当我们的光标在某个函数处时,按回车键就可以跳到这个函数所在的位置:

按回车,跳到这里:

再按回车,跳到导入表:

我们再连续按ESC键就可以返回到刚才进入的地方:

使用快捷键N可以进行重命名:

在数字上按下H键或者右键进行选择,可以将数字转化为十进制:

在按一下相同的键就变回来了。按下B键转换为二进制也是同理。

按下空格键可以使IDA在图形视图和文本视图之间切换:

  • 常用默认快捷键

"JumpAsk" = 'g'
"JumpName" = "Ctrl-L"
"JumpSegment" = "Ctrl-S"
"JumpSegmentRegister" = "Ctrl-G"
"JumpQ" = "Ctrl-Q"
"JumpPosition" = "Ctrl-M"
"JumpXref" = "Ctrl-X"
"JumpXrefFrom" = "Ctrl-J"
"JumpOpXref" = "X"
"JumpFunction" = "Ctrl-P"
"JumpEntryPoint" = "Ctrl-E"
"JumpError" = "Ctrl-F"

"JumpEnter" = "Enter" // jump to address under cursor
"JumpEnterNew" = "Alt-Enter" // jump to address under cursor
// in a new window
"Return" = "Esc"
"UndoReturn" = "Ctrl-Enter" // undo the last Esc

"MarkPosition" = "Alt-M"

"JumpSuspicious" = "Ctrl-V"
"JumpCode" = "Alt-C"
"JumpData" = "Ctrl-D"
"JumpUnknown" = "Ctrl-U"
"JumpExplored" = "Ctrl-A"
"AskNextImmediate" = "Alt-I"
"JumpImmediate" = "Ctrl-I"
"AskNextText" = "Alt-T"
"JumpText" = "Ctrl-T"
"AskBinaryText" = "Alt-B"
"JumpBinaryText" = "Ctrl-B"

"MakeAlignment" = 'L'
"ManualInstruction" = "Alt-F2"

"MakeCode" = 'C'
"MakeData" = 'D'
"MakeAscii" = 'A'
"MakeArray" = "Numpad*"
"MakeUnknown" = 'U'

"MakeName" = 'N'
"ManualOperand" = "Alt-F1"

"MakeFunction" = 'P'
"EditFunction" = "Alt-P"
"FunctionEnd" = 'E'
"OpenStackVariables" = "Ctrl-K" // open stack variables window
"ChangeStackPointer" = "Alt-K" // change value of SP
"RenameRegister" = 'V'
"SetType" = 'Y'

"MakeComment" = ':'
"MakeRptCmt" = ';'

"OpNumber" = '#'
"OpHex" = 'Q'
"OpDecimal" = 'H'
"OpBinary" = 'B'
"OpChar" = 'R'
"OpSegment" = 'S'
"OpOffset" = 'O'
"OpOffsetCs" = "Ctrl-O"
"OpAnyOffset" = "Alt-R"
"OpUserOffset" = "Ctrl-R"
"OpStructOffset" = 'T'
"OpStackVariable" = 'K'
"OpEnum" = 'M'

"EditSegment" = "Alt-S"

"SetSegmentRegister" = "Alt-G"

"ShowRegisters" = "Ctrl-Space"

"OpenFunctions" = "Shift-F3" // open functions window
"OpenNames" = "Shift-F4"
"OpenSignatures" = "Shift-F5" // open signatures window
"OpenSegments" = "Shift-F7"
"OpenSegmentRegisters" = "Shift-F8"
"OpenStructures" = "Shift-F9" // open structures window
"OpenEnums" = "Shift-F10" // open enums window
"OpenTypeLibraries" = "Shift-F11"
"GraphFunc" = "F12" // display function flow-chart
"CallFlow" = "Ctrl-F12" // display function call graph
"OpenStrings" = "Shift-F12"
"OpenLocalTypes" = "Shift-F1"

"SetAsciiStyle" = "Alt-A" // set ascii strings style

"ShowFlags" = 'F'
"Hide" = "Numpad-"
"Unhide" = "Numpad+"

"ExternalHelp" = "Ctrl-F1"

"WindowsListNext" = "Ctrl-Tab"
"WindowsListPrev" = "Ctrl-Shift-Tab"

"NextWindow" = "F6"
"PrevWindow" = "Shift-F6"
"CloseWindow" = "Alt-F3"

IDA Pro使用的更多相关文章

  1. 安卓动态调试七种武器之孔雀翎 – Ida Pro

    安卓动态调试七种武器之孔雀翎 – Ida Pro 作者:蒸米@阿里聚安全 0x00 序 随着移动安全越来越火,各种调试工具也都层出不穷,但因为环境和需求的不同,并没有工具是万能的.另外工具是死的,人是 ...

  2. 计算机病毒实践汇总六:IDA Pro基础

    在尝试学习分析的过程中,判断结论不一定准确,只是一些我自己的思考和探索.敬请批评指正! 1. IDA使用 (1)搜索.下载并执行IDA Pro,对可执行程序lab05-01.dll进行装载,分别以图形 ...

  3. Ubuntu下安装IDA pro

    预备 由于IDA pro只能装在32位环境下,如果是64位Ubuntu,需要运行如下命令安装32位的必备库. sudo dpkg --add-architecture i386 sudo apt-ge ...

  4. How to create an anonymous IDA PRO database (.IDB)

    Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/ P ...

  5. android调试系列--使用ida pro调试so

    1.工具介绍 IDA pro: 反汇编神器,可静态分析和动态调试. 模拟机或者真机:运行要调试的程序. 样本:阿里安全挑战赛第二题:http://pan.baidu.com/s/1eS9EXIM 2. ...

  6. android调试系列--使用ida pro调试原生程序

    1.工具介绍 IDA pro: 反汇编神器,可静态分析和动态调试. 模拟机或者真机:运行要调试的程序. 样本:自己编写NDK demo程序进行调试 2.前期准备 2.1  准备样本程序(假设已经配置好 ...

  7. [转]How to create an anonymous IDA PRO database (.IDB)

    Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/ P ...

  8. IDA Pro使用技巧

    DA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭头 ...

  9. IDA Pro使用(静态分析+动态调试)

    链接:http://skysider.com/?p=458 IDA Pro使用(静态分析+动态调试) 1.静态分析 IDA FLIRT Signature Database —— 用于识别静态编译的可 ...

  10. IDA Pro Disassembler 6.8.15.413 (Windows, Linux, Mac)

    IDA: What's new in 6.8 Highlights This is mainly a maintenance release, so our focus was on fixing b ...

随机推荐

  1. 解读<!doctype html>

    回归简单的doctype声明:http://blog.csdn.net/wangxiaoqin11/article/details/42032037 为何说 HTML5「no longer based ...

  2. button 自动刷新当前页面

    button请始终为按钮规定 type 属性.Internet Explorer 的默认类型是 "button",而其他浏览器中(包括 W3C 规范)的默认值是 "sub ...

  3. pack://application:,,,/

    FrameworkElementFactory gridFactory = new FrameworkElementFactory(typeof(Grid)); gridFactory.SetValu ...

  4. Makefile.am编写规则

    概念 Makefile.am是比Makefile更高层次的规则只需要指定要生成什么目标,依赖于什么文件,和要安装到什么目录.automake会根据Makefile.am来自动生成Makefile.in ...

  5. CentOS 6.5 部署Unison双向同步服务

    环境介绍: 服务器 IP Server1 192.168.30.131 Server2 192.168.30.132       1.添加主机互信: a.添加host文件(在Server1.Serve ...

  6. metrics实践 (metrics-spring)

    这里主要介绍metrics与spring集成的使用方式. 1  添加maven依赖 <dependency> <groupId>com.ryantenney.metrics&l ...

  7. CodeForces 677D Vanya and Treasure

    $dp$,树状数组. 很明显这是一个$DAG$上的$dp$,由于边太多,暴力$dp$会超时,需要优化. 例如计算$dp[x][y]$,可以将区域分成四块,$dp[x][y]$取四块中的最小值,每一块用 ...

  8. USACO 3.2 Magic Squares

    Magic SquaresIOI'96 Following the success of the magic cube, Mr. Rubik invented its planar version, ...

  9. 引用AForge.video.ffmpeg,打开时会报错:找不到指定的模块,需要把发行包第三方文件externals\ffmpeg\bin里的dll文件拷到windows的system32文件夹下。

    引用AForge.video.ffmpeg,打开时会报错:找不到指定的模块,需要把发行包第三方文件externals\ffmpeg\bin里的dll文件拷到windows的system32文件夹下. ...

  10. 大数据揭示的10个常见JAVA编程错误

    初学者最常犯的编程错误是什么呢?有可能他们总是混淆等值(==)与赋值(=),或者 & 和 &&:也有可能是他们在循环中使用错误的分隔符(for (int i = 0, i &l ...