2017-09-29 12:17:18 +00:00
|
|
|
Tweak the disassembly output with `e asm.`
|
|
|
|
Add custom Have you setup your ~/.radare2rc today?
|
|
|
|
In visual mode press 'c' to toggle the cursor mode. Use tab to navigate
|
2015-01-15 02:12:45 +00:00
|
|
|
You can mark an offset in visual mode with the cursor and the ',' key. Later press '.' to go back
|
|
|
|
You can debug a program from the graph view ('ag') using standard radare2 commands
|
|
|
|
Use the '[' and ']' keys in visual mode to adjust the screen width
|
2017-09-29 12:17:18 +00:00
|
|
|
Select your architecture with: 'e asm.arch=<arch>' or r2 -a from the shell
|
2022-08-01 15:36:05 +00:00
|
|
|
Move between your search hits in visual mode using the 'n' and 'N' keys
|
2015-01-15 02:12:45 +00:00
|
|
|
Save your projects with 'Ps <project-filename>' and restore then with 'Po <project-filename>'
|
|
|
|
Enable asm.trace to see the tracing information inside the disassembly
|
|
|
|
Change the registers of the child process in this way: 'dr eax=0x333'
|
|
|
|
Check your IO plugins with 'r2 -L'
|
|
|
|
Change the size of the file with the 'r' (resize) command
|
2022-12-24 15:41:29 +00:00
|
|
|
Calculate current basic block checksum with the ph command (ph md5, ph crc32, ..)
|
2015-01-15 02:12:45 +00:00
|
|
|
Use +,-,*,/ to change the size of the block
|
|
|
|
Change the block size with 'b <block-size>'. In visual mode you can also enter radare2 command pressing the ':' key (like vi does)
|
|
|
|
If you want to open the file in read-write mode, invoke r2 with '-w'
|
|
|
|
Print the contents of the current block with the 'p' command
|
|
|
|
Command layout is: <repeat><command><bytes>@<offset>. For example: 3x20@0x33 will show 3 hexdumps of 20 bytes at 0x33
|
|
|
|
Press 'c' in visual mode to toggle the cursor mode
|
|
|
|
Press 'C' in visual mode to toggle colors
|
|
|
|
You can 'copy/paste' bytes using the cursor in visual mode 'c' and using the 'y' and 'Y' keys
|
|
|
|
Move around the bytes with h,j,k,l! Arrow keys are neither portable nor efficient
|
|
|
|
Seek at relative offsets with 's +<offset>' or 's -<offset>'
|
|
|
|
Invert the block bytes using the 'I' key in visual mode
|
|
|
|
Switch between print modes using the 'p' and 'P' keys in visual mode
|
2015-06-15 02:19:29 +00:00
|
|
|
Add comments using the ';' key in visual mode or the 'CC' command from the radare2 shell
|
2015-01-15 02:12:45 +00:00
|
|
|
Assemble opcodes with the 'a' and 'A' keys in visual mode, which are bindings to the 'wa' and 'wA' commands
|
2019-10-08 15:43:34 +00:00
|
|
|
Find expanded AES keys in memory with '/ca'
|
2015-01-15 02:12:45 +00:00
|
|
|
Find wide-char strings with the '/w <string>' command
|
2018-05-18 08:29:00 +00:00
|
|
|
Enable ascii-art jump lines in disassembly by setting 'e asm.lines=true'. asm.lines.out and asm.linestyle may interest you as well
|
2015-01-15 02:12:45 +00:00
|
|
|
Control the signal handlers of the child process with the 'dk' command
|
|
|
|
Get a free shell with 'ragg2 -i exec -x'
|
|
|
|
Interpret radare2 scripts with '. <path-to-script>'. Similar to the bash source alias command.
|
|
|
|
Most of commands accept '?' as a suffix. Use it to understand how they work :)
|
|
|
|
Find hexpairs with '/x a0 cc 33'
|
|
|
|
Step through your seek history with the commands 'u' (undo) and 'U' (redo)
|
|
|
|
Use hasher to calculate hashes of portion blocks of a file
|
|
|
|
Use zoom.byte=entropy and press 'z' in visual mode to zoom out to see the entropy of the whole file
|
|
|
|
Use 'zoom.byte=printable' in zoom mode ('z' in Visual mode) to find strings
|
2018-02-24 10:47:38 +00:00
|
|
|
Add colors to your screen with 'e scr.color=X' where 1 is 16 colors, 2 is 256 colors and 3 is 16M colors
|
2018-02-22 16:59:08 +00:00
|
|
|
Move the comments to the right changing their margin with asm.cmt.margin
|
2015-01-15 02:12:45 +00:00
|
|
|
Execute a command on the visual prompt with cmd.vprompt
|
|
|
|
Reduce the delta where flag resolving by address is used with cfg.delta
|
|
|
|
Disable these messages with 'e cfg.fortunes = false' in your ~/.radare2rc
|
2016-12-21 00:46:19 +00:00
|
|
|
Change your fortune types with 'e cfg.fortunes.type = fun,tips,nsfw' in your ~/.radare2rc
|
2015-01-15 02:12:45 +00:00
|
|
|
Show offsets in graphs with 'e graph.offset = true'
|
|
|
|
Execute a command every time a breakpoint is hit with 'e cmd.bp = !my-program'
|
|
|
|
Disassemble in intel syntax with 'e asm.syntax = intel'.
|
|
|
|
Change the UID of the debugged process with child.uid (requires root)
|
2016-11-17 12:50:37 +00:00
|
|
|
Enhance your graphs by increasing the size of the block and graph.depth eval variable.
|
2015-01-15 02:12:45 +00:00
|
|
|
Control the height of the terminal on serial consoles with e scr.height
|
|
|
|
Emulate the base address of a file with e file.baddr.
|
2016-04-15 13:44:47 +00:00
|
|
|
Bindiff two files with '$ radiff2 /bin/true /bin/false'
|
2015-01-15 02:12:45 +00:00
|
|
|
Execute commands on a temporary offset by appending '@ offset' to your command.
|
|
|
|
Temporally drop the verbosity prefixing the commands with ':'
|
|
|
|
Change the graph block definition with graph.callblocks, graph.jmpblocks, graph.flagblocks
|
2017-03-26 16:15:46 +00:00
|
|
|
Use the 'id' command to see the source line related to the current seek
|
2015-01-15 02:12:45 +00:00
|
|
|
Analyze socket connections with the socket plugin: 'radare2 socket://www.foo.com:80'. Use 'w' to send data
|
|
|
|
To debug a program, you can call r2 with 'dbg://<path-to-program>' or '-d <path..>'
|
|
|
|
Use 'e' and 't' in Visual mode to edit configuration and track flags.
|
2015-09-22 13:25:56 +00:00
|
|
|
Use 'rabin2 -ris' to get the import/export symbols of any binary.
|
2015-01-15 02:12:45 +00:00
|
|
|
Remember to maintain your ~/.radare_history
|
|
|
|
Enable the PAGER with 'e scr.pager=less -R'
|
|
|
|
Use 'e asm.offset=true' to show offsets in 16bit segment addressing mode.
|
|
|
|
The '?' command can be used to evaluate math expressions. Like this: '? (0x34+22)*4'
|
2016-04-25 13:07:18 +00:00
|
|
|
Set 'e bin.dbginfo=true' to load debug information at startup.
|
2022-08-06 21:08:35 +00:00
|
|
|
Rename a function using the 'afn <newname> @ <offset>' command.
|
2015-01-15 02:12:45 +00:00
|
|
|
You can redefine descriptive commands in the hud file and using the 'V_' command.
|
|
|
|
Pass '-j' to rabin2 to get the information of the binary in JSON format.
|
|
|
|
Use rarun2 to launch your programs with a predefined environment.
|
|
|
|
You are probably using an old version of r2, go checkout the git!
|
|
|
|
Run your own r2 scripts in awk using the r2awk program.
|
|
|
|
Use '-e bin.strings=false' to disable automatic string search when loading the binary.
|
|
|
|
The unix-like reverse engineering framework.
|
|
|
|
This code was intentionally left blank, try 'e asm.arch = ws'
|
2015-05-27 22:59:37 +00:00
|
|
|
Thanks for using radare2!
|
2015-08-31 04:55:01 +00:00
|
|
|
give | and > a try piping and redirection
|
2015-10-19 13:03:42 +00:00
|
|
|
Run .dmm* to load the flags of the symbols of all modules loaded in the debugger
|
Fix wording and whitespacing ##doc (#18065)
* Fix wording, whitespacing and other minor stuff
* cmd.c: ellaborated yy syntax, improved descriptions
- replace "srcoff" with "origin"
* cmd.c(cmd_autocomplete):
- refactor help into function: render autocomplete types with generic
help subsystem;
- "Types" heading now follow the "Usage" style by not being prefixed
by a pipe character;
* cmd_anal.c: fix whitespaces & help text
* cmd_info.c: fix help text capitalization.
* cmd_print.c:
- fix `pf` cmd help;
- TODO: what pz? is doing here?
* cons.c:
- refactor & better document r_cons_cmd_help();
- fix whitespaces;
* visual & panels modes:
- as of commit 46187fe4e14dc465dc6ac03fcc56a362f0b8e335, '!' no longer
launches the r2048 game. The game itself it broken anyway, even when
running from the Help menu in panels mode;
- transitioning from panels to visual is not 'entering' but actually
swapping/replacing visual panels with just panels, thus...
- reword 'enter into the' to 'swap into' or even just 'enter', e.g.:
"enter into the visual panels mode" -> "enter visual panels mode".
- remove the "(dwm style)" words from a fortune tip, because I have no
idea what it is, and it does not appear to be a valid command in any
of the r2 modes.
- update global help text.
* [WIP 2] Fix wording, whitespacing and other minor stuff
* visual.c:
- r_core_visual_append_help(): first steps merging with
r_cons_cmd_help from cons.c; use consistent colors for headers.
* [WIP 3] Fix wording, whitespacing and other minor stuff
* panels.c(__update_help):
- shorten code and titles;
- add comment to clarify that it is not a copy-paste error;
* [WIP 4] Fix wording, whitespacing and other minor stuff
panels.c, visual.c: tweak help text;
* [WIP 5] Fix wording, whitespacing and other minor stuff
* cmd_help.c: update global help text about visual mode -- it was
outdated and overloaded.
* vmenus.c:
- rename stuff, shuffle around static consts to reflect an actual
ordering when viewing as a help text;
- slightly improve help text rendering;
- fix whitespaces;
* [WIP 6] Fix wording, whitespacing and other minor stuff
* lots of help text changed. still working on proper commit message.
2020-12-21 00:12:08 +00:00
|
|
|
Use V or v to enter visual or visual panels modes respectively
|
2016-12-21 00:26:03 +00:00
|
|
|
Toggle between disasm and graph with the space key
|
|
|
|
The more 'a' you add after 'aa' the more analysis steps are executed.
|
|
|
|
Review all the subcommands of aa to see better ways to analyze your targets.
|
|
|
|
Use /m to carve for known magic headers. speedup with search.
|
2018-02-04 08:43:25 +00:00
|
|
|
You can use registers in math expressions. For example: 'wx 1234 @ esp - 2'
|
2023-01-15 15:08:49 +00:00
|
|
|
For HTTP authentication 'e http.auth = 1', 'e http.authfile = <path>'
|
2022-06-20 07:08:47 +00:00
|
|
|
Tip: do 'r2pm -i r2premium; echo "e cfg.fortunes.type = nsfw" >> ~/.radare2rc' for a premium r2 experience
|