opkinsure.blogg.se - Ida hexrays

name.nam – contains index information related to named program locations,.

name.id1 – contains flags that describe each program byte,.

name.id0 – contains contents of B-tree style database,.

Upon opening a new file to analyze with IDA Pro, it analyzes the whole executable file and creates an.idb database archive. In our case, it was the pe.llx that was able to recognize the analyzed file and display itself as the “Portable executable for 80386” option.Īfter we click on the OK button, IDA Pro will load a file as if it was loaded by the operating system itself. On my version of IDA Pro, the loaders directory contains the following files: dbg.llx, elf.llx, macho.llx, pe.llx. Any file loader that can recognize the analyzed file will be presented and we will be able to choose any of them. IDA Pro will automatically present the file types that can be used to work with the loaded file. The list of file types generated from the list of potential file types is located in IDA Pro’s loaders directory. Usually, the executable architecture and processor type are recognized successfully and we won’t need to change that in the presented window. The processor modules are located under IDA Pro’s procs directory in my case, the following modules are available: arm.ilx and pc.ilx. The processor type specifies the processor module that will be used to disassemble the executable. This can be seen on the picture below, where the Processor Type of “Intel 80×86 processors: metapc” is detected.

It will also recognize the architecture the executable was compiled against. Upon opening the executable, IDA Pro will automatically recognize the file format of the executable: in our case, it is a PE Windows executable. I guess whenever we’ve been working on some file already, it’s best to click on the Previous button to open one of the files we’ve been working on in the past.

We can also disable the “Display at startup” checkbox in the bottom of the window presented on the picture above so that IDA Pro runs only when we want to use it. We’ll select the reverse Meterpreter executable that we previously created with Metasploit framework. When IDA Pro is first loaded, a dialog box will appear asking you to disassemble a new file, to enter the program without loading any file, or to load the previously loaded file.