KEMBAR78
IDA Cheatsheet | PDF | Computers
Scribd
Upload
829 views4 pages

IDA Cheatsheet

The document provides a cheatsheet of navigation, operation, data display, and manipulation shortcuts for IDA Pro, an interactive disassembler and debugger. It lists shortcuts for jumping to locations, finding references, navigating graphs, bookmarks, hex view, interface customization, loading files, executing scripts, debugging, searching, interpreting bytes, modifying code and data, viewing strings and structures, and working with registers.

Uploaded by

Advoch
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
829 views4 pages

IDA Cheatsheet

The document provides a cheatsheet of navigation, operation, data display, and manipulation shortcuts for IDA Pro, an interactive disassembler and debugger. It lists shortcuts for jumping to locations, finding references, navigating graphs, bookmarks, hex view, interface customization, loading files, executing scripts, debugging, searching, interpreting bytes, modifying code and data, viewing strings and structures, and working with registers.

Uploaded by

Advoch
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

IDA Pro Primer Cheatsheet

Navigation
Jump to a location or function, by name or address:
Jump → Jump to address (G)

Find cross references to a function, label or operand:


Jump → Jump to xref to operand (X)

View a hierarchical graph of calls that lead to a function:


View → Graphs → Xrefs to

View a hierarchical graph of calls from a function:


Cr

ID

View → Graphs → Xrefs from


is

Ud
Navigate back and forth between places in the GUI interface:
Backward (ESC)/Forward buttons
ti

Pr

em
Create and navigate to bookmarks:
na

Jump → Mark position (Alt-M)


y

Jump → Jump to marked position (Ctrl-M)


Pr
Gh

Navigate to a specific address in the hex view:


im

Go to hex view and press 'G'


eo

er

Interface
rg

Beautify the interface with a dark colour theme:


hi

Options → Colors → Disassembly → Import


IDA Consonance - Dark colour theme

sa

Save/Load debugging windows layout:


n

Windows → Save desktop


Windows → Load desktop

Focus undistracted on the analysis:


View → Full screen (F11)

Configure WinGraph flow chart visualisation tool:


In ida.cfg file, modify the following:

GRAPH_VISUALIZER = "wingraph32.exe -remove -timelimit 10”

IDA Pro Cheatsheet 1 of 4


Note: WinGraph tool is missing from latest IDA distributions. get it from an older version (e.g.
IDA v5.1).

Add comments on the analysis:


Edit → Comments menu (Normal, repeatable, posterior/anterior lines)

Operations
Load external C header files:
File → Load file → Parse C header

Execute IDC scripts:


File → Script file (Alt + F7)

Pass arguments to executable for debugging:


Debugger → Process options → Parameters

Take a memory snapshot of all modified and newly created segments:


Debugger → Take memory snapshot
Cr

ID

Load symbols from PDB files:


is

File → Load file → PDB file


A

Ud
ti

Debug at source code level (when available):


Pr

em
Debugger → User source-level debugging
na

Load overlay section from PE files:


Load new file → Manual load
Pr
Gh

Load type libraries:


im

View → Open Subview → Type Libraries (Shift+F11)


eo

er

Overwrite data segments with external data:


rg

File → Load file → Additional binary file


hi

Rebase the current segment to a different address:


Edit → Segments → Move current segment
sa

Search for text strings:


n

Search text (Alt + T)

Search for data as bytes:


Search sequence of bytes (Alt + B)

Data display and manipulation


Interpret bytes as code, ASCII, or raw data:
Edit → Code (C)
Edit → Strings → String (A)
Edit → Strings → Unicode
IDA Pro Cheatsheet 2 of 4
Edit → Data (D)

View the raw bytes behind code mnemonics:


Options → General → Disassembly and set ‘Number of opcode bytes’

Modify program code bytes:


Edit → Patch program → Change byte

Modify program assembly code:


Edit → Patch program assemble

View all the strings:


View → Open subviews → Strings (Shift - F12)

Replace a numerical value with its corresponding defined constant:


Right click → Use standard symbolic constant

Rename functions/labels/operands/variables:
Edit → Rename (N)
Cr

ID

View all the segments of a program, including debugging ones:


View → Open subviews → Segments (Shift + F7)
is

Ud
Open structures window:
ti

Pr

View Open subviews Structures (Shift + F9)


em
na

Create a structure from a block of data:


y

Edit → Structs → Create struct from selection


Pr
Gh

Convert a variable to a structure type:


im

Edit → Structs → Struct var ... (Alt + Q)


eo

er

Manipulate structure fields while in Structures window:


rg

Ins/Del : create/delete structure


D/A/* : create structure member (data/ascii/array)
hi

N : rename structure or structure member


U : delete structure member
sa

Change member types:


n

Right click → Field type

Represent a structure’s member as pointer to another element:


Right click → Field type → Offset → Offset (data segment) (O)

Change an operand into an enum value:


Edit → Operand type → Enum member (M)

View XMM registers:


Debugger → Debugger windows → XMM registers

IDA Pro Cheatsheet 3 of 4


View code registers:
Debugger → Debugger windows → Code registers

Create or delete a function at a specified code location


Edit → Functions → Create function (P)
Edit → Functions → Delete function

Cr

ID
is

Ud
ti

Pr

em
na

y
Pr
Gh

im
eo

er
rg
hi
sa
n

IDA Pro Cheatsheet 4 of 4

You might also like