rizin - Man Page

Advanced commandline hexadecimal editor, disassembler and debugger

Synopsis

rizin[-ACdfLMnNqStuvwzX] [-P patch] [-p prj] [-a arch] [-b bits] [-i file] [-s addr ] [-B baddr] [-m maddr] [-c cmd] [-e k=v] file|pid|-|--|=

Description

Rizin is a command-line reverse engineering framework designed to analyze and disassemble binary files. It provides various tools and features for analyzing and understanding the structure, behavior, and logic of executable files.

The options are:

--

Run rizin without opening any file

=

Equivalent of 'rizin malloc://512'

-

Read file from stdin

-=

Perform R=! command to run all commands remotely

-0

Print \x00 after initialization and after every command executed

-2

Close stderr file descriptor (silent warning messages)

-a [arch]

Set the assembly architecture.(x86, ppc, arm, mips, bf, java, ...)

-A

Run 'aaa' command before prompt or patch to analyze all referenced code

-b [bits]

Set the assembly bitness. (16, 32, 64)

-B [baddr]

Set the base address for Position-Independent Executables (PIE)

-c 'cmd..'

Execute the specified Rizin command

-C

Specify a file in the format "host:port" to run Rizin remotely through HTTP

-d

Debug the executable 'file' or running process 'pid'

-D [backend]

Enable debug mode, setting the configuration variable 'cfg.debug=true'

-e k=v

Evaluate the specified configuration variable

-f

Set block size to be equal to file size

-F [binplugin]

Force the use of a specific rbin plugin

-h, -hh

Show help messages, with -hh showing detailed help

-H

Print information about the installation paths and configuration settings of Rizin. This option is useful for obtaining details about the installation location, directories, and various components of Rizin

-i [file]

Run the commands from the script file

-I [file]

Run script file. Before the file is loaded

-k [OS/kern]

Set the assembly operating system

-l [lib]

Load the specified plugin file

-L

List supported IO plugins

-m [addr]

Map file at given address

-M

Disable demangling

-n, -nn

Control loading of RzBin info, with -nn only loading binary structures

-N

Disable user settings/projects from ~/.rizinrc, ~/.config/rizin/rizinrc and the scripts inside .../rizinrc.d/ directory

-NN

Disable loading any scripts or plugins

-q

Quiet mode, suppresses prompt and quits after script execution

-qq

Quit before showing the prompt. Right after all the -e -c and -i arguments are evaluated

-Q

Same as q, but exiting without freeing RzCore, this produces leaks at exit time, but saves some precious ms to run the testsuite in fast mode

-p [prj]

Set project file

-r [rz-run]

Specify dbg.profile rz-run profile to use when spawning a program for debugging

-R [rule]

Specify custom rz-run directives without having to create a rz-run profile

-s [addr]

Start seeking at this address

-T

Avoid computing the file hashes

-u

Set bin.filter=false to load rbin info without filtering names

-v

Show version information and exit (Use -qv to get just the version number)

-V

Show rizin library versions

-w

Open in write mode

-x

Open the file without the execute flag

-X

Same as -e bin.usextr=false, do not use extract plugins, useful for dyldcache

-z, -zz

do not load strings or load them even in raw

Example

Start rizin in analysis mode (-A) on the /bin/ls executable:

rizin -A /bin/ls

Open the file /bin/ls in write mode, allowing you to make changes to the binary:

rizin -w /bin/ls

Start rizin's debugger (-d) on /bin/ls and passes arguments "-l" and "/tmp" to the program for debugging:

rizin -d /bin/ls -l /tmp

See Also

rz-test(1), rz-hash(1), rz-find(1), rz-bin(1), rz-diff(1), rz-asm(1), rz-ax(1), rz-gg(1), rz-run(1)

Authors

pancake <pancake@nopcode.org>
byteninjaa0

Referenced By

rz-asm(1), rz-ax(1), rz-bin(1), rz-diff(1), rz-esil(7), rz-find(1), rz-gg(1), rz-hash(1), rz-run(1), rz-sign(1).

August 25, 2023