Scroll to navigation

RABIN2(1) General Commands Manual RABIN2(1)

NAME

RABIN2
Binary program info extractor

SYNOPSIS

rabin2 [-AceghHiIsSMzlpRrLxvhqQTuUwV] [-a arch] [-b bits] [-B addr] [-C fmt:C:[D]] [-D lang sym|-] [-f subbin] [-k query] [-K algo] [-O binop] [-o str] [-m addr] [-@ addr] [-n str] [-X fmt file ...] file

DESCRIPTION

This program allows you to get information about ELF/PE/MZ and CLASS files in a simple way.

All those commandline flags are also available under the i command in radare2. Type i? for help.

addr
Show information (symbol, section, import) of the given address
List sub-binaries and their associated arch-bits pairs
arch
Set arch (x86, arm, .. accepts underscore for bits x86_32)
bits
Set bits (32, 64, ...)
addr
Override baddr
List classes
List classes in header format
[fmt:C[:D]]
Create [elf,mach0,pe] for arm and x86-32/64 tiny binaries where 'C' is an hexpair list of the code bytes and ':D' is an optional concatenation to describe the bytes for the data section.
Show debug/dwarf information
lang symbolname|-
Demangle symbol name (or - to read from stdin) for lang (cxx, swift, java, cxx, ..)
Show entrypoints for disk and on-memory
Show constructor/destructors (extended entrypoints)
subbin
Select sub-binary architecture. Useful for fat-mach0 binaries
binfmt
Force to use that bin plugin (ignore header check)
Show all possible information
addr
Load address . offset to header
Show usage help message.
Show header fields (see ih command in r2)
Show binary info (iI in r2)
Show imports (symbols imported from libraries) (ii)
Output in json
query
Perform SDB query on loaded file
algo
Select a rahash2 checksum algorithm to be performed on sections listing (and maybe others in the future) i.e 'rabin2 -K md5 -S /bin/ls'
List linked libraries to the binary
List supported bin plugins
Show address of 'main' symbol
addr
Show source line reference from a given address
minlen:maxlen
Force minimum and maximum number of chars per string (see -z and -zz). if (strlen>minlen && (!maxlen || strlen<=maxlen))
str
Show information (symbol, section, import) at string offset
str
Output file/folder for write operations (out by default)
binop
Perform binary operation on target binary (dump, resize, change sections, ...) see '-O help' for more information
Disable VA. Show physical addresses
Show debug/pdb information
Download pdb file for binary
Be quiet, just show fewer data
Show less info (no offset/size for -z for ex.)
Show load address used by dlopen (non-aslr libs)
Show output in radare format
Show relocations
Show exported symbols
Show sections
Show segments
Show file hashes
Show Certificates
Unfiltered (no rename duplicated symbols/sections)
Show Resources
Show version information
Show binary version information
Show try/catch blocks
Extract all sub binaries from a fat binary (f.ex: fatmach0)
format file ...
Package a fat or zip containing all the files passed (fat, zip)
Show strings inside .data section (like gnu strings does)
Guess size of binary program
Shows strings from raw bins
Dump raw strings to stdout (for huge files)

ENVIRONMENT

RABIN2_LANG same as r2 -e bin.lang for rabin2

RABIN2_DEMANGLE demangle symbols

RABIN2_MAXSTRBUF same as r2 -e bin.maxstrbuf for rabin2

RABIN2_DEBASE64 try to decode all strings as base64 if possible

RABIN2_STRFILTER same as r2 -e bin.str.filter for rabin2

RABIN2_STRPURGE same as r2 -e bin.str.purge for rabin2

EXAMPLES

List symbols of a program


$ rabin2 -s a.out

Get offset of symbol


$ rabin2 -n _main a.out

Get entrypoint


$ rabin2 -e a.out

Load symbols and imports from radare2


$ r2 -n /bin/ls
[0x00000000]> .!rabin2 -prsi $FILE

SEE ALSO

rahash2(1), rafind2(1), radare2(1), radiff2(1), rasm2(1), rax2(1), rsc2(1), ragg2(1), rarun2(1),

AUTHORS

Written by pancake <pancake@nopcode.org>.
September 29, 2016