Skip to content
Using the IDA debugger to unpack an “hostile” PE executable
Initializing search
Developer Guide
Getting Started
User Guide
Developer guide
Developer guide
C++ SDK
IDAPython
IDC
C++ sdk
C++ sdk
Examples
Getting Started
Porting Guide from IDA 8.x to 9.0
How to create a plugin with C++ SDK?
Migration guides
Using the Decompiler SDK: Decompiler Plug-In
Idapython
Idapython
How to create a plugin?
Examples
Getting Started
Porting Guide from IDA 8.x to 9.0
Migration guides
Idc
Idc
Core concepts
IDC examples
Core concepts
Core concepts
Classes
Constants
Exceptions
Expressions
Functions
loader_input_t class
Predefined symbols
Slices
Statements
Variables
Idc examples
Idc examples
Analyzing encrypted code
Batch analysis
Device driver analysis
New file format definition
Structures manipulation
VxD analysis
Getting started
Getting started
Basic Usage
Install IDA
Licensing
What's next?
User guide
User guide
Configuration
Debugger
Decompiler
Disassembler
Floating licenses
Helper Tools
idalib
Teams
Plugins
Creating Signatures
Teams
Creating Type Libraries
Types
User Interface
Configuration
Configuration
All the low-level configuration options in .cfg files
Command line switches
Configuration files
Configuration
CSS-based styling Tutorial
Customizing IDA
Keyboard macros
Shortcuts
UI/Fonts/Themes
Debugger
Debugger
Debugger tutorials
Debugger
Instant debugger
Local debugging
Remote debugging
Local debugging
Local debugging
Intel/ARM macOS debugger
Linux debugger
WinDbg Debugger
WinDbg: Time Travel Debugging
Remote debugging
Remote debugging
Android debugger
Bochs debugger
Dalvik debugger
PIN debugger
Remote GDB Debugger
Remote iOS Debugger
Replayer debugger
Bochs debugger
Bochs debugger
Bochs debugger FAQ
Bochs Disk Image operation mode
Bochs IDB operation mode
Bochs PE operation mode
Pin debugger
Pin debugger
Building the pin tool
Connecting a remote PIN tool instance from IDA
PIN support for MacOSX
Remote gdb debugger
Remote gdb debugger
Debugging code snippets with QEMU
Debugging with gdbserver
Debugging with OpenOCD
Debugging with QEMU
Debugging with VMWare
External programs and GDB Debugger
Remote GDB Debugger options
Tutorials
Tutorials
Appcall primer
Appcall primer
Appcall
Bochs debugger primer
Bochs debugger primer
Debugging Windows Applications with IDA Bochs Plugin
Bochs linux primer
Bochs linux primer
Using the Bochs debugger plugin in Linux
Debugger dalvik
Debugger dalvik
Debugging Dalvik Programs
Debugger ios
Debugger ios
Debugging iOS Applications with IDA Pro
Debugger linux local
Debugger linux local
IDA Linux Local Debugging
Debugger mac
Debugger mac
Debugging Mac OSX Applications with IDA Pro
Debugger pin
Debugger pin
Debugging Linux/Windows Applications with PIN Tracer module
Debugger windbg kernel
Debugger windbg kernel
Debugging Windows Kernel with VMWare and IDA WinDbg Plugin
Debugger windbg user
Debugger windbg user
Debugger windbg user
Debugger windows local
Debugger windows local
Debugging a Windows executable locally and remotely
Debugger xnu
Debugger xnu
Debugging the XNU Kernel with IDA Pro
Gdb debugger primer
Gdb debugger primer
Gdb qemu
Gdb linux vmware
Gdb linux vmware
Debugging Linux Kernel under VMWare using IDA GDB debugger
Ida scriptable debugger
Ida scriptable debugger
IDA Scriptable Debugger: overview
IDA Scriptable Debugger: scriptability
Ios debugging coredevice
Ios debugging coredevice
Debugging iOS Applications using CoreDevice (iOS 17 and up)
Linux debugger
Linux debugger
IDA: Linux Debugger
Linuxlocal
Linuxlocal
IDA Linux Local Debugging
Linuxtowin32
Linuxtowin32
Linuxtowin32
Linuxtowin64
Linuxtowin64
IDA Linux to Win64 Debugging
Qemu debugger primer
Qemu debugger primer
Debugging code snippets with QEMU debugger (a la IDA Bochs debugger)
Remote debugging
Remote debugging
Remote debugging with IDA Pro
Trace replayer
Trace replayer
Trace Replayer and managing traces
Tracing
Tracing
Using IDA Pro's tracing features
Win32local
Win32local
IDA Win32 Local Debugging
Win32tolinux
Win32tolinux
IDA Win32 to Linux Debugging
Win debugger hub
Win debugger hub
Windows Debugger Hub
Windbg debugger primer
Windbg debugger primer
Debugging Windows Applications with IDA WinDbg Plugin
Decompiler
Decompiler
Decompiler
Exception handler
gooMBA
Introduction to Decompilation vs. Disassembly
Decompiler manual
Decompiler manual
Batch operation
Add/delete function return type
Edit block comment
Collapse/uncollapse item
Edit indented comment
Copy to assembly
Del function argument
Force call type
Cmd force lvar
Hide/unhide C statements
Show/hide casts
Generate HTML file
Jump to cross reference globally
Jump to paired paren
Jump to cross reference
Map to another variable
Mark/unmark as decompiled
Create new struct type
Set number representation
Rename
Reset pointer type
Select union field
Set call type
Set type
Split/unsplit expression
Split variable
Convert to struct *
Add/del variadic arguments
Configuration
Failures and troubleshooting
FAQ
Floating point support
Interactive operation
Support for intrinsic functions
Legal info
Legal info
Limitations
Overlapped variables
Prerequisites
Quick primer
SDK reference
Table of Contents
Third party plugins
Third party plugins
Tips and tricks
Tips and tricks
Introduction to decompilation vs disassembly
Introduction to decompilation vs disassembly
Comparisons of ARM disassembly and decompilation
Comparisons of MIPS disassembly and decompilation
Comparisons of PowerPC disassembly and decompilation
Hex-Rays v7.2 vs. v7.1 Decompiler Comparison Page
Hex-Rays v7.3 vs. v7.2 Decompiler Comparison Page
Hex-Rays v7.4 vs. v7.3 Decompiler Comparison Page
Disassembler
Disassembler
Background Analysis
Bitfields Tutorial
Bitfields
Data types, operands and constructs
Disassembler
Disassembly Gallery
Fixed struct layout
Graph view
Graphing with IDA
Interactivity
Navigation
Using IDA to deal with packed executables
Proximity view
Structures Tutorial
Supported file formats
IDA supported processors
Union Tutorial
Variable Length Structures Tutorial
Disassembly gallery
Disassembly gallery
6301, 6303, 6800, 6801 and 6803 Disassembler
6502 and 65C02 Disassembler
68040, Amiga
6805 Disassembler
6808 Disassembler
6809 Disassembler
6809 OS9 Flex Disassembler
6811 Disassembler
68HC12 Disassembler
68HC16 Disassembler
68k Amiga Disassembler
68k Mac OS
68k Palm Pilot
80×86 Architecture : DOS Extender
80×86 Architecture: Geos APP
80×86 Architecture: Geos DRV
80×86 Architecture: Geos LIB
80×86 Architecture: GNU COFF Format
80×86 Architecture: Netware NLM
80×86 Architecture: OS/2 Linear Executable Format
80×86 Architecture: QNX Executable
80×86 Architecture: Watcom Runtime
80×86 Architecture : Watcom Runtime
80×86 Architecture : Windows 16 bits DLL
80×86 Architecture: Windows OMF
80×86 Architecture: Windows Portable Executable Format
80×86 Architecture: Windows Virtual Device Driver
80196 Processor
8051 Disassembler
Alpha Processor – NT COFF
Alpha Processor – Unix ELF
Analog Devices 218x.
Android ARM Executables (.elf)
Android Dalvik Executables (.dex)
Angstrem KR 1878
ARC Processor
ARM Processor: AOF SDK
ARM Processor EPOC App
ARM Processor EPOC PE File
ARM Processor EPOC ROMFile
ARM Processor iOS (iPhone): C++ signatures
ARM Processor iOS (iPhone): Objective-C Instance variables
ARM Processor iOS (iPhone): Objective-C metadata
ARM Processor iOS (iPhone): Parameter Identification & Tracking (PIT)
ARM Processor iOS (iPhone): Start
ARM Processor iOS (iPhone): Switch statements
ARM Processor iOS (iPhone): Unlock
ARM Processor iOS (iPhone): Write
ARM Processor: Linux ELF
ARM Processor: Windows CE COFF Format
ARM Processor: Windows CE PE Format
ATMEL AVR Disassembler
Atmel OAK DSP
C166 Processor with ELF file
C166 Processor
CR16
DSP56K
EPOC SIS File Handler
Fujitsu FR (.elf)
Gameboy
H8 300: COFF FILE Format
H8 300s: COFF FILE Format
H8 500
Hitachi SH-1 Processor
Hitachi SH-3 Processor : Windows CE COFF format
Hitachi SH-3 Processor : Windows CE PE format
Hitachi SH-4 Processor : ELF File Format
Hitachi SH-4 Processor : Windows CE PE File Format
HPPA Risc Processor : HP-UX SOM
i51
i860
Intel i960
Intel IA-64 (Itanium)
Java Bytecode
M740
M7700
M7900
Mac OS PEF File
Mac OS X File
Microsoft .NET CLI Disassembler. VisualBasic library
Microsoft .NET CLI Disassembler
MIPS Processor : Nintendo N64
MIPS Processor : Sony ELF
MIPS Processor : Sony PSX
MIPS Processor : Sony PSX
MIPS Processor : Unix COFF File Format
MIPS Processor : Unix ELF File Format
MIPS Processor: Windows CE PE File Format
MIPS Processor: Windows CE PE2 File Format
MIPS R5900 Processor : Sony bin
NEC 78k0 and 78k0s Processor
NEC V850
Page 1
Page 2
Panasonic MN102
PDP 11 : SAV File
Philips 51XA-G3
PIC 12xx
PIC
Power PC AIF ECOFF file Format
Power PC Linux ELF
Renesas/Hitachi M16C
Renesas/Hitachi M32R
Rockwell C39
SPARC Solaris COFF
SPARC Solaris ELF
SPARC Sun ELF SO
SPARC Sun ELF
ST 20C4
ST 7
ST 9
SunPlus unSP
Super Nintendo Entertainement System (SNES)
TMS 320c2 COFF
TMS 320c5
TMS 320c54
TMS 320c6 COFF File Format
Toshiba TLCS 900
TRICORE
Unix COFF
Untitled
Windows NT PE File
X-Box Disassembler
Z180 COFF File Format
Z380 COFF File Format
Z8
Z80
Navigation
Navigation
Anchor
How to Enter a Number
How to Enter a Segment Value
How to Enter an Address
How to Enter an Identifier
How to enter text
Packed executables
Packed executables
Using the IDA debugger to unpack an “hostile” PE executable
Using IDA debugger to unpack an “hostile” PE executable
Supported file formats
Supported file formats
Windmp file loader
Lumina
Lumina
lc command reference manual
Lc user manual.md.in
Lc user manual.md.in
Administrative commands
Various information
Introduction
lc command reference manual
Operating with metadata
Command-line options
Plugins
Plugins
How to write your own plugin?
Open Plugin Architecture
Plugin Contest
Plugin options
Plugins Shipped with IDA
Plugins shipped with ida
Plugins shipped with ida
Borland RTTI descriptors plugin
DWARF plugin
DYLD Shared Cache Utils
FLIRT Signature Bundle
Golang plugin
IDA Feeds
Objective-C Analysis Plugin
Patfind plugin
picture_search
Rust plugin
Swift plugin
Signatures
Signatures
FLIRT
Makesig
Supported Compilers
Flirt
Flirt
Generate FLIRT signature file
IDA F.L.I.R.T. Technology: In-Depth
Supported compilers
Supported compilers
Delphi
Turbo Pascal
Teams
Teams
hv command reference manual
Hex-Rays Vault’s visual client user manual
Diffing and Merging Databases with IDA Teams
Teams lc command reference manual
Hv user manual.md.in
Hv user manual.md.in
Administrative commands
File manipulation
hv credentials
hv command reference manual
Various information
Misc.
HV Command Reference
Sites
Working with worklists
Hvui user manual.md.in
Hvui user manual.md.in
User interface actions
Inspecting changes
Getting started
Hex-Rays Vault’s visual client user manual
Miscellaneous information
About this manual
How to make manuals
Tour of hvui’s widgets
Working with files
Widgets
Widgets
Commit
Commits
File history
Local files
Log window
Sites
Users
Vault files
Worklists
Type libraries
Type libraries
TILIB
Type Libraries
Idaclang
Idaclang
Using the IDAClang plugin for IDA Pro
User interface
User interface
Command line
Database conversion from idb to i64
Desktops
How to use list viewers in ida
Third-Party Licenses
Menu Bar
Licenses
Licenses
Apache License for Ghidra
Apache License for LLVM
APPLE PUBLIC SOURCE LICENSE
Common Public License Version 1.0
GNU Lesser General Public License v2.1 for libiberty
PCRE2 LICENCE
Menu bar
Menu bar
Debugger submenu
Edit submenu
File submenu
Jump submenu
List of all menu options
Lumina Submenu
Options Submenu
Search
View
Debugger
Debugger
Breakpoints
Debugger options
Debugger window
Exceptions
Module list
Process Control
Process Memory
Source code view
Stack trace
Switch debugger
Thread list
Tracing
Watches submenu
Process control
Process control
Attach to process
Continue process backwards
Detach from process
Pause process
Process options
Run to cursor backwards
Run to cursor
Run until return
Set current ip
Show application screen
Start process
Step into backwards
Step into
Step over backwards
Step over
Terminate process
Process memory
Process memory
Manual memory regions
Refresh memory
Take memory snapshot
Source code view
Source code view
Watch view (source level)
Edit
Edit
Clear undo history
Edit|Comments submenu
Convert to array
Convert to data
Convert to instruction
Convert to string literal
Disable undo
Edit submenu
Export data
Functions submenu
Give Name to the Location
Edit|Operand types submenu
Edit|Other Submenu
Edit|Patch core submenu
Plugin
Plugins
Redo an action
Segments submenu
Structs
Undefine a byte
Undo an action
Operand types
Operand types
Bitwise negate operand
Change operand sign
Complex Offset Expression
Convert operand to character
Convert operand to segment
Convert operand to stack variable
Convert operand to symbolic constant (enum)
Edit|Operand types|Number submenu
Offset
Perform en masse operation
Set operand type
User-defined operand
Other
Other
Rename Any Address
File
File
Abort IDA
Exit IDA
Invoke os shell
Load file submenu
File|Produce output files submenu
Save database as...
Save database as
Save database
Script command
Script File
Take database snapshot
Jump
Jump
Center current line in window
Problems List
Options
Options
Low & High Suspicious Operand Limits
Search
Search
Regular expression syntax summary
View
View
Arrows window
Assembler level and C level types
Bookmarks window
Browser options
C++ type details
Calculator
Database snapshot manager
Del hidden range
Graphs submenu
Hide all items
Hide
Highlighting identifiers
License manager
Lumina options
Open subviews
Setup hidden items
Unhide all items
Unhide
View Internal Flags
View segment registers
Windows
Windows
Environment variables
Miscellanous options
Output window
Rename a stack variable
Reset Hidden Messages
Various dialog help messages
Using the IDA debugger to unpack an “hostile” PE executable