Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: Updating basic commands to up to date state #126

Merged
merged 4 commits into from
Aug 2, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion _quarto.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,6 @@ book:
- src/basic_commands/print_modes.md
- src/basic_commands/flags.md
- src/basic_commands/write.md
- src/basic_commands/zoom.md
- src/basic_commands/yank_paste.md
- src/basic_commands/comparing_bytes.md
- src/basic_commands/sdb.md
Expand Down
6 changes: 3 additions & 3 deletions src/basic_commands/dietline.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ autocompletion options.
In the every shell and rizin command autocompletion is supported. There are multiple modes of it -
files, flags, and SDB keys/namespaces. To provide the easy way to select possible completion options
the scrollable popup widget is available. It can be enabled with `scr.prompt.popup`, just set it to
the `true`.
the `true` (as such: `e scr.prompt.popup=true`).

# Emacs (default) mode

Expand Down Expand Up @@ -48,7 +48,7 @@ By default dietline mode is compatible with readline Emacs-like mode key binding

# Vi mode

Rizin also comes with in vi mode that can be enabled by toggling `scr.prompt.vi`. The various keybindings available in this mode are:
Rizin also comes with in vi mode that can be enabled by toggling `e scr.prompt.vi=true`). The various keybindings available in this mode are:

## Entering command modes
- `ESC` - enter into the control mode
Expand Down Expand Up @@ -80,4 +80,4 @@ Rizin also comes with in vi mode that can be enabled by toggling `scr.prompt.vi`
- `p` - yank the top of the kill ring into the buffer at point.
- `c` - acts similar to d based commands, but goes into insert mode in the end by prefixing the commands with numbers, the command is performed multiple times.

If you are finding it hard to keep track of which mode you are in, just set `scr.prompt.mode=true` to update the color of the prompt based on the vi-mode.
If you are finding it hard to keep track of which mode you are in, just enter `e scr.prompt.mode=true` to update the color of the prompt based on the vi-mode.
85 changes: 48 additions & 37 deletions src/basic_commands/flags.md
Original file line number Diff line number Diff line change
@@ -1,58 +1,69 @@
## Flags

Flags are conceptually similar to bookmarks. They associate a name with a given offset in a file. Flags can be grouped into 'flag spaces'. A flag space is a namespace for flags, grouping together flags of similar characteristics or type. Examples for flag spaces: sections, registers, symbols.
Flags are conceptually similar to bookmarks. They associate a name with a given offset in a file. Flags can be grouped into 'flagspaces'. A flagspace is a namespace for flags, grouping together flags of similar characteristics or type. Examples for flagspaces: sections, registers or symbols.

To create a flag:

```
[0x4A13B8C0]> f flag_name @ offset
[0x100003ba0]> f flag_name @ offset
```

You can remove a flag by appending the `-` character to command. Most commands accept `-` as argument-prefix as an indication to delete something.

```
[0x4A13B8C0]> f-flag_name
[0x100003ba0]> f-flag_name
```

To switch between or create new flagspaces use the `fs` command:

```
[0x00005310]> fs?
|Usage: fs [*] [+-][flagspace|addr] # Manage flagspaces
| fs display flagspaces
| fs* display flagspaces as rizin commands
| fsj display flagspaces in JSON
| fs * select all flagspaces
| fs flagspace select flagspace or create if it doesn't exist
| fs-flagspace remove flagspace
| fs-* remove all flagspaces
| fs+foo push previous flagspace and set
| fs- pop to the previous flagspace
| fs-. remove the current flagspace
| fsq list flagspaces in quiet mode
| fsm [addr] move flags at given address to the current flagspace
| fss display flagspaces stack
| fss* display flagspaces stack in rizin commands
| fssj display flagspaces stack in JSON
| fsr newname rename selected flagspace
[0x00005310]> fs
0 439 * strings
1 17 * symbols
2 54 * sections
3 20 * segments
4 115 * relocs
5 109 * imports
[0x00005310]>
[0x100003ba0]> fs?
Usage: fs[l-mrs?] # Manage flagspaces
| fs <name> # Add the flagspace
| fsl[jq] # Display flagspaces
| fs- <name> # Remove the flagspace
| fs-* # Remove all flagspaces
| fsm # Move the flags at the current address to the current flagspace
| fsr <newname> # Rename the flag space
| fss<+-l> # Manage the flagspace stack
[0x100003ba0]> fsl
| 0 * classes
| 108 * functions
| 84 * imports
| 0 * platform.ports
| 87 * pointers
| 0 * registers
| 0 * registers.extended
| 0 * registers.mmio
| 91 * relocs
| 13 * sections
| 3 * segments
| 95 * strings
| 55 * symbols
```

Here there are some command examples:
Here you can find some command examples using flagspaces:

```
[0x4A13B8C0]> fs symbols ; select only flags in symbols flagspace
[0x4A13B8C0]> f ; list only flags in symbols flagspace
[0x4A13B8C0]> fs * ; select all flagspaces
[0x4A13B8C0]> f myflag ; create a new flag called 'myflag'
[0x4A13B8C0]> f-myflag ; delete the flag called 'myflag'
[0x100003ba0]> fs symbols ; select only flags in symbols flagspace
[0x100003ba0]> fsl
0 . classes
108 . functions
84 . imports
0 . platform.ports
87 . pointers
0 . registers
0 . registers.extended
0 . registers.mmio
91 . relocs
13 . sections
3 . segments
95 . strings
55 * symbols ; symbols are selected
[0x100003ba0]> fl ; list only flags in symbols flagspace
[0x100003ba0]> fs * ; select all flagspaces
[0x100003ba0]> f myflag ; create a new flag called 'myflag'
[0x100003ba0]> f-myflag ; delete the flag called 'myflag'
```

You can rename flags with `fr`.
Expand Down Expand Up @@ -99,12 +110,12 @@ to have the flags, for example inside the functions, with simple and ubiquitous

### Flag Zones

rizin offers flag zones, which lets you label different offsets on the scrollbar, for making it easier to navigate through large binaries. You can set a flag zone on the current seek using:
Rizin offers flag zones, which lets you label different offsets on the scrollbar, for making it easier to navigate through large binaries. You can set a flag zone on the current seek using:

```
[0x00003a04]> fz flag-zone-name
```

Set `scr.scrollbar=1` and go to the Visual mode, to see your flag zone appear on the scrollbar on the right end of the window.
Set `e scr.scrollbar=1` and go to the Visual mode, to see your flag zone appear on the scrollbar on the right end of the window.

See `fz?` for more information.
1 change: 0 additions & 1 deletion src/basic_commands/print_modes.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ Below is a list of available print modes listed by `p?`:
| pv[?][jh] [mode] show variable/pointer/value in memory
| pwd display current working directory
| px[?][owq] [len] hexdump of N bytes (o=octal, w=32bit, q=64bit)
| pz[?] [len] print zoom view (see pz? for help)
[0x00005310]>
```

Expand Down
3 changes: 2 additions & 1 deletion src/basic_commands/sdb.md
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ $ gcc test.c -o test

```
$ rizin -A ./test
[0x08048320]> # list namespaces under analysis
[0x08048320]> k **
bin
analysis
Expand Down Expand Up @@ -143,4 +144,4 @@ k analysis/meta/*~.C.
Show a comment at given offset:
```
k %analysis/meta/[1]meta.C.0x100005000
```
```
10 changes: 4 additions & 6 deletions src/basic_commands/seeking.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ Usage: s[?] # Seek commands
| sp [<type>] # Seek to prev location
| so [<n>] # Seek to <n> next opcodes
| sr <reg> # Seek to register
| sleep <seconds> # Sleep for the specified amount of seconds


> 3s++ ; 3 times block-seeking
Expand All @@ -67,11 +66,11 @@ Usage: s[?] # Seek commands
If you want to inspect the result of a math expression, you can evaluate it using the `?` command. Simply pass the expression as an argument. The result can be displayed in hexadecimal, decimal, octal or binary formats.

```
> ? 0x100+200
> % 0x100+200
0x1C8 ; 456d ; 710o ; 1100 1000
```

There are also subcommands of `?` that display the output in one specific format (base 10, base 16 ,...). See `?v` and `?vi`.
There are also subcommands of `%` that display the output in one specific format (base 10, base 16 ,...). See `%v` for instance.

In the visual mode, you can press `u` (undo) or `U` (redo) inside the seek history to return back to previous or forward to the next location.

Expand Down Expand Up @@ -111,7 +110,7 @@ Print current address:
[0x00000000]>
```

There is an alternate way to print current position: `?v $$`.
There is an alternate way to print current position: `%v $$`.

Seek N positions forward, space is optional:

Expand Down Expand Up @@ -147,5 +146,4 @@ f undo_1 @ 0x400410
f undo_0 @ 0x400411
# Current seek @ 0x400410
f redo_0 @ 0x4005b4
```

```
46 changes: 17 additions & 29 deletions src/basic_commands/types.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,32 +4,21 @@ Rizin can also work with data types. You can use standard C data types or define

```
[0x00000000]> t?
Usage: t # cparse types commands
| t List all loaded types
| tj List all loaded types as json
| t <type> Show type in 'pf' syntax
| t* List types info in rizin commands
| t- <name> Delete types by its name
| t-* Remove all types
| tail [filename] Output the last part of files
| tc [type.name] List all/given types in C output format
| te[?] List all loaded enums
| td[?] <string> Load types from string
| tf List all loaded functions signatures
| tk <sdb-query> Perform sdb query
| tl[?] Show/Link type to an address
| tn[?] [-][addr] manage noreturn function attributes and marks
| to - Open cfg.editor to load types
| to <path> Load types from C header file
| toe [type.name] Open cfg.editor to edit types
| tos <path> Load types from parsed Sdb database
| tp <type> [addr|varname] cast data at <address> to <type> and print it (XXX: type can contain spaces)
| tpv <type> @ [value] Show offset formatted for given type
| tpx <type> <hexpairs> Show value for type with specified byte sequence (XXX: type can contain spaces)
| ts[?] Print loaded struct types
| tu[?] Print loaded union types
| tx[f?] Type xrefs
| tt[?] List all loaded typedefs
Usage: t[?] # Types, noreturn, signatures, C parser and more
| t[j*] [<type>] # List all types / Show type information
| t- <type> # Remove the type
| t-* # Remove all types
| tc[dc] # List loaded types in C format
| td <type> # Define type from C definition
| te[jbcdf] # List loaded enums
| tf[j-c?] # List loaded functions definitions
| tn[j-?] # Manage noreturn function attributes and marks
| to[es] # Open C header file and load types from it
| tp[vx] # Print formatted type casted to the address
| ts[jlcd] # List loaded structures
| tt[jc] # List loaded typedefs
| tu[jlcd] # List loaded unions
| tx[fgl] # Type xrefs
```

### Defining new types
Expand All @@ -38,7 +27,7 @@ There are three different methods to define new types:

1. Defining a new type from rizin shell immediately, to do this you will use `td` command, and put the whole line between double quotes. For example:

`"td struct person {int age; char *name; char *address;};"`
`td "struct person {int age; char *name; char *address;};"`

2. You can also use `to -` to open a text editor and write your own types in there. This is preferable when you got too many types to define.

Expand All @@ -54,5 +43,4 @@ You can also cast pointers to data types and view data in there accordingly with
name : (*0x4005b0) 0x7fff170a46b4 = My name
address : (*0x4005b8) 0x7fff170a46bc = My age
[0x00400511]>
```

```
71 changes: 37 additions & 34 deletions src/basic_commands/write.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
## Writing Data

To be able to use Rizin in write mode, you need to load your binary as such: `rizin -w bin`.

Rizin can manipulate a loaded binary file in many ways. You can resize the file, move and copy/paste bytes, insert new bytes (shifting data to the end of the block or file), or simply overwrite bytes. New data may be given as a wide-string, assembler instructions, or the data may be read in from another file.

Resize the file using the `r` command. It accepts a numeric argument. A positive value sets a new size for the file. A negative one will truncate the file to the current seek position minus N bytes.
Expand All @@ -17,24 +19,25 @@ Usage: w[?] # Write commands
| wB[-] # Set or unset bits with given value
| wv[1248] # Write value of given size
| w0 <len> # Write <len> bytes with value 0x00
| w<1248><+-> [<n>] # increment/decrement byte, word, ..
| w<1248><+-> [<n>] # Increment/decrement byte, word, ...
| w6<de> # Write base64 [d]ecoded or [e]ncoded string
| we[?] # Extend write operations (insert bytes instead of replacing)
| wu[?] # Apply unified hex patch (see output of cu)
| we<nsx> # Extend write operations (insert bytes instead of replacing)
| wu <file> # Apply unified hex patch (see output of cu)
| wr <len> # Write <len> random bytes
| wA[?] # Alter/modify opcode at current seek (see wA?)
| wc[?] # Write cache commands
| wz[?] # Write zero-terminated string
| wt[?] # Write to file
| wc[j*-+ip?] # Write cache commands
| wz <string> # Write zero-terminated string
| wf[xfs] # Write data from file, socket, offset
| ww[?] # Write wide string
| ww <string> # Write wide (16-bit) little-endian string
| wx[f] # Write hexadecimal data
| wa[ifo] # Write opcodes
| wb[?] # Write in current block with cyclic hexstring
| wm[?] # Set binary mask hexpair to be used as cyclic write mask
| wo[?] # Write in block with operation
| wd[?] # Duplicate N bytes from offset at current seek
| wb <hex> # Write in current block a hexstring cyclically
| wm[-] # Set binary mask hexpair to be used as cyclic write mask
| wo<?> # Write a block with a special operation
| wD[/] # Write de Bruijn pattern
| wd <src> <len> # Duplicate <len> bytes from <src> offset to current seek
| ws <string> # Write 1 byte for length and then the string

Detailed help for w <string> is provided by w??.
```

Some examples:
Expand All @@ -52,27 +55,27 @@ an operator. The command is applied to the current block. Supported operators in

```
[0x4A13B8C0]> wo?
|Usage: wo[asmdxoArl24] [hexpairs] @ addr[:bsize]
|Example:
| wox 0x90 ; xor cur block with 0x90
| wox 90 ; xor cur block with 0x90
| wox 0x0203 ; xor cur block with 0203
| woa 02 03 ; add [0203][0203][...] to curblk
| woe 02 03 ; create sequence from 2 to 255 with step 3
|Supported operations:
| wow == write looped value (alias for 'wb')
| woa += addition
| wos -= subtraction
| wom *= multiply
| wod /= divide
| wox ^= xor
| woo |= or
| woA &= and
| woR random bytes (alias for 'wr $b'
| wor >>= shift right
| wol <<= shift left
| wo2 2= 2 byte endian swap
| wo4 4= 4 byte endian swap
Usage: wo<?> # Write a block with a special operation
| wo2 # Swap the endianess of 2-bytes values in the current block
| wo4 # Swap the endianess of 4-bytes values in the current block
| wo8 # Swap the endianess of 8-bytes values in the current block
| woa <value> # Add each existing byte in the block with the given <value>
| woA <value> # Bitwise-and each existing byte in the block with the given <value>
| wod <value> # Divide each existing byte in the block with the given <value>
| wol <value> # Bitwise-shift-left each existing byte in the block with the given <value>
| wom <value> # Multiply each existing byte in the block with the given <value>
| woo <value> # Bitwise-or each existing byte in the block with the given <value>
| wor <value> # Bitwise-shift-right each existing byte in the block with the given <value>
| wos <value> # Subtract each existing byte in the block with the given <value>
| wox <value> # Bitwise-xor each existing byte in the block with the given <value>
| woe <from> <to> <step>=1 <value_size>=1 # Write a sequence repeatedly with values from <from> up to <to> in the block
| woD <algo> <key> [<IV>] # Decrypt current block with given <algo>, <key> and optional <IV>
| woE <algo> <key> [<IV>] # Encrypt current block with given <algo>, <key> and optional <IV>

Examples:
| woa 20 # Content before: 1122334455 ; Content after: 3142536475
| wos 2021 # Content before: 1122334455 ; Content after: f101132335
| wo4 # Content before: 1122334455667788; Content after: 4433221188776655
```

It is possible to implement cipher-algorithms using rizin core primitives and `wo`. A sample session performing xor(90) + add(01, 02):
Expand All @@ -98,4 +101,4 @@ It is possible to implement cipher-algorithms using rizin core primitives and `w
0x7fcd6a891640 91de 1a7e d91f 96db 14d9 9593 1401 9593
0x7fcd6a891650 c4da 1a6d e89a d959 9192 9159 1cb1 d959
0x7fcd6a891660 9192 79cb 81da 1652 81da 1456 a252 7c77
```
```
Loading