Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add useful search commands and explanations to intro page #94

Merged
merged 1 commit into from
Nov 14, 2022
Merged

Add useful search commands and explanations to intro page #94

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 47 additions & 1 deletion src/first_steps/intro.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,55 @@
## Basic Rizin Usage

The learning curve is usually somewhat steep at the beginning. Although after an hour of using it you should easily understand how most things work, and how to combine the various tools rizin offers. You are encouraged to read the rest of this book to understand how some non-trivial things work, and to ultimately improve your skills.
The learning curve is usually somewhat steep at the beginning. Although after an hour of using it you should easily understand how most things work, and how to combine the various tools rizin offers.

To get a first overview over the basic commands just run Rizin and type `?`:

```bash
> ?
| ![!] # Run given commands as in system(3) or shows command history
...
| a[?] # Analysis commands
...
| p[cdghtm?] # Print commands
...

```

**Note**: you can prepend a `?` after any command to see it's help.

Also keep in mind that you can search _all_ commands, settings and their descriptions.

```bash
# The "~" in these commands is Rizin's internal grep.
# and "?* <cmd>" lists all possible combinations of a command.

# Search all commands containing `<keyword>` (`<cmd>` is optional).
> ?* <cmd>~<keyword>

# Search all commands for the keyword "Summarize".
?*~Summarize
| pds [<n_bytes>] # Summarize N bytes
...

# Seach all analysis commands for the keyword "strings".
> ?* a~strings
| aalg # Recovers and analyze all Golang functions and strings
...

# List all Rizin settings and grep for "<keyword>":
el*~<keyword>

# Search for a setting which affects the endianess:
> el*~endian
e cfg.bigendian=false
```

You are encouraged to read the rest of this book to understand how some non-trivial things work, and to ultimately improve your skills.

![learning_curve](learning_curve.png)

### Navigate and print

Navigation, inspection and modification of a loaded binary file is performed using three simple actions: seek (to position), print (buffer), and alternate (write, append).

The 'seek' command is abbreviated as `s` and accepts an expression as its argument. The expression can be something like `10`, `+0x25`, or `[0x100+ptr_table]`. If you are working with block-based files, you may prefer to set the block size to a required value with `b` command, and seek forward or backwards with positions aligned to it. Use `s++` and `s--` commands to navigate this way.
Expand Down