radare2/man/rabin2.1

.Dd Mar 11, 2012
.Dt RABIN2 1
.Os
.Sh NAME
.Nm rabin2
.Nd Binary program info extractor
.Sh SYNOPSIS
.Nm rabin2
.Op Fl ACeisSMzIHlRrLxvVh
.Op Fl a Ar arch
.Op Fl b Ar bits
.Op Fl B Ar addr
.Op Fl c Ar fmt:C:[D]
.Op Fl f Ar subbin
.Op Fl O Ar str
.Op Fl o Ar str
.Op Fl m Ar addr
.Op Fl @ Ar addr
.Op Fl n Ar str
.Ar file
.Sh DESCRIPTION
This program allows you to get information about ELF/PE/MZ and CLASS files in a simple way.
.Bl -tag -width Fl
.It Fl A
List archs
.It Fl a Ar arch
Set arch (x86, arm, .. accepts underscore for bits x86_32)
.It Fl b Ar bits
Set bits (32, 64, ...)
.It Fl B Ar addr
Override baddr
.It Fl c Ar [fmt:C[:D]]
Create [elf,mach0,pe] for arm and x86-32/64 tiny binaries where 'C' is an hexpair list of the code bytes and ':D' is an optional concatenation to describe the bytes for the data section.
.It Fl C
List classes
.It Fl e
Show entrypoints for disk and on-memory
.It Fl f Ar subbin
Select sub-binary architecture. Useful for fat-mach0 binaries
.It Fl i
Show imports (symbols imported from libraries)
.It Fl s
Show exported symbols
.It Fl S
Show sections
.It Fl M
Show address of 'main' symbol
.It Fl z
Show strings inside .data section (like gnu strings does)
.It Fl I
Show binary info
.It Fl H
Show header fields
.It Fl l
List linked libraries to the binary
.It Fl R
Show realocations
.It Fl O Ar str
Write/extract operations (\-O help)
.It Fl o Ar str
Output file/folder for write operations (out by default)
.It Fl r
Show output in radare format
.It Fl v
Display virtual addressing offsets
.It Fl m Ar addr
Show source line reference from a given address
.It Fl L
List supported bin plugins
.It Fl @ Ar addr
Show information (symbol, section, import) of the given address
.It Fl n Ar str
Show information (symbol, section, import) at string offset
.It Fl x
Extract all sub binaries from a fat binary (f.ex: fatmach0)
.It Fl V
Show version information
.It Fl h
Show usage help message.
.El
.Sh EXAMPLES
.Pp
List symbols of a program
.Pp
  $ rabin2 -s a.out
.Pp
Get offset of symbol
.Pp
  $ rabin2 -n _main a.out
.Pp
Get entrypoint
.Pp
  $ rabin2 -e a.out
.Pp
Load symbols and imports from radare
.Pp
  .!rabin2 -vrsi a.out
.Sh SEE ALSO
.Pp
.Xr rahash2(1) ,
.Xr rafind2(1) ,
.Xr radare2(1) ,
.Xr radiff2(1) ,
.Xr rasm2(1) ,
.Xr rax2(1) ,
.Xr rsc2(1) ,
.Xr ragg2(1) ,
.Xr rarun2(1) ,
.Sh AUTHORS
.Pp
pancake <pancake@nopcode.org>,
nibble <nibble@develsec.org>
Add new code analysis vars and update manpages rasm2 defaults -o to 0 instead of 0x8048000 fixes in rarun2 to make it more userfriendly update some manpages with examples enhace output of 'afi' command fix 'pi' bug setting blocksize fix 'pdi' bug ignoring user defined len add $C $J $X and $F $I code analysis variables run r2irc.js in sandbox mode 2012-10-22 08:28:42 +08:00			`.Dd Mar 11, 2012`
* Write and install manpages * Merge r_trace into r_debug (RDebugTrace) - Implement 'dt' command to manage debugging traces - TODO: Track register values and memory changes - Added dbg.trace and dbg.trace.tag * Added r_sys_now() to retrieve ut64 value of current time - Must check endianness issues * Initial work trying to implement RPATH support to ELF * Less flat command tree - 'dt' is now 'dbt' - 'dk' is now 'dpk' * Some more random syntax cleanup fixes * Say 'yes/no' instead of 'ok/fail' in check-langs script 2010-03-13 01:46:11 +08:00			`.Dt RABIN2 1`
* Initial work on the register API for r_debug - r_debug_reg and r_debug_regset - Handles dbg->newstate to force register sync - Only dbg.reg.read() for x86-32 and 64 * Added dummy copy of manpages (from old radare1) 2009-04-15 19:09:36 +08:00			`.Os`
			`.Sh NAME`
* Write and install manpages * Merge r_trace into r_debug (RDebugTrace) - Implement 'dt' command to manage debugging traces - TODO: Track register values and memory changes - Added dbg.trace and dbg.trace.tag * Added r_sys_now() to retrieve ut64 value of current time - Must check endianness issues * Initial work trying to implement RPATH support to ELF * Less flat command tree - 'dt' is now 'dbt' - 'dk' is now 'dpk' * Some more random syntax cleanup fixes * Say 'yes/no' instead of 'ok/fail' in check-langs script 2010-03-13 01:46:11 +08:00			`.Nm rabin2`
* Initial work on the register API for r_debug - r_debug_reg and r_debug_regset - Handles dbg->newstate to force register sync - Only dbg.reg.read() for x86-32 and 64 * Added dummy copy of manpages (from old radare1) 2009-04-15 19:09:36 +08:00			`.Nd Binary program info extractor`
			`.Sh SYNOPSIS`
* Write and install manpages * Merge r_trace into r_debug (RDebugTrace) - Implement 'dt' command to manage debugging traces - TODO: Track register values and memory changes - Added dbg.trace and dbg.trace.tag * Added r_sys_now() to retrieve ut64 value of current time - Must check endianness issues * Initial work trying to implement RPATH support to ELF * Less flat command tree - 'dt' is now 'dbt' - 'dk' is now 'dpk' * Some more random syntax cleanup fixes * Say 'yes/no' instead of 'ok/fail' in check-langs script 2010-03-13 01:46:11 +08:00			`.Nm rabin2`
Load bin info in debugger and some doc/sys cleanup 2012-10-24 00:44:32 +08:00			`.Op Fl ACeisSMzIHlRrLxvVh`
* Update manpages 2011-12-02 10:43:08 +08:00			`.Op Fl a Ar arch`
			`.Op Fl b Ar bits`
			`.Op Fl B Ar addr`
* Fix make w32dist * Update manpages * Added r2 -H for env and files help * Add rarun2 -h * Show assembler/disassembler features in rasm2 -L * Add opcode 'mov dword [ebp-12],4' to x86.nz - Make t/test.nz work with x86.olly (32bit only atm) * Fix unknown os issue with tiny-pe files in r_bin * Fix some plugin names build fails in mingw32 * MAGICPATH renamed to R_MAGIC_PATH * Add another experimental way to generate gir files - Added dummy test.js for nodejs * Build python-dist in farm --HG-- rename : man/rarc2-tool.1 => binr/old.rarc2/rarc2-tool.1 rename : man/rarc2.1 => binr/old.rarc2/rarc2.1 2011-10-12 09:24:19 +08:00			`.Op Fl c Ar fmt:C:[D]`
			`.Op Fl f Ar subbin`
* Update manpages 2011-12-02 10:43:08 +08:00			`.Op Fl O Ar str`
			`.Op Fl o Ar str`
			`.Op Fl m Ar addr`
			`.Op Fl @ Ar addr`
			`.Op Fl n Ar str`
			`.Ar file`
* Initial work on the register API for r_debug - r_debug_reg and r_debug_regset - Handles dbg->newstate to force register sync - Only dbg.reg.read() for x86-32 and 64 * Added dummy copy of manpages (from old radare1) 2009-04-15 19:09:36 +08:00			`.Sh DESCRIPTION`
			`This program allows you to get information about ELF/PE/MZ and CLASS files in a simple way.`
			`.Bl -tag -width Fl`
* Update manpages 2011-12-02 10:43:08 +08:00			`.It Fl A`
			`List archs`
			`.It Fl a Ar arch`
			`Set arch (x86, arm, .. accepts underscore for bits x86_32)`
			`.It Fl b Ar bits`
			`Set bits (32, 64, ...)`
			`.It Fl B Ar addr`
			`Override baddr`
			`.It Fl c Ar [fmt:C[:D]]`
			`Create [elf,mach0,pe] for arm and x86-32/64 tiny binaries where 'C' is an hexpair list of the code bytes and ':D' is an optional concatenation to describe the bytes for the data section.`
			`.It Fl C`
			`List classes`
* Initial work on the register API for r_debug - r_debug_reg and r_debug_regset - Handles dbg->newstate to force register sync - Only dbg.reg.read() for x86-32 and 64 * Added dummy copy of manpages (from old radare1) 2009-04-15 19:09:36 +08:00			`.It Fl e`
			`Show entrypoints for disk and on-memory`
* Update manpages 2011-12-02 10:43:08 +08:00			`.It Fl f Ar subbin`
			`Select sub-binary architecture. Useful for fat-mach0 binaries`
* Initial work on the register API for r_debug - r_debug_reg and r_debug_regset - Handles dbg->newstate to force register sync - Only dbg.reg.read() for x86-32 and 64 * Added dummy copy of manpages (from old radare1) 2009-04-15 19:09:36 +08:00			`.It Fl i`
* Update manpages 2011-12-02 10:43:08 +08:00			`Show imports (symbols imported from libraries)`
* Initial work on the register API for r_debug - r_debug_reg and r_debug_regset - Handles dbg->newstate to force register sync - Only dbg.reg.read() for x86-32 and 64 * Added dummy copy of manpages (from old radare1) 2009-04-15 19:09:36 +08:00			`.It Fl s`
			`Show exported symbols`
			`.It Fl S`
			`Show sections`
* Update manpages 2011-12-02 10:43:08 +08:00			`.It Fl M`
			`Show address of 'main' symbol`
			`.It Fl z`
			`Show strings inside .data section (like gnu strings does)`
			`.It Fl I`
			`Show binary info`
Load bin info in debugger and some doc/sys cleanup 2012-10-24 00:44:32 +08:00			`.It Fl H`
* Update manpages 2011-12-02 10:43:08 +08:00			`Show header fields`
* Initial work on the register API for r_debug - r_debug_reg and r_debug_regset - Handles dbg->newstate to force register sync - Only dbg.reg.read() for x86-32 and 64 * Added dummy copy of manpages (from old radare1) 2009-04-15 19:09:36 +08:00			`.It Fl l`
			`List linked libraries to the binary`
Load bin info in debugger and some doc/sys cleanup 2012-10-24 00:44:32 +08:00			`.It Fl R`
* Update manpages 2011-12-02 10:43:08 +08:00			`Show realocations`
			`.It Fl O Ar str`
* Add manpage for ragg2-cc * Fix rax2 -S (by @earada, reported by @sre) * Fix typos in manpages reported by lintian (thx @sre) * Add r_core_file_reopen() - 'do' is an alias for 'oo' - close previous file - breaks debugger reopen .. needs more work 2011-12-05 09:42:06 +08:00			`Write/extract operations (\-O help)`
* Update manpages 2011-12-02 10:43:08 +08:00			`.It Fl o Ar str`
			`Output file/folder for write operations (out by default)`
* Initial work on the register API for r_debug - r_debug_reg and r_debug_regset - Handles dbg->newstate to force register sync - Only dbg.reg.read() for x86-32 and 64 * Added dummy copy of manpages (from old radare1) 2009-04-15 19:09:36 +08:00			`.It Fl r`
			`Show output in radare format`
			`.It Fl v`
* Set library version number for plugins - Registers for which version of core was compiled * Use tar --format=posix when GNU tar - Fixes the dependency on BSD systems * Fix in doc/fortunes * Fix this class pointer in asm_java * Re-Fix uglily the bin_elf strtab issue (needs more work) * Fix Vala regression in r_asm.vapi 2011-07-19 06:12:36 +08:00			`Display virtual addressing offsets`
* Update manpages 2011-12-02 10:43:08 +08:00			`.It Fl m Ar addr`
			`Show source line reference from a given address`
			`.It Fl L`
			`List supported bin plugins`
			`.It Fl @ Ar addr`
			`Show information (symbol, section, import) of the given address`
			`.It Fl n Ar str`
			`Show information (symbol, section, import) at string offset`
			`.It Fl x`
			`Extract all sub binaries from a fat binary (f.ex: fatmach0)`
			`.It Fl V`
			`Show version information`
* Initial work on the register API for r_debug - r_debug_reg and r_debug_regset - Handles dbg->newstate to force register sync - Only dbg.reg.read() for x86-32 and 64 * Added dummy copy of manpages (from old radare1) 2009-04-15 19:09:36 +08:00			`.It Fl h`
			`Show usage help message.`
			`.El`
Add new code analysis vars and update manpages rasm2 defaults -o to 0 instead of 0x8048000 fixes in rarun2 to make it more userfriendly update some manpages with examples enhace output of 'afi' command fix 'pi' bug setting blocksize fix 'pdi' bug ignoring user defined len add $C $J $X and $F $I code analysis variables run r2irc.js in sandbox mode 2012-10-22 08:28:42 +08:00			`.Sh EXAMPLES`
			`.Pp`
			`List symbols of a program`
			`.Pp`
			`$ rabin2 -s a.out`
			`.Pp`
			`Get offset of symbol`
			`.Pp`
			`$ rabin2 -n _main a.out`
			`.Pp`
			`Get entrypoint`
			`.Pp`
			`$ rabin2 -e a.out`
			`.Pp`
			`Load symbols and imports from radare`
			`.Pp`
Load bin info in debugger and some doc/sys cleanup 2012-10-24 00:44:32 +08:00			`.!rabin2 -vrsi a.out`
* Initial work on the register API for r_debug - r_debug_reg and r_debug_regset - Handles dbg->newstate to force register sync - Only dbg.reg.read() for x86-32 and 64 * Added dummy copy of manpages (from old radare1) 2009-04-15 19:09:36 +08:00			`.Sh SEE ALSO`
			`.Pp`
* Write and install manpages * Merge r_trace into r_debug (RDebugTrace) - Implement 'dt' command to manage debugging traces - TODO: Track register values and memory changes - Added dbg.trace and dbg.trace.tag * Added r_sys_now() to retrieve ut64 value of current time - Must check endianness issues * Initial work trying to implement RPATH support to ELF * Less flat command tree - 'dt' is now 'dbt' - 'dk' is now 'dpk' * Some more random syntax cleanup fixes * Say 'yes/no' instead of 'ok/fail' in check-langs script 2010-03-13 01:46:11 +08:00			`.Xr rahash2(1) ,`
* Merge lost commit - Add rsc2.1 manpage - Use acr-0.8.6 everywhere - Fix make dist in r2-bindings 2011-07-19 16:45:47 +08:00			`.Xr rafind2(1) ,`
* Write and install manpages * Merge r_trace into r_debug (RDebugTrace) - Implement 'dt' command to manage debugging traces - TODO: Track register values and memory changes - Added dbg.trace and dbg.trace.tag * Added r_sys_now() to retrieve ut64 value of current time - Must check endianness issues * Initial work trying to implement RPATH support to ELF * Less flat command tree - 'dt' is now 'dbt' - 'dk' is now 'dpk' * Some more random syntax cleanup fixes * Say 'yes/no' instead of 'ok/fail' in check-langs script 2010-03-13 01:46:11 +08:00			`.Xr radare2(1) ,`
			`.Xr radiff2(1) ,`
			`.Xr rasm2(1) ,`
			`.Xr rax2(1) ,`
* Merge lost commit - Add rsc2.1 manpage - Use acr-0.8.6 everywhere - Fix make dist in r2-bindings 2011-07-19 16:45:47 +08:00			`.Xr rsc2(1) ,`
* Fix make w32dist * Update manpages * Added r2 -H for env and files help * Add rarun2 -h * Show assembler/disassembler features in rasm2 -L * Add opcode 'mov dword [ebp-12],4' to x86.nz - Make t/test.nz work with x86.olly (32bit only atm) * Fix unknown os issue with tiny-pe files in r_bin * Fix some plugin names build fails in mingw32 * MAGICPATH renamed to R_MAGIC_PATH * Add another experimental way to generate gir files - Added dummy test.js for nodejs * Build python-dist in farm --HG-- rename : man/rarc2-tool.1 => binr/old.rarc2/rarc2-tool.1 rename : man/rarc2.1 => binr/old.rarc2/rarc2.1 2011-10-12 09:24:19 +08:00			`.Xr ragg2(1) ,`
			`.Xr rarun2(1) ,`
* Initial work on the register API for r_debug - r_debug_reg and r_debug_regset - Handles dbg->newstate to force register sync - Only dbg.reg.read() for x86-32 and 64 * Added dummy copy of manpages (from old radare1) 2009-04-15 19:09:36 +08:00			`.Sh AUTHORS`
			`.Pp`
* Release 0.6 codename "the cake is a pie" 2010-10-29 19:58:19 +08:00			`pancake <pancake@nopcode.org>,`
			`nibble <nibble@develsec.org>`