| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 |
- MySQL
- error
- Python
- pytest
- Ransomware
- svn update
- debugging
- open office xml
- x64
- h5py.File
- idapython
- idapro
- Injection
- error fix
- why error
- idb2pat
- javascript
- ida pro
- 포인터 매핑
- commandline
- NumPy Unicode Error
- TensorFlow
- data distribution
- mock.patch
- ida
- hex-rays
- ecma
- Analysis
- Rat
- malware
- Today
- Total
13 Security Lab
[Clip] IDA Pro Batch mode options 본문
Command line switches
IDA can be launched with one of the following command lines:
ida input-file (Start graphical interface)
idat input-file (Start text interface)
Add the '64' postfix to the command name in order to start the 64-bit version of IDA. For example:
ida64 input-file
will start 64-bit graphical interface.
The following command line switches are recognized:
-a disable auto analysis (-a- enables it) -A autonomous mode. IDA will not display dialog boxes. Designed to be used together with -S switch. -b#### loading address, a hexadecimal number, in paragraphs (a paragraph is 16 bytes) -B batch mode. IDA will generate .IDB and .ASM files automatically -c disassemble a new file (delete the old database) -ddirective A configuration directive which must be processed at the first pass. Example: -dVPAGESIZE=8192 -Ddirective A configuration directive which must be processed at the second pass. -f disable FPP instructions (IBM PC only) -h help screen -i#### program entry point (hex) -I# set IDA as just-in-time debugger (0 to disable and 1 to enable) -L#### name of the log file -M disable mouse (text only) -O#### options to pass to plugins -o#### specify the output database (implies -c) -p#### processor type -C#### set compiler in format name:abi -P+ compress database (create zipped idb) -P pack database (create unzipped idb) -P- do not pack database (not recommended, see Abort command) -r### immediately run the built-in debugger format of this switch is explained here -R load MS Windows exe file resources -S### Execute a script file when the database is opened. The script file extension is used to determine which extlang will run the script.
It is possible to pass command line arguments after the script name.
For example: -S"myscript.idc argument1 \"argument 2\" argument3"
The passed parameters are stored in the "ARGV" global IDC variable.
Use "ARGV.count" to determine the number of arguments.
The first argument "ARGV[0]" contains the script name
-T### interpret the input file as the specified file type
The file type is specified as a prefix of a file type
visible in the 'load file' dialog box
To specify archive member put it after the colon char,
for example: -TZIP:classes.dex
You can specify any nested paths:
-T<ftype>[:<member>{:<ftype>:<member>}[:<ftype>]]
IDA does not display the 'load file' dialog in this case
-t create an empty database.
-W### specify MS Windows directory
-x do not create segmentation
(used in pair with Dump database command)
this switch affects EXE and COM format files only.
-z debug:
00000001 drefs
00000002 offsets
00000004 flirt
00000008 idp module
00000010 ldr module
00000020 plugin module
00000040 ids files
00000080 config file
00000100 check heap
00000200 checkarg
00000400 demangler
00000800 queue
00001000 rollback
00002000 already data or code
00004000 type system
00008000 show all notifications
00010000 debugger
00020000 dbg_appcall
00040000 source-level debugger
00080000 accessibility
00100000 internet connection
00200000 full stack analysis (simplex method)
-? this screen (works for the text version)
? this screen (works for the text version)
For batch mode, IDA must be invoked with the following command line:
ida -B input-file
which is equivalent to:
ida -c -A -Sanalysis.idc input-file
The text interface (idat.exe/idat) is better for batch mode because it uses less system resources. However, please note that regular plugins are not automatically loaded in batch mode because the analysis.idc file quits and the kernel has no chance to load them.
For more information, please see the analysis.idc file in the IDC subdirectory.
Ref, https://www.hex-rays.com/products/ida/support/idadoc/417.shtml
