rabin2 - Binary Information Extractor
NAME
rabin2 — Binary Information Extractor
SYNOPSIS
rabin2 [−AcdeEghHiIjJlLMpqQrRsStuUVvwxZ] [−a arch] [−b bits] [−B addr] [−C fmt:C:[D]] [−D lang sym|-] [−f subbin] [−F binfmt] [−k query] [−K algo] [−m addr] [−n str] [−N minlen:maxlen] [−o str] [−O binop] [−X fmt file ...] [−@ addr] file
DESCRIPTION
A binary information extractor supporting ELF, PE, MZ, and Mach-O formats, providing details on headers, sections, symbols, imports, exports, and debug data.
Most options are also available within the radare2 ’i’ command (type ’i?’ for help).
−@ addr
Show section, symbol or import at given address
−A
List sub-binaries and their associated arch-bits pairs
−a arch
Set arch (x86, arm, .. or <arch>_<bits>)
−b bits
Set bits (32, 64, ...)
−B addr
Override base address (for address independent binaries)
−c
List classes
−cc
List classes in header format
−C [fmt:C[:D]]
Create [elf,mach0,pe] with Code and Data hexpairs (see -a)
−d
Show debug/dwarf information
−D lang symbolname|-
Demangle symbol name (or - to read from stdin) for lang (cxx, swift, java, cxx, ..)
−e
Program entrypoint
−ee
Constructor/destructor entrypoints
−E
Globally exportable symbols
−f subbin
Select sub-binary architecture. Useful for fat-mach0 binaries
−F binfmt
Force to use that bin plugin (ignore header check)
−g
Same as -SMZIHVResizcld -SS -SSS -ee (show all info)
−G addr
Load address . address to header
−h
Show this help message
−H
Header fields
−I
Binary info
−i
Imports (symbols imported from libraries)
−j
Output in json
−J var
Display environment variable
−k query
Perform SDB query on loaded file. For example: ’*’
−K algo
Calculate section checksums (md5, sha1, ..)
−l
List linked libraries to the binary
−L plugin
List supported bin plugins or plugin details
−m addr
Show source line at addr
−M
Main (show address of main symbol)
−n str
Show section, symbol or import named str
−N minlen:maxlen
Force min:max number of chars per string (see -z and -zz)
−o str
Output file/folder for write operations (out by default)
−O binop
Perform binary operation on target binary (dump, resize, change sections, ...). Use -O help for more information:
e/0x8048000
change entrypoint
d/s/1024 dump symbols
d/S/.text dump section
r/.data/1024 resize section
R remove RPATH
a/l/libfoo.dylib add library
p/.data/rwx change section permissions
c show Codesign data
C show LDID entitlements
−p
Show always physical addresses
−P
Show debug/pdb information
−PP
Download pdb file for binary
−q
Be quiet, just show less data
Show less info (no addr/size for -z for ex.)
−Q
Show load address used by dlopen (non-aslr libs)
−r
Radare output
−R
Relocations
−s
Symbols
−S
Sections
−SS
Segments
−SSS
Sections mapping to segments
−t
Display file hashes
−T
Display file signature, certificates and signing details
−u
Unfiltered (no rename duplicated symbols/sections)
−U
Resources
−v
Display version and quit
−V
Show binary version information
−w
Display try/catch blocks
−x
Extract sub-binaries contained in file (for example inside FAT mach-o binaries)
−X format file ...
Package in fat or zip the given files
−z
Strings (from data section)
−Z
Guess size of binary program
−zz
Show strings from raw bins
−zzz
Dump raw strings to stdout (for huge files)
ENVIRONMENT
R2_NOPLUGINS
Same as r2 -N. Do not load shared plugins
RABIN2_ARGS
Ignore CLI and use these arguments instead
RABIN2_CHARSET
Set default value charset for -z strings
RABIN2_CODESIGN_VERBOSE
Show codesign details at parse time
RABIN2_DEBASE64
Same as r2 -e bin.str.debase64 - try to decode all strings as base64 if possible
RABIN2_DEMANGLE
Same as r2 -e bin.demangle - demangle symbols
RABIN2_DEMANGLE_CMD
Same as r2 -e bin.demangle.cmd - try to purge false positives
RABIN2_DEMANGLE_TRYLIB
Same as r2 -e bin.demangle.trylib=<bool> - load Swift libs to demangle (default: false)
RABIN2_LANG
Same as r2 -e bin.lang - assume lang for demangling
RABIN2_MACHO_NOFUNCSTARTS
If set it will ignore the FUNCSTART information
RABIN2_MACHO_NOSWIFT
Avoid parsing the swift metadata
RABIN2_MACHO_SKIPFIXUPS
Do not parse the mach-o chained fixups
RABIN2_MAXSTRBUF
Same as r2 -e bin.str.maxbuf - specify maximum buffer size
RABIN2_PDBSERVER
Same as r2 -e pdb.server - use alternative PDB server
RABIN2_PREFIX
Same as r2 -e bin.prefix - prefix symbols/sections/relocs with a specific string
RABIN2_STRFILTER
Same as r2 -e bin.str.filter
RABIN2_STRPURGE
Same as r2 -e bin.str.purge - try to purge false positives
RABIN2_SYMSTORE
Same as r2 -e pdb.symstore - path to downstream symbol store
RABIN2_VERBOSE
Same as r2 -e bin.verbose=true - show debugging messages from the parser
EXAMPLES
List symbols of a program
$ rabin2 −s a.out
Get offset of symbol
$ rabin2 −n _main a.out
Get entrypoint
$ rabin2 −e a.out
Load symbols and imports from radare2
$ r2 -n /bin/ls
[0x00000000]> .!rabin2 −prsi $FILE
SEE ALSO
radare2(1)
AUTHORS
Written by pancake <[email protected]>. Jul 10, 2025 RABIN2(1)