All versions of IDA can be executed in batch mode to facilitate automated processing tasks. The primary purpose of using batch mode is to launch IDA, have it run a specific IDC script, and have it terminate once the script completes. Several command-line options are available to control the processing performed during batch mode execution.
GUI versions of IDA do not require a console in order to execute, making them very easy to incorporate into virtually any type of automation script or wrapper program. When run in batch mode, the GUI versions of IDA do not display any graphical components. Running the Windows console versions (idaw.exe and idaw64.exe) generates a full console display that closes automatically when the batch processing is complete. The console display can be suppressed by redirecting output to a null device (NUL for cmd.exe, /dev/null in cygwin), as shown here:
C:Program FilesIda>idaw -B some_program.exe > NUL
IDA’s batch mode is controlled by the command-line parameters listed here:
The
-Aoption causes IDA to run in autonomous mode, which means that no dialogs requiring user interaction will be displayed. (If you have never clicked through IDA’s license agreement, then the license agreement dialog will be displayed in spite of the presence of this switch.)The
-coption causes IDA to delete any existing database associated with the file specified on the command line and generate an entirely new database.The
-Soption is used to specify which IDC script IDA should execute on startup. To execute myscript.idc, the syntax is-Smyscript.idc(no space betweenSand the script name). IDA searches for the named script in the <IDADIR>/idc directory. If you have IDAPython properly installed, you may also specify a python script here.The
-Boption invokes batch mode and is equivalent to supplying IDA with-A -c -Sanalysis.idcat execution. The analysis.idc script that ships with IDA simply waits for IDA to analyze the file named on the command line before dumping an assembly listing (.asm file) of the disassembly and closing IDA in order to save and close the newly generated database.
The -S option is the key to batch mode, as IDA will terminate only if the designated script causes IDA to terminate. If the script does not shut down IDA, then all of the options simply combine to automate the IDA startup process. Scripting with IDC is discussed in Chapter 15.
Because of limitations with the TVision library used by the Linux and OS X versions of IDA, batch execution must be performed within a TTY console. This makes simple things such as output redirection and background processing impossible. Fortunately, the latest version of TVision recognizes the TVHEADLESS environment variable, which allows console output (stdout) to be redirected, as shown here:
# TVHEADLESS=1 ./idal -B input_file.exe > /dev/null
Fully detaching from the console for background execution requires the additional redirection of both stdin and stderr.
Ilfak discusses batch mode in one of his blog posts here: http://hexblog.com/2007/03/on_batch_analysis.html. Among other things, he details how to move beyond invoking a single script and discusses how to execute an IDA plug-in from batch mode.