我的书签
添加书签
移除书签Data and Code Analysis
Radare2 has a very rich set of commands and configuration options to perform data and code analysis, to extract useful information from a binary, like pointers, string references, basic blocks, opcode data, jump targets, cross references and much more. These operations are handled by the a (analyze) command family:
|Usage: a[abdefFghoprxstc] [...]| aa[?] analyze all (fcns + bbs) (aa0 to avoid sub renaming)| a8 [hexpairs] analyze bytes| ab[b] [addr] analyze block at given address| abb [len] analyze N basic blocks in [len] (section.size by default)| abt [addr] find paths in the bb function graph from current offset to given address| ac [cycles] analyze which op could be executed in [cycles]| ad[?] analyze data trampoline (wip)| ad [from] [to] analyze data pointers to (from-to)| ae[?] [expr] analyze opcode eval expression (see ao)| af[?] analyze Functions| aF same as above, but using anal.depth=1| ag[?] [options] draw graphs in various formats| ah[?] analysis hints (force opcode size, ...)| ai [addr] address information (show perms, stack, heap, ...)| an [name] [@addr] show/rename/create whatever flag/function is used at addr| ao[?] [len] analyze Opcodes (or emulate it)| aO[?] [len] Analyze N instructions in M bytes| ap find prelude for current offset| ar[?] like 'dr' but for the esil vm. (registers)| as[?] [num] analyze syscall using dbg.reg| av[?] [.] show vtables| ax[?] manage refs/xrefs (see also afx?)
In fact, a namespace is one of the biggest in radare2 tool and allows to control very different parts of the analysis:
- Code flow analysis
- Data references analysis
- Using loaded symbols
- Managing different type of graphs, like CFG and call graph
- Manage variables
- Manage types
- Emulation using ESIL VM
- Opcode introspection
- Objects information, like virtual tables
