rz-bin - Man Page

Binary program info extractor

Synopsis

rz-bin[-AceghHiIsSMzlpRrLxvhqQTuUwV] [-a arch] [-b bits] [-B addr] [-C fmt:C:[D]] [-D lang sym|-] [-f subbin] [-k query] [-K algo] [-O binop] [-o str] [-m addr] [-@ addr] [-n str] [-X fmt file ...] file

Description

This program allows you to get information about ELF/PE/MZ and CLASS files in a simple way.

All those commandline flags are also available under the i command in rizin. Type i? for help.

-@ addr

Show information (symbol, section, import) of the given address

-A

List sub-binaries and their associated arch-bits pairs

-a arch

Set arch (x86, arm, .. accepts underscore for bits x86_32)

-b bits

Set bits (32, 64, ...)

-B addr

Override baddr

-c

List classes

-cc

List classes in header format

-C [fmt:C[:D]]

Create [elf,mach0,pe] for arm and x86-32/64 tiny binaries where 'C' is an hexpair list of the code bytes and ':D' is an optional concatenation to describe the bytes for the data section.

-d

Show debug/dwarf information

-D lang symbolname|-

Demangle symbol name (or - to read from stdin) for lang (cxx, swift, java, cxx, ..)

-e

Show entrypoints for disk and on-memory

-ee

Show constructor/destructors (extended entrypoints)

-f subbin

Select sub-binary architecture. Useful for fat-mach0 binaries

-F binfmt

Force to use that bin plugin (ignore header check)

-g

Show all possible information

-G addr

Load address . offset to header

-h

Show usage help message.

-H

Show header fields (see ih command in rizin)

-I

Show binary info (iI in rizin)

-i

Show imports (symbols imported from libraries) (ii)

-j

Output in json

-k query

Perform SDB query on loaded file

-K algo

Select a rz-hash checksum algorithm to be performed on sections listing (and maybe others in the future) i.e 'rz-bin -K md5 -S /bin/ls'

-l

List linked libraries to the binary

-L

List supported bin plugins

-M

Show address of 'main' symbol

-m addr

Show source line reference from a given address

-N minlen:maxlen

Force minimum and maximum number of chars per string (see -z and -zz). if (strlen>minlen && (!maxlen || strlen<=maxlen))

-n str

Show information (symbol, section, import) at string offset

-o str

Output file/folder for write operations (out by default)

-O binop

Perform binary operation on target binary (dump, resize, change sections, ...) see '-O help' for more information

-p

Disable VA. Show physical addresses

-P

Show debug/pdb information

-PP

Download pdb file for binary

-q

Be quiet, just show fewer data

-qq

Show less info (no offset/size for -z for ex.)

-Q

Show load address used by dlopen (non-aslr libs)

-r

Show output in rizin format

-R

Show relocations

-s

Show exported symbols

-S

Show sections

-SS

Show segments

-t

Show file hashes

-T

Show Certificates

-u

Unfiltered (no rename duplicated symbols/sections)

-U

Show Resources

-v

Show version information

-V

Show binary version information

-w

Show try/catch blocks

-x

Extract all sub binaries from a fat binary (f.ex: fatmach0)

-X format file ...

Package a fat or zip containing all the files passed (fat, zip)

-z

Show strings inside .data section (like gnu strings does)

-Z

Guess size of binary program

-zz

Shows strings from raw bins

-zzz

Dump raw strings to stdout (for huge files)

Environment

RZ_BIN_LANG same as rizin -e bin.lang for rz-bin

RZ_BIN_DEMANGLE demangle symbols

RZ_BIN_MAXSTRBUF same as rizin -e bin.maxstrbuf for rz-bin

RZ_BIN_DEBASE64 try to decode all strings as base64 if possible

RZ_BIN_STRFILTER same as rizin -e bin.str.filter for rz-bin

RZ_BIN_STRPURGE same as rizin -e bin.str.purge for rz-bin

Examples

List symbols of a program

$ rz-bin -s a.out

Get offset of symbol

$ rz-bin -n _main a.out

Get entrypoint

$ rz-bin -e a.out

Load symbols and imports from rizin

$ rizin -n /bin/ls
[0x00000000]> .!rz-bin -prsi $FILE

See Also

rz-hash(1), rz-find(1), rizin(1), rz-diff(1), rz-asm(1), rz-ax(1), rsc2(1), rz-gg(1), rz-run(1),

Authors

Written by pancake <pancake@nopcode.org>.

Referenced By

rizin(1), rz-asm(1), rz-ax(1), rz-diff(1), rz-find(1), rz-gg(1), rz-hash(1), rz-run(1), rz-sign(1).

September 29, 2016