Interactive Disassembler (IDA) Pro Quick Reference Sheet

Datarescue

Interactive Disassembler (IDA) Pro Quick Reference Sheet

(http://www.datarescue.com)

Open Subviews

Names ___________________________________ Shift+F4 Functions ________________________________ Shift+F3 Strings __________________________________ Shift+F12 Segments _________________________________ Shift+F7 Segment registers ___________________________ Shift+F8 Signatures ________________________________ Shift+F5 Type libraries _____________________________ Shift+F11 Structures _________________________________ Shift+F9 Enumerations ____________________________ Shift+F10 Data Format Options

ASCII strings style ____________________________ Alt+A Setup data types ______________________________ Alt+D File Operations

Parse C header file ___________________________ Ctrl+F9 Create ASM file ____________________________ Alt+F10 Save database _______________________________ Ctrl+W Navigation

Jump to operand ______________________________ Enter Jump in new window _______________________ Alt+Enter Jump to previous position ________________________ Esc Jump to next position ______________________ Ctrl+Enter Jump to address _________________________________ G Jump by name _______________________________ Ctrl+L Jump to function _____________________________ Ctrl+P Jump to segment _____________________________ Ctrl+S Jump to segment register ______________________ Ctrl+G Jump to problem ____________________________ Ctrl+Q Jump to cross reference _______________________ Ctrl+X Jump to xref to operand ___________________________ X Jump to entry point __________________________ Ctrl+E Mark Position _______________________________ Alt+M Jump to marked position ______________________ Ctrl+M

Debugger

Start process ___________________________________ F9 Terminate process ___________________________ Ctrl+F2 Step into ______________________________________ F7 Step over ______________________________________ F8 Run until return _____________________________ Ctrl+F7 Run to cursor ___________________________________ F4 Breakpoints

Breakpoint list ___________________________ Ctrl+Alt+B Watches

Delete watch __________________________________ Del Tracing

Stack trace ______________________________ Ctrl+Alt+S Search

Next code __________________________________ Alt+C Next data __________________________________ Ctrl+D Next explored _______________________________Ctrl+A Next unexplored ____________________________ Ctrl+U Immediate value ______________________________ Alt+I Next immediate value _________________________ Ctrl+I Text ______________________________________ Alt+T Next text __________________________________ Ctrl+T Sequence of bytes ____________________________ Alt+B Next sequence of bytes _______________________ Ctrl+B Not function ________________________________ Alt+U Next void __________________________________ Ctrl+V Error operand ______________________________ Ctrl+F

Graphing

Flow chart ____________________________________ F12 Function calls _____________________________ Ctrl+F12

Aaron Eppert (aeppert@gmail.com)

Miscellaneous

Calculator __________________________________ ? Cycle through open views ________________ Ctrl+Tab Select tab _________________________ Alt + [1…N]

Close current view ______________________ Ctrl+F4 Exit ___________________________________ Alt+X IDC Command ________________________ Shift+F2

Edit (Data Types – etc)

Copy ____________________________________ Ctrl+Ins Begin selection _______________________________ Alt+L Manual instruction __________________________ Alt+F2 Code __________________________________________ C Data __________________________________________ D Struct variable _______________________________ Alt+Q ASCII string ____________________________________ A Array ______________________________________ Num * Undefine ______________________________________ U Rename _______________________________________ N Operand Type

Offset (data segment) _____________________________ O Offset (current segment) ______________________ Ctrl+O Offset by (any segment) ________________________ Alt+R Offset (user-defined) __________________________ Ctrl+R Offset (struct) ___________________________________ T Number (default) _________________________________ # Hexadecimal ____________________________________ Q Decimal _______________________________________ H Binary _________________________________________ B Character ______________________________________ R Segment _______________________________________ S Enum member __________________________________ M Stack variable ___________________________________ K Change sign __________________________ Underscore (_) Bitwise negate ___________________________________ ~ Manual ____________________________________ Alt+F1 Comments

Enter comment ___________________________________ : Enter repeatable comment __________________________ ; Enter anterior lines ______________________________ Ins Enter posterior lines ________________________ Shift+Ins Insert predefined comment ___________________ Shift+F1 Segments

Edit segment ________________________________ Alt+S Change segment register value __________________ Alt+G Structs

Struct var __________________________________ Alt+Q Force zero offset field ________________________ Ctrl+Z Select union member __________________________ Alt+Y Functions

Create function __________________________________ P Edit function ________________________________ Alt+P Set function end _________________________________ E Stack variables ______________________________ Ctrl+K Change stack pointer __________________________ Alt+K Rename register _________________________________ V Set function type _________________________________ Y