A general format for radare commands is as follows:
Commands are identified by a single case-sensitive character [a-zA-Z]. To repeatedly execute a command, prefix the command with a number:
px # run px 3px # run px 3 times
! prefix is used to execute a command in shell context. If a single exclamation mark is used, commands will be sent to the system() hook defined in currently loaded I/O plugin. This is used, for example, by the ptrace I/O plugin, which accepts debugger commands from radare interface.
A few examples:
ds ; call the debugger's 'step' command px 200 @ esp ; show 200 hex bytes at esp pc > file.c ; dump buffer as a C byte array to file.c wx 90 @@ sym.* ; write a nop on every symbol pd 2000 | grep eax ; grep opcodes that use the 'eax' register px 20 ; pd 3 ; px 40 ; multiple commands in a single line
@ character is used to specify a temporary offset at which the command to its left will be executed. The original seek position in a file is then restored. For example,
pd 5 @ 0x100000fce to disassemble 5 instructions at address 0x100000fce.
~ character enables internal grep-like function used to filter output of any command. For example:
pd 20~call ; disassemble 20 instructions and grep output for 'call'
Additionally, you can either grep for columns or rows:
pd 20~call:0 ; get first row pd 20~call:1 ; get second row pd 20~call ; get first column pd 20~call ; get second column
Or even combine them:
pd 20~call:0 ; grep the first column of the first row matching 'call'
This internal grep function is a key feature for scripting radare, because it can be used to iterate over a list of offsets or data generated by disassembler, ranges, or any other command. Refer to the macros section (iterators) for more information.
Most of the commands offer autocompletion support using
<TAB> key, for example
flags commands. It offers autocompletion using the all possible values, taking flagnames in this case. Note, that it's possible to see the history of the commands
!~... command - it offers a visual mode to scroll through the radare2 command history.