Rafind2

Rafind2是r_search库的一个前端命令行工具,支持搜索字符串、字节序列、掩码等。

$ rafind2 -h
Usage: rafind2 [-mXnzZhqv] [-a align] [-b sz] [-f/t from/to] [-[e|s|S] str] [-x hex] -|file|dir ..
 -a [align] only accept aligned hits
 -b [size]  set block size
 -e [regex] search for regex matches (can be used multiple times)
 -f [from]  start searching from address 'from'
 -h         show this help
 -i         identify filetype (r2 -nqcpm file)
 -j         output in JSON
 -m         magic search, file-type carver
 -M [str]   set a binary mask to be applied on keywords
 -n         do not stop on read errors
 -r         print using radare commands
 -s [str]   search for a specific string (can be used multiple times)
 -S [str]   search for a specific wide string (can be used multiple times). Assumes str is UTF-8.
 -t [to]    stop search at address 'to'
 -q         quiet - do not show headings (filenames) above matching contents (default for searching a single file)
 -v         print version and exit
 -x [hex]   search for hexpair string (909090) (can be used multiple times)
 -X         show hexdump of search results
 -z         search for zero-terminated strings
 -Z         show string found on each search hit

首先我们试试在/bin/ls中搜索"lib"

注意到输出的值都很小,它们是"lib"字符串的偏移地址,我们可以将这些信息用于其它工具中。

计算结果数:

显示搜索结果及其上下文内容:

rafind2还可作为file的替代品,利用radare2内置的魔数数据库识别文件的类型。

此外也可作为strings的替代品,类似于rabin2 -z的功能,不过其并不会解析文件头,也不会遵循文件中的节区划分。

上一页Rax2下一页Rarun2

最后更新于

这有帮助吗?