SHARE
TWEET

Untitled

a guest Sep 6th, 2017 665 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. r2 unpacking cheatsheet
  2. =======================
  3.  
  4. Follow Execution Flow
  5. ---------------------
  6.  
  7. r2 -d <file_path>: opens file in r2 for debugging
  8. dc: continues execution
  9. ds: single step
  10. dcr: continues until stack frame return
  11. dr <register>: shows the value of specified register
  12.  
  13. Breakpoints
  14. -----------
  15.  
  16. db <address>: sets software breakpoint on specified address
  17. dbc <address> <r2_cmd>: assigns r2 command to be executed when bp on address is triggered
  18. drx <number> <address> <len> <rwx>: sets hardware breakpoint on specified address range (by address and len) when accessed for read, write or execute
  19. db- <address>: removes software breakpoint on specified address
  20. drx- <number>: removes hardware breakpoint on specified address
  21.  
  22. Memory Maps
  23. -----------
  24.  
  25. dm: lists memory map of target process
  26. dmi <address | libname>: lists loaded DLL symbols
  27.  
  28. Memory Dumping
  29. --------------
  30.  
  31. wtf <filename> <size> @<starting_address>: saves memory region to file
  32. dmd <filename> @<address>: dumps memory map at given address to a file
  33.  
  34. Misc
  35. ----
  36.  
  37. /A <opcode>: searches for specified opcode on current section
  38. pf p4 @<address>: retrieves 4 bytes of content from pointer at given address
  39. *<address>: equivalent to pf p4 @ <address>
  40. “e cmd.vprompt=px@esp”: In visual mode, it shows the stack on top of the view
RAW Paste Data
Top