dnrops
/
radare2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Honor -o in rabin2 for dump section operation 

* Autodetect and honor CC environment in ragg2 command
* Update ragg2 manpage
* Fix udis86 at&t '$' usage.. thanks @hteso for reporting!
This commit is contained in:
pancake 2011-11-30 20:59:58 +01:00
parent 15abe21104
commit 1cc5b8e077
6 changed files with 70 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
binr/rabin2/rabin2.c
View File

@ -38,7 +38,7 @@ static int rw = R_FALSE;
static int va = R_FALSE;
static ut64 gbaddr = 0LL;
static char* file = NULL;
static char* output = "out";
static char* output = NULL;
static char* create = NULL;
static ut64 at = 0LL;
static char *name = NULL;
@ -172,8 +172,12 @@ static int rabin_dump_sections(char *scnname) {
!(ret = malloc (section->size*2+1)))
return R_FALSE;
r_buf_read_at (bin->curarch.buf, section->offset, buf, section->size);
r_hex_bin2str (buf, section->size, ret);
printf ("%s\n", ret);
if (output) {
r_file_dump (output, buf, section->size);
} else {
r_hex_bin2str (buf, section->size, ret);
printf ("%s\n", ret);
}
free (buf);
free (ret);
break;
@ -202,7 +206,7 @@ static int rabin_do_operation(const char *op) {
ptr = ptr + 1;
if ((ptr2 = strchr (ptr, '/'))) {
ptr2[0] = '\0';
ptr2 = ptr2 + 1;
ptr2++;
}
}
@ -213,7 +217,7 @@ static int rabin_do_operation(const char *op) {
switch (*ptr) {
case 's':
if (ptr2) {
if (!rabin_dump_symbols (r_num_math(NULL, ptr2)))
if (!rabin_dump_symbols (r_num_math (NULL, ptr2)))
return R_FALSE;
} else if (!rabin_dump_symbols (0))
return R_FALSE;
@ -230,6 +234,7 @@ static int rabin_do_operation(const char *op) {
break;
case 'r':
r_bin_wr_scn_resize (bin, ptr, r_num_math (NULL, ptr2));
if (!output) output = "out";
r_bin_wr_output (bin, output);
break;
default:

6
binr/ragg2/ragg2-cc
View File

@ -7,7 +7,7 @@
# add support for nested shellcodes
if [ -z "${CC}" ]; then
for a in clang llvm-gcc gcc ; do
for a in llvm-gcc clang gcc ; do
$a --version >/dev/null 2>&1
if [ $? = 0 ]; then
CC="$a"
@ -208,9 +208,9 @@ ${CC} ${LDFLAGS} ${OPT} -o $F.o $F.s || fail
if [ "$D" ]; then
echo "==> Link"
#echo "${OBJCOPY} -j .text -O binary $F.o $.text"
echo "rabin2 -O d/S/${TEXT} $F.o | rax2 -s > $F.text"
echo "rabin2 -o '$F.text' -O d/S/${TEXT} $F.o"
fi
rabin2 -O d/S/${TEXT} $F.o | rax2 -s > $F.text
rabin2 -o "$F.text" -O d/S/${TEXT} $F.o
if [ "`du $F.text|awk '{print $1}'`" = 0 ]; then
# use objcopy as falback for rabin2
${OBJCOPY} -j .text -O binary $F.o $F.text || fail

2
binr/ragg2/ragg2.c
View File

@ -12,7 +12,7 @@ static int usage () {
" -F output native format (osx=mach0, linux=elf, ..)\n"
" -o [file] output file\n"
" -O use default output file (filename without extension or a.out)\n"
" -I add include path\n"
" -I [path] add include path\n"
" -L list all plugins (shellcodes and encoders)\n"
" -i [shellcode] include shellcode plugin, uses options. see -L\n"
" -e [encoder] use specific encoder. see -L\n"

25
libr/asm/arch/x86/udis86/syn-att.c
View File

@ -61,15 +61,15 @@ gen_operand(struct ud* u, struct ud_operand* op)
mkasm(u, "%%%s:", ud_reg_tab[u->pfx_seg - UD_R_AL]);
if (op->offset == 8) {
if (op->lval.sbyte < 0)
mkasm(u, "$-0x%x", (-op->lval.sbyte) & 0xff);
else mkasm(u, "$0x%x", op->lval.sbyte);
mkasm(u, "-0x%x", (-op->lval.sbyte) & 0xff);
else mkasm(u, "0x%x", op->lval.sbyte);
}
else if (op->offset == 16)
mkasm(u, "$0x%x", op->lval.uword);
mkasm(u, "0x%x", op->lval.uword);
else if (op->offset == 32)
mkasm(u, "$0x%lx", op->lval.udword);
mkasm(u, "0x%lx", op->lval.udword);
else if (op->offset == 64)
mkasm(u, "$0x" FMT64 "x", op->lval.uqword);
mkasm(u, "0x" FMT64 "x", op->lval.uqword);
if (op->base)
mkasm(u, "(%%%s", ud_reg_tab[op->base - UD_R_AL]);
@ -102,26 +102,25 @@ gen_operand(struct ud* u, struct ud_operand* op)
/* push sign-extends to operand size */
sext_size = u->opr_mode;
}
if ( sext_size < 64 )
sext_mask = ( 1ull << sext_size ) - 1;
mkasm( u, "$0x" FMT64 "x", imm & sext_mask );
break;
if (sext_size < 64)
sext_mask = (1ull << sext_size) - 1;
mkasm (u, "$0x" FMT64 "x", imm & sext_mask); // ok
break;
}
/* Fix bug with 32 bits operand + 64 bits pc */
case UD_OP_JIMM:
switch (op->size) {
case 8:
mkasm(u, "$0x" FMT64 "x", u->pc + op->lval.sbyte);
mkasm(u, "0x" FMT64 "x", u->pc + op->lval.sbyte);
break;
case 16:
//mkasm(u, "0x" FMT64 "x", ( u->pc + op->lval.sword ) & 0xffff );
mkasm(u, "$0x" FMT64 "x", ( u->pc + op->lval.sword ));
mkasm(u, "0x" FMT64 "x", ( u->pc + op->lval.sword ));
break;
case 32:
//mkasm(u, "0x" FMT64 "x", ( u->pc + op->lval.sdword ) & 0xfffffffful );
mkasm(u, "$0x" FMT64 "x", ( u->pc + op->lval.sdword ));
mkasm(u, "0x" FMT64 "x", ( u->pc + op->lval.sdword ));
break;
default:break;
}

1
libr/include/r_search.h
View File

@ -99,6 +99,7 @@ R_API int r_search_xrefs_update(void *s, ut64 from, const ut8 *buf, int len);
R_API int r_search_hit_new(RSearch *s, RSearchKeyword *kw, ut64 addr);
R_API void r_search_set_distance(RSearch *s, int dist);
R_API int r_search_strings(RSearch *s, ut32 min, ut32 max);
R_API int r_search_set_string_limits(RSearch *s, ut32 min, ut32 max); // WTF dupped?
//R_API int r_search_set_callback(RSearch *s, int (*callback)(struct r_search_kw_t *, void *, ut64), void *user);
R_API void r_search_set_callback(RSearch *s, RSearchCallback(callback), void *user);
R_API int r_search_begin(RSearch *s);

47
man/ragg2.1
View File

@ -11,13 +11,27 @@
.Op Fl k Ar kernel
.Op Fl f Ar format
.Op Fl o Ar file
.Op Fl FOIsxXh
.Op Fl i Ar shellcode
.Op Fl I Ar path
.Op Fl e Ar encoder
.Op Fl B Ar hexpairs
.Op Fl c Ar k=v
.Op Fl C Ar file
.Op Fl d Ar off:dword
.Op Fl D Ar off:qword
.Op Fl w Ar off:hexpair
.Op Fl p Ar padding
.Op Fl FOLsrxvh
.Sh DESCRIPTION
ragg2 is a frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm.
.Pp
This tool is experimental and it is a rewrite of the old rarc2 and rarc2-tool programs as a library and integrated with r_asm and r_bin.
.Pp
Programs generated by r_egg are relocatable and can be injected in a running process or on-disk binary file.
.Pp
ragg2-cc is another tool that comes with r2 and it is used to generate shellcodes from C code. The final code can be linked with rabin2 and it is relocatable, so it can be used to inject it on any remote process.
.Pp
ragg2-cc is conceptually based on shellforge4, but only linux/osx x86-32/64 platforms are supported.
.Sh DIRECTIVES
.Pp
The rr2 (ragg2) configuration file accepts the following directives, described as key=value entries and comments defined as lines starting with '#'.
@ -32,17 +46,33 @@ windows, linux or osx
select binary format (pe, elf, mach0)
.It Fl o Ar file
output file to write result of compilation
.It Fl i Ar shellcode
specify shellcode name to be used (see -L)
.It Fl e Ar encoder
specify encoder name to be used (see -L)
.It Fl B Ar hexpair
specify shellcode as hexpairs
.It Fl c Ar k=v
set configure option for the shellcode encoder. The argument must be key=value.
.It Fl C Ar file
include contents of file
.It Fl d Ar off:dword
Patch final buffer with given dword at specified offset
.It Fl D Ar off:qword
Patch final buffer with given qword at specified offset
.It Fl w Ar off:hexpairs
Patch final buffer with given hexpairs at specified offset
.It Fl p Ar padding
Specify generic paddings with a format string.
.It Fl F
autodetect native file format (osx=mach0, linux=elf, ..)
.It Fl O
use default output file (filename without extension or a.out)
.It Fl I
.It Fl I Ar path
add include path
.It Fl s
show assembler code
.It Fl x
show hexpairs (default)
.It Fl X
execute (just-in-time)
.El
.Sh EXAMPLE
@ -61,6 +91,15 @@ execute (just-in-time)
$ ./hi
hi!
.Pp
.Pp
$ cat hi.c
main() {
write(1, "Hello\n", 6);
exit(0);
}
$ ragg2 hi.c
$ ./hi.c.bin
Hello
.Sh SEE ALSO
.Pp
.Xr radare2(1) ,