3.7 Flags

The flags are bookmarks at a certain offset in the file that can be stored inside 'flag spaces'. A flag space is something like a namespace for flags. They are used to group flags with similar characteristics or of a certain type. Some example of flagspaces could be [i]sections, registers, symbols, search hits[/i], etc.

To create a flag just type:

> f flag_name @ offset

You can remove this flag adding '-' at the begginging of the command. Most commands accept '-' as argument-prefix as a way to delete.

> f -flag_name

To switch/create between flagspaces use the 'fs' command:

[0x4A13B8C0]> fs   ; list flag spaces
00   symbols
01   imports
02   sections
03   strings
04   regs
05   maps
> fs symbols
> f         ; list only flags in symbols flagspace
> fs *      ; select all flagspaces

You can create two flags with the same name with 'fn' or rename them with 'fr'.

Sometimes you'll like to add some flags adding a delta base address to each of them. To do this use the command 'ff' (flag from) which is used to specify this base address. Here's an example:

[0x00000000]> f patata
[0x00000000]> ? patata
0x0 ; 0d ; 0o ; 0000 0000  
[0x00000000]> ff 0x100
[0x00000000]> f patata
[0x00000000]> ? patata
0x100 ; 256d ; 400o ; 0000 0000  
[0x00000000]> ff
[0x00000000]> ff 0         ; reset flag from