load without any analysis (file header at offset 0x0): r2 -n /path/to/file
- analyze all:
aa - list functions:
afl - seek to function:
s sym.main
- open project:
Po <name> - save project:
Ps <name> - edit project notes:
Pn -
- show basic block disassembly:
pdb - show function disassembly:
pdf - show function arguments:
afa - show function variables:
afv - rename function variable:
afvn - set function variable type:
afvt - add/analyze function:
af
by default, these get displayed in disassembly listings to the right of a line. disable them in V visual mode using ' (single quote).
multiline comments are not rendered handled well. they don't look pretty.
- add comment (using editor):
CC!- note: multiline comments are not formatted nicely
- append comment:
CC <text> - overwrite comment:
CCu <text> - show comment:
CC. - show comment in this function:
CCf
- enter visual mode:
V - quick command/seek:
_ <search string>- apparently, you can update the list of commands shown here by changing
$R2HOME/hud. doesn't seem to work though. - ref: http://radare.today/posts/visual-mode/
- apparently, you can update the list of commands shown here by changing
- show cursor:
c - add comment:
;- add multiline comment:
;! - remove comment:
;-
- add multiline comment:
- set function name:
dr
"flag" means give something a type. like function or symbol.
-
enter graph modes:
VV -
cycle types of graphs:
- forward:
p - backwards:
P
- forward:
-
types of graphs:
- graph view
- graph view + opcode bytes
- esil
- esil + comments
- overview
-
seek to function:
g<identifier> -
undo seek:
u -
show comments:
' -
add comment:
/ -
select bb:
??? -
seek to next bb:
tab -
seek to previous bb:
TAB -
if bb has conditional branch:
- seek to True target:
t - seek to False target:
f
- seek to True target: