-
Notifications
You must be signed in to change notification settings - Fork 2
radare2 quickref
V switch to visual mode. While in Visual Mode, : can be used to type commands.
analyze the program
aa
Seek to the address 0x00400000
s 0x00400000
disassemble the current function
pdf
list the functions
afl
define a function at the current address (Visual mode : d then f)
df
rename the function at the current address to sub.aFunc
dr sub.aFunc
Search strings
iz # in the data sections
izz # in all the file
add a comment (Visual mode ;)
CC my comment
display a graph of the current function
ag $$ | xdot
switch the disassembly engine to capstone
e asm.arch=x86.cs
start the executable in debug mode
r2 -d executable
set a breakpoint (Visual mode : F2, the character b appears after the address)
continue execution (Visual mode : F9)
generate a De Bruijn cyclic pattern, find the offset based on an address
ragg2 -P 100 | rax2 -s
woO 0x41424141
Search for a specific sequence of instructions with /R
/R pop,pop,pop,ret