries", "*.a" DLL_HPUX, ".sl HP-UX SOM Dynamic Libraries", "*.sl" // Mac EXE_MACOSX, "Mac OS X Mach-O Executables", "*" DLL_MACOSX, "Mac OS X Mach-O Dynamic Libraries", "*.dylib" EXE_MACOS, "Mac OS PEF Executables", "*" OBJ_MACOSX, "Mac OS X Mach-O Object Files", "*.o" LIB_MACOSX, "Mac OS X Mach-O Static Libraries", "*.a" // Java CLASS_JAVA, "Java Class Files", "*.cla*;*.cls" ZIP_JAVA, ".jar/.zip Java Archives", "*.jar;*.zip" // .NET EXE_NET, ".NET Executables", "*.exe" DLL_NET, ".NET Dynamic Libraries", "*.dll" // various OS's EXE_OS2, "OS/2 LX Executables", "*.exe" DRV_NETWARE, "NetWare Loadable Modules", "*.nlm;*.lan;*.dsk" EXE_BEOS, "BeOS ELF/PEF Executables", "*" AMIGA, "Amiga Hunk Files", "*" GEOS, "GeoWorks GEOS Files", "*.geo" OS9, "OS-9 Object Files", "*" EXE_FLEX, ".cmd Motorola FLEX OS Executables", "*.cmd" EXE_RT11, ".sav PDP-11/RT-11 Executables", "*.sav" // PDAs/handhelds EXE_ARM, ".axf ARM Executables", "*.axf" OBJ_ARM, "ARM Object Files", "*.o" EXE_EPOC, ".app Symbian EPOC Executables", "*.app" SIS_EPOC, ".sis Symbian EPOC Installation Files", "*.sis" EXE_PALM, ".prc Palm Pilot Executables", "*.prc" // consoles EXE_XBOX, ".xbe Xbox Executables", "*.xbe" EXE_N64, ".v64 Nintendo ROM Images", "*.v64" ROM_NGB, ".bin Nintendo GameBoy ROM Images", "*.bin" BIN_SPSX, ".bin Sony PlayStation BIOS Images", "*.bin" EXE_SPSX, ".psx Sony PlayStation Executables", "*.psx" OBJ_SPSX, "Sony PlayStation Object Files", "*.obj;*.o" EXE_SDC, ".elf Sega Dreamcast ELF Executables", "*.elf" // embedded INTEL_HEX, ".hex Intel/MOS Hexadecimal Files", "*.hex" S19_HEX, ".s19 Motorola S-record Hexadecimal Files", "*.s19" OBJ_INTEL, "Intel OMF-386 Object Files", "*.obj" MAS, ".p MAS Macro Assembler Code Files", "*.p" SBN, ".sbn Structured Binary Format Files", "*.sbn" // binary files RAW_BIN, "Binary/Raw Files", "*.bin;*.raw" ROM_BIN, "ROM Images", "*.rom" DUMP_BIN, "Dump Files", "*.dmp;*.dump;*.mdmp" // file categories (mainly used to define the default file filter): ALL, "All Files", "*" IDB, "IDA Databases", IDB_EXT EXE, "Executable Files", EXE_* DLL, "Dynamic Libraries", DLL_* DRV, "Drivers", DRV_* OBJLIB, "Object Files and Libraries", OBJ_*;LIB_* JAVA, "Java Files", *_JAVA NET, ".NET Files", *_NET ARM, "ARM Files", *_ARM EPOC, "Symbian EPOC Files", *_EPOC SPSX, "Sony PlayStation Files", *_SPSX HEX, "Hexadecimal Files", *_HEX KNOWN, "All known file extensions", * } // // Default file filter (used by the Open command) // DEFAULT_FILE_FILTER = { KNOWN ALL IDB EXE DLL DRV OBJLIB JAVA NET DRV_NETWARE GEOS EXE_FLEX EXE_RT11 ARM EPOC SPSX EXE_PALM EXE_XBOX EXE_N64 EXE_SDC HEX MAS SBN RAW_BIN ROM_BIN DUMP_BIN } //------------------------------------------------------------------------- // User specific parameters //------------------------------------------------------------------------- // // If you don't want to modify IDAGUI.CFG file then you can create a file // called IDAUSERG.CFG and place additional parameters there. // // The IDAUSERG.CFG file should be placed in the IDA/CFG directory. // #softinclude