146 lines
3.4 KiB
Groff
146 lines
3.4 KiB
Groff
.Dd Oct 19, 2015
|
|
.Dt RABIN2 1
|
|
.Sh NAME
|
|
.Nm RABIN2
|
|
.Nd Binary program info extractor
|
|
.Sh SYNOPSIS
|
|
.Nm rabin2
|
|
.Op Fl AceghHiIsSMzlpRrLxvh
|
|
.Op Fl a Ar arch
|
|
.Op Fl b Ar bits
|
|
.Op Fl B Ar addr
|
|
.Op Fl C Ar fmt:C:[D]
|
|
.Op Fl D Ar lang sym|-
|
|
.Op Fl f Ar subbin
|
|
.Op Fl k Ar query
|
|
.Op Fl K Ar algo
|
|
.Op Fl O Ar str
|
|
.Op Fl o Ar str
|
|
.Op Fl m Ar addr
|
|
.Op Fl @ Ar addr
|
|
.Op Fl n Ar str
|
|
.Ar file
|
|
.Sh DESCRIPTION
|
|
This program allows you to get information about ELF/PE/MZ and CLASS files in a simple way.
|
|
.Bl -tag -width Fl
|
|
.It Fl @ Ar addr
|
|
Show information (symbol, section, import) of the given address
|
|
.It Fl A
|
|
List archs
|
|
.It Fl a Ar arch
|
|
Set arch (x86, arm, .. accepts underscore for bits x86_32)
|
|
.It Fl b Ar bits
|
|
Set bits (32, 64, ...)
|
|
.It Fl B Ar addr
|
|
Override baddr
|
|
.It Fl c
|
|
List classes
|
|
.It Fl C Ar [fmt:C[:D]]
|
|
Create [elf,mach0,pe] for arm and x86-32/64 tiny binaries where 'C' is an hexpair list of the code bytes and ':D' is an optional concatenation to describe the bytes for the data section.
|
|
.It Fl d
|
|
Show debug/dwarf information
|
|
.It Fl D Ar lang symbolname|-
|
|
Demangle symbol name (or - to read from stdin) for lang (cxx, swift, java, cxx, ..)
|
|
.It Fl e
|
|
Show entrypoints for disk and on-memory
|
|
.It Fl f Ar subbin
|
|
Select sub-binary architecture. Useful for fat-mach0 binaries
|
|
.It Fl g
|
|
Show all possible information
|
|
.It Fl h
|
|
Show usage help message.
|
|
.It Fl H
|
|
Show header fields
|
|
.It Fl I
|
|
Show binary info
|
|
.It Fl i
|
|
Show imports (symbols imported from libraries)
|
|
.It Fl j
|
|
Output in json
|
|
.It Fl k Ar query
|
|
Perform SDB query on loaded file
|
|
.It Fl K Ar algo
|
|
Select a rahash2 checksum algorithm to be performed on sections listing (and maybe others in the future) i.e 'rabin2 -K md5 -S /bin/ls'
|
|
.It Fl l
|
|
List linked libraries to the binary
|
|
.It Fl L
|
|
List supported bin plugins
|
|
.It Fl M
|
|
Show address of 'main' symbol
|
|
.It Fl m Ar addr
|
|
Show source line reference from a given address
|
|
.It Fl N Ar minlen:maxlen
|
|
Force minimum and maximum number of chars per string (see -z and -zz). if (strlen>minlen && (!maxlen || strlen<=maxlen))
|
|
.It Fl n Ar str
|
|
Show information (symbol, section, import) at string offset
|
|
.It Fl o Ar str
|
|
Output file/folder for write operations (out by default)
|
|
.It Fl O Ar str
|
|
Write/extract operations (\-O help)
|
|
.It Fl p
|
|
Disable VA. Show physical addresses
|
|
.It Fl q
|
|
Be quiet, just show fewer data
|
|
.It Fl R
|
|
Show realocations
|
|
.It Fl r
|
|
Show output in radare format
|
|
.It Fl s
|
|
Show exported symbols
|
|
.It Fl S
|
|
Show sections
|
|
.It Fl v
|
|
Show version information
|
|
.It Fl x
|
|
Extract all sub binaries from a fat binary (f.ex: fatmach0)
|
|
.It Fl z
|
|
Show strings inside .data section (like gnu strings does)
|
|
.It Fl Z
|
|
Guess size of binary program
|
|
.It Fl zz
|
|
Shows strings from raw bins
|
|
.El
|
|
.Sh ENVIRONMENT
|
|
.Pp
|
|
RABIN2_LANG same as r2 -e bin.lang for rabin2
|
|
.Pp
|
|
RABIN2_DEMANGLE demangle symbols
|
|
.Pp
|
|
RABIN2_MAXSTRBUF same as r2 -e bin.maxstrbuf for rabin2
|
|
.Pp
|
|
RABIN2_STRFILTER same as r2 -e bin.strfilter for rabin2
|
|
.Pp
|
|
RABIN2_STRPURGE same as r2 -e bin.strpurge for rabin2
|
|
.Sh EXAMPLES
|
|
.Pp
|
|
List symbols of a program
|
|
.Pp
|
|
$ rabin2 \-s a.out
|
|
.Pp
|
|
Get offset of symbol
|
|
.Pp
|
|
$ rabin2 \-n _main a.out
|
|
.Pp
|
|
Get entrypoint
|
|
.Pp
|
|
$ rabin2 \-e a.out
|
|
.Pp
|
|
Load symbols and imports from radare2
|
|
.Pp
|
|
$ r2 -n /bin/ls
|
|
[0x00000000]> .!rabin2 \-prsi $FILE
|
|
.Sh SEE ALSO
|
|
.Pp
|
|
.Xr rahash2(1) ,
|
|
.Xr rafind2(1) ,
|
|
.Xr radare2(1) ,
|
|
.Xr radiff2(1) ,
|
|
.Xr rasm2(1) ,
|
|
.Xr rax2(1) ,
|
|
.Xr rsc2(1) ,
|
|
.Xr ragg2(1) ,
|
|
.Xr rarun2(1) ,
|
|
.Sh AUTHORS
|
|
.Pp
|
|
Written by pancake <pancake@nopcode.org>.
|