Radare2

Debugging Mode:

gdb [file] 

Print disassembled function:

pdf

Analyze all (fcns + bbs) same that running r2 with -A:

aa

List all functions (number of functions):

afl

Set breakpoint:

db [addr]

Remove breakpoint:

db -[addr]

Step:

ds [num]

Step over:

dso [num]

s [address]: Move cursor to address or symbol
s [function_name]

View ascii-art basic block graph of current function:

V or V!

Debug in Visual(V) Mode:

p/P: Rotate print (visualization) modes hex, the hexadecimal view disasm, the disassembly listing Use numbers in [] to follow jump Use "u" to go back Use "V" to view graph mode

• toggle breakpoints with F2

• single-step with F7 (s)

• step-over with F8 (S)

• continue with F9

• pf: Print with format

• pf.: list all formats

• pf [5]z @ [vaddr]: print the vaddr value of 5 charcters

• iz: Strings in data section

• izz: Strings in the whole binary

• axT: Returns cross references to (xref to)

axt @ @ str.*

axF: Returns cross references from (xref from)

axF @ [vaddr]

• iI: will print basic info

• ii: Imports

• iS: Sections

  • iS~w returns writable sections

• is: Symbols

  • is~FUNC exports

value of the bytes:

rax2 -s 0x403085

byte decode:

bytes.fromhex("[bytes]").decode("utf-8")

Resources:

• https://r2wiki.readthedocs.io/en/latest/
• Radare2 Series 0x2 - r2pm Ghidra Decompiler Usage in R2
• Binary Exploitation / Memory Corruption by LiveOverflow
• https://dojo.pwn.college/cse466/asm