Printing file headers

[XVilka]

Print the following workflow:

r2 -e io.va=false /bin/ls
[0x000068d0]> pfo elf64
[0x000068d0]> pf.elf_
pf.elf_ident    pf.elf_phdr     pf.elf_header   pf.elf_shdr     
[0x000068d0]> pf.elf_ident @ 0
   magic : 0x00000000 = "\x7fELF"
   class : 0x00000004 = class (enum elf_class) = 0x2 ; ELFCLASS64
    data : 0x00000005 = data (enum elf_data) = 0x1 ; ELFDATA2LSB
 version : 0x00000006 = version (enum elf_hdr_version) = 0x1 ; EV_CURRENT
[0x000068d0]> pf.elf_header @ 0
     ident : 
                struct<elf_ident>
           magic : 0x00000000 = "\x7fELF"
           class : 0x00000004 = class (enum elf_class) = 0x2 ; ELFCLASS64
            data : 0x00000005 = data (enum elf_data) = 0x1 ; ELFDATA2LSB
         version : 0x00000006 = version (enum elf_hdr_version) = 0x1 ; EV_CURRENT
      type : 0x00000010 = type (enum elf_type) = 0x3 ; ET_DYN
   machine : 0x00000012 = machine (enum elf_machine) = 0x3e ; EM_X86_64
   version : 0x00000014 = version (enum elf_obj_version) = 0x1 ; EV_CURRENT
     entry : 0x00000018 = (qword)0x00000000000068d0
     phoff : 0x00000020 = (qword)0x0000000000000040
     shoff : 0x00000028 = (qword)0x0000000000024778
     flags : 0x00000030 = 0x00000000
    ehsize : 0x00000034 = 64
 phentsize : 0x00000036 = 56
     phnum : 0x00000038 = 13
 shentsize : 0x0000003a = 64
     shnum : 0x0000003c = 31
  shstrndx : 0x0000003e = 30
[0x000068d0]> 

In this chapter:

• https://book.rada.re/basic_commands/print_modes.html
• https://github.com/radareorg/radare2book/blob/master/src/basic_commands/print_modes.md

[Maijin]

https://radareorg.github.io/blog/posts/parsing-a-fileformat-with-radare2/ You can also reuse a lot from here