首先,确保从git存储库安装radare2并使用最新版本:
$ git clone https://github.com/radare/radare2.git
$ cd radare2
$ ./sys/install.sh
下载并安装radare2后,打开二进制文件并使用
aaa
命令:
$ r2 /bin/ls
-- We fix bugs while you sleep.
[0x004049a0]> aaa
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Check for objc references
[x] Check for vtables
[x] Type matching analysis for all functions (aaft)
[x] Propagate noreturn information
[x] Use -AA or aaaa to perform additional experimental analysis.
正在添加
?
在radare中,几乎每个命令都会输出子命令。例如,您知道
ag
命令及其子命令可以通过添加
到
ag公司
您可以发现其子命令:
[0x00000000]> ag?
Usage: ag<graphtype><format> [addr]
Graph commands:
| aga[format] Data references graph
| agA[format] Global data references graph
| agc[format] Function callgraph
| agC[format] Global callgraph
| agd[format] [fcn addr] Diff graph
... <truncated> ...
Output formats:
| <blank> Ascii art
| * r2 commands
| d Graphviz dot
| g Graph Modelling Language (gml)
| j json ('J' for formatted disassembly)
| k SDB key-value
| t Tiny ascii art
| v Interactive ascii art
| w [path] Write to path or display graph image (see graph.gv.format and graph.web)
您正在搜索
agCd
dot
总体安排
[0x004049a0]> agCd > output.dot
这个
sudo apt-get install graphviz
.
您可以在任何脱机状态下查看输出
dot
viewer
,将输出粘贴到
online Graphviz viewer
甚至转换
文件到PNG:
$ r2 /bin/ls
[0x004049a0]> aa
[x] Analyze all flags starting with sym. and entry0 (aa)
[0x004049a0]> agCd > output.dot
[0x004049a0]> !!dot -Tpng -o callgraph.png output.dot
