A CLI-based binary analysis system powered by idalib (Hex-Rays official headless library), eliminating the need for IDA Pro GUI.
AI assistants (Claude Code, Cursor, etc.) call ida_cli.py via shell to perform automated binary analysis โ no MCP required.
User/AI โ ida_cli.py โ HTTP JSON-RPC โ ida_server.py (idalib)
- No MCP layer โ Pure HTTP JSON-RPC communication
- Single-threaded HTTPServer โ Compliant with idalib's single-thread constraint
- .i64 reuse โ Reloads in seconds for repeated analysis
- Auth tokens โ Per-instance Bearer token auto-generation
This project intentionally uses plain HTTP JSON-RPC instead of MCP (Model Context Protocol).
| HTTP JSON-RPC (this project) | MCP | |
|---|---|---|
| Dependencies | Python stdlib only (http.server) |
MCP SDK + transport layer required |
| Debugging | curl one-liner testable |
Requires MCP-aware client |
| AI compatibility | Any AI with shell access (Claude Code, Cursor, etc.) | MCP-compatible clients only |
| Context window | Zero overhead โ just bash commands | Tool schemas loaded into AI context, consuming tokens |
| Script automation | Directly callable from bash/Python scripts | Requires MCP client library |
| Deployment | Single .py file, zero config |
Server manifest + schema registration needed |
| idalib constraint | Single-thread HTTPServer maps 1:1 |
MCP async model conflicts with single-thread restriction |
TL;DR โ Any AI with shell access can use it immediately. No SDK, no schema registration, no token overhead.
| Component | Version |
|---|---|
| IDA Pro | 9.1+ (idalib support required) |
| Python | 3.12+ |
| OS | Windows, Linux, macOS |
pip install "<IDA_DIR>/idalib/python/idapro-*.whl"The .whl file is included in your IDA Pro installation directory.
# Option A: Run the activation script (recommended)
python "<IDA_DIR>/idalib/python/py-activate-idalib.py"
# Option B: Set environment variable
# Windows
set IDADIR=C:\Program Files\IDA Professional 9.3
# Linux/macOS
export IDADIR=/opt/ida-9.3pip install requests psutil# Check environment
python tools/ida_cli.py --check
# Create working directories
python tools/ida_cli.py --initEdit tools/config.json to set IDA path and other options:
{
"ida": {
"install_dir": "C:/Program Files/IDA Professional 9.3"
},
"paths": {
"idb_dir": "%USERPROFILE%/.ida-headless/idb",
"log_dir": "%USERPROFILE%/.ida-headless/logs"
},
"analysis": {
"max_instances": 3
}
}Note:
%USERPROFILE%is automatically mapped to$HOMEon Linux/macOS. On Linux/macOS, setinstall_dirto your IDA path (e.g.,/opt/ida-9.3).
Add bin/ to your system PATH so you can run ida-cli from any directory:
# Windows (PowerShell, permanent)
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";<headless-ida>\bin", "User")
# Linux/macOS
echo 'export PATH="$PATH:<headless-ida>/bin"' >> ~/.bashrc
source ~/.bashrcAfter this, you can use ida-cli instead of python tools/ida_cli.py from any directory.
# Start an instance with any binary
ida-cli start ./samples/target.exe --idb-dir .
# Check status
ida-cli list
# Stop
ida-cli stop <id>If you see Instance started: id=xxxx and the instance appears in list, the setup is complete.
Once the environment is set up, AI assistants use ida_cli.py commands via shell. You don't need to memorize these โ the AI handles it.
- Copy the skill file to your project:
# Create skill directory
mkdir -p .claude/commands
# Copy skill file
cp <headless-ida>/tools/ida_cli.py tools/
cp <headless-ida>/.claude/commands/ida.md .claude/commands/- Copy
CLAUDE.mdto your project root (AI reads this for command reference):
cp <headless-ida>/CLAUDE.md .- Use in Claude Code:
/ida ./target.so
Claude will automatically start an instance, analyze the binary, and report findings.
Note:
ida.mdandCLAUDE.mdare templates. Modify paths, analysis strategies, and options to fit your project and environment.
Any AI with shell/terminal access can call ida_cli.py directly. Add CLAUDE.md content to your AI's system prompt or project context so it knows the available commands.
Commands are primarily used by AI, listed here for reference.
| Command | Description |
|---|---|
start <binary> |
Start analysis instance |
stop <id> |
Stop instance |
restart <id> |
Stop and re-start instance (same binary/IDB) |
wait <id> |
Wait for analysis to complete |
list |
List running instances |
status [<id>] |
Show instance status |
logs <id> |
View instance logs |
cleanup |
Remove stale instances |
| Command | Description |
|---|---|
functions |
List functions |
strings |
List strings |
imports / exports |
List imports/exports |
segments |
List segments |
decompile <addr|name> |
Decompile function |
decompile_batch <addrs> |
Batch decompile multiple functions |
disasm <addr|name> |
Disassemble |
xrefs <addr> |
Cross-references |
callers <addr> |
Who calls this address (shortcut for xrefs --direction to) |
callees <addr> |
What this function calls (shortcut for xrefs --direction from) |
find_func <name> |
Search functions |
func_info <addr|name> |
Function details |
imagebase |
Get image base address |
bytes <addr> <size> |
Read raw bytes |
find_pattern <hex> |
Byte pattern search |
comments <addr> |
Get comments at address |
methods <class> |
List class methods |
summary |
Comprehensive binary overview (segments, imports, functions, strings) |
search-code <query> |
Search within decompiled pseudocode |
cross-refs <addr> [--depth] [--direction] |
Multi-level xref chain tracing (mermaid/DOT) |
basic-blocks <addr> [--format] [--graph-only] |
Basic blocks + CFG (Control Flow Graph) |
func-similarity <addrA> <addrB> |
Compare function similarity metrics |
strings-xrefs [--filter] [--min-refs] |
Strings with referencing functions |
data-refs [--segment] [--filter] |
Data reference analysis (global variables) |
decompile-all --out <file> [--filter] [--split] |
Decompile all functions to file (--split for one per file) |
stack-frame <addr|name> |
Stack frame layout with local variables and offsets |
switch-table <addr|name> |
Analyze switch/jump tables in a function |
type-info list [--kind] |
List local types (typedef/funcptr/struct/enum) |
type-info show <name> |
Show type details |
diff <a> <b> |
Compare functions between two instances |
code-diff <inst_a> <inst_b> |
Diff decompiled pseudocode between instances |
batch <dir> |
Batch analyze all binaries in a directory |
profile run malware |
Malware profile: C2, crypto, anti-analysis, network APIs |
profile run vuln |
Vulnerability profile: dangerous funcs (memcpy, strcpy, sprintf, system) |
profile run firmware |
Firmware profile: peripherals (UART/SPI/GPIO), protocols, boot |
bookmark add <addr> <tag> |
Tag an address with a bookmark |
bookmark list [--tag] |
List bookmarks |
| Command | Description |
|---|---|
rename <addr> <name> |
Rename symbol |
rename-batch <file> |
Batch rename from CSV (addr,name) or JSON file |
set_type <addr> <type> |
Set function/variable type |
comment <addr> "text" |
Add comment |
save |
Save database |
exec <expr> |
Execute IDAPython expression (disabled by default) |
patch <addr> <hex bytes> |
Patch bytes at address |
auto-rename [--apply] |
Heuristic rename sub_ functions |
shell |
Interactive IDA Python REPL |
| Command | Description |
|---|---|
structs list [--filter] [--count] [--offset] |
List all structs/unions |
structs show <name> |
Show struct details with members |
structs create <name> --members |
Create new struct |
enums list [--filter] [--count] [--offset] |
List all enumerations |
enums show <name> |
Show enum details with members |
enums create <name> --members |
Create new enum |
search-const <value> |
Search for constant/immediate values |
callgraph <addr> [--depth] [--format] |
Generate function call graph (mermaid/DOT) |
vtables [--min-entries] |
Detect virtual function tables |
sigs list |
List available FLIRT signatures |
sigs apply <name> |
Apply FLIRT signature |
| Command | Description |
|---|---|
report <output.md> |
Generate markdown analysis report |
report <output.html> |
Generate HTML analysis report |
report <out> --functions <addrs> |
Include function decompilations in report |
decompile <addr> --out result.md |
Decompile to markdown format |
annotations export --out <file> |
Export names/comments/types as JSON |
annotations import <file> |
Import annotations from JSON |
snapshot save [--description] |
Save IDB snapshot |
snapshot list |
List available snapshots |
snapshot restore <file> |
Restore IDB from snapshot |
export-script --out <file> |
Generate reproducible IDAPython script |
compare <binary_a> <binary_b> |
Patch diff two binary versions |
code-diff <inst_a> <inst_b> |
Diff decompiled pseudocode between instances |
| Command | Description |
|---|---|
update |
Self-update from git repository |
completions --shell <bash|zsh|powershell> |
Generate shell tab-completion script |
| Option | Description |
|---|---|
--json |
JSON output |
-i <id> |
Specify instance ID |
-b <hint> |
Auto-select by binary name |
--idb-dir <path> |
Save IDB to specified directory (or set IDA_IDB_DIR env var) |
--with-xrefs |
Include callers/callees in decompile output |
--raw |
Pure C code without header/address comments (decompile only) |
--encoding unicode|ascii |
Filter strings by encoding type |
--count N / --offset N |
Pagination for list commands (functions, strings, imports, exports) |
--max N |
Limit results for search commands (find_func, find_pattern, search-const, etc.) |
--filter <keyword> |
Filter results by name substring |
--count-only |
Show only total count (functions/strings/imports/exports) |
--version |
Show CLI version |
PE, ELF, Mach-O, FAT, .so, dylib, Raw binary, Intel HEX, SREC
Decompiler: x86/x64, ARM/ARM64, MIPS, PowerPC, RISC-V, V850, ARC
Apache License 2.0 โ See LICENSE.
A valid IDA Pro license is required separately. Hex-Rays decompiler license is optional (required for decompile commands).
IDA Pro GUI ์์ด idalib (Hex-Rays ๊ณต์ ํค๋๋ฆฌ์ค ๋ผ์ด๋ธ๋ฌ๋ฆฌ)์ ์ฌ์ฉํ์ฌ CLI์์ ๋ฐ์ด๋๋ฆฌ ๋ถ์์ ์ํํ๋ ์์คํ .
AI ์ด์์คํดํธ(Claude Code, Cursor ๋ฑ)๊ฐ shell๋ก ida_cli.py๋ฅผ ํธ์ถํ์ฌ ์๋ ๋ฐ์ด๋๋ฆฌ ๋ถ์ โ MCP ๋ถํ์.
User/AI โ ida_cli.py โ HTTP JSON-RPC โ ida_server.py (idalib)
- MCP ๋ ์ด์ด ์์ โ ์์ HTTP JSON-RPC ํต์
- ๋จ์ผ ์ค๋ ๋ HTTPServer โ idalib ๋จ์ผ ์ค๋ ๋ ์ ์ฝ ์ค์
- .i64 ์ฌ์ฌ์ฉ โ ๋ฐ๋ณต ๋ถ์ ์ ์ ์ด ๋ง์ ๋ก๋
- ์ธ์ฆ ํ ํฐ โ ์ธ์คํด์ค๋ณ Bearer token ์๋ ์์ฑ
์ด ํ๋ก์ ํธ๋ MCP(Model Context Protocol) ๋์ ์์ HTTP JSON-RPC๋ฅผ ์๋์ ์ผ๋ก ์ฌ์ฉํฉ๋๋ค.
| HTTP JSON-RPC (์ด ํ๋ก์ ํธ) | MCP | |
|---|---|---|
| ์์กด์ฑ | Python ํ์ค ๋ผ์ด๋ธ๋ฌ๋ฆฌ๋ง (http.server) |
MCP SDK + transport ๋ ์ด์ด ํ์ |
| ๋๋ฒ๊น | curl ํ ์ค๋ก ํ
์คํธ ๊ฐ๋ฅ |
MCP ์ง์ ํด๋ผ์ด์ธํธ ํ์ |
| AI ํธํ์ฑ | shell ์ ๊ทผ ๊ฐ๋ฅํ ๋ชจ๋ AI (Claude Code, Cursor ๋ฑ) | MCP ํธํ ํด๋ผ์ด์ธํธ์๋ง ์ข ์ |
| ์ปจํ ์คํธ ์๋์ฐ | ์ค๋ฒํค๋ ์์ โ bash ๋ช ๋ น์ด๋ง ์ฌ์ฉ | tool schema๊ฐ AI ์ปจํ ์คํธ์ ๋ก๋๋์ด ํ ํฐ ์๋ชจ |
| ์คํฌ๋ฆฝํธ ์๋ํ | bash/Python์์ ๋ฐ๋ก ํธ์ถ ๊ฐ๋ฅ | MCP ํด๋ผ์ด์ธํธ ๋ผ์ด๋ธ๋ฌ๋ฆฌ ํ์ |
| ๋ฐฐํฌ | .py ํ์ผ ํ๋, ๋ณ๋ ์ค์ ์์ |
์๋ฒ manifest + ์คํค๋ง ๋ฑ๋ก ํ์ |
| idalib ์ ์ฝ | ๋จ์ผ ์ค๋ ๋ HTTPServer๊ฐ 1:1 ๋งคํ |
MCP async ๋ชจ๋ธ์ด ๋จ์ผ ์ค๋ ๋ ์ ์ฝ๊ณผ ์ถฉ๋ |
์์ฝ โ shell ์ ๊ทผ ๊ฐ๋ฅํ AI๋ฉด ๋ฐ๋ก ์ฌ์ฉ ๊ฐ๋ฅ. SDK ๋ถํ์, ์คํค๋ง ๋ฑ๋ก ๋ถํ์, ํ ํฐ ์ค๋ฒํค๋ ์์.
| ํญ๋ชฉ | ๋ฒ์ |
|---|---|
| IDA Pro | 9.1 ์ด์ (idalib ์ง์ ํ์) |
| Python | 3.12+ |
| OS | Windows, Linux, macOS |
pip install "<IDA_DIR>/idalib/python/idapro-*.whl"IDA Pro ์ค์น ๋๋ ํ ๋ฆฌ์ .whl ํ์ผ์ด ํฌํจ๋์ด ์์ต๋๋ค.
# ๋ฐฉ๋ฒ A: ํ์ฑํ ์คํฌ๋ฆฝํธ ์คํ (๊ถ์ฅ)
python "<IDA_DIR>/idalib/python/py-activate-idalib.py"
# ๋ฐฉ๋ฒ B: ํ๊ฒฝ ๋ณ์ ์ค์
# Windows
set IDADIR=C:\Program Files\IDA Professional 9.3
# Linux/macOS
export IDADIR=/opt/ida-9.3pip install requests psutil# ํ๊ฒฝ ๊ฒ์ฆ
python tools/ida_cli.py --check
# ์์
๋๋ ํ ๋ฆฌ ์์ฑ
python tools/ida_cli.py --inittools/config.json์์ IDA ๊ฒฝ๋ก ๋ฑ ์ค์ :
{
"ida": {
"install_dir": "C:/Program Files/IDA Professional 9.3"
},
"paths": {
"idb_dir": "%USERPROFILE%/.ida-headless/idb",
"log_dir": "%USERPROFILE%/.ida-headless/logs"
},
"analysis": {
"max_instances": 3
}
}์ฐธ๊ณ :
%USERPROFILE%์ Linux/macOS์์ ์๋์ผ๋ก$HOME์ผ๋ก ๋งคํ๋ฉ๋๋ค. Linux/macOS์์๋install_dir์ IDA ๊ฒฝ๋ก๋ก ์ค์ ํ์ธ์ (์:/opt/ida-9.3).
bin/ ๋๋ ํ ๋ฆฌ๋ฅผ ์์คํ
PATH์ ์ถ๊ฐํ๋ฉด ์ด๋์๋ ida-cli ๋ช
๋ น์ด๋ก ์คํ ๊ฐ๋ฅ:
# Windows (PowerShell, ์๊ตฌ ์ค์ )
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";<headless-ida>\bin", "User")
# Linux/macOS
echo 'export PATH="$PATH:<headless-ida>/bin"' >> ~/.bashrc
source ~/.bashrc์ค์ ํ python tools/ida_cli.py ๋์ ida-cli๋ก ์ด๋์๋ ์คํ ๊ฐ๋ฅํฉ๋๋ค.
# ์๋ฌด ๋ฐ์ด๋๋ฆฌ๋ก ์ธ์คํด์ค ์์ (IDB๋ฅผ ํ์ฌ ํด๋์ ์ ์ฅ)
ida-cli start ./samples/target.exe --idb-dir .
# ์ํ ํ์ธ
ida-cli list
# ์ข
๋ฃ
ida-cli stop <id>Instance started: id=xxxx๊ฐ ์ถ๋ ฅ๋๊ณ list์ ๋ํ๋๋ฉด ํ๊ฒฝ ๊ตฌ์ถ ์๋ฃ.
ํ๊ฒฝ ๊ตฌ์ถ ์๋ฃ ํ, AI ์ด์์คํดํธ๊ฐ shell๋ก ida_cli.py ๋ช
๋ น์ด๋ฅผ ํธ์ถํฉ๋๋ค. ์ฌ์ฉ์๊ฐ ๋ช
๋ น์ด๋ฅผ ์ธ์ธ ํ์ ์์ต๋๋ค.
ํ๋ก์ ํธ์ ์คํฌ ํ์ผ์ ๋ณต์ฌํฉ๋๋ค:
# ์คํฌ ๋๋ ํ ๋ฆฌ ์์ฑ
mkdir -p .claude/commands
# ์คํฌ ํ์ผ ๋ณต์ฌ
cp <headless-ida>/tools/ida_cli.py tools/
cp <headless-ida>/.claude/commands/ida.md .claude/commands/ํ๋ก์ ํธ ๋ฃจํธ์ CLAUDE.md ๋ณต์ฌ (AI๊ฐ ๋ช
๋ น์ด ๋ ํผ๋ฐ์ค๋ก ์ฐธ์กฐ):
cp <headless-ida>/CLAUDE.md .Claude Code์์ ์ฌ์ฉ:
/ida ./target.so
Claude๊ฐ ์๋์ผ๋ก ์ธ์คํด์ค๋ฅผ ์์ํ๊ณ , ๋ฐ์ด๋๋ฆฌ๋ฅผ ๋ถ์ํ๊ณ , ๊ฒฐ๊ณผ๋ฅผ ๋ณด๊ณ ํฉ๋๋ค.
์ฐธ๊ณ :
ida.md์CLAUDE.md๋ ํ ํ๋ฆฟ์ ๋๋ค. ๊ฒฝ๋ก, ๋ถ์ ์ ๋ต, ์ต์ ๋ฑ์ ๋ณธ์ธ์ ํ๋ก์ ํธ์ ํ๊ฒฝ์ ๋ง๊ฒ ์์ ํ์ธ์.
shell/ํฐ๋ฏธ๋ ์ ๊ทผ์ด ๊ฐ๋ฅํ AI๋ฉด ida_cli.py๋ฅผ ์ง์ ํธ์ถํ ์ ์์ต๋๋ค. CLAUDE.md ๋ด์ฉ์ AI์ system prompt๋ ํ๋ก์ ํธ ์ปจํ
์คํธ์ ์ถ๊ฐํ๋ฉด ๋ฉ๋๋ค.
๋ช ๋ น์ด๋ ์ฃผ๋ก AI๊ฐ ์ฌ์ฉํ๋ฉฐ, ์ฐธ๊ณ ์ฉ์ผ๋ก ์ ๋ฆฌํฉ๋๋ค.
| ๋ช ๋ น์ด | ์ค๋ช |
|---|---|
start <binary> |
๋ถ์ ์ธ์คํด์ค ์์ |
stop <id> |
์ธ์คํด์ค ์ข ๋ฃ |
restart <id> |
์ธ์คํด์ค ์ข ๋ฃ ํ ์ฌ์์ (๊ฐ์ ๋ฐ์ด๋๋ฆฌ/IDB) |
wait <id> |
๋ถ์ ์๋ฃ ๋๊ธฐ |
list |
์คํ ์ค์ธ ์ธ์คํด์ค ๋ชฉ๋ก |
status [<id>] |
์ธ์คํด์ค ์ํ ํ์ธ |
logs <id> |
์ธ์คํด์ค ๋ก๊ทธ ๋ณด๊ธฐ |
cleanup |
๋น์ ์ ์ธ์คํด์ค ์ ๋ฆฌ |
| ๋ช ๋ น์ด | ์ค๋ช |
|---|---|
functions |
ํจ์ ๋ชฉ๋ก |
strings |
๋ฌธ์์ด ๋ชฉ๋ก |
imports / exports |
imports/exports ๋ชฉ๋ก |
segments |
์ธ๊ทธ๋จผํธ ๋ชฉ๋ก |
decompile <addr|name> |
ํจ์ ๋์ปดํ์ผ |
decompile_batch <addrs> |
์ฌ๋ฌ ํจ์ ์ผ๊ด ๋์ปดํ์ผ |
disasm <addr|name> |
๋์ค์ด์ ๋ธ |
xrefs <addr> |
ํฌ๋ก์ค ๋ ํผ๋ฐ์ค |
callers <addr> |
์ด ์ฃผ์๋ฅผ ํธ์ถํ๋ ํจ์ (xrefs --direction to ๋จ์ถ) |
callees <addr> |
์ด ํจ์๊ฐ ํธ์ถํ๋ ํจ์ (xrefs --direction from ๋จ์ถ) |
find_func <name> |
ํจ์ ๊ฒ์ |
func_info <addr|name> |
ํจ์ ์์ธ ์ ๋ณด |
imagebase |
์ด๋ฏธ์ง ๋ฒ ์ด์ค ์ฃผ์ |
bytes <addr> <size> |
Raw ๋ฐ์ดํธ ์ฝ๊ธฐ |
find_pattern <hex> |
๋ฐ์ดํธ ํจํด ๊ฒ์ |
comments <addr> |
์ฃผ์์ ์ฃผ์ ์กฐํ |
methods <class> |
ํด๋์ค ๋ฉ์๋ ๋ชฉ๋ก |
summary |
๋ฐ์ด๋๋ฆฌ ์ข ํฉ ๊ฐ์ (์ธ๊ทธ๋จผํธ, ์ํฌํธ, ํจ์, ๋ฌธ์์ด) |
search-code <query> |
๋์ปดํ์ผ๋ ์์ฌ์ฝ๋ ๋ด ๊ฒ์ |
cross-refs <addr> [--depth] [--direction] |
๋ค๋จ๊ณ xref ์ฒด์ธ ์ถ์ (mermaid/DOT) |
basic-blocks <addr> [--format] [--graph-only] |
๊ธฐ๋ณธ ๋ธ๋ก + CFG (Control Flow Graph) |
func-similarity <addrA> <addrB> |
ํจ์ ์ ์ฌ๋ ๋น๊ต |
strings-xrefs [--filter] [--min-refs] |
๋ฌธ์์ด + ์ฐธ์กฐ ํจ์ ํ๋ฒ์ ์กฐํ |
data-refs [--segment] [--filter] |
๋ฐ์ดํฐ ์ฐธ์กฐ ๋ถ์ (๊ธ๋ก๋ฒ ๋ณ์) |
decompile-all --out <file> [--filter] [--split] |
์ ์ฒด ํจ์ ์ผ๊ด ๋์ปดํ์ผ (--split: ํจ์๋ณ ๊ฐ๋ณ ํ์ผ) |
stack-frame <addr|name> |
์คํ ํ๋ ์ ๋ ์ด์์ (๋ก์ปฌ ๋ณ์, ์ธ์, ์คํ์ ) |
switch-table <addr|name> |
switch/jump ํ ์ด๋ธ ๋ถ์ |
type-info list [--kind] |
๋ก์ปฌ ํ์ ๋ชฉ๋ก (typedef/funcptr/struct/enum) |
type-info show <name> |
ํ์ ์์ธ ์ ๋ณด |
diff <a> <b> |
๋ ์ธ์คํด์ค ๊ฐ ํจ์ ๋น๊ต |
code-diff <inst_a> <inst_b> |
๋ ์ธ์คํด์ค ๊ฐ ๋์ปดํ์ผ ์ฝ๋ ๋น๊ต |
batch <dir> |
๋๋ ํ ๋ฆฌ ๋ด ๋ฐ์ด๋๋ฆฌ ์ผ๊ด ๋ถ์ |
profile run malware |
์ ์ฑ์ฝ๋ ํ๋กํ: C2, ์ํธํ, ์ํฐ ๋ถ์, ๋คํธ์ํฌ API |
profile run vuln |
์ทจ์ฝ์ ํ๋กํ: ์ํ ํจ์ (memcpy, strcpy, sprintf, system) |
profile run firmware |
ํ์จ์ด ํ๋กํ: ์ฃผ๋ณ์ฅ์น (UART/SPI/GPIO), ํ๋กํ ์ฝ, ๋ถํธ |
bookmark add <addr> <tag> |
์ฃผ์์ ๋ถ๋งํฌ ํ๊ทธ ์ถ๊ฐ |
bookmark list [--tag] |
๋ถ๋งํฌ ๋ชฉ๋ก ์กฐํ |
| ๋ช ๋ น์ด | ์ค๋ช |
|---|---|
rename <addr> <name> |
์ฌ๋ณผ ์ด๋ฆ ๋ณ๊ฒฝ |
rename-batch <file> |
CSV(์ฃผ์,์ด๋ฆ) ๋๋ JSON ํ์ผ์์ ์ผ๊ด ์ด๋ฆ ๋ณ๊ฒฝ |
set_type <addr> <type> |
ํจ์/๋ณ์ ํ์ ์ค์ |
comment <addr> "text" |
์ฃผ์ ์ถ๊ฐ |
save |
๋ฐ์ดํฐ๋ฒ ์ด์ค ์ ์ฅ |
exec <expr> |
IDAPython ํํ์ ์คํ (๊ธฐ๋ณธ ๋นํ์ฑํ) |
patch <addr> <hex bytes> |
์ฃผ์์ ๋ฐ์ดํธ ํจ์น |
auto-rename [--apply] |
sub_ ํจ์ ํด๋ฆฌ์คํฑ ์ด๋ฆ ์ถ์ |
shell |
๋ํํ IDA Python REPL |
| ๋ช ๋ น์ด | ์ค๋ช |
|---|---|
structs list [--filter] [--count] [--offset] |
๊ตฌ์กฐ์ฒด/์ ๋์จ ๋ชฉ๋ก ์กฐํ |
structs show <name> |
๊ตฌ์กฐ์ฒด ์์ธ (๋ฉค๋ฒ ํฌํจ) |
structs create <name> --members |
์ ๊ตฌ์กฐ์ฒด ์์ฑ |
enums list [--filter] [--count] [--offset] |
์ด๊ฑฐํ ๋ชฉ๋ก ์กฐํ |
enums show <name> |
์ด๊ฑฐํ ์์ธ (๋ฉค๋ฒ ํฌํจ) |
enums create <name> --members |
์ ์ด๊ฑฐํ ์์ฑ |
search-const <value> |
์์/์ฆ์๊ฐ ๊ฒ์ |
callgraph <addr> [--depth] [--format] |
ํจ์ ์ฝ๊ทธ๋ํ ์์ฑ (mermaid/DOT) |
vtables [--min-entries] |
๊ฐ์ ํจ์ ํ ์ด๋ธ ํ์ง |
sigs list |
FLIRT ์๊ทธ๋์ฒ ๋ชฉ๋ก |
sigs apply <name> |
FLIRT ์๊ทธ๋์ฒ ์ ์ฉ |
| ๋ช ๋ น์ด | ์ค๋ช |
|---|---|
report <output.md> |
๋งํฌ๋ค์ด ๋ถ์ ๋ฆฌํฌํธ ์์ฑ |
report <output.html> |
HTML ๋ถ์ ๋ฆฌํฌํธ ์์ฑ |
report <out> --functions <addrs> |
ํจ์ ๋์ปดํ์ผ ํฌํจ ๋ฆฌํฌํธ |
decompile <addr> --out result.md |
๋งํฌ๋ค์ด ํ์์ผ๋ก ๋์ปดํ์ผ |
annotations export --out <file> |
์ด๋ฆ/์ฃผ์/ํ์ JSON ๋ด๋ณด๋ด๊ธฐ |
annotations import <file> |
JSON์์ ๋ถ์ ๊ฒฐ๊ณผ ๊ฐ์ ธ์ค๊ธฐ |
snapshot save [--description] |
IDB ์ค๋ ์ท ์ ์ฅ |
snapshot list |
์ค๋ ์ท ๋ชฉ๋ก ์กฐํ |
snapshot restore <file> |
์ค๋ ์ท์์ IDB ๋ณต์ |
export-script --out <file> |
์ฌํ ๊ฐ๋ฅํ IDAPython ์คํฌ๋ฆฝํธ ์์ฑ |
compare <binary_a> <binary_b> |
๋ ๋ฐ์ด๋๋ฆฌ ํจ์น ๋ํ |
code-diff <inst_a> <inst_b> |
๋ ์ธ์คํด์ค ๊ฐ ๋์ปดํ์ผ ์ฝ๋ ๋น๊ต |
| ๋ช ๋ น์ด | ์ค๋ช |
|---|---|
update |
git ์ ์ฅ์์์ ์๋ ์ ๋ฐ์ดํธ |
completions --shell <bash|zsh|powershell> |
์ ธ ํญ ์๋์์ฑ ์คํฌ๋ฆฝํธ ์์ฑ |
| ์ต์ | ์ค๋ช |
|---|---|
--json |
JSON ์ถ๋ ฅ |
-i <id> |
์ธ์คํด์ค ID ์ง์ |
-b <hint> |
๋ฐ์ด๋๋ฆฌ ์ด๋ฆ์ผ๋ก ์๋ ์ ํ |
--idb-dir <path> |
IDB ์ ์ฅ ๋๋ ํ ๋ฆฌ ์ง์ (IDA_IDB_DIR ํ๊ฒฝ๋ณ์๋ก๋ ์ค์ ๊ฐ๋ฅ) |
--with-xrefs |
๋์ปดํ์ผ ์ ํธ์ถ์/ํผํธ์ถ์ ์ ๋ณด ํฌํจ |
--raw |
์์ C ์ฝ๋๋ง ์ถ๋ ฅ (ํค๋/์ฃผ์ ์ฃผ์ ์์, decompile ์ ์ฉ) |
--encoding unicode|ascii |
๋ฌธ์์ด ์ธ์ฝ๋ฉ ํ์ ํํฐ |
--count N / --offset N |
๋ฆฌ์คํธ ๋ช ๋ น์ด ํ์ด์ง (functions, strings, imports, exports) |
--max N |
๊ฒ์ ๋ช ๋ น์ด ๊ฒฐ๊ณผ ์ ํ (find_func, find_pattern, search-const ๋ฑ) |
--filter <keyword> |
์ด๋ฆ์ผ๋ก ๊ฒฐ๊ณผ ํํฐ๋ง |
--count-only |
์ด ๊ฐ์๋ง ํ์ (functions/strings/imports/exports) |
--version |
CLI ๋ฒ์ ํ์ |
PE, ELF, Mach-O, FAT, .so, dylib, Raw binary, Intel HEX, SREC
๋์ปดํ์ผ๋ฌ: x86/x64, ARM/ARM64, MIPS, PowerPC, RISC-V, V850, ARC
Apache License 2.0 โ LICENSE ์ฐธ์กฐ.
์ด ํ๋ก์ ํธ๋ฅผ ์ฌ์ฉํ๋ ค๋ฉด ๋ณ๋๋ก ์ ํจํ IDA Pro ๋ผ์ด์ ์ค๊ฐ ํ์ํฉ๋๋ค. Hex-Rays ๋์ปดํ์ผ๋ฌ ๋ผ์ด์ ์ค๋ ์ ํ ์ฌํญ (decompile ๋ช
๋ น์ด ์ฌ์ฉ ์ ํ์).