IDA Pro使用

当我们的光标在某个函数处时，按回车键就可以跳到这个函数所在的位置：

按回车，跳到这里：

再按回车，跳到导入表：

我们再连续按ESC键就可以返回到刚才进入的地方：

使用快捷键N可以进行重命名：

在数字上按下H键或者右键进行选择，可以将数字转化为十进制：

在按一下相同的键就变回来了。按下B键转换为二进制也是同理。

按下空格键可以使IDA在图形视图和文本视图之间切换：

 

• 常用默认快捷键

"JumpAsk" = 'g'
"JumpName" = "Ctrl-L"
"JumpSegment" = "Ctrl-S"
"JumpSegmentRegister" = "Ctrl-G"
"JumpQ" = "Ctrl-Q"
"JumpPosition" = "Ctrl-M"
"JumpXref" = "Ctrl-X"
"JumpXrefFrom" = "Ctrl-J"
"JumpOpXref" = "X"
"JumpFunction" = "Ctrl-P"
"JumpEntryPoint" = "Ctrl-E"
"JumpError" = "Ctrl-F"

"JumpEnter" = "Enter" // jump to address under cursor
"JumpEnterNew" = "Alt-Enter" // jump to address under cursor
// in a new window
"Return" = "Esc"
"UndoReturn" = "Ctrl-Enter" // undo the last Esc

"MarkPosition" = "Alt-M"

"JumpSuspicious" = "Ctrl-V"
"JumpCode" = "Alt-C"
"JumpData" = "Ctrl-D"
"JumpUnknown" = "Ctrl-U"
"JumpExplored" = "Ctrl-A"
"AskNextImmediate" = "Alt-I"
"JumpImmediate" = "Ctrl-I"
"AskNextText" = "Alt-T"
"JumpText" = "Ctrl-T"
"AskBinaryText" = "Alt-B"
"JumpBinaryText" = "Ctrl-B"

"MakeAlignment" = 'L'
"ManualInstruction" = "Alt-F2"

"MakeCode" = 'C'
"MakeData" = 'D'
"MakeAscii" = 'A'
"MakeArray" = "Numpad*"
"MakeUnknown" = 'U'

"MakeName" = 'N'
"ManualOperand" = "Alt-F1"

"MakeFunction" = 'P'
"EditFunction" = "Alt-P"
"FunctionEnd" = 'E'
"OpenStackVariables" = "Ctrl-K" // open stack variables window
"ChangeStackPointer" = "Alt-K" // change value of SP
"RenameRegister" = 'V'
"SetType" = 'Y'

"MakeComment" = ':'
"MakeRptCmt" = ';'

"OpNumber" = '#'
"OpHex" = 'Q'
"OpDecimal" = 'H'
"OpBinary" = 'B'
"OpChar" = 'R'
"OpSegment" = 'S'
"OpOffset" = 'O'
"OpOffsetCs" = "Ctrl-O"
"OpAnyOffset" = "Alt-R"
"OpUserOffset" = "Ctrl-R"
"OpStructOffset" = 'T'
"OpStackVariable" = 'K'
"OpEnum" = 'M'

"EditSegment" = "Alt-S"

"SetSegmentRegister" = "Alt-G"

"ShowRegisters" = "Ctrl-Space"


"OpenFunctions" = "Shift-F3" // open functions window
"OpenNames" = "Shift-F4"
"OpenSignatures" = "Shift-F5" // open signatures window
"OpenSegments" = "Shift-F7"
"OpenSegmentRegisters" = "Shift-F8"
"OpenStructures" = "Shift-F9" // open structures window
"OpenEnums" = "Shift-F10" // open enums window
"OpenTypeLibraries" = "Shift-F11"
"GraphFunc" = "F12" // display function flow-chart
"CallFlow" = "Ctrl-F12" // display function call graph
"OpenStrings" = "Shift-F12"
"OpenLocalTypes" = "Shift-F1"

"SetAsciiStyle" = "Alt-A" // set ascii strings style

"ShowFlags" = 'F'
"Hide" = "Numpad-"
"Unhide" = "Numpad+"

"ExternalHelp" = "Ctrl-F1"

"WindowsListNext" = "Ctrl-Tab"
"WindowsListPrev" = "Ctrl-Shift-Tab"

"NextWindow" = "F6"
"PrevWindow" = "Shift-F6"
"CloseWindow" = "Alt-F3"