10. Debugger - 10.2. Migration from ida, GDB or WinDBG - 《The Official Radare2 Book》

- Equivalent of “set-follow-fork-mode” gdb command

r2 -d <pid> - attach to process

r2 ptrace://pid - same as above, but only for io (not debugger backend hooked)

[0x7fff6ad90028]> o-225 - close fd=225 (listed in o~[1]:0)

Use rarun2 (libpath=$PWD:/tmp/lib, arg2=hello, setenv=FOO=BAR …) see rarun2 -h / man rarun2

r2 -i <scriptfile> ... - run a script after loading the file => [video]

r2 -I <scriptfile> ... - run a script before loading the file

[0x80480423]> . scriptfile - interpret this file => []

[0x80480423]> #!c - enter C repl (see #! to list all available RLang plugins) => [video], everything have to be done in a oneliner or a .c file must be passed as an argument.

To get #!python and much more, just build

This can be done using 2 commands:

dcf - until a fork happen

r2 accepts FLIRT signatures
r2 can connect to GDB, LLVM and WinDbg
r2 can write/patch in place
r2 have fortunes and [s]easter eggs[/s]balls of steel