16.4 Data analysis

There are some basic data analysis functions implemented in radare. The most basic one is just a memory parser that tries to identify pointers to flags, strings, linked lists, handled endianness with 'cfg.bigendian' and displays integer values of contained dwords and strings. Here's a simple example from a basic debugger session to analyze the stack to get information about pointers.

[0xB7EEC810]> ad @ esp
0xBFBEAA80, int be=0x01000000 le=0x00000001 , (le= 1 ) 
0xBFBEAA84, int be=0xe4b7bebf le=0xbfbeb7e4 
   0xBFBEB7E4, string "/bin/ls"
   0xBFBEB7EC, string "GPG_AGENT_INFO=/tmp/gpg-mJ80Cm/S.gpg-agent:7090:1"
   0xBFBEB81E  string "TERM=xterm"
   0xBFBEB829  string "SHELL=/bin/bash"
   0xBFBEAA88, (NULL)