Skip to content

Instantly share code, notes, and snippets.

@trib0r3

trib0r3/ida-vs-r2-vs-gdb.md

Created May 8, 2019 10:49
Show Gist options
  • Save trib0r3/b44ebdef1ed47df8c0ccd91c83a68791 to your computer and use it in GitHub Desktop.
Save trib0r3/b44ebdef1ed47df8c0ccd91c83a68791 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ida-vs-r2-vs-gdb.md
Command IDA Pro radare2 r2 (visual mode) GDB WinDbg
Analysis
Analysis of everything Automatically launched when opening a binary aaa or -A (aaaa or -AA for even experimental analysis) N_A N_A N/A
Navigation
xref to x axt x N_A N_A
xref from ctrl + j axf X N_A N_A
xref to graph ? agt [offset] ? N_A N_A
xref from graph ? agf [offset] ? N_A N_A
list functions alt + 1 afl;is t N_A N_A
listing alt + 2 pdf p N_A N_A
hex mode alt + 3 pxa P N_A N_A
imports alt + 6 ii :ii N_A N_A
exports alt + 7 is~FUNC ? N_A N_A
follow jmp_call enter s offset enter or 0-9 N_A N/A
undo seek esc s- u N_A N_A
redo seek ctrl+enter s+ U N_A N_A
show graph space agv V N_A N_A
Edit
rename n afn dr N_A N_A
graph view space agv V N_A N_A
define as data d Cd [size] "dd,db,dw,dW" N_A N_A
define as code c C- [size] d- or du N_A N_A
define as undefined u C- [size] d- or du N_A N_A
define as string A Cs [size] ds N_A N_A
define as struct Alt+Q Cf [size] dF N_A N_A
Debugger
Start Process/ Continue execution F9 dc F9 r and c g
Terminate Process Ctrl+F2 dk 9 ? kill q
Detach ? o- ? detach
step into F7 ds s n
step into 4 instructions ? ds 4 F7 n 4
step over F8 dso S s
step until a specific address ? dsu ? s
Run until return Ctrl+F7 dcr ? finish
Run until cursor F4 #249 #249 N_A N_A
Show Backtrace ? dbt ? bt
display Register On register Windows dr all Shown in Visual mode info registers
display eax On register Windows dr?eax Shown in Visual mode info registers eax
display old state of all registers ? dro ? ? ?
display function addr + N ? afi $$ - display function information of current offset ($$) ? ? ?
display frame state ? pxw rbp-rsp@rsp ? i f ?
How to step until condition is true ? dsi ? ? ?
Update a register value ? dr rip=0x456 ? set $rip=0x456 ?
Disassembly
disassembly forward N/A pd Vp disas "uf, u"
disassembly N instructions N_A pd X Vp x_i
disassembly N (backward) N/A pd -X Vp disas ub
Information on the bin
Sections_regions Menu sections iS or S(append j for json) N_A maint info sections !address
Load symbol file
Sections_regions pdb menu "asm.dwarf.file, pdb.XX)" N_A add-symbol-file r
BackTrace
Stack Trace N_A dbt N_A bt k
Stack Trace in Json N_A dbtj N_A
Partial Backtrace (innermost) N_A dbt(dbg.btdepthdbg.btalgo) N_A bt k
Partial Backtrace (outermost) N_A dbt(dbg.btdepthdbg.btalgo) N_A bt -
Stacktrace for all threads N_A dbt@t N_A thread apply all bt ~*
Breakpoints
Breakpoint list Ctrl+Alt+B db ? info breakpoints
add breakpoint F2 db [offset] F2 break bp
Threads
Switch to thread Thread menu dp N/A thread ~s
Frames
Frame Numbers N_A ? N_A any bt command kn
Select Frame N_A ? N_A frame .frame
Parameters/Locals
Display parameters N_A afv N_A info args dv /t /i /V
Display parameters N_A afv N_A info locals dv /t /i /V
Display parameters_locals in json N_A afvj N/A info locals dv /t /i /V
list addresses where vars are accessed(R_W) N_A afvR_afvW N_A ? ?
Project Related
open project Po [file] ?
save project automatic Ps [file] ?
show project informations Pi [file] ?
Miscellaneous
Dump byte char array N_A "pc? (json, C, char, etc.)" Vpppp x_bc db
options option menu e? e
search search menu /? Select the zone with the cursor cthen /
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment