Command | IDA Pro | radare2 | r2 (visual mode) | GDB | WinDbg |
---|---|---|---|---|---|
Analysis | |||||
Analysis of everything | Automatically launched when opening a binary | aaa or -A (aaaa or -AA for even experimental analysis) | N_A | N_A | N/A |
Navigation | |||||
xref to | x | axt | x | N_A | N_A |
xref from | ctrl + j | axf | X | N_A | N_A |
xref to graph | ? | agt [offset] | ? | N_A | N_A |
xref from graph | ? | agf [offset] | ? | N_A | N_A |
list functions | alt + 1 | afl;is | t | N_A | N_A |
listing | alt + 2 | p | N_A | N_A | |
hex mode | alt + 3 | pxa | P | N_A | N_A |
imports | alt + 6 | ii | :ii | N_A | N_A |
exports | alt + 7 | is~FUNC | ? | N_A | N_A |
follow jmp_call | enter | s offset | enter or 0-9 | N_A | N/A |
undo seek | esc | s- | u | N_A | N_A |
redo seek | ctrl+enter | s+ | U | N_A | N_A |
show graph | space | agv | V | N_A | N_A |
Edit | |||||
rename | n | afn | dr | N_A | N_A |
graph view | space | agv | V | N_A | N_A |
define as data | d | Cd [size] | "dd,db,dw,dW" | N_A | N_A |
define as code | c | C- [size] | d- or du | N_A | N_A |
define as undefined | u | C- [size] | d- or du | N_A | N_A |
define as string | A | Cs [size] | ds | N_A | N_A |
define as struct | Alt+Q | Cf [size] | dF | N_A | N_A |
Debugger | |||||
Start Process/ Continue execution | F9 | dc | F9 | r and c | g |
Terminate Process | Ctrl+F2 | dk 9 | ? | kill | q |
Detach | ? | o- | ? | detach | |
step into | F7 | ds | s | n | |
step into 4 instructions | ? | ds 4 | F7 | n 4 | |
step over | F8 | dso | S | s | |
step until a specific address | ? | dsu | ? | s | |
Run until return | Ctrl+F7 | dcr | ? | finish | |
Run until cursor | F4 | #249 | #249 | N_A | N_A |
Show Backtrace | ? | dbt | ? | bt | |
display Register | On register Windows | dr all | Shown in Visual mode | info registers | |
display eax | On register Windows | dr?eax | Shown in Visual mode | info registers eax | |
display old state of all registers | ? | dro | ? | ? | ? |
display function addr + N | ? | afi $$ - display function information of current offset ($$) | ? | ? | ? |
display frame state | ? | pxw rbp-rsp@rsp | ? | i f | ? |
How to step until condition is true | ? | dsi | ? | ? | ? |
Update a register value | ? | dr rip=0x456 | ? | set $rip=0x456 | ? |
Disassembly | |||||
disassembly forward | N/A | pd | Vp | disas | "uf, u" |
disassembly N instructions | N_A | pd X | Vp | x_i | |
disassembly N (backward) | N/A | pd -X | Vp | disas | ub |
Information on the bin | |||||
Sections_regions | Menu sections | iS or S(append j for json) | N_A | maint info sections | !address |
Load symbol file | |||||
Sections_regions | pdb menu | "asm.dwarf.file, pdb.XX)" | N_A | add-symbol-file | r |
BackTrace | |||||
Stack Trace | N_A | dbt | N_A | bt | k |
Stack Trace in Json | N_A | dbtj | N_A | ||
Partial Backtrace (innermost) | N_A | dbt(dbg.btdepthdbg.btalgo) | N_A | bt | k |
Partial Backtrace (outermost) | N_A | dbt(dbg.btdepthdbg.btalgo) | N_A | bt - | |
Stacktrace for all threads | N_A | dbt@t | N_A | thread apply all bt | ~* |
Breakpoints | |||||
Breakpoint list | Ctrl+Alt+B | db | ? | info breakpoints | |
add breakpoint | F2 | db [offset] | F2 | break | bp |
Threads | |||||
Switch to thread | Thread menu | dp | N/A | thread | ~s |
Frames | |||||
Frame Numbers | N_A | ? | N_A | any bt command | kn |
Select Frame | N_A | ? | N_A | frame | .frame |
Parameters/Locals | |||||
Display parameters | N_A | afv | N_A | info args | dv /t /i /V |
Display parameters | N_A | afv | N_A | info locals | dv /t /i /V |
Display parameters_locals in json | N_A | afvj | N/A | info locals | dv /t /i /V |
list addresses where vars are accessed(R_W) | N_A | afvR_afvW | N_A | ? | ? |
Project Related | |||||
open project | Po [file] | ? | |||
save project | automatic | Ps [file] | ? | ||
show project informations | Pi [file] | ? | |||
Miscellaneous | |||||
Dump byte char array | N_A | "pc? (json, C, char, etc.)" | Vpppp | x_bc | db |
options | option menu | e? | e | ||
search | search menu | /? | Select the zone with the cursor cthen / |
Created
May 8, 2019 10:49
-
-
Save trib0r3/b44ebdef1ed47df8c0ccd91c83a68791 to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment