killchain-compendium/Exploits/Binaries/radare2.md

100 lines
1.3 KiB
Markdown
Raw Normal View History

2022-11-13 22:38:01 +01:00
# Radare2
## Usage
### Debug
```sh
r2 -d <binary>
```
* Analyze
```sh
aaa
```
* Show all info
```sh
ia
```
* Search for strings
```sh
izz
```
* Main address
```sh
iM
```
* Entrypoint
```sh
ie
```
* Current memory address
```sh
s
```
* Show address of function or register, respectively
```sh
s <func>
sr <reg>
```
* Show main
```sh
pdf @main
```
* Show main and follwing functions
```sh
pd @main
```
* Breakpoint
```sh
db 0xdeadbeef
```
* Show all breakpoints
```sh
dbi
```
* Show rbp-0x4
```sh
px @rbp-0x4
```
* Continue
```sh
dc
```
* Step
```sh
ds
```
* Show registers
```sh
dr
```
* Restart
```sh
ood
```
### Visual Mode
* Enter visual mode via `VV`
* Enter normal mode inside visual mode via `:`
* Add comment via `;`
### Write Mode
* Enter write mode via `w`
* Write cache list via `wc`
* Alter/modify opcode at current seek via `wA`
* Use as follows
```sh
s <memoryaddress>
wx <newOpcode>
dc
```
## AT&T Instructions
* leaq src, dst: this instruction sets dst to the address denoted by the expression in src
* addq src, dst: dst = dst + src
* subq src, dst: dst = dst - src
* imulq src, dst: dst = dst * src
* salq src, dst: dst = dst << src
* sarq src, dst: dst = dst >> src
* xorq src, dst: dst = dst XOR src
* andq src, dst: dst = dst & src
* orq src, dst: dst = dst | src