killchain-compendium/exploit/binaries/r2.md

1.3 KiB

Radare2

Usage

Debug

r2 -d <binary>
  • Analyze
aaa
  • Show all info
ia
  • Search for strings
izz
  • Main address
iM
  • Entrypoint
ie
  • Current memory address
s
  • Show address of function or register, respectively
s <func>
sr <reg>
  • Show main
pdf @main
  • Show main and follwing functions
pd @main
  • Breakpoint
db 0xdeadbeef
  • Show all breakpoints
dbi
  • Show rbp-0x4
px @rbp-0x4
  • Continue
dc
  • Step
ds
  • Show registers
dr
  • Restart
ood

Visual Mode

  • Enter visual mode via VV
  • Enter normal mode inside visual mode via :
  • Add comment via ;

Write Mode

  • Enter write mode via w
  • Write cache list via wc
  • Alter/modify opcode at current seek via wA
  • Use as follows
s <memoryaddress>
wx <newOpcode>
dc

AT&T Instructions

  • leaq src, dst: this instruction sets dst to the address denoted by the expression in src
  • addq src, dst: dst = dst + src
  • subq src, dst: dst = dst - src
  • imulq src, dst: dst = dst * src
  • salq src, dst: dst = dst << src
  • sarq src, dst: dst = dst >> src
  • xorq src, dst: dst = dst XOR src
  • andq src, dst: dst = dst & src
  • orq src, dst: dst = dst | src