rabin2
Tips
- Use
rabin2 -l binary
to list its direct dependencies.
Help
Usage: rabin2 [-AcdeEghHiIjlLMqrRsSUvVxzZ] [-@ at] [-a arch] [-b bits] [-B addr]
[-C F:C:D] [-f str] [-m addr] [-n str] [-N m:M] [-P[-P] pdb]
[-o str] [-O str] [-k query] [-D lang symname] | file
-@ [addr] show section, symbol or import at addr
-A list sub-binaries and their arch-bits pairs
-a [arch] set arch (x86, arm, .. or <arch>_<bits>)
-b [bits] set bits (32, 64 ...)
-B [addr] override base address (pie bins)
-c list classes
-cc list classes in header format
-C [fmt:C:D] create [elf,mach0,pe] with Code and Data hexpairs (see -a)
-d show debug/dwarf information
-D lang name demangle symbol name (-D all for bin.demangle=true)
-e entrypoint
-ee constructor/destructor entrypoints
-E globally exportable symbols
-f [str] select sub-bin named str
-F [binfmt] force to use that bin plugin (ignore header check)
-g same as -SMZIHVResizcld (show all info)
-G [addr] load address . offset to header
-h this help message
-H header fields
-i imports (symbols imported from libraries)
-I binary info
-j output in json
-k [sdb-query] run sdb query. for example: '*'
-K [algo] calculate checksums (md5, sha1, ..)
-l linked libraries
-L [plugin] list supported bin plugins or plugin details
-m [addr] show source line at addr
-M main (show address of main symbol)
-n [str] show section, symbol or import named str
-N [min:max] force min:max number of chars per string (see -z and -zz)
-o [str] output file/folder for write operations (out by default)
-O [str] write/extract operations (-O help)
-p show physical addresses
-P show debug/pdb information
-PP download pdb file for binary
-q be quiet, just show fewer data
-qq show less info (no offset/size for -z for ex.)
-Q show load address used by dlopen (non-aslr libs)
-r radare output
-R relocations
-s symbols
-S sections
-SS segments
-u unfiltered (no rename duplicated symbols/sections)
-U resoUrces
-v display version and quit
-V Show binary version information
-x extract bins contained in file
-X [fmt] [f] .. package in fat or zip the given files and bins contained in file
-z strings (from data section)
-zz strings (from raw bins [e bin.rawstr=1])
-zzz dump raw strings to stdout (for huge files)
-Z guess size of binary program
rabin2 man page
RABIN2(1) BSD General Commands Manual RABIN2(1)
NAME
RABIN2 — Binary program info extractor
SYNOPSIS
rabin2 [-AceghHiIsSMzlpRrLxvhqQV] [-a arch] [-b bits] [-B addr] [-C fmt:C:[D]] [-D lang sym|-] [-f subbin]
[-k query] [-K algo] [-O binop] [-o str] [-m addr] [-@ addr] [-n str] [-X fmt file ...] file
DESCRIPTION
This program allows you to get information about ELF/PE/MZ and CLASS files in a simple way.
All those commandline flags are also available under the i command in radare2. Type i? for help.
-@ addr Show information (symbol, section, import) of the given address
-A List sub-binaries and their associated arch-bits pairs
-a arch Set arch (x86, arm, .. accepts underscore for bits x86_32)
-b bits Set bits (32, 64, ...)
-B addr Override baddr
-c List classes
-cc List classes in header format
-C [fmt:C[:D]]
Create [elf,mach0,pe] for arm and x86-32/64 tiny binaries where 'C' is an hexpair list of the code
bytes and ':D' is an optional concatenation to describe the bytes for the data section.
-d Show debug/dwarf information
-D lang symbolname|-
Demangle symbol name (or - to read from stdin) for lang (cxx, swift, java, cxx, ..)
-e Show entrypoints for disk and on-memory
-ee Show constructor/destructors (extended entrypoints)
-f subbin Select sub-binary architecture. Useful for fat-mach0 binaries
-F binfmt Force to use that bin plugin (ignore header check)
-g Show all possible information
-G addr Load address . offset to header
-h Show usage help message.
-H Show header fields (see ih command in r2)
-I Show binary info (iI in r2)
-i Show imports (symbols imported from libraries) (ii)
-j Output in json
-k query Perform SDB query on loaded file
-K algo Select a rahash2 checksum algorithm to be performed on sections listing (and maybe others in the
future) i.e 'rabin2 -K md5 -S /bin/ls'
-l List linked libraries to the binary
-L List supported bin plugins
-M Show address of 'main' symbol
-m addr Show source line reference from a given address
-N minlen:maxlen
Force minimum and maximum number of chars per string (see -z and -zz). if (strlen>minlen && (!maxlen
|| strlen<=maxlen))
-n str Show information (symbol, section, import) at string offset
-o str Output file/folder for write operations (out by default)
-O binop Perform binary operation on target binary (dump, resize, change sections, ...) see '-O help' for
more information
-p Disable VA. Show physical addresses
-P Show debug/pdb information
-PP Download pdb file for binary
-q Be quiet, just show fewer data
-qq Show less info (no offset/size for -z for ex.)
-Q Show load address used by dlopen (non-aslr libs)
-r Show output in radare format
-R Show realocations
-s Show exported symbols
-S Show sections
-u Unfiltered (no rename duplicated symbols/sections)
-v Show version information
-V Show binary version information
-x Extract all sub binaries from a fat binary (f.ex: fatmach0)
-X format file ...
Package a fat or zip containing all the files passed (fat, zip)
-z Show strings inside .data section (like gnu strings does)
-Z Guess size of binary program
-zz Shows strings from raw bins
-zzz Dump raw strings to stdout (for huge files)
ENVIRONMENT
RABIN2_LANG same as r2 -e bin.lang for rabin2
RABIN2_DEMANGLE demangle symbols
RABIN2_MAXSTRBUF same as r2 -e bin.maxstrbuf for rabin2
RABIN2_DEBASE64 try to decode all strings as base64 if possible
RABIN2_STRFILTER same as r2 -e bin.strfilter for rabin2
RABIN2_STRPURGE same as r2 -e bin.strpurge for rabin2
EXAMPLES
List symbols of a program
$ rabin2 -s a.out
Get offset of symbol
$ rabin2 -n _main a.out
Get entrypoint
$ rabin2 -e a.out
Load symbols and imports from radare2
$ r2 -n /bin/ls
[0x00000000]> .!rabin2 -prsi $FILE
SEE ALSO
rahash2(1), rafind2(1), radare2(1), radiff2(1), rasm2(1), rax2(1), rsc2(1), ragg2(1), rarun2(1),
AUTHORS
Written by pancake <pancake@nopcode.org>.
Sep 29, 2016