Rabin2 — Show Properties of a Binary

Under this bunny-arabic-like name, radare hides a powerful tool to handle binary files, to get information on imports, sections, headers and other data. Rabin2 can present it in several formats accepted by other tools, including radare2 itself. Rabin2 understands many file formats: Java CLASS, ELF, PE, Mach-O or any format supported by plugins, and it is able to obtain symbol import/exports, library dependencies, strings of data sections, xrefs, entrypoint address, sections, architecture type.

  1. $ rabin2 -h
  2. Usage: rabin2 [-AcdeEghHiIjlLMqrRsSvVxzZ] [-@ at] [-a arch] [-b bits] [-B addr]
  3.               [-C F:C:D] [-f str] [-m addr] [-n str] [-N m:M] [-P[-P] pdb]
  4.               [-o str] [-O str] [-k query] [-D lang symname] | file
  5.  -@ [addr]       show section, symbol or import at addr
  6.  -A              list sub-binaries and their arch-bits pairs
  7.  -a [arch]       set arch (x86, arm, .. or <arch>_<bits>)
  8.  -b [bits]       set bits (32, 64 ...)
  9.  -B [addr]       override base address (pie bins)
  10.  -c              list classes
  11.  -C [fmt:C:D]    create [elf,mach0,pe] with Code and Data hexpairs (see -a)
  12.  -d              show debug/dwarf information
  13.  -D lang name    demangle symbol name (-D all for bin.demangle=true)
  14.  -e              entrypoint
  15.  -E              globally exportable symbols
  16.  -f [str]        select sub-bin named str
  17.  -F [binfmt]     force to use that bin plugin (ignore header check)
  18.  -g              same as -SMZIHVResizcld (show all info)
  19.  -G [addr]       load address . offset to header
  20.  -h              this help message
  21.  -H              header fields
  22.  -i              imports (symbols imported from libraries)
  23.  -I              binary info
  24.  -j              output in json
  25.  -k [sdb-query]  run sdb query. for example: '*'
  26.  -K [algo]       calculate checksums (md5, sha1, ..)
  27.  -l              linked libraries
  28.  -L [plugin]     list supported bin plugins or plugin details
  29.  -m [addr]       show source line at addr
  30.  -M              main (show address of main symbol)
  31.  -n [str]        show section, symbol or import named str
  32.  -N [min:max]    force min:max number of chars per string (see -z and -zz)
  33.  -o [str]        output file/folder for write operations (out by default)
  34.  -O [str]        write/extract operations (-O help)
  35.  -p              show physical addresses
  36.  -P              show debug/pdb information
  37.  -PP             download pdb file for binary
  38.  -q              be quiet, just show fewer data
  39.  -qq             show less info (no offset/size for -z for ex.)
  40.  -Q              show load address used by dlopen (non-aslr libs)
  41.  -r              radare output
  42.  -R              relocations
  43.  -s              symbols
  44.  -S              sections
  45.  -u              unfiltered (no rename duplicated symbols/sections)
  46.  -v              display version and quit
  47.  -V              Show binary version information
  48.  -x              extract bins contained in file
  49.  -X [fmt] [f] .. package in fat or zip the given files and bins contained in file
  50.  -z              strings (from data section)
  51.  -zz             strings (from raw bins [e bin.rawstr=1])
  52.  -zzz            dump raw strings to stdout (for huge files)
  53.  -Z              guess size of binary program
  54. ......