The Official Radare2 Book | страница 47

A general format for radare2 commands is as follows:

[.][times][cmd][~grep][@[@iter]addr!size][|>pipe] ;

People who use Vim daily and are familiar with its commands will find themselves at home. You will see this format used throughout the book. Commands are identified by a single case-sensitive character [a-zA-Z].

To repeatedly execute a command, prefix the command with a number:

px # run px

3px # run px 3 times

The ! prefix is used to execute a command in shell context. If you want to use the cmd callback from the I/O plugin you must prefix with =!.

Note that a single exclamation mark will run the command and print the output through the RCons API. This means that the execution will be blocking and not interactive. Use double exclamation marks -- !! -- to run a standard system call.

All the socket, filesystem and execution APIs can be restricted with the cfg.sandbox configuration variable.

A few examples:

ds ; call the debugger's 'step' command

px 200 @ esp ; show 200 hex bytes at esp

pc > file.c ; dump buffer as a C byte array to file.c

wx 90 @@ sym.* ; write a nop on every symbol

pd 2000 | grep eax ; grep opcodes that use the 'eax' register

px 20 ; pd 3 ; px 40 ; multiple commands in a single line

The standard UNIX pipe | is also available in the radare2 shell. You can use it to filter the output of an r2 command with any shell program that reads from stdin, such as grep, less, wc. If you do not want to spawn anything, or you can't, or the target system does not have the basic UNIX tools you need (Windows or embedded users), you can also use the built-in grep (~).

See ~? for help.

The ~ character enables internal grep-like function used to filter output of any command:

pd 20~call ; disassemble 20 instructions and grep output for 'call'

Additionally, you can grep either for columns or for rows:

pd 20~call:0 ; get first row

pd 20~call:1 ; get second row

pd 20~call[0] ; get first column