Data and Code Analysis
There are different commands to perform data and code analysis, to extract useful information from a binary, like pointers, string references, basic blocks, opcode data, jump targets, xrefs, etc.
These operations are handled by the
a (analyze) command family:
|Usage: a[abdefFghoprxstc] [...] | ab [hexpairs] analyze bytes | abb [len] analyze N basic blocks in [len] (section.size by default) | aa[?] analyze all (fcns + bbs) (aa0 to avoid sub renaming) | ac [cycles] analyze which op could be executed in [cycles] | ad[?] analyze data trampoline (wip) | ad [from] [to] analyze data pointers to (from-to) | ae[?] [expr] analyze opcode eval expression (see ao) | af[?] analyze Functions | aF same as above, but using anal.depth=1 | ag[?] [options] output Graphviz code | ah[?] analysis hints (force opcode size, ...) | ai [addr] address information (show perms, stack, heap, ...) | ao[?] [len] analyze Opcodes (or emulate it) | aO Analyze N instructions in M bytes | ar[?] like 'dr' but for the esil vm. (registers) | ap find prelude for current offset | ax[?] manage refs/xrefs (see also afx?) | as[?] [num] analyze syscall using dbg.reg | at[?] [.] analyze execution traces | av[?] [.] show vtables Examples: f ts @ `S*~text:0`; f t @ section..text f ds @ `S*~data:0`; f d @ section..data .ad t t+ts @ d:ds