diff --git a/binr/rabin2/rabin2.c b/binr/rabin2/rabin2.c index 186ccb6b4f..67fbad791a 100644 --- a/binr/rabin2/rabin2.c +++ b/binr/rabin2/rabin2.c @@ -38,7 +38,7 @@ static int rw = R_FALSE; static int va = R_FALSE; static ut64 gbaddr = 0LL; static char* file = NULL; -static char* output = "out"; +static char* output = NULL; static char* create = NULL; static ut64 at = 0LL; static char *name = NULL; @@ -172,8 +172,12 @@ static int rabin_dump_sections(char *scnname) { !(ret = malloc (section->size*2+1))) return R_FALSE; r_buf_read_at (bin->curarch.buf, section->offset, buf, section->size); - r_hex_bin2str (buf, section->size, ret); - printf ("%s\n", ret); + if (output) { + r_file_dump (output, buf, section->size); + } else { + r_hex_bin2str (buf, section->size, ret); + printf ("%s\n", ret); + } free (buf); free (ret); break; @@ -202,7 +206,7 @@ static int rabin_do_operation(const char *op) { ptr = ptr + 1; if ((ptr2 = strchr (ptr, '/'))) { ptr2[0] = '\0'; - ptr2 = ptr2 + 1; + ptr2++; } } @@ -213,7 +217,7 @@ static int rabin_do_operation(const char *op) { switch (*ptr) { case 's': if (ptr2) { - if (!rabin_dump_symbols (r_num_math(NULL, ptr2))) + if (!rabin_dump_symbols (r_num_math (NULL, ptr2))) return R_FALSE; } else if (!rabin_dump_symbols (0)) return R_FALSE; @@ -230,6 +234,7 @@ static int rabin_do_operation(const char *op) { break; case 'r': r_bin_wr_scn_resize (bin, ptr, r_num_math (NULL, ptr2)); + if (!output) output = "out"; r_bin_wr_output (bin, output); break; default: diff --git a/binr/ragg2/ragg2-cc b/binr/ragg2/ragg2-cc index 0306bc22b7..d943bab77d 100755 --- a/binr/ragg2/ragg2-cc +++ b/binr/ragg2/ragg2-cc @@ -7,7 +7,7 @@ # add support for nested shellcodes if [ -z "${CC}" ]; then - for a in clang llvm-gcc gcc ; do + for a in llvm-gcc clang gcc ; do $a --version >/dev/null 2>&1 if [ $? = 0 ]; then CC="$a" @@ -208,9 +208,9 @@ ${CC} ${LDFLAGS} ${OPT} -o $F.o $F.s || fail if [ "$D" ]; then echo "==> Link" #echo "${OBJCOPY} -j .text -O binary $F.o $.text" - echo "rabin2 -O d/S/${TEXT} $F.o | rax2 -s > $F.text" + echo "rabin2 -o '$F.text' -O d/S/${TEXT} $F.o" fi -rabin2 -O d/S/${TEXT} $F.o | rax2 -s > $F.text +rabin2 -o "$F.text" -O d/S/${TEXT} $F.o if [ "`du $F.text|awk '{print $1}'`" = 0 ]; then # use objcopy as falback for rabin2 ${OBJCOPY} -j .text -O binary $F.o $F.text || fail diff --git a/binr/ragg2/ragg2.c b/binr/ragg2/ragg2.c index d14760991f..ed9b473cd8 100644 --- a/binr/ragg2/ragg2.c +++ b/binr/ragg2/ragg2.c @@ -12,7 +12,7 @@ static int usage () { " -F output native format (osx=mach0, linux=elf, ..)\n" " -o [file] output file\n" " -O use default output file (filename without extension or a.out)\n" - " -I add include path\n" + " -I [path] add include path\n" " -L list all plugins (shellcodes and encoders)\n" " -i [shellcode] include shellcode plugin, uses options. see -L\n" " -e [encoder] use specific encoder. see -L\n" diff --git a/libr/asm/arch/x86/udis86/syn-att.c b/libr/asm/arch/x86/udis86/syn-att.c index 20c72681f7..07c5a01684 100644 --- a/libr/asm/arch/x86/udis86/syn-att.c +++ b/libr/asm/arch/x86/udis86/syn-att.c @@ -61,15 +61,15 @@ gen_operand(struct ud* u, struct ud_operand* op) mkasm(u, "%%%s:", ud_reg_tab[u->pfx_seg - UD_R_AL]); if (op->offset == 8) { if (op->lval.sbyte < 0) - mkasm(u, "$-0x%x", (-op->lval.sbyte) & 0xff); - else mkasm(u, "$0x%x", op->lval.sbyte); + mkasm(u, "-0x%x", (-op->lval.sbyte) & 0xff); + else mkasm(u, "0x%x", op->lval.sbyte); } else if (op->offset == 16) - mkasm(u, "$0x%x", op->lval.uword); + mkasm(u, "0x%x", op->lval.uword); else if (op->offset == 32) - mkasm(u, "$0x%lx", op->lval.udword); + mkasm(u, "0x%lx", op->lval.udword); else if (op->offset == 64) - mkasm(u, "$0x" FMT64 "x", op->lval.uqword); + mkasm(u, "0x" FMT64 "x", op->lval.uqword); if (op->base) mkasm(u, "(%%%s", ud_reg_tab[op->base - UD_R_AL]); @@ -102,26 +102,25 @@ gen_operand(struct ud* u, struct ud_operand* op) /* push sign-extends to operand size */ sext_size = u->opr_mode; } - if ( sext_size < 64 ) - sext_mask = ( 1ull << sext_size ) - 1; - mkasm( u, "$0x" FMT64 "x", imm & sext_mask ); - - break; + if (sext_size < 64) + sext_mask = (1ull << sext_size) - 1; + mkasm (u, "$0x" FMT64 "x", imm & sext_mask); // ok + break; } /* Fix bug with 32 bits operand + 64 bits pc */ case UD_OP_JIMM: switch (op->size) { case 8: - mkasm(u, "$0x" FMT64 "x", u->pc + op->lval.sbyte); + mkasm(u, "0x" FMT64 "x", u->pc + op->lval.sbyte); break; case 16: //mkasm(u, "0x" FMT64 "x", ( u->pc + op->lval.sword ) & 0xffff ); - mkasm(u, "$0x" FMT64 "x", ( u->pc + op->lval.sword )); + mkasm(u, "0x" FMT64 "x", ( u->pc + op->lval.sword )); break; case 32: //mkasm(u, "0x" FMT64 "x", ( u->pc + op->lval.sdword ) & 0xfffffffful ); - mkasm(u, "$0x" FMT64 "x", ( u->pc + op->lval.sdword )); + mkasm(u, "0x" FMT64 "x", ( u->pc + op->lval.sdword )); break; default:break; } diff --git a/libr/include/r_search.h b/libr/include/r_search.h index 1234430def..e4fdfd974b 100644 --- a/libr/include/r_search.h +++ b/libr/include/r_search.h @@ -99,6 +99,7 @@ R_API int r_search_xrefs_update(void *s, ut64 from, const ut8 *buf, int len); R_API int r_search_hit_new(RSearch *s, RSearchKeyword *kw, ut64 addr); R_API void r_search_set_distance(RSearch *s, int dist); R_API int r_search_strings(RSearch *s, ut32 min, ut32 max); +R_API int r_search_set_string_limits(RSearch *s, ut32 min, ut32 max); // WTF dupped? //R_API int r_search_set_callback(RSearch *s, int (*callback)(struct r_search_kw_t *, void *, ut64), void *user); R_API void r_search_set_callback(RSearch *s, RSearchCallback(callback), void *user); R_API int r_search_begin(RSearch *s); diff --git a/man/ragg2.1 b/man/ragg2.1 index 030a4266c5..3ebdbae91b 100644 --- a/man/ragg2.1 +++ b/man/ragg2.1 @@ -11,13 +11,27 @@ .Op Fl k Ar kernel .Op Fl f Ar format .Op Fl o Ar file -.Op Fl FOIsxXh +.Op Fl i Ar shellcode +.Op Fl I Ar path +.Op Fl e Ar encoder +.Op Fl B Ar hexpairs +.Op Fl c Ar k=v +.Op Fl C Ar file +.Op Fl d Ar off:dword +.Op Fl D Ar off:qword +.Op Fl w Ar off:hexpair +.Op Fl p Ar padding +.Op Fl FOLsrxvh .Sh DESCRIPTION ragg2 is a frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm. .Pp This tool is experimental and it is a rewrite of the old rarc2 and rarc2-tool programs as a library and integrated with r_asm and r_bin. .Pp Programs generated by r_egg are relocatable and can be injected in a running process or on-disk binary file. +.Pp +ragg2-cc is another tool that comes with r2 and it is used to generate shellcodes from C code. The final code can be linked with rabin2 and it is relocatable, so it can be used to inject it on any remote process. +.Pp +ragg2-cc is conceptually based on shellforge4, but only linux/osx x86-32/64 platforms are supported. .Sh DIRECTIVES .Pp The rr2 (ragg2) configuration file accepts the following directives, described as key=value entries and comments defined as lines starting with '#'. @@ -32,17 +46,33 @@ windows, linux or osx select binary format (pe, elf, mach0) .It Fl o Ar file output file to write result of compilation +.It Fl i Ar shellcode +specify shellcode name to be used (see -L) +.It Fl e Ar encoder +specify encoder name to be used (see -L) +.It Fl B Ar hexpair +specify shellcode as hexpairs +.It Fl c Ar k=v +set configure option for the shellcode encoder. The argument must be key=value. +.It Fl C Ar file +include contents of file +.It Fl d Ar off:dword +Patch final buffer with given dword at specified offset +.It Fl D Ar off:qword +Patch final buffer with given qword at specified offset +.It Fl w Ar off:hexpairs +Patch final buffer with given hexpairs at specified offset +.It Fl p Ar padding +Specify generic paddings with a format string. .It Fl F autodetect native file format (osx=mach0, linux=elf, ..) .It Fl O use default output file (filename without extension or a.out) -.It Fl I +.It Fl I Ar path add include path .It Fl s show assembler code .It Fl x -show hexpairs (default) -.It Fl X execute (just-in-time) .El .Sh EXAMPLE @@ -61,6 +91,15 @@ execute (just-in-time) $ ./hi hi! .Pp +.Pp + $ cat hi.c + main() { + write(1, "Hello\n", 6); + exit(0); + } + $ ragg2 hi.c + $ ./hi.c.bin + Hello .Sh SEE ALSO .Pp .Xr radare2(1) ,