Commands
-
?/[x...]?: show available commands in current context, e.g.?,a?,af? -
aaa: auto-analyze all (experimental) -
s SYMBOL or ADDRESS: go to address -
pdf: show current function’s disassembly -
pdc: show pseudocode for current function -
pdd?: r2dec decompiler plugin -
pdg?: r2ghidra decompiler plugin -
afl: analyze function list -
a?: show stuff -
ax[tf] ADDR: show xref from or to ADDR -
V: visual mode / hex view -
VV: enter visual mode (graph) -
V!: enter paned visual mode -
afvn ORIGINAL NEW: rename variable
Visual Mode (Hexdump)
<p>- cycle between:- hex view
- debugger / assembly
- ENTER - follow static calls (no reloc)
- u - go back (undo ENTER)
- show stack & registers + previous
- note: you can make it show more lines of stack in config
- color view?
- raw escaped hex view
<P>- go to previous view:- execute commands (just like outside of visual mode)
Visual Mode (Graph)
<h/j/k/l>: pan around<S-h/j/k/l>: move the current block around<p>: cycle through visual representations<Tab>=/=<S-Tab>: change to next block<?>: show help<S-r>: randomize colorscheme<colon>: enter command mode
Debugging
$ r2 -d BIN: start in debug modedb 0x0040012c: create breakpoint at given addressdc: continue until breakpointood ARGS...: reload binary in debug mode
Debugging in Visual Mode
Instruction pointer and other registers will be shown on the graph.
<s>: single step instructions<S-s>: single step instructions, but follow into function calls