TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... At the 2007 Black Hat Briefings in Las Vegas, TippingPoint DVLabs had five speakers presenting on a variety of topics.

MindshaRE: Adding IDA to Explorer Context Handler


In this weeks MindshaRE we will show you how to add IDA into the right click context menu of windows explorer.  This is handy when quickly disassembling .dll's and .exe's.

MindshaRE is our weekly look at some simple reverse engineering tips and tricks.  The goal is to keep things small and discuss every day aspects of reversing.  You can view previous entries here by going through our blog history.

When disassembling binaries in IDA most people will go through a couple steps to load a new binary.  In the past I would first open IDA, locate the binary I want to disassemble, and drag it from the explorer window into the IDA MFC.  This is fine, but we are always looking for a more efficient way to work.

Adding IDA to the right click context menu in explorer is pretty simple.  This allows you to right click any binary you have set up for IDA to handle, and simply clicking "IDA" or whatever you want to label it.  By doing this we can disassembly target binaries with a few clicks.  There are several ways we can achieve this but I will present the one I use.  Here's the steps to accomplish this.
  1. Open "regedit.exe"
  2. Open the key "HKEY_CLASSES_ROOT"
  3. Locate the file extension class you want.* ("dllfile" and "exefile")
  4. Open the sub key "shell", it the key does not exist create it
  5. Create a new key
  6. Give it the text label you want displayed when you right click the file type
  7. Create another key under the label and name it "command"
  8. Open the "(Default)" key under the newly created label key
  9. Add the path to your installation of IDA Pro's idag.exe binary in double quotes followed by "%1"
  10. Repeat for any other file extensions you want
  11. Close "regedit.exe"
After you have added IDA to the extensions you want find a file to disassemble.  Right click the file, and select the label you added for IDA from the list.

Adding IDA to the context menu is a very simple action.  But if you are like me and use the application daily it can really help.  Thats all for this week, see you next week.

-Cody
Tags: reverse engineering,MindshaRE
Published On: 2008-06-26 14:04:04

Comments post a comment

  1. Anonymous commented on 2008-06-27 @ 01:35

    Another easy alternative is to add IDA pro into sendto item list in the context menu. All you need to do is copy the IDA shortcut to "Sendto" folder. Next, right click - sendto-IDA on any file (exe, dll or any other damn binary). Much easier than messing with registry.

  2. bw commented on 2008-06-27 @ 05:40

    this is so lame, and you had to sleep for the past 10 years to not know how to do it and yet you tagged it with "revse engineering" ;)

  3. Pedram Amini commented on 2008-06-27 @ 11:48

    @bw: No one was claiming that this post shared some ground breaking information. I am willing to bet that at least one person out there thought "hey I should do that", which is all we are going for with this weekly RE posting.

  4. n00b commented on 2008-06-28 @ 13:40

    Author can google! (#1 http://www.google.com/search?q=associating+programs ) =]

    BTW:
    1. Double-click My Computer, and then click Options (or Folder Options) on the View menu.
    2. Click the File Types tab, click a specific file type (for example, Microsoft Excel Worksheet) in the Registered File Types box, and then click "Specify" ?

    This text is from MS. The word "Specify" was "Edit" but I don't have english Windows thus i'm not sure if "Specify" is right translation. :)


Trackback