Detailed explanation of IDA static reverse analysis tool

1. Directory structure
cfg( The configuration file )
idc( contain IDA Built in scripting language IDC Core documents required )
ids( The directory contains some symbol files 【IDA The grammatical IDS file 】, These files are used to describe what can be loaded into IDA The contents of the shared library referenced by the binary file of , Include The number of arguments required for the function , Information and return type .)
loaders( Directories are used to identify and parse PE or ELF And other known file formats IDA Expand )
plugins( Directory contains IDA Required plug-ins )
procs( Directory contains IDA Processor modules supported by version , The processor module is IDA Provide machine language - Assembly language conversion function )
sig( Directory contains IDA Signatures of existing code used in various pattern matching operations )
til( The directory contains some type library information ,IDA This information records the layout of data structures specific to various compiler libraries )
}

2. Generated four file extensions
IDA Will create a database Components saved in 4 In a file , extension
{

.id0 A binary tree database
.id1 A tag that describes each program byte
.nam Include and IDA Of Named Related to the given program location displayed in the window Index information .
.til Used to store information about local type definitions for a given database .
} （IDA special ,IDA It is difficult to edit them outside the environment ）
【 this 4 Files will be archived as IDB file , If the database is shut down properly , Never see id0,id1,nam,til file 】

3. The basic rule
1. No undo function instruction is provided

2. Almost all operations have their corresponding menu items 、 Hotkeys and toolbar buttons .

3.IDA Provide convenient 、 Context based right mouse button operation menu .

4. Common prefixes
sub_xxxxxx ： Address xxxxx Child train at .
loc_xxxxxx ： Address xxxxx An instruction at .
byte_xxxxxx ： Address xxxxx Situated 8 Bit data .
word_xxxxxx ： Address xxxxx Situated 16 Bit data .
dword_xxxxxx ： Address xxxxx Situated 32 Bit data .
unk_xxxxxx ： Address xxxxx Unknown size data at .