1. Assembly Commands Cheat Sheet
2. At&t Assembly Cheat Sheet
3. X86 Cheat Sheet

Command line options

Retrieved from 'https://wiki.cheatengine.org/index.php?title=Assembler:CommandsList&oldid=5062'.

Configuration properties

They can be used in evaluations:? ${asm.tabs}

You will want to set your favourite options in ~/.radare2rc since every line there will be interpreted at the beginning of each session. Mine for reference:

There is an easier interface accessible from the Visual mode, just typing Ve

1. Summary: This page is a printf formatting cheat sheet. I originally created this cheat sheet for my own purposes, and then thought I would share it here. A great thing about the printf formatting syntax is that the format specifiers you can use are very similar — if not identical — between different languages, including C, C, Java, Perl, PHP, Ruby, Scala, and others.
2. The C Cheat Sheet An Introduction to Programming in C Revision 1.0 September 2000 Andrew Sterian Padnos School of Engineering. The program with an array of strings containing the command-line parameters. In C, an array does not know its own length so an extra parameter ( argc ) is present to indicate the number of entries.
3. GDB Cheat Sheet Basics $ gcc ­g. Create an executable that can be debugged using GDB $ gdb progName start debugging progName $ gdb ­­args progName args start debugging progName, using command-line arguments args (gdb) q quit GDB (gdb) help command display information about command, incl. Its syntax (gbd) run start running program.
4. Almost all Cisco devices use Cisco IOS to operate and Cisco CLI to be managed. The basic CLI commands for all of them are the same, which simplifies Cisco device management. Here is a Cisco commands cheat sheet that describes the basic commands.

Basic Commands

Command syntax: [.][times][cmd][~grep][@[@iter]addr!size][|>pipe]; Command chaining: x 3;s+3;pi 3;s+3;pxo 4;| Pipe with shell commands: pd | less! Run shell commands: !cat /etc/passwd!! Escapes to shell, run command and pass output to radare buffer Note: The double exclamation mark tells radare to skip the plugin list to find an IO plugin handling this command to launch it directly to the shell. A single one will walk through the io plugin list.` Radare commands: wx `!ragg2 -i exec`~ grep~! grep -v~[n] grep by columns afl~[0]~:n grep by rows afl~:0

• .cmd Interprets command output

• .. repeats last commands (same as enter n)
• ( Used to define and run macros
• $ Used to define alias
• $$: Resolves to current address
• Offsets (@) are absolute, we can use $$ for relative ones @ $$+4
• ? Evaluate expression

• ?$? Help for variables used in expressions
• $$: Here
• $s: File size
• $b: Block size
• $l: Opcode length
• $j: When $$ is at a jmp, $j is the address where we are going to jump to
• $f: Same for jmp fail address
• $m: Opcode memory reference (e.g. mov eax,[0x10] => 0x10)
• ??? Help for ? command
• ?i Takes input from stdin. Eg ?i username
• ?? Result from previous operations
• ?s from to [step]: Generates sequence from to every
• ?p: Get physical address for given virtual address
• ?P: Get virtual address for given physical one
• ?v Show hex value of math expr

• ?l str: Returns the length of string
• @@: Used for iterations

Positioning

Block size

The block size is the default view size for radare. All commands will work with this constraint, but you can always temporally change the block size just giving a numeric argument to the print commands for example (px 20)

JSON Output

Most of commands such as (i)nfo and (p)rint commands accept a j to print their output in json

Analyze

Function analysis (normal mode)

Function analysis (visual mode)

Opcode analysis:

Information

Mitigations:

Get function address in GOT table:pd 1 @ sym.imp<funct>Returns a jmp [addr] where addr is the address of function in the GOT. Similar to objdump -R | grep <func>

Write

Flags

Flags are labels for offsets. They can be grouped in namespaces as sym for symbols ...

yank & paste

Visual Mode:

V enters visual mode

ROP

Search depth can be configure with following properties:

Assembly Commands Cheat Sheet

Searching

Example: Searching function preludes:

Its possible to run a command for each hit. Use the cmd.hit property:

Magic files

Search for magic numbers

Search can be controlled with following properties:

Yara

Yara can also be used for detecting file signatures to determine compiler types, shellcodes, protections and more.

Zignatures

Zignatures are useful when dealing with stripped binaries. We can take a non-stripped binary, run zignatures on it and apply it to a different binary that was compiled statically with the same libraries.

Zignatures are applied as comments:

Compare files

Graphs

Basic block graphs

Call graphs

Convert .dot in .png

At&t Assembly Cheat Sheet

Generate graph for file:

Debugger

Start r2 in debugger mode. r2 will fork and attach

To pass arguments:

To pass stdin:

Commands

To follow child processes in forks (set-follow-fork-mode in gdb)

PEDA like details: drr;pd 10@-10;pxr 40@esp

Debug in visual mode

WebGUI (Enyo)

All suite commands include a -r flag to generate instructions for r2

rax2 - Base conversion

rahash2 - Entropy, hashes and checksums

radiff2 - File diffing

Examples:

rasm2 - Assembly/Disassembly

rafind2 - Search

ragg2 - Shellcode generator, C/opcode compiler

Example:

rabin2 - Executable analysis: symbols, imports, strings ...

rarun2 - Launcher to run programs with different environments, args, stdin, permissions, fds

Examples:

I reproduce some of the plots from Rstudio’s ggplot2 cheat sheet using Base R graphics. I didn’t try to pretty up these plots, but you should.

I use this dataset

X86 Cheat Sheet

The main functions that I generally use for plotting are

• Plotting Functions
  • plot: Makes scatterplots, line plots, among other plots.
  • lines: Adds lines to an already-made plot.
  • par: Change plotting options.
  • hist: Makes a histogram.
  • boxplot: Makes a boxplot.
  • text: Adds text to an already-made plot.
  • legend: Adds a legend to an already-made plot.
  • mosaicplot: Makes a mosaic plot.
  • barplot: Makes a bar plot.
  • jitter: Adds a small value to data (so points don’t overlap on a plot).
  • rug: Adds a rugplot to an already-made plot.
  • polygon: Adds a shape to an already-made plot.
  • points: Adds a scatterplot to an already-made plot.
  • mtext: Adds text on the edges of an already-made plot.
• Sometimes needed to transform data (or make new data) to make appropriate plots:
  • table: Builds frequency and two-way tables.
  • density: Calculates the density.
  • loess: Calculates a smooth line.
  • predict: Predicts new values based on a model.

All of the plotting functions have arguments that control the way the plot looks. You should read about these arguments. In particular, read carefully the help page ?plot.default. Useful ones are:

• main: This controls the title.
• xlab, ylab: These control the x and y axis labels.
• col: This will control the color of the lines/points/areas.
• cex: This will control the size of points.
• pch: The type of point (circle, dot, triangle, etc…)
• lwd: Line width.
• lty: Line type (solid, dashed, dotted, etc…).

Discrete

Barplot

Different type of bar plot

Continuous X, Continuous Y

Scatterplot

Jitter points to account for overlaying points.

Add a rug plot

Add a Loess Smoother

Loess smoother with upper and lower 95% confidence bands

Loess smoother with upper and lower 95% confidence bands and that fancy shading from ggplot2.

Add text to a plot

Discrete X, Discrete Y

Mosaic Plot

Color code a scatterplot by a categorical variable and add a legend.

par sets the graphics options, where mfrow is the parameter controling the facets.

The first line sets the new options and saves the old options in the list old_options. The last line reinstates the old options.

This R Markdown site was created with workflowr