IDA Processor Modules

An IDA processor module allows IDA to disassemble and analyze code written for any finite state processing machine. IDA makes it easy for you, the module programmer, by taking on the resposibility analyzing code flow, remembering cross-references, and handling user-interaction. As the author of a module you need only solve three basic tasks:

  1. Converting bytes into a symbolic instruction. (analysis)
  2. Providing IDA with information about the control flow, side effects, and references made by an instruction (emulation)
  3. Converting a symbolic instruction into assembly language (output)
The IDA kernel disassembles a file by issuing many calls to each of these steps in numeric order.

A module's role, from start to finish


Disassembly begins when IDA is informed directly (by the user) or indirectly (when a loader module completes) of an address in the target that is known to contain code executable by the processor. IDA calls upon the processor module's analysis routine to translate the byte(s) at this address into an instruction, if one can be found, or to report an error, if it cannot. IDA repeatedly calls the analysis routine on successive addresses until the routine signifies that it has decoded an instruction that signifies a dead end in the instruction stream such as an unconditional jump, or a function return.


When IDA has a sufficient stream of completed instructions from the analysis step it will call upon the module's emulation routine to provide it with detailed information about the side effects of each instruction in the stream. In the emulation routine the module informs IDA about the code and data references that an instruction makes and the way(s) in which the instruction affects the program flow.


Finally, the IDA kernel calls upon a module's output routine to create an assembler-ready version of each instruction for display on the screen or to be written to a file.