g the radare2 native debugger, but does not run the program. You’ll see a prompt (radare2) - all examples are from this prompt.
• db flag: place a breakpoint at flag, where flag can be either an address or a function name
• db - flag: remove the breakpoint at flag, where flag can be either an address or a function name
• db: show list of breakpoint
• dc: run the program
• dr: Show registers state
• drr: Show registers references (telescoping) (like peda)
• ds: Step into instruction
• dso: Step over instruction
• dbt: Display backtrace
• dm: Show memory maps
• dk : Send KILL signal to child
• ood: reopen in debug mode
• ood arg1 arg2: reopen in debug mode with arg1 and arg2
Migration from ida, GDB or WinDBG
How to run the program using the debugger
r2 -d /bin/ls - start in debugger mode => [video]
How do I attach/detach to running process ? (gdb -p)
r2 -d - attach to process
r2 ptrace://pid - same as above, but only for io (not debugger backend hooked)
[0x7fff6ad90028]> o-225 - close fd=225 (listed in o~[1]:0)
r2 -D gdb gdb://localhost:1234 - attach to gdbserver
How to set args/environment variable/load a specific libraries for the debugging session of radare
Use rarun2 (libpath=$PWD:/tmp/lib, arg2=hello, setenv=FOO=BAR ...) see rarun2 -h / man rarun2
How to script radare2 ?
r2 -i ... - run a script after loading the file => [video]
r2 -I ... - run a script before loading the file
r2 -c $@ | awk $@ - run through awk to get asm from function => [link]
[0x80480423]> . scriptfile - interpret this file => [video]
[0x80480423]> #!c - enter C repl (see #! to list all available RLang plugins) => [video], everything have to be done in a oneliner or a .c file must be passed as an argument.
To get #!python and much more, just build radare2-bindings
How to list Source code as in gdb list ?
CL @ sym.main - though the feature is highly experimental
shortcuts
g the radare2 native debugger, but does not run the program. You’ll see a prompt (radare2) - all examples are from this prompt.
• db flag: place a breakpoint at flag, where flag can be either an address or a function name
• db - flag: remove the breakpoint at flag, where flag can be either an address or a function name
• db: show list of breakpoint
• dc: run the program
• dr: Show registers state
• drr: Show registers references (telescoping) (like peda)
• ds: Step into instruction
• dso: Step over instruction
• dbt: Display backtrace
• dm: Show memory maps
• dk : Send KILL signal to child
• ood: reopen in debug mode
• ood arg1 arg2: reopen in debug mode with arg1 and arg2
Migration from ida, GDB or WinDBG
How to run the program using the debugger
r2 -d /bin/ls - start in debugger mode => [video]
How do I attach/detach to running process ? (gdb -p)
r2 -d - attach to process
r2 ptrace://pid - same as above, but only for io (not debugger backend hooked)
[0x7fff6ad90028]> o-225 - close fd=225 (listed in o~[1]:0)
r2 -D gdb gdb://localhost:1234 - attach to gdbserver
How to set args/environment variable/load a specific libraries for the debugging session of radare
Use rarun2 (libpath=$PWD:/tmp/lib, arg2=hello, setenv=FOO=BAR ...) see rarun2 -h / man rarun2
How to script radare2 ?
r2 -i ... - run a script after loading the file => [video]
r2 -I ... - run a script before loading the file
r2 -c $@ | awk $@ - run through awk to get asm from function => [link]
[0x80480423]> . scriptfile - interpret this file => [video]
[0x80480423]> #!c - enter C repl (see #! to list all available RLang plugins) => [video], everything have to be done in a oneliner or a .c file must be passed as an argument.
To get #!python and much more, just build radare2-bindings
How to list Source code as in gdb list ?
CL @ sym.main - though the feature is highly experimental
shortcuts