RZ_BIN(1) | General Commands Manual | RZ_BIN(1) |
NAME
rz-bin
— Binary
program info extractor
SYNOPSIS
rz-bin |
[-AcdeEghHiIjlLMqrRsSUvVxzZ ]
[-@ at]
[-a arch]
[-b bits]
[-B addr]
[-C F:C:D]
[-f str]
[-m addr]
[-n str]
[-N m:M]
[-P pdb]
[-o str]
[-O str]
[-k query]
[-D lang symname]
file |
DESCRIPTION
This command is part of the Rizin project.
rz-bin can analyze and extract useful information from binary executable files like ELF, PE, Mach-O, etc. It supports multiple architectures like x86, ARM, MIPS, PowerPC, etc.
OPTIONS
-@
addr- Show section, symbol, or import at the given address
-A
- List sub-binaries and their arch-bits pairs
-a
arch- Set architecture (x86, arm, .. or <arch>_<bits>)
-b
bits- Set bits (32, 64 ...)
-B
addr- Override base address (PIE bins)
-c
- List classes
-cc
- List classes in header format
-C
fmt:C:D- Create [elf, mach0, pe] with Code and Data hexpairs (see -a)
-d
- Show debug/dwarf information
-dd
- Load debug/dwarf information from debuginfod server
-D
lang name- Demangle symbol name (-D all for bin.demangle=true)
-e
- Entrypoint
-E
- Globally exportable symbols
-f
str- Select sub-bin named str
-F
binfmt- Force to use that bin plugin (ignore header check)
-g
- Same as -SMZIHVResizcld -SS -SSS -ee (show all information)
-G
addr- Load address . offset to header
-h
- Show usage help message
-H
- Header fields
-i
- Import (symbols imported from libraries)
-I
- Binary info
-j
- Output in JSON
-k
sdb-query- Run sdb query. for example: '*'
-K
algo- Calculate checksums (md5, sha1, ..)
-l
- Linked libraries
-L
plugin- List supported bin plugins or plugin details
-m
addr- Show source line at addr
-M
- Main (show address of main symbol)
-n
str- Show section, symbol, or import named str
-N
min:max- Force min:max number of chars per string (see -z and -zz)
-o
str- Output file/folder for write operations (out by default)
-O
str- Write/extract operations (-O help)
-p
- Show physical addresses
-P
- Show debug/pdb information
-PP
- Download pdb file for binary
-q
- Be quiet, just show fewer data
-qq
- Show less info (no offset/size for -z for ex.)
-Q
- Show load address used by dlopen (non-aslr libs)
-r
- Show output in rizin format
-R
- Show relocations
-s
- Symbols
-S
- Sections
-SS
- Segments
-SSS
- Sections mapping to segments
-T
- Display file signature
-u
- Unfiltered (no rename duplicated symbols/sections)
-U
- Resources
-v
- Show version information
-V
- Show binary version information
-w
- Display try/catch blocks
-x
- Extract bins contained in file
-X
fmt [f] ..- Package in fat or zip the given files and bins contained in file
-Y
fw file- Calculate all the possibles base address candidates of a firmware bin
-z
- Show strings (from data section)
-zz
- Show strings (from raw strings from bin)
-zzz
- Dump raw strings to stdout (for huge files)
-Z
- Guess size of binary program
ENVIRONMENT
RZ_NOPLUGINS: do not load shared plugins (speedup loading)
RZ_BIN_LANG: e bin.lang - assume lang for demangling
RZ_BIN_DEMANGLE: e bin.demangle - do not demangle symbols
RZ_BIN_MAXSTRBUF: e bin.maxstrbuf - specify maximum buffer size
RZ_BIN_STRFILTER: e bin.str.filter - rizin -qc 'e bin.str.filter=??' -
RZ_BIN_STRPURGE: e bin.str.purge - try to purge false positives
RZ_BIN_DEBASE64: e bin.debase64 - try to debase64 all strings
RZ_BIN_DEBUGINFOD_URLS: e bin.dbginfo.debuginfod_urls # use alternative debuginfod server
RZ_BIN_PDBSERVER: e pdb.server - use alternative PDB server
RZ_BIN_SYMSTORE: e pdb.symstore - path to downstream symbol store
RZ_BIN_PREFIX: e bin.prefix - prefix symbols/sections/relocs with a specific string
RZ_CONFIG: sdb config file
EXAMPLES
List symbols of a program:
rz-bin
-s
a.out
Get offset of symbol:
rz-bin
-n
_main
a.out
Get entrypoint:
rz-bin
-e
a.out
Load symbols and imports from rizin:
rizin
-n
/bin/ls
[0x00000000]> .!rz-bin -prsi $FILE
SEE ALSO
rz-hash(1), rz-find(1), rizin(1), rz-diff(1), rz-asm(1), rz-ax(1), rz-gg(1), rz-run(1)
AUTHORS
pancake <pancake@nopcode.org>
byteninjaa0
January 24, 2024 |