Disassembling functions with Radare2

Analyze binary file and its symbols
Method 1

radare2 -A c:\Windows\SysWOW64\ntdll.dll

Method 2

radare2 c:\Windows\SysWOW64\ntdll.dll

Inside radare2 terminal, type:


and hit enter.

Disassembling a function
Inside radare2 terminal, type:

pdf @ sym.ntdll.dll_RtlCreateRegistryKey

You can use tab completion here. Try this instead:

pdf @ sym.ntdll.dll_RtlCreateR

and hit Tab.

%d bloggers like this: