IDA Cheatsheet

First rule of using IDA: DO NOT EVER talk about IDA to your friends/girlfriend, unless they find dynamic analysis fun

Second rule of using IDA: DO NOT using IDA if you haven’t done static analysis before

Third rule of using IDA: In case you graphically mess up something: Windows > Reset Desktop

• SPACE from graphic editor to text
• Windows > Reset Desktop: reset everything if you mess up with the windows
• Options > General > Line Prefixes > Number of Opcode Bytes set to 6
• Branches in graphical editor:
  • Green: jmp is taken
  • Red: jmp is not taken
  • Blue: jmp unconditional
• CTRL+X: see all cross-references of that function / variable
  • while viewing code: XREF: _Main+3p it means called from main + 3offset
• RENAME EVERYTHING
  • Select what you need > N
• :: comments
• EAX: returned values are in eax/ah/al/ax