10

It's easy to seek to a particular function and dump it's contents as Assembly language. However, I cannot find an obvious way to immediately disassemble and dump an entire binary. I want to use it more like I use IDA and objdump by seeing the entire disassembly at once.

Evan Carroll
  • 1,779
  • 1
  • 18
  • 50
MrSynAckSter
  • 1,258
  • 1
  • 10
  • 24

2 Answers2

13

You can use the special "'$' variables" $s to get the size of your binary, and pass it as an argument to the pd command to disassemble the whole file:

[0x004048bf]> pd $s
Do you want to print 188.0K chars?

For more information on '$' variables available see ?$?.

Evan Carroll
  • 1,779
  • 1
  • 18
  • 50
jvoisin
  • 2,516
  • 16
  • 23
  • I usually use objdump -d binary | less command, is there anything similar can be done using r2. Just output the highlighted disassembly to stdout? – user Nov 29 '15 at 04:32
  • 1
    Why not using the radare2 shell instead? If you really want to disassemble the whole binary to stdout, you can use r2 -c 'pi $s', but it's much less convenient. – jvoisin Nov 30 '15 at 12:44
  • But it does not highlight the syntax, that is one of the reasons I am using radare2 - to get the highlighted syntax. – user Nov 30 '15 at 18:12
  • The radare2 shell does : r2 -A ./binary then pdf, and be amazed. – jvoisin Nov 30 '15 at 18:31
  • 1
    No, it did not disassemble the whole binary, it just disassembled _start function. – user Dec 01 '15 at 00:50
  • 1
    That's the whole point. Most of the time, you're like to explore the binary, to use r2's analysis capabilities, instead of dumping the whole disassembly. You can of course do that inside the shell with pi $s. – jvoisin Dec 01 '15 at 15:02
  • Thanks! I have actually tried option pi $s which is similar to objdump -d binary, but I also want | less part, is there any way to do that in r2? – user Dec 01 '15 at 16:23
  • You can pipe to less in radare2 too. – jvoisin Dec 01 '15 at 20:07
  • I have tried pi $s | less, but syntax highligthing is gone. – user Dec 02 '15 at 00:47
  • @user: You can run radare with r2 -e scr.pipecolor=true – Thor Aug 01 '17 at 10:53
3

If you want more like an Ida experience you could try the GUI project for Radare called Bokken.

https://github.com/radare/bokken

Update: it seems to have been superseded by the cutter project.

julian
  • 7,128
  • 3
  • 22
  • 55
tyh
  • 131
  • 3