forked from radareorg/radare2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrabin2.1
182 lines (182 loc) · 4.45 KB
/
rabin2.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
.Dd Sep 29, 2016
.Dt RABIN2 1
.Sh NAME
.Nm RABIN2
.Nd Binary program info extractor
.Sh SYNOPSIS
.Nm rabin2
.Op Fl AceghHiIsSMzlpRrLxvhqQTuUV
.Op Fl a Ar arch
.Op Fl b Ar bits
.Op Fl B Ar addr
.Op Fl C Ar fmt:C:[D]
.Op Fl D Ar lang sym|-
.Op Fl f Ar subbin
.Op Fl k Ar query
.Op Fl K Ar algo
.Op Fl O Ar binop
.Op Fl o Ar str
.Op Fl m Ar addr
.Op Fl @ Ar addr
.Op Fl n Ar str
.Op Fl X Ar fmt file ...
.Ar file
.Sh DESCRIPTION
This program allows you to get information about ELF/PE/MZ and CLASS files in a simple way.
.Pp
All those commandline flags are also available under the i command in radare2. Type i? for help.
.Bl -tag -width Fl
.It Fl @ Ar addr
Show information (symbol, section, import) of the given address
.It Fl A
List sub-binaries and their associated arch-bits pairs
.It Fl a Ar arch
Set arch (x86, arm, .. accepts underscore for bits x86_32)
.It Fl b Ar bits
Set bits (32, 64, ...)
.It Fl B Ar addr
Override baddr
.It Fl c
List classes
.It Fl cc
List classes in header format
.It Fl C Ar [fmt:C[:D]]
Create [elf,mach0,pe] for arm and x86-32/64 tiny binaries where 'C' is an hexpair list of the code bytes and ':D' is an optional concatenation to describe the bytes for the data section.
.It Fl d
Show debug/dwarf information
.It Fl D Ar lang symbolname|-
Demangle symbol name (or - to read from stdin) for lang (cxx, swift, java, cxx, ..)
.It Fl e
Show entrypoints for disk and on-memory
.It Fl ee
Show constructor/destructors (extended entrypoints)
.It Fl f Ar subbin
Select sub-binary architecture. Useful for fat-mach0 binaries
.It Fl F Ar binfmt
Force to use that bin plugin (ignore header check)
.It Fl g
Show all possible information
.It Fl G Ar addr
Load address . offset to header
.It Fl h
Show usage help message.
.It Fl H
Show header fields (see ih command in r2)
.It Fl I
Show binary info (iI in r2)
.It Fl i
Show imports (symbols imported from libraries) (ii)
.It Fl j
Output in json
.It Fl k Ar query
Perform SDB query on loaded file
.It Fl K Ar algo
Select a rahash2 checksum algorithm to be performed on sections listing (and maybe others in the future) i.e 'rabin2 -K md5 -S /bin/ls'
.It Fl l
List linked libraries to the binary
.It Fl L
List supported bin plugins
.It Fl M
Show address of 'main' symbol
.It Fl m Ar addr
Show source line reference from a given address
.It Fl N Ar minlen:maxlen
Force minimum and maximum number of chars per string (see -z and -zz). if (strlen>minlen && (!maxlen || strlen<=maxlen))
.It Fl n Ar str
Show information (symbol, section, import) at string offset
.It Fl o Ar str
Output file/folder for write operations (out by default)
.It Fl O Ar binop
Perform binary operation on target binary (dump, resize, change sections, ...) see '-O help' for more information
.It Fl p
Disable VA. Show physical addresses
.It Fl P
Show debug/pdb information
.It Fl PP
Download pdb file for binary
.It Fl q
Be quiet, just show fewer data
.It Fl qq
Show less info (no offset/size for -z for ex.)
.It Fl Q
Show load address used by dlopen (non-aslr libs)
.It Fl r
Show output in radare format
.It Fl R
Show relocations
.It Fl s
Show exported symbols
.It Fl S
Show sections
.It Fl SS
Show segments
.It Fl t
Show file hashes
.It Fl T
Show Certificates
.It Fl u
Unfiltered (no rename duplicated symbols/sections)
.It Fl U
Show Resources
.It Fl v
Show version information
.It Fl V
Show binary version information
.It Fl x
Extract all sub binaries from a fat binary (f.ex: fatmach0)
.It Fl X Ar format file ...
Package a fat or zip containing all the files passed (fat, zip)
.It Fl z
Show strings inside .data section (like gnu strings does)
.It Fl Z
Guess size of binary program
.It Fl zz
Shows strings from raw bins
.It Fl zzz
Dump raw strings to stdout (for huge files)
.El
.Sh ENVIRONMENT
.Pp
RABIN2_LANG same as r2 -e bin.lang for rabin2
.Pp
RABIN2_DEMANGLE demangle symbols
.Pp
RABIN2_MAXSTRBUF same as r2 -e bin.maxstrbuf for rabin2
.Pp
RABIN2_DEBASE64 try to decode all strings as base64 if possible
.Pp
RABIN2_STRFILTER same as r2 -e bin.strfilter for rabin2
.Pp
RABIN2_STRPURGE same as r2 -e bin.strpurge for rabin2
.Sh EXAMPLES
.Pp
List symbols of a program
.Pp
$ rabin2 \-s a.out
.Pp
Get offset of symbol
.Pp
$ rabin2 \-n _main a.out
.Pp
Get entrypoint
.Pp
$ rabin2 \-e a.out
.Pp
Load symbols and imports from radare2
.Pp
$ r2 -n /bin/ls
[0x00000000]> .!rabin2 \-prsi $FILE
.Sh SEE ALSO
.Pp
.Xr rahash2(1) ,
.Xr rafind2(1) ,
.Xr radare2(1) ,
.Xr radiff2(1) ,
.Xr rasm2(1) ,
.Xr rax2(1) ,
.Xr rsc2(1) ,
.Xr ragg2(1) ,
.Xr rarun2(1) ,
.Sh AUTHORS
.Pp
Written by pancake <[email protected]>.