📖 Notes

Search (Ctrl+K)

SearchSearch

Recent Notes

See 1409 more sorted by tag →

radare2

created Jan 08, 2024updated May 19, 20242 min read

Commands

  • ? / [x...]?: show available commands in current context, e.g. ?, a?, af?

  • aaa: auto-analyze all (experimental)

  • s SYMBOL or ADDRESS: go to address

  • pdf: show current function’s disassembly

  • pdc: show pseudocode for current function

  • pdd?: r2dec decompiler plugin

  • pdg?: r2ghidra decompiler plugin

  • afl: analyze function list

  • a?: show stuff

  • ax[tf] ADDR: show xref from or to ADDR

  • V: visual mode / hex view

  • VV: enter visual mode (graph)

  • V!: enter paned visual mode

  • afvn ORIGINAL NEW: rename variable

Visual Mode (Hexdump)

  • <p> - cycle between:
    • hex view
    • debugger / assembly
      • ENTER - follow static calls (no reloc)
      • u - go back (undo ENTER)
    • show stack & registers + previous
      • note: you can make it show more lines of stack in config
    • color view?
    • raw escaped hex view
  • <P> - go to previous view
  • : - execute commands (just like outside of visual mode)

Visual Mode (Graph)

  • <h/j/k/l>: pan around
  • <S-h/j/k/l>: move the current block around
  • <p>: cycle through visual representations
  • <Tab>=/=<S-Tab>: change to next block
  • <?>: show help
  • <S-r>: randomize colorscheme
  • <colon>: enter command mode

Debugging

  • $ r2 -d BIN: start in debug mode
  • db 0x0040012c: create breakpoint at given address
  • dc: continue until breakpoint
  • ood ARGS...: reload binary in debug mode

Debugging in Visual Mode

Instruction pointer and other registers will be shown on the graph.

  • <s>: single step instructions
  • <S-s>: single step instructions, but follow into function calls

Graph View

Sources

Backlinks