# Debian/Ubuntu
sudo apt install rizin
# Fedora
sudo dnf install rizin
# macOS
brew install rizin
git clone https://github.com/rizinorg/rizin
cd rizin
meson build
ninja -C build
sudo ninja -C build install
Command |
Description |
Example |
aa |
Analyze all |
rizin -A binary |
aaa |
Analyze more aggressively |
[0x00000000]> aaa |
aaaa |
Analyze even more |
[0x00000000]> aaaa |
af |
Analyze function |
[0x00000000]> af |
afl |
List functions |
[0x00000000]> afl |
afi |
Function information |
[0x00000000]> afi |
Command |
Description |
Example |
s |
Seek to address |
s main |
sf |
Seek to function |
sf sym.main |
ss |
Seek to string |
ss /bin/sh |
sl |
Seek history |
sl |
u |
Undo seek |
u |
Command |
Description |
Example |
pd |
Print disassembly |
pd 20 |
pxr |
Print reference |
pxr 32 |
ps |
Print string |
ps @ str.hello |
pf |
Print formatted |
pf x |
px |
Print hexdump |
px 64 |
V : Enter visual mode
VV : Enter graph mode
p/P : Rotate print modes
hjkl : Navigation keys
: : Enter command
q : Quit visual mode
Command |
Description |
Example |
db |
Set breakpoint |
db main |
dc |
Continue execution |
dc |
ds |
Step into |
ds |
dso |
Step over |
dso |
dbt |
Backtrace |
dbt |
Command |
Description |
Example |
i |
File info |
i |
ie |
Entrypoints |
ie |
iE |
Exports |
iE |
ii |
Imports |
ii |
iS |
Sections |
iS |
# Save project
Ps project_name
# Load project
Po project_name
# Delete project
Pd project_name
# Run script
. script.rz
# Run command
rizin -qc 'px 32' binary
# Generate r2pipe script
rizin -qc '?' binary > script.py
# Generate function graph
agf
# Generate full program graph
ag
# Save graph
agf > graph.dot
# Basic analysis workflow
rizin binary
[0x00000000]> aaa
[0x00000000]> afl
[0x00000000]> s main
[0x00000000]> VV
# Debug workflow
rizin -d binary
[0x00000000]> db main
[0x00000000]> dc
[0x00000000]> ds
[0x00000000]> px @ rsp
# Find and analyze strings
iz # List strings
izz # Search for strings
axt @ # Cross references to string
# ~/.rizinrc
e asm.syntax = intel
e asm.bytes = false
e asm.comments = false
# Set rizin home directory
export RIZIN_HOME="/path/to/rizin"
# Set temporary directory
export RIZIN_TMP="/tmp"
- Always run initial analysis (
aaa
)
- Use projects for large binaries
- Save commands in scripts
- Use visual mode for navigation
- Utilize cross-references
- Keep configurations in rizinrc
- Use appropriate analysis depth
- Use
?
for help on any command
- Use tab completion
- Use
V!
for panel mode
- Use
#!pipe
for shell commands
- Use
@
for temporary seeks
- Use
@@
for iteration
- Use
~
for grep-like filtering
-A # Analysis at start
-d # Debug mode
-w # Open in write mode
-c cmd # Run command
-i file # Run script file
-q # Quiet mode
-z # Load strings
# Common errors and solutions
? ERROR: Cannot find function
Solution: Run analysis first (aa)
? ERROR: Cannot open file
Solution: Check permissions
? ERROR: Cannot allocate memory
Solution: Increase ulimit