aa[?] analyze all (fcns + bbs) (aa0 to avoid sub renaming)
aaalias for 'af@@ sym.*;af@entry0;afva'-
aaanalyze all public symbols. The aa command analyzes all flags starting with sym. (symbols/function names) and entry0 (i.e. _start, the program’s entry point)
-
aa*analyze all flags starting with sym. (af @@ sym.*)aaa[?]autoname functions after aa (see afna)aabaab across io.sections.text-
aabLooks for executable sections and looks for calls. when it finds a call, it looks for the destination of the call. Splits up basic blocks, and tries to remove all the false positives aac [len]analyze function calls (af @@ `pi len~call[1]` ) Identify functions by following calls-
aacanalyze all call destinations as functions
-
aaci?aac* [len]flag function calls without performing a complete analysisaad [len]analyze data references to codeaae [len] ([addr])analyze references with ESIL (optionally to address) Emulate code to identify new pointer references-
aaeAnalyzes executable sections but using emulation. Useful for calls that are using registers instead of hardcoded destinations aafanalyze all functions (e anal.hasnext=1;afr @@c:isq)aaErun aef on all functions (same as aef @@f)aai[j]show info of all analysis parametersaanautoname functions that either start with fcn. or sym.func.aangrecover function names from stripped golang binariesaapfind and analyze function preludesaar[?] [len]analyze len bytes of instructions for referencesaas [len]analyze symbols (af @@= `isq~[0]` )-
aasUse binary header information to find public functions
-
aat [len]analyze all consecutive functions in section. Assume functions are consecutiveaaT [len]analyze code after trap-sledsaau [len]list mem areas (larger than len bytes) not covered by functionsaav [sat]find values referencing a specific section or map-
aavLooks for values in the text section that are pointing to the text section. Shows hardcoded pointers in program memory.
aa aa* aaa aab aac aac* aad aae aaE aai aan aap aar aas aat aaT aau aav aaf