Open Subviews Names ___________________________________ Shift+F4 Functions ________________________________ Shift+F3 Strings __________________________________ Shift+F12 //yes Segments _________________________________ Shift+F7 Segment registers ___________________________ Shift+F8 Signatures ________________________________ Shift+F5 Type libraries _____________________________ Shift+F11 Structures _________________________________ Shift+F9 Enumerations ____________________________ Shift+F10 Data Format Options ASCII strings style ____________________________ Alt+A Setup data types ______________________________ Alt+D File Operations Parse C header file ___________________________ Ctrl+F9 Create ASM file ____________________________ Alt+F10 Save database _______________________________ Ctrl+W Navigation Jump to operand ______________________________ Enter Jump in new window _______________________ Alt+Enter Jump to previous position ________________________ Esc //返回到上一个地方 很有用 Jump to next position ______________________ Ctrl+Enter //返回到下一个地方,很有用 Jump to address _________________________________ G Jump by name _______________________________ Ctrl+L yes,试了一下,好像列出了好多导入表的函数,毕竟是搜索名字 Jump to function _____________________________ Ctrl+P yes Jump to segment _____________________________ Ctrl+S Jump to segment register ______________________ Ctrl+G Jump to problem ____________________________ Ctrl+Q Jump to cross reference _______________________ Ctrl+X yes,列出调用的地方 Jump to xref to operand ___________________________ X Jump to entry point __________________________ Ctrl+E yes Mark Position _______________________________ Alt+M yes 标记一个位置,并给他一个名字 Jump to marked position ______________________ Ctrl+M yes ,列出来,然后双击可以调到要找的地方 Debugger Start process ___________________________________ F9 和OD一样 Terminate process ___________________________ Ctrl+F2 Step into ______________________________________ F7 和OD一样 Step over ______________________________________ F8 和OD一样 Run until return _____________________________ Ctrl+F7 Run to cursor ___________________________________ F4 和OD一样 Breakpoints Breakpoint list ___________________________ Ctrl+Alt+B Watches Delete watch __________________________________ Del Tracing Stack trace ______________________________ Ctrl+Alt+S Search Next code __________________________________ Alt+C Next data __________________________________ Ctrl+D Next explored _______________________________Ctrl+A Next unexplored ____________________________ Ctrl+U Immediate value ______________________________ Alt+I Next immediate value _________________________ Ctrl+I Text ______________________________________ Alt+T yes,搜索函数名也是用这个 Next text __________________________________ Ctrl+T yes Sequence of bytes ____________________________ Alt+B yes Next sequence of bytes _______________________ Ctrl+B yes Not function ________________________________ Alt+U Next void __________________________________ Ctrl+V Error operand ______________________________ Ctrl+F Graphing Flow chart ____________________________________ F12 Function calls _____________________________ Ctrl+F12 Miscellaneous Calculator __________________________________ ? Cycle through open views ________________ Ctrl+Tab Select tab _________________________ Alt + [1…N] Close current view ______________________ Ctrl+F4 Exit ___________________________________ Alt+X IDC Command ________________________ Shift+F2 Edit (Data Types – etc) Copy ____________________________________ Ctrl+Ins Begin selection _______________________________ Alt+L Manual instruction __________________________ Alt+F2 Code __________________________________________ C Data __________________________________________ D Struct variable _______________________________ Alt+Q ASCII string ____________________________________ A Array ______________________________________ Num * Undefine ______________________________________ U yes Rename _______________________________________ N yes Operand Type Offset (data segment) _____________________________ O Offset (current segment) ______________________ Ctrl+O Offset by (any segment) ________________________ Alt+R Offset (user-defined) __________________________ Ctrl+R Offset (struct) ___________________________________ T Number (default) _________________________________ # Hexadecimal ____________________________________ Q Decimal _______________________________________ H Binary _________________________________________ B Character ______________________________________ R Segment _______________________________________ S Enum member __________________________________ M Stack variable ___________________________________ K Change sign __________________________ Underscore (_) Bitwise negate ___________________________________ ~ Manual ____________________________________ Alt+F1 Comments Enter comment ___________________________________ : yes Enter repeatable comment __________________________ ; yes Enter anterior lines ______________________________ Ins Enter posterior lines ________________________ Shift+Ins Insert predefined comment ___________________ Shift+F1 Segments Edit segment ________________________________ Alt+S Change segment register value __________________ Alt+G Structs Struct var __________________________________ Alt+Q Force zero offset field ________________________ Ctrl+Z Select union member __________________________ Alt+Y Functions Create function __________________________________ P Edit function ________________________________ Alt+P 也可以在函数上面右键,选择修改函数 Set function end _________________________________ E Stack variables ______________________________ Ctrl+K Change stack pointer __________________________ Alt+K Rename register _________________________________ V Set function type _________________________________ Y yes,比如修改函数调用方式等
Example:
1 搜索十六进制特征码
IDA 打开PE ,空格键切换到文本模式,直接Search–>sequence of bytes或快捷Alt+b ,输入 8b 08 89 4d fc 8b 55 fc 52
2 搜索函数
Search的快捷键Alt + T, Search again的快捷键Ctrl + T
3 跳转到7284e2d9地址
按快捷键G,输入7284e2d9 回车即可
IDA快捷键
最新推荐文章于 2023-11-26 14:45:58 发布
565
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
