Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-10-07 18:43:45 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
75c322b613
radare2/man/rabin2.1
pancake 75c322b613 Add bin.lang, rabin2 -D and iD commands to demangle from commandline 
- Fix some warnings in windbg
- Minor fix for ARM analysis (wip)
2015-01-10 01:00:01 +01:00

135 lines
3.0 KiB
Groff
Raw Blame History

.Dd Jan 10, 2015
.Dt RABIN2 1
.Sh NAME
.Nm RABIN2
.Nd Binary program info extractor
.Sh SYNOPSIS
.Nm rabin2
.Op Fl ACeghHiIsSMzlpRrLxvh
.Op Fl a Ar arch
.Op Fl b Ar bits
.Op Fl B Ar addr
.Op Fl c Ar fmt:C:[D]
.Op Fl D Ar lang
.Op Fl f Ar subbin
.Op Fl k Ar query
.Op Fl K Ar algo
.Op Fl O Ar str
.Op Fl o Ar str
.Op Fl m Ar addr
.Op Fl @ Ar addr
.Op Fl n Ar str
.Ar file
.Sh DESCRIPTION
This program allows you to get information about ELF/PE/MZ and CLASS files in a simple way.
.Bl -tag -width Fl
.It Fl @ Ar addr
Show information (symbol, section, import) of the given address
.It Fl A
List archs
.It Fl a Ar arch
Set arch (x86, arm, .. accepts underscore for bits x86_32)
.It Fl b Ar bits
Set bits (32, 64, ...)
.It Fl B Ar addr
Override baddr
.It Fl c Ar [fmt:C[:D]]
Create [elf,mach0,pe] for arm and x86-32/64 tiny binaries where 'C' is an hexpair list of the code bytes and ':D' is an optional concatenation to describe the bytes for the data section.
.It Fl C
List classes
.It Fl d
Show debug/dwarf information
.It Fl D Ar lang symbolname
Demangle symbol name for lang
.It Fl e
Show entrypoints for disk and on-memory
.It Fl f Ar subbin
Select sub-binary architecture. Useful for fat-mach0 binaries
.It Fl g
Show all possible information
.It Fl h
Show usage help message.
.It Fl H
Show header fields
.It Fl I
Show binary info
.It Fl i
Show imports (symbols imported from libraries)
.It Fl j
Output in json
.It Fl k Ar query
Perform SDB query on loaded file
.It Fl K Ar algo
Select a rahash2 checksum algorithm to be performed on sections listing (and maybe others in the future) i.e 'rabin2 -K md5 -S /bin/ls'
.It Fl l
List linked libraries to the binary
.It Fl L
List supported bin plugins
.It Fl M
Show address of 'main' symbol
.It Fl m Ar addr
Show source line reference from a given address
.It Fl N Ar minlen:maxlen
Force minimum and maximum number of chars per string (see -z and -zz). if (strlen>minlen && (!maxlen || strlen<=maxlen))
.It Fl n Ar str
Show information (symbol, section, import) at string offset
.It Fl o Ar str
Output file/folder for write operations (out by default)
.It Fl O Ar str
Write/extract operations (\-O help)
.It Fl p
Disable VA. Show physical addresses
.It Fl q
Be quiet, just show fewer data
.It Fl R
Show realocations
.It Fl r
Show output in radare format
.It Fl s
Show exported symbols
.It Fl S
Show sections
.It Fl v
Show version information
.It Fl x
Extract all sub binaries from a fat binary (f.ex: fatmach0)
.It Fl z
Show strings inside .data section (like gnu strings does)
.It Fl Z
Guess size of binary program
.It Fl zz
Shows strings from raw bins
.El
.Sh EXAMPLES
.Pp
List symbols of a program
.Pp
$ rabin2 \-s a.out
.Pp
Get offset of symbol
.Pp
$ rabin2 \-n _main a.out
.Pp
Get entrypoint
.Pp
$ rabin2 \-e a.out
.Pp
Load symbols and imports from radare2
.Pp
$ r2 -n /bin/ls
[0x00000000]> .!rabin2 \-prsi $FILE
.Sh SEE ALSO
.Pp
.Xr rahash2(1) ,
.Xr rafind2(1) ,
.Xr radare2(1) ,
.Xr radiff2(1) ,
.Xr rasm2(1) ,
.Xr rax2(1) ,
.Xr rsc2(1) ,
.Xr ragg2(1) ,
.Xr rarun2(1) ,
.Sh AUTHORS
.Pp
Written by pancake <pancake@nopcode.org>.
Reference in New Issue View Git Blame Copy Permalink