rz-bin - Man Page

This command is part of the Rizin project.

rz-bin can analyze and extract useful information from binary executable files like ELF, PE, Mach-O, etc. It supports multiple architectures like x86, ARM, MIPS, PowerPC, etc.

-@ addr

Show section, symbol, or import at the given address

-A

List sub-binaries and their arch-bits pairs

-a arch

Set architecture (x86, arm, .. or <arch>_<bits>)

-b bits

Set bits (32, 64 ...)

-B addr

Override base address (PIE bins)

-c

List classes

-cc

List classes in header format

-C fmt:C:D

Create [elf, mach0, pe] with Code and Data hexpairs (see -a)

-d

Show debug/dwarf information

-dd

Load debug/dwarf information from debuginfod server

-D lang name

Demangle symbol name (-D all for bin.demangle=true)

-e

Entrypoint

-E

Globally exportable symbols

-f str

Select sub-bin named str

-F binfmt

Force to use that bin plugin (ignore header check)

-g

Same as -SMZIHVResizcld -SS -SSS -ee (show all information)

-G addr

Load address . offset to header

-h

Show usage help message

-H

Header fields

-i

Import (symbols imported from libraries)

-I

Binary info

-j

Output in JSON

-k sdb-query

Run sdb query. for example: '*'

-K algo

Calculate checksums (md5, sha1, ..)

-l

Linked libraries

-L plugin

List supported bin plugins or plugin details

-m addr

Show source line at addr

-M

Main (show address of main symbol)

-n str

Show section, symbol, or import named str

-N min:max

Force min:max number of chars per string (see -z and -zz)

-o str

Output file/folder for write operations (out by default)

-O str

Write/extract operations (-O help)

-p

Show physical addresses

-P

Show debug/pdb information

-PP

Download pdb file for binary

-q

Be quiet, just show fewer data

-qq

Show less info (no offset/size for -z for ex.)

-Q

Show load address used by dlopen (non-aslr libs)

-r

Show output in rizin format

-R

Show relocations

-s

Symbols

-S

Sections

-SS

Segments

-SSS

Sections mapping to segments

-T

Display file signature

-u

Unfiltered (no rename duplicated symbols/sections)

-U

Resources

-v

Show version information

-V

Show binary version information

-w

Display try/catch blocks

-x

Extract bins contained in file

-X fmt [f] ..

Package in fat or zip the given files and bins contained in file

-Y fw file

Calculate all the possibles base address candidates of a firmware bin

-z

Show strings (from data section)

-zz

Show strings (from raw strings from bin)

-zzz

Dump raw strings to stdout (for huge files)

-Z

Guess size of binary program

RZ_NOPLUGINS: do not load shared plugins (speedup loading)

RZ_BIN_LANG: e bin.lang - assume lang for demangling

RZ_BIN_DEMANGLE: e bin.demangle - do not demangle symbols

RZ_BIN_MAXSTRBUF: e bin.maxstrbuf - specify maximum buffer size

RZ_BIN_STRFILTER: e bin.str.filter - rizin -qc 'e bin.str.filter=??' -

RZ_BIN_STRPURGE: e bin.str.purge - try to purge false positives

RZ_BIN_DEBASE64: e bin.debase64 - try to debase64 all strings

RZ_BIN_DEBUGINFOD_URLS: e bin.dbginfo.debuginfod_urls # use alternative debuginfod server

RZ_BIN_PDBSERVER: e pdb.server - use alternative PDB server

RZ_BIN_SYMSTORE: e pdb.symstore - path to downstream symbol store

RZ_BIN_PREFIX: e bin.prefix - prefix symbols/sections/relocs with a specific string

RZ_CONFIG: sdb config file

List symbols of a program:

rz-bin -s a.out

Get offset of symbol:

rz-bin -n _main a.out

Get entrypoint:

rz-bin -e a.out

Load symbols and imports from rizin:

rizin -n /bin/ls

[0x00000000]> .!rz-bin -prsi $FILE

rz-hash(1), rz-find(1), rizin(1), rz-diff(1), rz-asm(1), rz-ax(1), rz-gg(1), rz-run(1)

pancake <pancake@nopcode.org>

byteninjaa0

rizin(1), rz-asm(1), rz-ax(1), rz-diff(1), rz-find(1), rz-gg(1), rz-hash(1), rz-run(1), rz-sign(1).