Home
-
Main window
- TAB will change view mode
- F2 switch between view/edit mode
- SHIFT + arrows will begin selection, also works with PageUp/PageDown
- CTRL + arrows will scroll vertically/horizontally with one line
- s will jump over bytes of same value
- e will go to next qword of value 0
- / opens search window
- n search next
- b search previous
-
F10 opens dropper window. Dropped bytes are saved in same file name + '.drop' suffix
- From current selected text or whole file
-
Type specifies what to drop
- Binary will drop byte values
- Hex will drop text, every byte value represented as two hex digits, values separated by space. eg '90 90 90 4d 5a'
- PE will drop all PE files contained in selection or file
-
PE
- F3 will change address mode between Relative Virtual Address/Virtual Address/File Address
- [ and ] will iterate through sections
- 0 will jump to overlay if present
- F7 jumps to Entry Point
-
ALT+g opens/closes go to window
- VirtualAddress/FileAddress/RVA values are possible
- hex values must be written with 0x prefix
- available symbols: EP entry point, END end of file
- eg. EP - 0x100
- ALT+h opens/closes header view
-
ALT+d opens/closes directory window
- Enter goes to directory start
- F9 selects directory entry
-
ALT+s opens/closes sections view
- Enter goes to section starting offset
- F9 selects entire section
-
ALT+i opens/closes import view
- Enter goes to import entry in IAT
- ALT+e opens/closes export view
- ALT+v opens/closes version info view
- ALT+f closes the window
-
BootSector
- F3 will change address mode between File Address and Memory Address. The latter will consider that code starts at 0x7c00
- ALT+p opens/closes partition table view
- [ and ] iterates through partitions
-
ALT+g opens/closes go to window
- MemAddress/FileAddress values are possible
Powered by: Python, Qt4, Terminus font, pefile, distorm
