The Official Radare2 Book | страница 70

││││ ; CODE XREF from main (0x3a22)

││╰──> 0x00003a32 be07000000 mov esi, 7

[0x00003a04]> f. localflag @ 0x3a32

[0x00003a04]> f.

0x00003a32 localflag [main + 210]

[0x00003a04]> pd 10

│ 0x00003a04 48c705c9cc21. mov qword [0x002206d8], 0xffffffffffffffff ;

[0x2206d8:8]=0

│ 0x00003a0f c60522cc2100. mov byte [0x00220638], 0 ; [0x220638:1]=0

│ 0x00003a16 83f802 cmp eax, 2

│ .─< 0x00003a19 0f84880d0000 je 0x47a7

│ │ 0x00003a1f 83f803 cmp eax, 3

│ .──< 0x00003a22 740e je 0x3a32 ; main.localflag

│ ││ 0x00003a24 83e801 sub eax, 1

│.───< 0x00003a27 0f84ed080000 je 0x431a

││││ 0x00003a2d e8fef8ffff call sym.imp.abort ; void abort(void)

││││ ; CODE XREF from main (0x3a22)

││`──> .localflag:

││││ ; CODE XREF from main (0x3a22)

││`──> 0x00003a32 be07000000 mov esi, 7

[0x00003a04]>

radare2 offers flag zones, which lets you label different offsets on the scrollbar, for making it easier to navigate through large binaries. You can set a flag zone on the current seek using:

[0x00003a04]> fz flag-zone-name

Set scr.scrollbar=1 and go to the Visual mode, to see your flag zone appear on the scrollbar on the right end of the window.

See fz? for more information.

Radare can manipulate a loaded binary file in many ways. You can resize the file, move and copy/paste bytes, insert new bytes (shifting data to the end of the block or file), or simply overwrite bytes. New data may be given as a wide-string, assembler instructions, or the data may be read in from another file.

Resize the file using the r command. It accepts a numeric argument. A positive value sets a new size for the file. A negative one will truncate the file to the current seek position minus N bytes.

r 1024 ; resize the file to 1024 bytes

r -10 @ 33 ; strip 10 bytes at offset 33

Write bytes using the w command. It accepts multiple input formats like inline assembly, endian-friendly dwords, files, hexpair files, wide strings:

[0x00404888]> w?

Usage: w[x] [str] [

| w[1248][+-][n] increment/decrement byte,word..

| w foobar write string 'foobar'

| w0 [len] write 'len' bytes with value 0x00

| w6[de] base64/hex write base64 [d]ecoded or [e]ncoded string

| wa[?] push ebp write opcode, separated by ';' (use '"' around the command)