rabin2 - Man Page
Binary program info extractor
Examples (TL;DR)
Synopsis
Description
This program allows you to get information about ELF/PE/MZ and CLASS files in a simple way.
All those command-line flags are also available under the i command in radare2. Type i? for help.
- -@ addr
Show information (symbol, section, import) of the given address
- -A
List sub-binaries and their associated arch-bits pairs
- -a arch
Set arch (x86, arm, .. accepts underscore for bits x86_32)
- -b bits
Set bits (32, 64, ...)
- -B addr
Override baddr
- -c
List classes
- -cc
List classes in header format
- -C [fmt:C[:D]]
Create [elf,mach0,pe] for arm and x86-32/64 tiny binaries where 'C' is an hexpair list of the code bytes and ':D' is an optional concatenation to describe the bytes for the data section.
- -d
Show debug/dwarf information
- -D lang symbolname|-
Demangle symbol name (or - to read from stdin) for lang (cxx, swift, java, cxx, ..)
- -e
Show entrypoints for disk and on-memory
- -ee
Show constructor/destructors (extended entrypoints)
- -f subbin
Select sub-binary architecture. Useful for fat-mach0 binaries
- -F binfmt
Force to use that bin plugin (ignore header check)
- -g
Show all possible information
- -G addr
Load address . offset to header
- -h
Show usage help message.
- -H
Show header fields (see ih command in r2)
- -I
Show binary info (see iI command in r2)
- -i
Show imports (symbols imported from libraries) (see ii command in r2)
- -j
Output in json
- -k query
Perform SDB query on loaded file
- -K algo
Select a rahash2 checksum algorithm to be performed on sections listing (and maybe others in the future) i.e 'rabin2 -K md5 -S /bin/ls'
- -l
List linked libraries to the binary
- -L
List supported bin plugins
- -M
Show address of 'main' symbol
- -m addr
Show source line reference from a given address
- -N minlen:maxlen
Force minimum and maximum number of chars per string (see -z and -zz). if (strlen>minlen && (!maxlen || strlen<=maxlen))
- -n str
Show information (symbol, section, import) at string offset
- -o str
Output file/folder for write operations (out by default)
- -O binop
Perform binary operation on target binary (dump, resize, change sections, ...) see '-O help' for more information
- -p
Disable VA. Always show physical addresses (not the same as -B0)
- -P
Show debug/pdb information
- -PP
Download pdb file for binary
- -q
Be quiet, just show fewer data
Show less info (no offset/size for -z for ex.)
- -Q
Show load address used by dlopen (non-aslr libs)
- -r
Show output in radare format
- -R
Show relocations
- -s
Show exported symbols
- -S
Show sections
- -SS
Show segments
- -t
Show file hashes
- -T
Show certificates
- -u
Unfiltered (no rename duplicated symbols/sections)
- -U
Show resources
- -v
Show version information
- -V
Show binary version information
- -w
Show try/catch blocks
- -x
Extract all sub binaries from a fat binary (for example: fatmach0)
- -X format file ...
Package a fat or zip containing all the files passed (fat, zip)
- -z
Show strings inside .data section (like gnu strings does)
- -Z
Guess size of binary program
- -zz
Shows strings from raw bins
- -zzz
Dump raw strings to stdout (for huge files)
Environment
RABIN2_ARGS ignore cli and use these arguments instead
RABIN2_LANG same as r2 -e bin.lang for rabin2
RABIN2_DEMANGLE demangle symbols
RABIN2_MAXSTRBUF same as r2 -e bin.maxstrbuf for rabin2
RABIN2_DEBASE64 try to decode all strings as base64 if possible
RABIN2_STRFILTER same as r2 -e bin.str.filter for rabin2
RABIN2_STRPURGE same as r2 -e bin.str.purge for rabin2
RABIN2_DEMANGLE_TRYLIB same as r2 -e bin.demangle.trylib=<bool> - try to dynamically load libraries to demangle
RABIN2_VERBOSE same as r2 -e bin.verbose=true
Examples
List symbols of a program
$ rabin2 -s a.out
Get offset of symbol
$ rabin2 -n _main a.out
Get entrypoint
$ rabin2 -e a.out
Load symbols and imports from radare2
See Also
Authors
Written by pancake <pancake@nopcode.org>.