RABIN2(1)

General Commands Manual

RABIN2(1)

NAME¶

rabin2 — Binary Information Extractor

SYNOPSIS¶

rabin2 [-AcdeEghHiIjJlLMpqQrRsStuUVvwxZ] [-a arch] [-b bits] [-B addr] [-C fmt:C:[D]] [-D lang sym|-] [-f subbin] [-F binfmt] [-k query] [-K algo] [-m addr] [-n str] [-N minlen:maxlen] [-o str] [-O binop] [-X fmt file ...] [-@ addr] file

DESCRIPTION¶

A binary information extractor supporting ELF, PE, MZ, and Mach-O formats, providing details on headers, sections, symbols, imports, exports, and debug data.

Most options are also available within the radare2 'i' command (type 'i?' for help).

-@ addr

Show section, symbol or import at given address

-A

List sub-binaries and their associated arch-bits pairs

-a arch

Set arch (x86, arm, .. or <arch>_<bits>)

-b bits

Set bits (32, 64, ...)

-B addr

Override base address (for address independent binaries)

-c

List classes

-cc

List classes in header format

-C [fmt:C[:D]]

Create [elf,mach0,pe] with Code and Data hexpairs (see -a)

-d

Show debug/dwarf information

-D lang symbolname|-

Demangle symbol name (or - to read from stdin) for lang (cxx, swift, java, cxx, ..)

-e

Program entrypoint

-ee

Constructor/destructor entrypoints

-E

Globally exportable symbols

-f subbin

Select sub-binary architecture. Useful for fat-mach0 binaries

-F binfmt

Force to use that bin plugin (ignore header check)

-g

Same as -SMZIHVResizcld -SS -SSS -ee (show all info)

-G addr

Load address . address to header

-h

Show this help message

-H

Header fields

-I

Binary info

-i

Imports (symbols imported from libraries)

-j

Output in json

-J var

Display environment variable

-k query

Perform SDB query on loaded file. For example: '*'

-K algo

Calculate section checksums (md5, sha1, ..)

-l

List linked libraries to the binary

-L plugin

List supported bin plugins or plugin details

-m addr

Show source line at addr

-M

Main (show address of main symbol)

-n str

Show section, symbol or import named str

-N minlen:maxlen

Force min:max number of chars per string (see -z and -zz)

-o str

Output file/folder for write operations (out by default)

-O binop

Perform binary operation on target binary (dump, resize, change sections, ...). Use -O help for more information:

 e/0x8048000       change entrypoint
 d/s/1024          dump symbols
 d/S/.text         dump section
 r/.data/1024      resize section
 R                 remove RPATH
 a/l/libfoo.dylib  add library
 p/.data/rwx       change section permissions
 c                 show Codesign data
 C                 show LDID entitlements

-p

Show always physical addresses

-P

Show debug/pdb information

-PP

Download pdb file for binary

-q

Be quiet, just show less data

-qq

Show less info (no addr/size for -z for ex.)

-Q

Show load address used by dlopen (non-aslr libs)

Radare output

Relocations

Symbols

Sections

Segments

Sections mapping to segments

-t

Display file hashes

-T

Display file signature, certificates and signing details

-u

Unfiltered (no rename duplicated symbols/sections)

-U

Resources

-v

Display version and quit

-V

Show binary version information

-w

Display try/catch blocks

-x

Extract sub-binaries contained in file (for example inside FAT mach-o binaries)

-X format file ...

Package in fat or zip the given files

-z

Strings (from data section)

-Z

Guess size of binary program

-zz

Show strings from raw bins

-zzz

Dump raw strings to stdout (for huge files)

ENVIRONMENT¶

R2_NOPLUGINS: Same as r2 -N. Do not load shared plugins
RABIN2_ARGS: Ignore CLI and use these arguments instead
RABIN2_CHARSET: Set default value charset for -z strings
RABIN2_CODESIGN_VERBOSE: Show codesign details at parse time
RABIN2_DEBASE64: Same as r2 -e bin.str.debase64 - try to decode all strings as base64 if possible
RABIN2_DEMANGLE: Same as r2 -e bin.demangle - demangle symbols
RABIN2_DEMANGLE_CMD: Same as r2 -e bin.demangle.cmd - try to purge false positives
RABIN2_DEMANGLE_TRYLIB: Same as r2 -e bin.demangle.trylib=<bool> - load Swift libs to demangle (default: false)
RABIN2_LANG: Same as r2 -e bin.lang - assume lang for demangling
RABIN2_MACHO_NOFUNCSTARTS: If set it will ignore the FUNCSTART information
RABIN2_MACHO_NOSWIFT: Avoid parsing the swift metadata
RABIN2_MACHO_SKIPFIXUPS: Do not parse the mach-o chained fixups
RABIN2_MAXSTRBUF: Same as r2 -e bin.str.maxbuf - specify maximum buffer size
RABIN2_PDBSERVER: Same as r2 -e pdb.server - use alternative PDB server
RABIN2_PREFIX: Same as r2 -e bin.prefix - prefix symbols/sections/relocs with a specific string
RABIN2_STRFILTER: Same as r2 -e bin.str.filter
RABIN2_STRPURGE: Same as r2 -e bin.str.purge - try to purge false positives
RABIN2_SYMSTORE: Same as r2 -e pdb.symstore - path to downstream symbol store
RABIN2_VERBOSE: Same as r2 -e bin.verbose=true - show debugging messages from the parser

EXAMPLES¶

List symbols of a program

$ rabin2 -s a.out

Get offset of symbol

$ rabin2 -n _main a.out

Get entrypoint

$ rabin2 -e a.out

Load symbols and imports from radare2

$ r2 -n /bin/ls
[0x00000000]> .!rabin2 -prsi $FILE

AUTHORS¶

Written by pancake <pancake@nopcode.org>.

July 10, 2025

Source file:	rabin2.1.en.gz (from radare2 6.0.4+dfsg-1)
Source last updated:	2025-09-29T06:39:34Z
Converted to HTML:	2025-09-29T09:24:13Z