Monthly Archives: April 2012

Modern Malware for Dummies

Modern Malware for Dummies

Courtesy to Palo Alto Networks.


vim cheat sheet

Basic movement
h l k j::::::::::::character left, right, line up, down
b w :::::::::::::::::::::::::::::word/token left, right
ge e :::::::::::::::::::::end of word/token left, right
{ }:::::::::::::beginning of previous, next paragraph
( ):::::::::::::::beginning of previous, next sentence
0 gm:::::::::::::::::::::::::beginning, middle of line
^ $ ::::::::::::::::::::::::: rst, last character of line
nG ngg ::::::::::::::::::: line n, default the last, rst
n%::::::::percentage n of the le (n must be provided)
nj::::::::::::::::::::::::::::column n of current line
%:::::match of next brace, bracket, comment, #define
nH nL ::::::::::::line n from start, bottom of window
M ::::::::::::::::::::::::::::::: middle line of window
Insertion & replace ! insert mode
i a ::::::::::::::::::::::::: insert before, after cursor
I A :::::::::::::::::::: insert at beginning, end of line
gI :::::::::::::::::::::::::: insert text in rst column
o O::::::open a new line below, above the current line
rc:::::::::::::::replace character under cursor with c
grc :::::::::::::::: like r, but without a ecting layout
R ::::::::::::: replace characters starting at the cursor
gR ::::::::::::::::: like R, but without a ecting layout
cm:::::::::::::change text of movement command m
ccor S ::::::::::::::::::::::::::::: change current line
C :::::::::::::::::::::::::::: change to the end of line
s ::::::::::::::::::::: change one character and insert
~ ::::::::::::::::::::::switch case and advance cursor
g~m :::::::::::: switch case of movement command m
gum gUm ::: lowercase, uppercase text of movement m
<m >m :::::::::: shift left, right text of movement m
n<< n>>:::::::::::::::::::::::shift n lines left, right
x X :::::::::::::: delete character under, before cursor
dm::::::::::::::delete text of movement command m
dd D :::::::::::::delete current line, to the end of line
J gJ :::::::: join current line with next, without space
:rd – ::::::::::::::::::::::::::::: delete range r lines
:rdx – ::::::::::::: delete range r lines into register x
Insert mode
^Vc :::::::::::::::::::::::::::::: insert char c literally
^Vn:::::::::::::::::::insert decimal value of character
^A :::::::::::::::::::::: insert previously inserted text
^@:::::::same as ^A and stop insert !command mode
^Rx :::::::::::::::::::::::: insert content of register x
^N ^P::::::::::::::text completion before, after cursor
^W :::::::::::::::::::::::::::delete word before cursor
^U ::::::::::delete all inserted character in current line
^D ::::::::::::::::::::::::::::shift left one shift width
^K c1 c2 :::::::::::::::::::::::::::::::: enter digraph
hesci::::::::::::::abandon edition !command mode
“x :::::::::::: use register x for next delete, yank, put
:reg – ::::::::::::::: show the content of all registers
:reg x -::::::::::::::show the content of registers x
ym ::::::::::: yank the text of movement command m
yyor Y:::::::::::::::::::yank current line into register
p P :::::::::::put register after, before cursor position
]p [p :::::::::::::::::::like p, P with indent adjusted
gp gP ::::::::::: like p, P leaving cursor after new text
Advanced insertion
g?m::::::::::perform rot13 encoding on movement m
n^A n^X :::::::::::::: +n, n to number under cursor
gqm ::::::: format lines of movement m to xed width
:rce w -:::::::::::center lines in range r to width w
:rle i -:::::::left align lines in range r with indent i
:rri w – :::::: right align lines in range r to width w
!mc -: lter lines of movement m through command c
n!!c – :::::::::::::: lter n lines through command c
:r!c -::::::::: lter range r lines through command c
Visual mode
v V ^V::start/stop highlighting characters, lines, block
o :::exchange cursor position with start of highlighting
gv :::::::::::start highlighting on previous visual area
aw as ap :::::::select a word, a sentence, a paragraph
ab aB ::::::::::::::::::: select a block ( ), a block { }
Undoing & repeating commands
u U::::::undo last command, restore last changed line
. ^R::::::::::::::::repeat last changes, redo last undo
n. ::::::repeat last changes with count replaced by n
qc qC::::record, append typed characters in register c
q:::::::::::::::::::::::::::::::::::::::stop recording
@c :::::::::::::::::::: execute the content of register c
@@ :::::::::::::::::::::::: repeat previous @ command
:@c -::::::::::::execute register c as an Ex command
:rg/p/c -::::::::::execute Ex command c on range r
b where pattern p matches
Complex movement
– + ::::::::: line up/down on rst non-blank character
B W ::::::::::::::::::: space-separated word left, right
gE E ::::::::::: end of space-separated word left, right
n :::::::: down n 1 line on rst non-blank character
g0 :::::::::::::::::::::::::::: beginning of screen line
g^ g$:::::::::::::::: rst, last character of screen line
gk gj ::::::::::::::::::::::::::::screen line up, down
fc Fc :::::::::: next, previous occurence of character c
tc Tc ::::::::::::: before next, previous occurence of c
; ,:::::::::::::repeat last fFtT, in opposite direction
[[ ]] :::::::::::::: start of section backward, forward
[] ][ ::::::::::::::: end of section backward, forward
[( ]):::::::::::::::::unclosed (, ) backward, forward
[{ [} :::::::::::::::: unclosed {, } backward, forward
[m ]m ::::start, end of backward, forward java method
[# ]#:unclosed #if, #else, #endif backward, forward
[* ]* :::::::::: start, end of /* */ backward, forward
Search & substitution
/s – ?s -:::::::::::::search forward, backward for s
/s/o – ?s?o -:::::search fwd, bwd for s with o set o
nor / – ::::::::::::::::::::: repeat forward last search
Nor ? – ::::::::::::::::::: repeat backward last search
# * ::: search backward, forward for word under cursor
g# g* ::::::::::::: same, but also nd partial matches
gd gD:::local, global de nition of symbol under cursor
:rs/f/t/x -::::::::::::::substitute f by t in range r
b x : g|all occurrences, c|con rm changes
:rs x -:::::::::::repeat substitution with new r & x
Special characters in search patterns
. ^ :::::::::::::::::: any single character, start of line
\< \> ::::::::::::::::::::::::::::: start, end of word
[c1::c2] :::::::::::::: a single character in range c1::c2
[^c1::c2] ::::::::::::::: a single character not in range
\i \I ::::::::::::::::::: an identi er, excluding digits
\k \K ::::::::::::::::::::: a keyword, excluding digits
\f \F :::::::::::::::::::: a le name, excluding digits
\p \P:::::::::::a printable character, excluding digits
\s \S::::::::::::::::a white space, a non-white space
\e \t \r \b ::::::::::::::::::: hesci, htabi, h -i, h i
\= * \+ ::::match 0::1, 0::1, 1::1of preceding atoms
\j::::::::::::::::::::::: separate two branches (or)
\( \) ::::::::::::::::::::group patterns into an atom
O sets in search commands
nor +n:::::::::::::::::::n line downward in column 1
-n ::::::::::::::::::::::::: n line upward in column 1
e+n e-n:::::::n characters right, left to end of match
s+n s-n::::::n characters right, left to start of match
;sc :::::::::::::::::: execute search command sc next
Marks and motions
mc ::::::::: mark current position with mark c 2[a::Z]
`c `C :::::::::::go to mark c in current, C in any le
`0::9 :::::::::::::::::::::::::::go to last exit position
“ `”::::::::::go to position before jump, at last edit
`[ `] ::::: go to start, end of previously operated text
:marks -:::::::::::::::::::print the active marks list
:jumps -::::::::::::::::::::::::::print the jump list
n^O ::::::::::::::: go to nth older position in jump list
n^I :::::::::::::: go to nth newer position in jump list
Key mapping & abbreviations
:map c e -:::::::map c 7!e in normal & visual mode
:map! c e -::::map c 7!e in insert & cmd-line mode
:unmap c – :unmap! c – :::::::::: remove mapping c
:mk f -:::write current mappings, settings… to le f
:ab c e -:::::::::::::::::add abbreviation for c 7!e
:ab c -::::::::::::show abbreviations starting with c
:una c -:::::::::::::::::::::::remove abbreviation c
:ta t -:::::::::::::::::::::::::::::::::jump to tag t
:nta -::::::::::::::::::jump to nth newer tag in list
^] ^T ::: jump to the tag under cursor, return from tag
:ts t – :::: list matching tags and select one for jump
:tj t -::jump to tag or select one if multiple matches
:tags -:::::::::::::::::::::::::::::::::print tag list
:n^T -::::::::::jump back to nth older tag in tag list
:npo – ::::::: jump back from nth older tag in tag list
:tl – :::::::::::::::::::::: jump to last matching tag
^W{ :pt t -:::::::::::preview tag under cursor, tag t
^W] ::::::::::: split window and show tag under cursor
^Wzor :pc – ::::::::::::::::: close tag preview window
Scrolling & multi-windowing
^E ^Y ::::::::::::::::::::::::::::: scroll line up, down
^D ^U ::::::::::::::::::::::scroll half a page up, down
^F ^B :::::::::::::::::::::::::::: scroll page up, down
ztor z – ::::::::::::: set current line at top of window
zzor z. :::::::::::set current line at center of window
zbor z-:::::::::::set current line at bottom of window
zh zl :::::::::::: scroll one character to the right, left
zH zL ::::::::::::: scroll half a screen to the right, left
^Wsor :split – ::::::::::::::::::: split window in two
^Wnor :new -::::::::::::::::create new empty window
^Woor :on – ::::::: make current window one on screen
^Wj ^Wk:::::::::::::::::move to window below, above
^Ww ^W^W:::::::::move to window below, above (wrap)
Ex commands ( -)
:e f ::::::: edit le f, unless changes have been made
:e! f :::: edit le f always (by default reload current)
:wn :wN ::::::::: write le and edit next, previous one
:n :N::::::::::::::::::::edit next, previous le in list
:rw ::::::::::::::::::::::: write range r to current le
:rw f:::::::::::::::::::::::::::write range r to le f
:rw>>f :::::::::::::::::::::::append range r to le f
:q :q! :::::: quit & con rm, quit and discard changes
:wqor :xor ZZ :::::::::::::write to current le and exit
hupi hdowni::::recall commands starting with current
:r f ::::::::::::::insert content of le f below cursor
:r! c::::::::insert output of command c below cursor
Ex ranges
, ; ::::::separates two lines numbers, set to rst line
n:::::::::::::::::::::::::::an absolute line number n
. $::::::::::::::::the current line, the last line in le
% * ::::::::::::::::::::::::::::: entire le, visual area
‘t :::::::::::::::::::::::::::::::::: position of mark t
/p/ ?p?:::::::the next, previous line where p matches
+n -n:::::::::::+n, n to the preceding line number
:sh – :!c -:::start shell, execute command c in shell
K:::::::::::::::lookup keyword under cursor with man
:make -::::::start make, read errors and jump to rst
:cn – :cp -::::::::::display the next, previous error
:cl – :cf – ::::::: list all errors, read errors from le
^L ^G :::::::redraw screen, show lename and position
g^G:::show cursor column, line, and character position
ga :::::::::show ASCII value of character under cursor
gf:::::::::::::open le which lename is under cursor
:redir>f -::::::::::::::::::redirect output to le f

The file can be downloaded from the following URL: