Getting Information. Before going deep into analyzing a file with radare2, you first need some key pieces of information. Beauty is in the i of the beholder. R2 can give us quite a bit of information via the i-prefixed commands.
load without any analysis (file header at offset 0x0):
r2 -n /path/to/file
- analyze all:
aa
- show sections:
iS
- list functions:
afl
- list imports:
ii
- list entrypoints:
ie
- seek to function:
s sym.main
project management
- open project:
Po <name>
- save project:
Ps <name>
- edit project notes:
Pn -
inspecting a function
- show basic block disassembly:
pdb
- show function disassembly:
pdf
- show function arguments:
afa
- show function variables:
afv
- rename function variable:
afvn
- set function variable type:
afvt
- add/analyze function:
af
comments:
by default, these get displayed in disassembly listings to the right of a line.disable them in V visual mode using ' (single quote).
multiline comments are not rendered handled well. they don't look pretty.
- add comment (using editor):
CC!
- note: multiline comments are not formatted nicely
- append comment:
CC <text>
- overwrite comment:
CCu <text>
- show comment:
CC.
- show comment in this function:
CCf
visual mode
- enter visual mode:
V
- select function, variable, xref:
v
- quick command/seek:
_ <search string>
- custom quick command list:
??
- you can update the list of commands shown here by changing
$R2HOME/hud
. - ref: http://radare.today/posts/visual-mode/
- you can update the list of commands shown here by changing
- show cursor:
c
- set function name:
d
- add comment:
;
- remove comment:
;-
'flag' means give something a type. like function or symbol.
graph mode
graph mode is not visual mode!
- enter graph modes:
VV
- cycle types of graphs:
- forward:
p
- backwards:
P
- forward:
- types of graphs:
- graph view
- graph view + opcode bytes
- esil
- esil + comments
- overview
- seek to function:
g<identifier>
- undo seek:
u
- show comments:
'
- add comment:
/
- add comment (complex):
:CC!
- select bb:
???
- seek to next bb:
tab
- seek to previous bb:
TAB
- if bb has conditional branch:
- seek to True target:
t
- seek to False target:
f
- seek to True target:
configuration
recommended contents of
~/.radare2rc
:via: https://github.com/radare/radare2/blob/25fec0ebec47b2df5d5413f81db773d674cc65bb/doc/intro.md#configuration-properties