man/rabin2.1

.Dd Oct 19, 2015
.Dt RABIN2 1
.Sh NAME
.Nm RABIN2
.Nd Binary program info extractor
.Sh SYNOPSIS
.Nm rabin2
.Op Fl AceghHiIsSMzlpRrLxvhqQV
.Op Fl a Ar arch
.Op Fl b Ar bits
.Op Fl B Ar addr
.Op Fl C Ar fmt:C:[D]
.Op Fl D Ar lang sym|-
.Op Fl f Ar subbin
.Op Fl k Ar query
.Op Fl K Ar algo
.Op Fl O Ar binop
.Op Fl o Ar str
.Op Fl m Ar addr
.Op Fl @ Ar addr
.Op Fl n Ar str
.Ar file
.Sh DESCRIPTION
This program allows you to get information about ELF/PE/MZ and CLASS files in a simple way.
.Bl -tag -width Fl
.It Fl @ Ar addr
Show information (symbol, section, import) of the given address
.It Fl A
List sub-binaries and their associated arch-bits pairs
.It Fl a Ar arch
Set arch (x86, arm, .. accepts underscore for bits x86_32)
.It Fl b Ar bits
Set bits (32, 64, ...)
.It Fl B Ar addr
Override baddr
.It Fl c
List classes
.It Fl C Ar [fmt:C[:D]]
Create [elf,mach0,pe] for arm and x86-32/64 tiny binaries where 'C' is an hexpair list of the code bytes and ':D' is an optional concatenation to describe the bytes for the data section.
.It Fl d
Show debug/dwarf information
.It Fl D Ar lang symbolname|-
Demangle symbol name (or - to read from stdin) for lang (cxx, swift, java, cxx, ..)
.It Fl e
Show entrypoints for disk and on-memory
.It Fl f Ar subbin
Select sub-binary architecture. Useful for fat-mach0 binaries
.It Fl g
Show all possible information
.It Fl h
Show usage help message.
.It Fl H
Show header fields
.It Fl I
Show binary info
.It Fl i
Show imports (symbols imported from libraries)
.It Fl j
Output in json
.It Fl k Ar query
Perform SDB query on loaded file
.It Fl K Ar algo
Select a rahash2 checksum algorithm to be performed on sections listing (and maybe others in the future) i.e 'rabin2 -K md5 -S /bin/ls'
.It Fl l
List linked libraries to the binary
.It Fl L
List supported bin plugins
.It Fl M
Show address of 'main' symbol
.It Fl m Ar addr
Show source line reference from a given address
.It Fl N Ar minlen:maxlen
Force minimum and maximum number of chars per string (see -z and -zz). if (strlen>minlen && (!maxlen || strlen<=maxlen))
.It Fl n Ar str
Show information (symbol, section, import) at string offset
.It Fl o Ar str
Output file/folder for write operations (out by default)
.It Fl O Ar binop
Perform binary operation on target binary (dump, resize, change sections, ...) see '-O help' for more information
.It Fl p
Disable VA. Show physical addresses
.It Fl q
Be quiet, just show fewer data
.It Fl Q
 show load address used by dlopen (non-aslr libs)
.It Fl R
Show realocations
.It Fl r
Show output in radare format
.It Fl s
Show exported symbols
.It Fl S
Show sections
.It Fl v
Show version information
.It Fl V
Show binary version information
.It Fl x
Extract all sub binaries from a fat binary (f.ex: fatmach0)
.It Fl z
Show strings inside .data section (like gnu strings does)
.It Fl Z
Guess size of binary program
.It Fl zz
Shows strings from raw bins
.El
.Sh ENVIRONMENT
.Pp
RABIN2_LANG same as r2 -e bin.lang for rabin2
.Pp
RABIN2_DEMANGLE demangle symbols
.Pp
RABIN2_MAXSTRBUF same as r2 -e bin.maxstrbuf for rabin2
.Pp
RABIN2_STRFILTER same as r2 -e bin.strfilter for rabin2
.Pp
RABIN2_STRPURGE same as r2 -e bin.strpurge for rabin2
.Sh EXAMPLES
.Pp
List symbols of a program
.Pp
  $ rabin2 \-s a.out
.Pp
Get offset of symbol
.Pp
  $ rabin2 \-n _main a.out
.Pp
Get entrypoint
.Pp
  $ rabin2 \-e a.out
.Pp
Load symbols and imports from radare2
.Pp
  $ r2 -n /bin/ls
  [0x00000000]> .!rabin2 \-prsi $FILE
.Sh SEE ALSO
.Pp
.Xr rahash2(1) ,
.Xr rafind2(1) ,
.Xr radare2(1) ,
.Xr radiff2(1) ,
.Xr rasm2(1) ,
.Xr rax2(1) ,
.Xr rsc2(1) ,
.Xr ragg2(1) ,
.Xr rarun2(1) ,
.Sh AUTHORS
.Pp
Written by pancake <pancake@nopcode.org>.