IDA快捷键

Open SubviewsNames ___________________________________ Shift+F4Functions ________________________________ Shift+F3Strings __________________________________ Shift+F12 //yesSegments _________________________________ Shift+F7Segment registers ___________________________ Shift+F8Signatures ________________________________ Shift+F5Type libraries _____________________________ Shift+F11Structures _________________________________ Shift+F9Enumerations ____________________________ Shift+F10Data Format OptionsASCII strings style ____________________________ Alt+ASetup data types ______________________________ Alt+DFile OperationsParse C header file ___________________________ Ctrl+F9Create ASM file ____________________________ Alt+F10Save database _______________________________ Ctrl+WNavigationJump to operand ______________________________ Enter Jump in new window _______________________ Alt+EnterJump to previous position ________________________ Esc //返回到上一个地方  很有用Jump to next position ______________________ Ctrl+Enter //返回到下一个地方，很有用Jump to address _________________________________ GJump by name _______________________________ Ctrl+L  yes,试了一下，好像列出了好多导入表的函数，毕竟是搜索名字Jump to function _____________________________ Ctrl+P      yesJump to segment _____________________________ Ctrl+SJump to segment register ______________________ Ctrl+GJump to problem ____________________________ Ctrl+QJump to cross reference _______________________ Ctrl+X   yes,列出调用的地方Jump to xref to operand ___________________________ XJump to entry point __________________________ Ctrl+E     yesMark Position _______________________________ Alt+M      yes  标记一个位置，并给他一个名字Jump to marked position ______________________ Ctrl+M      yes ，列出来，然后双击可以调到要找的地方DebuggerStart process ___________________________________ F9        和OD一样Terminate process ___________________________ Ctrl+F2Step into ______________________________________ F7         和OD一样Step over ______________________________________ F8         和OD一样Run until return _____________________________ Ctrl+F7Run to cursor ___________________________________ F4         和OD一样BreakpointsBreakpoint list ___________________________ Ctrl+Alt+BWatchesDelete watch __________________________________ DelTracingStack trace ______________________________ Ctrl+Alt+SSearchNext code __________________________________ Alt+CNext data __________________________________ Ctrl+DNext explored _______________________________Ctrl+ANext unexplored ____________________________ Ctrl+UImmediate value ______________________________ Alt+INext immediate value _________________________ Ctrl+IText ______________________________________ Alt+T        yes,搜索函数名也是用这个Next text __________________________________ Ctrl+T        yesSequence of bytes ____________________________ Alt+B        yesNext sequence of bytes _______________________ Ctrl+B        yesNot function ________________________________ Alt+UNext void __________________________________ Ctrl+VError operand ______________________________ Ctrl+FGraphingFlow chart ____________________________________ F12Function calls _____________________________ Ctrl+F12MiscellaneousCalculator __________________________________ ?Cycle through open views ________________ Ctrl+TabSelect tab _________________________ Alt + [1…N]Close current view ______________________ Ctrl+F4Exit ___________________________________ Alt+XIDC Command ________________________ Shift+F2Edit (Data Types – etc)Copy ____________________________________ Ctrl+InsBegin selection _______________________________ Alt+LManual instruction __________________________ Alt+F2Code __________________________________________ CData __________________________________________ DStruct variable _______________________________ Alt+QASCII string ____________________________________ AArray ______________________________________ Num *Undefine ______________________________________ U         yesRename _______________________________________ N        yesOperand TypeOffset (data segment) _____________________________ OOffset (current segment) ______________________ Ctrl+OOffset by (any segment) ________________________ Alt+ROffset (user-defined) __________________________ Ctrl+ROffset (struct) ___________________________________ TNumber (default) _________________________________ #Hexadecimal ____________________________________ QDecimal _______________________________________ HBinary _________________________________________ BCharacter ______________________________________ RSegment _______________________________________ SEnum member __________________________________ MStack variable ___________________________________ KChange sign __________________________ Underscore (_)Bitwise negate ___________________________________ ~Manual ____________________________________ Alt+F1CommentsEnter comment ___________________________________ :      yesEnter repeatable comment __________________________ ;     yesEnter anterior lines ______________________________ InsEnter posterior lines ________________________ Shift+InsInsert predefined comment ___________________ Shift+F1SegmentsEdit segment ________________________________ Alt+SChange segment register value __________________ Alt+GStructsStruct var __________________________________ Alt+QForce zero offset field ________________________ Ctrl+ZSelect union member __________________________ Alt+YFunctionsCreate function __________________________________ PEdit function ________________________________ Alt+P      也可以在函数上面右键，选择修改函数Set function end _________________________________ E Stack variables ______________________________ Ctrl+KChange stack pointer __________________________ Alt+KRename register _________________________________ VSet function type _________________________________ Y      yes,比如修改函数调用方式等


Example:
1  搜索十六进制特征码
 IDA 打开PE ，空格键切换到文本模式，直接Search–>sequence of bytes或快捷Alt+b ,输入 8b 08 89 4d fc 8b 55 fc 52
2 搜索函数
 Search的快捷键Alt + T, Search again的快捷键Ctrl + T
3 跳转到7284e2d9地址
按快捷键G，输入7284e2d9 回车即可