2016-09-29 17:26:42 +08:00
.Dd Sep 29 , 2016
2014-09-30 17:01:45 +08:00
.Dt RABIN2 1
2014-09-30 17:37:26 +08:00
.Sh NAME
.Nm RABIN2
.Nd Binary program info extractor
2009-04-15 19:09:36 +08:00
.Sh SYNOPSIS
2010-03-13 01:46:11 +08:00
.Nm rabin2
2019-01-25 00:22:53 +08:00
.Op Fl AceghHiIsSMzlpRrLxvhqQTuUV
2011-12-02 10:43:08 +08:00
.Op Fl a Ar arch
.Op Fl b Ar bits
.Op Fl B Ar addr
2015-07-06 07:08:14 +08:00
.Op Fl C Ar fmt:C:[D]
2015-07-07 06:38:51 +08:00
.Op Fl D Ar lang sym|-
2011-10-12 09:24:19 +08:00
.Op Fl f Ar subbin
2014-05-19 07:42:36 +08:00
.Op Fl k Ar query
2014-08-15 09:30:45 +08:00
.Op Fl K Ar algo
2015-11-30 07:10:28 +08:00
.Op Fl O Ar binop
2011-12-02 10:43:08 +08:00
.Op Fl o Ar str
.Op Fl m Ar addr
.Op Fl @ Ar addr
.Op Fl n Ar str
2016-08-30 10:26:20 +08:00
.Op Fl X Ar fmt file ...
2011-12-02 10:43:08 +08:00
.Ar file
2009-04-15 19:09:36 +08:00
.Sh DESCRIPTION
This program allows you to get information about ELF/PE/MZ and CLASS files in a simple way.
2016-09-29 17:26:42 +08:00
.Pp
All those commandline flags are also available under the i command in radare2. Type i? for help.
2009-04-15 19:09:36 +08:00
.Bl -tag -width Fl
2014-08-07 05:39:23 +08:00
.It Fl @ Ar addr
Show information (symbol, section, import) of the given address
2011-12-02 10:43:08 +08:00
.It Fl A
2015-11-05 20:37:21 +08:00
List sub-binaries and their associated arch-bits pairs
2011-12-02 10:43:08 +08:00
.It Fl a Ar arch
Set arch (x86, arm, .. accepts underscore for bits x86_32)
.It Fl b Ar bits
Set bits (32, 64, ...)
.It Fl B Ar addr
Override baddr
2015-07-06 07:08:14 +08:00
.It Fl c
2011-12-02 10:43:08 +08:00
List classes
2017-08-10 22:41:46 +08:00
.It Fl cc
List classes in header format
2015-07-06 07:08:14 +08:00
.It Fl C Ar [fmt:C[:D]]
Create [elf,mach0,pe] for arm and x86-32/64 tiny binaries where 'C' is an hexpair list of the code bytes and ':D' is an optional concatenation to describe the bytes for the data section.
2014-08-07 05:39:23 +08:00
.It Fl d
Show debug/dwarf information
2015-07-07 06:38:51 +08:00
.It Fl D Ar lang symbolname|-
Demangle symbol name (or - to read from stdin) for lang (cxx, swift, java, cxx, ..)
2009-04-15 19:09:36 +08:00
.It Fl e
Show entrypoints for disk and on-memory
2017-10-31 01:31:01 +08:00
.It Fl ee
Show constructor/destructors (extended entrypoints)
2011-12-02 10:43:08 +08:00
.It Fl f Ar subbin
Select sub-binary architecture. Useful for fat-mach0 binaries
2016-09-28 18:05:12 +08:00
.It Fl F Ar binfmt
Force to use that bin plugin (ignore header check)
2013-11-09 10:42:20 +08:00
.It Fl g
2014-08-07 05:39:23 +08:00
Show all possible information
2017-01-08 04:00:28 +08:00
.It Fl G Ar addr
2016-09-28 18:05:12 +08:00
Load address . offset to header
2014-08-07 05:39:23 +08:00
.It Fl h
Show usage help message.
.It Fl H
2016-09-29 17:26:42 +08:00
Show header fields (see ih command in r2)
2014-08-07 05:39:23 +08:00
.It Fl I
2016-09-29 17:26:42 +08:00
Show binary info (iI in r2)
2009-04-15 19:09:36 +08:00
.It Fl i
2016-09-29 17:26:42 +08:00
Show imports (symbols imported from libraries) (ii)
2014-08-07 05:39:23 +08:00
.It Fl j
Output in json
2014-05-19 07:42:36 +08:00
.It Fl k Ar query
Perform SDB query on loaded file
2014-08-15 09:30:45 +08:00
.It Fl K Ar algo
2014-09-05 05:13:43 +08:00
Select a rahash2 checksum algorithm to be performed on sections listing (and maybe others in the future) i.e 'rabin2 -K md5 -S /bin/ls'
2009-04-15 19:09:36 +08:00
.It Fl l
List linked libraries to the binary
2014-08-07 05:39:23 +08:00
.It Fl L
List supported bin plugins
.It Fl M
Show address of 'main' symbol
.It Fl m Ar addr
Show source line reference from a given address
2014-10-21 10:39:37 +08:00
.It Fl N Ar minlen:maxlen
Force minimum and maximum number of chars per string (see -z and -zz). if (strlen>minlen && (!maxlen || strlen<=maxlen))
2014-08-07 05:39:23 +08:00
.It Fl n Ar str
Show information (symbol, section, import) at string offset
2011-12-02 10:43:08 +08:00
.It Fl o Ar str
Output file/folder for write operations (out by default)
2015-11-30 07:10:28 +08:00
.It Fl O Ar binop
Perform binary operation on target binary (dump, resize, change sections, ...) see '-O help' for more information
2014-08-24 16:41:32 +08:00
.It Fl p
Disable VA. Show physical addresses
2016-09-28 18:05:12 +08:00
.It Fl P
Show debug/pdb information
.It Fl PP
Download pdb file for binary
2014-08-07 05:39:23 +08:00
.It Fl q
Be quiet, just show fewer data
2016-09-28 18:05:12 +08:00
.It Fl qq
Show less info (no offset/size for -z for ex.)
2016-02-05 04:52:32 +08:00
.It Fl Q
2016-09-28 18:05:12 +08:00
Show load address used by dlopen (non-aslr libs)
.It Fl r
2017-07-19 12:23:25 +08:00
Show output in radare format
2014-08-07 05:39:23 +08:00
.It Fl R
2018-07-20 22:26:44 +08:00
Show relocations
2014-08-07 05:39:23 +08:00
.It Fl s
Show exported symbols
.It Fl S
Show sections
2018-07-16 10:48:50 +08:00
.It Fl SS
Show segments
2019-01-25 00:22:53 +08:00
.It Fl T
Show Certificates
2016-09-28 18:05:12 +08:00
.It Fl u
Unfiltered (no rename duplicated symbols/sections)
2019-01-16 03:14:00 +08:00
.It Fl U
Show Resources
2009-04-15 19:09:36 +08:00
.It Fl v
2014-08-23 08:40:24 +08:00
Show version information
2016-03-04 08:20:33 +08:00
.It Fl V
Show binary version information
2011-12-02 10:43:08 +08:00
.It Fl x
Extract all sub binaries from a fat binary (f.ex: fatmach0)
2016-08-30 10:26:20 +08:00
.It Fl X Ar format file ...
Package a fat or zip containing all the files passed (fat, zip)
2014-08-07 05:39:23 +08:00
.It Fl z
Show strings inside .data section (like gnu strings does)
.It Fl Z
Guess size of binary program
.It Fl zz
Shows strings from raw bins
2016-09-28 18:05:12 +08:00
.It Fl zzz
Dump raw strings to stdout (for huge files)
2009-04-15 19:09:36 +08:00
.El
2015-10-07 08:52:50 +08:00
.Sh ENVIRONMENT
.Pp
2015-10-19 19:21:12 +08:00
RABIN2_LANG same as r2 -e bin.lang for rabin2
.Pp
2015-10-19 09:28:22 +08:00
RABIN2_DEMANGLE demangle symbols
.Pp
2015-10-07 08:52:50 +08:00
RABIN2_MAXSTRBUF same as r2 -e bin.maxstrbuf for rabin2
2015-10-13 09:50:14 +08:00
.Pp
2016-11-18 20:28:50 +08:00
RABIN2_DEBASE64 try to decode all strings as base64 if possible
.Pp
2015-10-13 09:50:14 +08:00
RABIN2_STRFILTER same as r2 -e bin.strfilter for rabin2
.Pp
RABIN2_STRPURGE same as r2 -e bin.strpurge for rabin2
2012-10-22 08:28:42 +08:00
.Sh EXAMPLES
.Pp
List symbols of a program
.Pp
2013-04-17 01:54:26 +08:00
$ rabin2 \- s a.out
2012-10-22 08:28:42 +08:00
.Pp
Get offset of symbol
.Pp
2013-04-17 01:54:26 +08:00
$ rabin2 \- n _main a.out
2012-10-22 08:28:42 +08:00
.Pp
Get entrypoint
.Pp
2013-04-17 01:54:26 +08:00
$ rabin2 \- e a.out
2012-10-22 08:28:42 +08:00
.Pp
2014-08-23 08:40:24 +08:00
Load symbols and imports from radare2
2012-10-22 08:28:42 +08:00
.Pp
2014-08-23 08:40:24 +08:00
$ r2 -n /bin/ls
2014-08-24 16:41:32 +08:00
[0x00000000]> .!rabin2 \- prsi $FILE
2009-04-15 19:09:36 +08:00
.Sh SEE ALSO
.Pp
2010-03-13 01:46:11 +08:00
.Xr rahash2(1) ,
2011-07-19 16:45:47 +08:00
.Xr rafind2(1) ,
2010-03-13 01:46:11 +08:00
.Xr radare2(1) ,
.Xr radiff2(1) ,
.Xr rasm2(1) ,
.Xr rax2(1) ,
2011-07-19 16:45:47 +08:00
.Xr rsc2(1) ,
2011-10-12 09:24:19 +08:00
.Xr ragg2(1) ,
.Xr rarun2(1) ,
2009-04-15 19:09:36 +08:00
.Sh AUTHORS
.Pp
2014-01-01 15:52:46 +08:00
Written by pancake <pancake@nopcode.org>.