// Config file for the graphical mode user interface // ************************************************* // __GUI__ symbol is defined when this file is parsed // // Screen configuration // -------------------- SCREEN_CURSOR = 0 // = 0 normal cursor // = 1 block cursor AUTOSAVE = 100 // After 100 user actions // IDA flushes its buffers to disk // The windows version of IDA determines the directory // automatically. The following parameter isn't needed anymore. // WINDIR = "c:\\windows" // Default directory to look up for // MS Windows DLL files // IDA will search subdirs // "dll" // "system" // "system32" // of this dir automatically OS2DIR = "c:\\os2" // OS/2 main directory (is used to // look up DLLs) HELPFILE = "sample.hlp" // Name of help file used by Ctrl-F1 // Please change it as shown below: //HELPFILE = "WIN32.HLP" ASK_EXIT_UNPACKED = YES // Ask confirmation if the user // wants to exit the database without // packing it ASK_EXIT = YES // Ask confirmation if the user // wants to exit OPEN_DEFAULT_IDC_PATH = NO // YES: The dialog box to select an // IDC scrip always starts in // the IDC subdirectory // NO: The dialog box opens in the // current/last directory TEXT_SEARCH_CASE_SENSITIVE = NO // Search in the disassembly text BIN_SEARCH_CASE_SENSITIVE = YES // Search in the input file DISPLAY_PATCH_SUBMENU = NO // Display the Edit,Patch submenu DISPLAY_COMMAND_LINE = NO // Display the expressions/IDC command line // To turn on/off the command line, // right click on the main toolbar after // setting this parameter to YES #define CONFIRM_UNDEFINE_NO -1 // Never confirm #define CONFIRM_UNDEFINE_YES 0 // Always confirm #define CONFIRM_UNDEFINE_BLOCK 1 // Confirm only if an area has been selected CONFIRM_UNDEFINE_COMMAND = CONFIRM_UNDEFINE_YES // Confirm the "undefine" command CONFIRM_SETFUNCEND_COMMAND = YES // Confirm the "set function end" command (E hotkey) // // Keyboard hotkey definitions // --------------------------- // "ReloadFile" = 0 // Reload the same input file "LoadFile" = 0 // Load additional file into database "LoadIdsFile" = 0 // Load IDS file "LoadDbgFile" = 0 // Load DBG file "LoadPdbFile" = 0 // Load PDB file "LoadSigFile" = 0 // Load SIG file "LoadHeaderFile" = "Ctrl-F9" // Load C header file "Execute" = 0 // Execute IDC file "ExecuteLine" = "Shift-F2" // Execute IDC line "About" = 0 "SaveBase" = "Ctrl-W" "SaveBaseAs" = 0 "Abort" = 0 // Abort IDA, don't save changes "Quit" = "Alt-X" // Quit to DOS, save changes "ReanalyzeProgram" = 0 // Reanalyze the program "ProduceMap" = 0 // Produce MAP file "ProduceAsm" = "Alt-F10" // Produce assembler text file "ProduceInc" = 0 // Produce assembler include file "ProduceLst" = 0 // Produce listing file "ProduceExe" = 0 // Produce executable file "ProduceDiff" = 0 // Produce difference file "ProduceHtml" = 0 // Produce HTML file "DumpDatabase" = 0 // Dump database to IDC file // This IDC file contains all // information to recreate // the database from scratch // (executable file will be // needed) "DumpTypes" = 0 // Dump typeinfo to IDC file "JumpAsk" = 'g' "JumpName" = "Ctrl-L" "JumpSegment" = "Ctrl-S" "JumpSegmentRegister" = "Ctrl-G" "JumpQ" = "Ctrl-Q" "JumpPosition" = "Ctrl-M" "JumpXref" = "Ctrl-X" "JumpOpXref" = "X" "JumpFunction" = "Ctrl-P" "JumpEntryPoint" = "Ctrl-E" "JumpFileOffset" = 0 "JumpEnter" = "Enter" // jump to address under cursor "JumpEnterNew" = "Alt-Enter" // jump to address under cursor // in a new window "Return" = "Esc" "UndoReturn" = "Ctrl-Enter" // undo the last Esc "EmptyStack" = 0 // make the jumps stack empty "SetDirection" = 0 "MarkPosition" = "Alt-M" "FindAllSuspicious" = 0 "JumpSuspicious" = "Ctrl-V" "JumpCode" = "Alt-C" "JumpData" = "Ctrl-D" "JumpUnknown" = "Ctrl-U" "JumpExplored" = "Ctrl-A" "AskNextImmediate" = "Alt-I" "JumpImmediate" = "Ctrl-I" "AskNextText" = "Alt-T" "JumpText" = "Ctrl-T" "AskBinaryText" = "Alt-B" "JumpBinaryText" = "Ctrl-B" "JumpNotFunction" = "Alt-U" "MakeAlignment" = 'L' "ManualInstruction" = "Alt-F2" "ColorInstruction" = 0 "ToggleBorder" = 0 "MakeCode" = 'C' "MakeData" = 'D' "MakeAscii" = 'A' "MakeUnicode" = 0 // create unicode string "MakeArray" = "Numpad*" "MakeUnknown" = 'U' "MakeName" = 'N' //"MakeAnyName" = "Ctrl-N" "ManualOperand" = "Alt-F1" "MakeFunction" = 'P' "EditFunction" = "Alt-P" "AppendFunctionTail" = 0 "RemoveFunctionTail" = 0 "DelFunction" = 0 "FunctionEnd" = 'E' "OpenStackVariables" = "Ctrl-K" // open stack variables window "ChangeStackPointer" = "Alt-K" // change value of SP "RenameRegister" = 'V' "SetType" = 'Y' "MakeComment" = ':' "MakeRptCmt" = ';' "MakePredefinedComment" = "Shift-F1" "MakeExtraLineA" = "Ins" "MakeExtraLineB" = "Shift-Ins" "OpNumber" = '#' "OpHex" = 'Q' "OpDecimal" = 'H' "OpOctal" = 0 "OpBinary" = 'B' "ToggleLeadingZeroes" = 0 "OpFloat" = 0 "OpChar" = 'R' "OpSegment" = 'S' "OpOffset" = 'O' "OpOffsetCs" = "Ctrl-O" "OpAnyOffset" = "Alt-R" "OpUserOffset" = "Ctrl-R" "OpStructOffset" = 'T' "OpStackVariable" = 'K' "OpEnum" = 'M' // commented out because the french version of windows nt with sp4 complains // if you want, you may uncomment it - anyway it doesn't make big difference //"ChangeSign" = "Shift+-" "BitwiseNegate" = '~' "CreateSegment" = 0 "EditSegment" = "Alt-S" "KillSegment" = 0 "MoveSegment" = 0 "RebaseProgram" = 0 "SegmentTranslation" = 0 "SetSegmentRegister" = "Alt-G" "SetSegmentRegisterDefault" = 0 "ShowRegisters" = "Space" "OpenNotepad" = 0 "WindowOpen" = 0 "OpenFunctions" = "Shift-F3" // open functions window "OpenExports" = 0 "OpenImports" = 0 "OpenNames" = "Shift-F4" "OpenSignatures" = "Shift-F5" // open signatures window "OpenSegments" = "Shift-F7" "OpenSegmentRegisters" = "Shift-F8" "OpenSelectors" = 0 "OpenXrefs" = 0 "OpenStructures" = "Shift-F9" // open structures window "OpenEnums" = "Shift-F10" // open enums window "OpenProblems" = 0 "OpenTypeLibraries" = "Shift-F11" "GraphFunc" = "F12" // display function flow-chart "CallFlow" = "Ctrl-F12" // display function call graph "ChartXrefsTo" = 0 // display referenced items "ChartXrefsFrom" = 0 // display referencing items "ChartXrefsUser" = 0 // display referenced/referencing items "OpenStrings" = "Shift-F12" "OpenCallers" = 0 // display function call list "PatchByte" = 0 "PatchWord" = 0 "Assemble" = 0 "SetAsciiStyle" = "Alt-A" // set ascii strings style "SetDirectives" = 0 // setup assembler directives "ToggleDump" = 0 // show dump or normal view "SetNameType" = 0 "SetDemangledNames" = 0 //"Calculate" = '?' "ShowFlags" = 'F' "SetupHidden" = 0 "Hide" = "Numpad-" "Unhide" = "Numpad+" "HideAll" = 0 "UnhideAll" = 0 "DelHiddenArea" = 0 "ExternalHelp" = "Ctrl-F1" "KeyboardHelp" = 0 "NextWindow" = "F6" "PrevWindow" = "Shift-F6" "CloseWindow" = "Alt-F3" // // Structure manipulation commands // "AddStruct" = "Ins" // add struct type "DelStruct" = "Del" // del struct type "ExpandStruct" = "Ctrl-E" // expand struct type "ShrinkStruct" = "Ctrl-S" // shrink struct type "MoveStruct" = 0 // move struct type "DeclareStructVar" = "Alt-Q" // declare struct variable "ZeroStructOffset" = "Ctrl-Z" // force zero field offset "SelectUnionMember" = "Alt-Y" // select union member "CreateStructFromData" = 0 // create struct from data // // Enum manipulation commands // "AddEnum" = "Ins" // add enum "DelEnum" = "Del" // del enum "EditEnum" = "Ctrl-E" // edit enum "AddConst" = "N" // add new enum member "EditConst" = "Ctrl-N" // edit enum member "DelConst" = "U" // delete enum member // // Debugger manipulation commands // "Debugger" = "Ctrl-Alt-C" // open debugger window "ProcessStart" = "F9" // start a new process in the debugger "ProcessPause" = 0 // pause the debugged process "ProcessExit" = "Ctrl-F2" // terminate the debugged process "ProcessAttach" = 0 // Attach to a process "ProcessDetach" = 0 // Detach from the debugged process "TakeSnapshot" = 0 // Take a memory snapshot to the database "ThreadStepInto" = "F7" // step into the current instruction "ThreadStepOver" = "F8" // step over the current instruction "ThreadRunUntilReturn" = "Ctrl-F7" // execute instructions until execution returns from the current function "ThreadRunToCursor" = "F4" // execute instructions until cursor is reached "Threads" = 0 // open threads window "BreakpointAdd" = 0 // add a breakpoint "BreakpointDel" = 0 // del a breakpoint "BreakpointToggle" = "F2" // toggle a breakpoint "BreakpointEdit" = 0 // edit breakpoint settings "BreakpointEnable" = 0 "BreakpointDisable" = 0 "Breakpoints" = "Ctrl-Alt-B" // open breakpoints window //"WatchList" = "Ctrl-Alt-W" // open the watch list "AddWatch" = 0 // add watch "DelWatch" = "Del" // del watch "StackTrace" = "Ctrl-Alt-S" // open stack trace window "TraceWindow" = 0 // open trace window "ClearTrace" = 0 // clear trace window "SetupTracing" = 0 // open setup tracing window "ToggleTraceInstructions" = 0 // toggle instructions tracing "ToggleTraceFunctions" = 0 // toggle functions tracing "ExecTraceAdd" = 0 // add execution trace "WriteTraceAdd" = 0 // add write trace "ReadWriteTraceAdd" = 0 // add read/write trace "SwitchDebugger" = 0 // switch the current debugger // // File extension definitions // -------------------------- // // IDA extensions #ifdef __EA64__ #define IDB_EXT "*.i64;*.id0" #else #define IDB_EXT "*.id?" #endif // Identifier, Name, Extension(s) FILE_EXTENSIONS = { // file formats: // Windows EXE_WIN, "PE Executables", "*.exe" DLL_WIN, "PE Dynamic Libraries", "*.dll" OCX_WIN, ".ocx PE ActiveX Controls", "*.ocx" DRV_WIN, "PE/LE/NE Device Drivers", "*.sys;*.vxd;*.386;*.drv" OBJ_WIN, "COFF/OMF Object Files", "*.obj" LIB_WIN, "COFF/OMF Static Libraries", "*.lib" // DOS EXE_DOS, "MZ/LE/DJGPP-COFF/Watcom-W32RUN Executables", "*.exe" EXE_COM_DOS, ".com Executables", "*.com" DRV_DOS, ".sys Device Drivers", "*.sys" OVR_DOS, ".ovr Overlay Files", "*.ovr" OBJ_DOS, "OMF Object Files", "*.obj" LIB_DOS, "OMF Static Libraries", "*.lib" EXE_PHARLAP, ".exp PharLap Protected Mode Executables", "*.exp" // Unix EXE_UNIX, "ELF/COFF/A.OUT/QNX/SOM Executables", "*" DLL_UNIX, "ELF/COFF Dynamic Libraries", "*.so;*.so.*" OBJ_UNIX, "ELF/COFF/SOM Object Files", "*.o" LIB_UNIX, "ELF/COFF Static Libraries", "*.a" DLL_HPUX, ".sl HP-UX SOM Dynamic Libraries", "*.sl" // Mac EXE_MACOSX, "Mac OS X Mach-O Executables", "*" DLL_MACOSX, "Mac OS X Mach-O Dynamic Libraries", "*.dylib" EXE_MACOS, "Mac OS PEF Executables", "*" OBJ_MACOSX, "Mac OS X Mach-O Object Files", "*.o" LIB_MACOSX, "Mac OS X Mach-O Static Libraries", "*.a" // Java CLASS_JAVA, "Java Class Files", "*.cla*;*.cls" ZIP_JAVA, ".jar/.zip Java Archives", "*.jar;*.zip" // .NET EXE_NET, ".NET Executables", "*.exe" DLL_NET, ".NET Dynamic Libraries", "*.dll" // various OS's EXE_OS2, "OS/2 LX Executables", "*.exe" DRV_NETWARE, "NetWare Loadable Modules", "*.nlm;*.lan;*.dsk" EXE_BEOS, "BeOS ELF/PEF Executables", "*" AMIGA, "Amiga Hunk Files", "*" GEOS, "GeoWorks GEOS Files", "*.geo" OS9, "OS-9 Object Files", "*" EXE_FLEX, ".cmd Motorola FLEX OS Executables", "*.cmd" EXE_RT11, ".sav PDP-11/RT-11 Executables", "*.sav" // PDAs/handhelds EXE_ARM, ".axf ARM Executables", "*.axf" OBJ_ARM, "ARM Object Files", "*.o" EXE_EPOC, ".app Symbian EPOC Executables", "*.app" SIS_EPOC, ".sis Symbian EPOC Installation Files", "*.sis" EXE_PALM, ".prc Palm Pilot Executables", "*.prc" // consoles EXE_XBOX, ".xbe Xbox Executables", "*.xbe" EXE_N64, ".v64 Nintendo ROM Images", "*.v64" ROM_NGB, ".bin Nintendo GameBoy ROM Images", "*.bin" BIN_SPSX, ".bin Sony PlayStation BIOS Images", "*.bin" EXE_SPSX, ".psx Sony PlayStation Executables", "*.psx" OBJ_SPSX, "Sony PlayStation Object Files", "*.obj;*.o" EXE_SDC, ".elf Sega Dreamcast ELF Executables", "*.elf" // embedded INTEL_HEX, ".hex Intel/MOS Hexadecimal Files", "*.hex" S19_HEX, ".s19 Motorola S-record Hexadecimal Files", "*.s19" OBJ_INTEL, "Intel OMF-386 Object Files", "*.obj" MAS, ".p MAS Macro Assembler Code Files", "*.p" SBN, ".sbn Structured Binary Format Files", "*.sbn" // binary files RAW_BIN, "Binary/Raw Files", "*.bin;*.raw" ROM_BIN, "ROM Images", "*.rom" DUMP_BIN, "Dump Files", "*.dmp;*.dump" // file categories (mainly used to define the default file filter): ALL, "All Files", "*.*" IDB, "IDA Databases", IDB_EXT EXE, "Executable Files", EXE_* DLL, "Dynamic Libraries", DLL_* DRV, "Drivers", DRV_* OBJLIB, "Object Files and Libraries", OBJ_*;LIB_* JAVA, "Java Files", *_JAVA NET, ".NET Files", *_NET ARM, "ARM Files", *_ARM EPOC, "Symbian EPOC Files", *_EPOC SPSX, "Sony PlayStation Files", *_SPSX HEX, "Hexadecimal Files", *_HEX KNOWN, "All known file extensions", * } // // Default file filter (used by the Open command) // DEFAULT_FILE_FILTER = { KNOWN ALL IDB EXE DLL DRV OBJLIB JAVA NET DRV_NETWARE GEOS EXE_FLEX EXE_RT11 ARM EPOC SPSX EXE_PALM EXE_XBOX EXE_N64 EXE_SDC HEX MAS SBN RAW_BIN ROM_BIN DUMP_BIN } //------------------------------------------------------------------------- // User specific parameters //------------------------------------------------------------------------- // // If you don't want to modify IDAGUI.CFG file then you can create a file // called IDAUSERG.CFG and place additional parameters there. // // The IDAUSERG.CFG file should be placed in the IDA/CFG directory. // #softinclude