从ida, GDB 或 WinDBG迁移到radare2

上一页入门下一页寄存器（Registers）

最后更新于4年前

这有帮助吗？

从ida, GDB 或 WinDBG迁移到radare2

从ida, GDB or WinDBG迁移到radare2

如何使用radare2以debug模式运行程序？ ##

r2 -d /bin/ls - start in debugger mode => []

如何attach到进程上 ? (gdb -p) ##

r2 -d <pid> - attach to process

r2 ptrace://pid - same as above, but only for io (not debugger backend hooked)

[0x7fff6ad90028]> o-225 - close fd=225 (listed in o~[1]:0)

r2 -D gdb gdb://localhost:1234 - attach to gdbserver

如何在radare的debug session中设置参数/环境变量/加载指定的库文件？

Use rarun2 (libpath=$PWD:/tmp/lib, arg2=hello, setenv=FOO=BAR ...) see rarun2 -h / man rarun2

如何使用脚本 ?

r2 -i <scriptfile> ... - run a script after loading the file => []

r2 -I <scriptfile> ... - run a script before loading the file

r2 -c $@ | awk $@ - run through awk to get asm from function => []

如何像gdb list那样列出源代码 ?

CL @ sym.main - though the feature is highly experimental

快捷键

Command

IDA Pro

radare2

r2 (visual mode)

GDB

WinDbg

Analysis

Analysis of everything

Automatically launched when opening a binary

aaa or -A (aaaa or -AA for even experimental analysis)

N/A

N/A

Navigation

xref to

x

axt

x

N/A

xref from

ctrl + j

axf

X

N/A

xref to graph

agt [offset]

N/A

xref from graph

agf [offset]

N/A

list functions

alt + 1

afl;is

t

N/A

listing

alt + 2

pdf

p

N/A

hex mode

alt + 3

pxa

P

N/A

imports

alt + 6

ii

:ii

N/A

exports

alt + 7

is~FUNC

N/A

follow jmp/call

enter

s offset

enter or 0-9

N/A

undo seek

esc

s-

u

N/A

redo seek

ctrl+enter

s+

U

N/A

show graph

space

agv

V

N/A

Edit

rename

n

afn

dr

N/A

graph view

space

agv

V

N/A

define as data

d

Cd [size]

dd,db,dw,dW

N/A

define as code

c

C- [size]

d- or du

N/A

define as undefined

u

C- [size]

d- or du

N/A

define as string

A

Cs [size]

ds

N/A

define as struct

Alt+Q

Cf [size]

dF

N/A

Debugger

Start Process/ Continue execution

F9

dc

F9

r and c

g

Terminate Process

Ctrl+F2

dk 9

kill

q

Detach

?

o-

detach

step into

F7

ds

s

n

t

step into 4 instructions

ds 4

n 4

t 4

step over

F8

dso

S

s

p

step until a specific address

dsu <addr>

s

g <addr>

Run until return

Ctrl+F7

dcr

finish

gu

Run until cursor

F4

N/A

Show Backtrace

?

dbt

bt

display Register

On register Windows

dr all

Shown in Visual mode

info registers

r

display eax

On register Windows

dr?eax

Shown in Visual mode

info registers eax

r rax

display old state of all registers

dro

display function addr + N

afi $$ - display function information of current offset ($$)

display frame state

pxw rbp-rsp@rsp

i f

How to step until condition is true

dsi

Update a register value

dr rip=0x456

set $rip=0x456

r rip=456

Disassembly

disassembly forward

N/A

pd

Vp

disas

uf, u

disassembly N instructions

N/A

pd X

x/i

u <addr> LX

disassembly N (backward)

N/A

pd -X

Vp

disas <a-o> <a>

ub

Information on the bin

Sections/regions

Menu sections

iS or S (append j for json)

N/A

maint info sections

!address

Load symbol file

Sections/regions

pdb menu

asm.dwarf.file, pdb.XX)

N/A

add-symbol-file

BackTrace

Stack Trace

N/A

dbt

N/A

bt

k

Stack Trace in Json

N/A

dbtj

N/A

Partial Backtrace (innermost)

N/A

dbt (dbg.btdepth dbg.btalgo)

N/A

Partial Backtrace (outermost)

N/A

dbt (dbg.btdepth dbg.btalgo)

N/A

bt -

Stacktrace for all threads

N/A

dbt@t

N/A

thread apply all bt

~* k

Breakpoints

Breakpoint list

Ctrl+Alt+B

db

info breakpoints

bl

add breakpoint

F2

db [offset]

F2

break

bp

Threads

Switch to thread

Thread menu

dp

N/A

thread <N>

~<N>s

Frames

Frame Numbers

N/A

?

N/A

any bt command

kn

Select Frame

N/A

?

N/A

frame

.frame

Parameters/Locals

Display parameters

N/A

afv

N/A

info args

dv /t /i /V

Display parameters

N/A

afv

N/A

info locals

dv /t /i /V

Display parameters/locals in json

N/A

afvj

N/A

info locals

dv /t /i /V

list addresses where vars are accessed(R/W)

N/A

afvR/afvW

N/A

?

Project Related

open project

Po [file]

save project

automatic

Ps [file]

show project informations

Pi [file]

Miscellaneous

Dump byte char array

N/A

pc? (json, C, char, etc.)

Vpppp

x/bc

options

option menu

e?

e

search menu

/?

Select the zone with the cursor c then /

s

与GDB的"set-follow-fork-mode"等价的命令

This can be done using 2 commands:

dcf - until a fork happen
then use dp to select what process you want to debug.

共通的一些功能

r2 accepts FLIRT signatures
r2 can connect to GDB, LLVM and WinDbg
r2 can write/patch in place
r2 have fortunes and [s]easter eggs[/s]balls of steel
r2 can do basic loading of ELF core files from the box and MDMP (Windows minidumps)

上一页入门下一页寄存器（Registers）

最后更新于4年前

这有帮助吗？

从ida, GDB or WinDBG迁移到radare2

如何使用radare2以debug模式运行程序？ ##

r2 -d /bin/ls - start in debugger mode => []

如何attach到进程上 ? (gdb -p) ##

r2 -d <pid> - attach to process

r2 ptrace://pid - same as above, but only for io (not debugger backend hooked)

[0x7fff6ad90028]> o-225 - close fd=225 (listed in o~[1]:0)

r2 -D gdb gdb://localhost:1234 - attach to gdbserver

如何在radare的debug session中设置参数/环境变量/加载指定的库文件？

Use rarun2 (libpath=$PWD:/tmp/lib, arg2=hello, setenv=FOO=BAR ...) see rarun2 -h / man rarun2

如何使用脚本 ?

r2 -i <scriptfile> ... - run a script after loading the file => []

r2 -I <scriptfile> ... - run a script before loading the file

r2 -c $@ | awk $@ - run through awk to get asm from function => []

[0x80480423]> . scriptfile - interpret this file => []

[0x80480423]> #!c - enter C repl (see #! to list all available RLang plugins) => [], everything have to be done in a oneliner or a .c file must be passed as an argument.

To get #!python and much more, just build

如何像gdb list那样列出源代码 ?

CL @ sym.main - though the feature is highly experimental

快捷键

Command

IDA Pro

radare2

r2 (visual mode)

GDB

WinDbg

Analysis

Analysis of everything

Automatically launched when opening a binary

aaa or -A (aaaa or -AA for even experimental analysis)

N/A

N/A

Navigation

xref to

x

axt

x

N/A

xref from

ctrl + j

axf

X

N/A

xref to graph

agt [offset]

N/A

xref from graph

agf [offset]

N/A

list functions

alt + 1

afl;is

t

N/A

listing

alt + 2

pdf

p

N/A

hex mode

alt + 3

pxa

P

N/A

imports

alt + 6

ii

:ii

N/A

exports

alt + 7

is~FUNC

N/A

follow jmp/call

enter

s offset

enter or 0-9

N/A

undo seek

esc

s-

u

N/A

redo seek

ctrl+enter

s+

U

N/A

show graph

space

agv

V

N/A

Edit

rename

n

afn

dr

N/A

graph view

space

agv

V

N/A

define as data

d

Cd [size]

dd,db,dw,dW

N/A

define as code

c

C- [size]

d- or du

N/A

define as undefined

u

C- [size]

d- or du

N/A

define as string

A

Cs [size]

ds

N/A

define as struct

Alt+Q

Cf [size]

dF

N/A

Debugger

Start Process/ Continue execution

F9

dc

F9

r and c

g

Terminate Process

Ctrl+F2

dk 9

kill

q

Detach

?

o-

detach

step into

F7

ds

s

n

t

step into 4 instructions

ds 4

n 4

t 4

step over

F8

dso

S

s

p

step until a specific address

dsu <addr>

s

g <addr>

Run until return

Ctrl+F7

dcr

finish

gu

Run until cursor

F4

N/A

Show Backtrace

?

dbt

bt

display Register

On register Windows

dr all

Shown in Visual mode

info registers

r

display eax

On register Windows

dr?eax

Shown in Visual mode

info registers eax

r rax

display old state of all registers

dro

display function addr + N

afi $$ - display function information of current offset ($$)

display frame state

pxw rbp-rsp@rsp

i f

How to step until condition is true

dsi

Update a register value

dr rip=0x456

set $rip=0x456

r rip=456

Disassembly

disassembly forward

N/A

pd

Vp

disas

uf, u

disassembly N instructions

N/A

pd X

x/i

u <addr> LX

disassembly N (backward)

N/A

pd -X

Vp

disas <a-o> <a>

ub

Information on the bin

Sections/regions

Menu sections

iS or S (append j for json)

N/A

maint info sections

!address

Load symbol file

Sections/regions

pdb menu

asm.dwarf.file, pdb.XX)

N/A

add-symbol-file

BackTrace

Stack Trace

N/A

dbt

N/A

bt

k

Stack Trace in Json

N/A

dbtj

N/A

Partial Backtrace (innermost)

N/A

dbt (dbg.btdepth dbg.btalgo)

N/A

Partial Backtrace (outermost)

N/A

dbt (dbg.btdepth dbg.btalgo)

N/A

bt -

Stacktrace for all threads

N/A

dbt@t

N/A

thread apply all bt

~* k

Breakpoints

Breakpoint list

Ctrl+Alt+B

db

info breakpoints

bl

add breakpoint

F2

db [offset]

F2

break

bp

Threads

Switch to thread

Thread menu

dp

N/A

thread <N>

~<N>s

Frames

Frame Numbers

N/A

?

N/A

any bt command

kn

Select Frame

N/A

?

N/A

frame

.frame

Parameters/Locals

Display parameters

N/A

afv

N/A

info args

dv /t /i /V

Display parameters

N/A

afv

N/A

info locals

dv /t /i /V

Display parameters/locals in json

N/A

afvj

N/A

info locals

dv /t /i /V

list addresses where vars are accessed(R/W)

N/A

afvR/afvW

N/A

?

Project Related

open project

Po [file]

save project

automatic

Ps [file]

show project informations

Pi [file]

Miscellaneous

Dump byte char array

N/A

pc? (json, C, char, etc.)

Vpppp

x/bc

options

option menu

e?

e

search menu

/?

Select the zone with the cursor c then /

s

与GDB的"set-follow-fork-mode"等价的命令

This can be done using 2 commands:

dcf - until a fork happen
then use dp to select what process you want to debug.

共通的一些功能

r2 accepts FLIRT signatures
r2 can connect to GDB, LLVM and WinDbg
r2 can write/patch in place
r2 have fortunes and [s]easter eggs[/s]balls of steel
r2 can do basic loading of ELF core files from the box and MDMP (Windows minidumps)