x1unix/yet another radare2 cheatsheet.md

Forked from williballenthin/yet another radare2 cheatsheet.md

Created November 21, 2019 20:02

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/x1unix/40e4ef2ae17dbff087c77c2107e3d8c1.js"></script>
Save x1unix/40e4ef2ae17dbff087c77c2107e3d8c1 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

yet another radare2 cheatsheet.md

radare2

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

analyze all: aa
show sections: iS
list functions: afl
list imports: ii
list entrypoints: ie
seek to function: s sym.main

project management

open project: Po <name>
save project: Ps <name>
edit project notes: Pn -

inspecting a function

show basic block disassembly: pdb
show function disassembly: pdf
show function arguments: afa
show function variables: afv
rename function variable: afvn
set function variable type: afvt
add/analyze function: af

comments:

by default, these get displayed in disassembly listings to the right of a line. disable them in V visual mode using ' (single quote).

multiline comments are not rendered handled well. they don't look pretty.

add comment (using editor): CC!
- note: multiline comments are not formatted nicely
append comment: CC <text>
overwrite comment: CCu <text>
show comment: CC.
show comment in this function: CCf

visual mode

enter visual mode: V
select function, variable, xref: v
quick command/seek: _ <search string>
custom quick command list: ??
- you can update the list of commands shown here by changing $R2HOME/hud.
- ref: http://radare.today/posts/visual-mode/
show cursor: c
set function name: d
add comment: ;
remove comment: ;-

"flag" means give something a type. like function or symbol.

graph mode

graph mode is not visual mode!

enter graph modes: VV
cycle types of graphs:
- forward: p
- backwards: P
types of graphs:
- graph view
- graph view + opcode bytes
- esil
- esil + comments
- overview
seek to function: g<identifier>
undo seek: u
show comments: '
add comment: /
add comment (complex): :CC!
select bb: ???
seek to next bb: tab
seek to previous bb: TAB
if bb has conditional branch:
- seek to True target: t
- seek to False target: f

configuration

recommended contents of ~/.radare2rc:

# Show comments at right of disassembly if they fit in screen
e asm.cmtright=true

# Shows pseudocode in disassembly. Eg mov eax, str.ok = > eax = str.ok
e asm.pseudo = true

# Solarized theme
eco solarized

# Use UTF-8 to show cool arrows that do not look like crap :)
e scr.utf8 = true

via: https://github.com/radare/radare2/blob/25fec0ebec47b2df5d5413f81db773d674cc65bb/doc/intro.md#configuration-properties

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment