Add rabin2 -k to query sdb info, sdbize MZ debug printfs

This commit is contained in:
pancake 2014-05-19 01:42:36 +02:00
parent 7ec7aa921f
commit 644acb8590
5 changed files with 38 additions and 18 deletions

View File

@ -42,7 +42,7 @@ static RLib *l;
static int rabin_show_help(int v) {
printf ("Usage: rabin2 [-ACdehHiIjlLMqrRsSvVxzZ] [-@ addr] [-a arch] [-b bits]\n"
" [-B addr] [-c F:C:D] [-f str] [-m addr] [-n str] [-N len]\n"
" [-o str] [-O str] file\n");
" [-o str] [-O str] [-k query] file\n");
if (v) printf (
" -@ [addr] show section, symbol or import at addr\n"
" -A list archs\n"
@ -54,6 +54,7 @@ static int rabin_show_help(int v) {
" -d show debug/dwarf information\n"
" -e entrypoint\n"
" -f [str] select sub-bin named str\n"
" -k [query] perform sdb query on loaded file\n"
" -g same as -SMRevsiz (show all info)\n"
" -h this help\n"
" -H header fields\n"
@ -329,6 +330,7 @@ static int __lib_bin_xtr_dt(struct r_lib_plugin_t *pl, void *p, void *u) {
}
int main(int argc, char **argv) {
const char *query = NULL;
int c, bits = 0, actions_done = 0, actions = 0, action = ACTION_UNK;
char *homeplugindir = r_str_home (R2_HOMEDIR"/plugins");
char *ptr, *arch = NULL, *arch_name = NULL;
@ -354,7 +356,7 @@ int main(int argc, char **argv) {
#define is_active(x) (action&x)
#define set_action(x) actions++; action |=x
while ((c = getopt (argc, argv, "jgqAf:a:B:b:c:CdMm:n:N:@:isSIHelRwO:o:rvLhxzZ")) != -1) {
while ((c = getopt (argc, argv, "jgqAf:a:B:b:c:Ck:dMm:n:N:@:isSIHelRwO:o:rvLhxzZ")) != -1) {
switch (c) {
case 'g':
set_action (ACTION_CLASSES);
@ -384,6 +386,7 @@ int main(int argc, char **argv) {
set_action (ACTION_CREATE);
create = strdup (optarg);
break;
case 'k': query = optarg; break;
case 'C': set_action (ACTION_CLASSES); break;
case 'f': if (optarg) arch_name = strdup (optarg); break;
case 'b': bits = r_num_math (NULL, optarg); break;
@ -443,6 +446,7 @@ int main(int argc, char **argv) {
}
file = argv[optind];
if (!query)
if (action & ACTION_HELP || action == ACTION_UNK || file == NULL) {
if (va) return blob_version ("rabin2");
return rabin_show_help (0);
@ -499,7 +503,7 @@ int main(int argc, char **argv) {
r_bin_free (bin);
return 0;
}
cf = r_core_file_open(&core, file, R_IO_READ, 0);
cf = r_core_file_open (&core, file, R_IO_READ, 0);
fd = cf ? r_core_file_cur_fd (&core) : -1;
if (!cf || fd == -1) {
eprintf ("r_core: Cannot open '%s'\n", file);
@ -512,6 +516,11 @@ int main(int argc, char **argv) {
}
}
if (query) {
sdb_query (bin->cur->sdb, query);
return 0;
}
// XXX: TODO move this to libr/core/bin.c
if (action & ACTION_LISTARCHS || ((arch || bits || arch_name) &&
!r_bin_select (bin, arch, bits, arch_name))) {

View File

@ -321,26 +321,35 @@ static int PE_(r_bin_pe_init_imports)(struct PE_(r_bin_pe_obj_t) *bin) {
PE_DWord delay_import_dir_offset = PE_(r_bin_pe_rva_to_offset)(bin, data_dir_delay_import->VirtualAddress);
int import_dir_size = data_dir_import->Size;
int delay_import_dir_size = data_dir_delay_import->Size;
/// HACK to modify import size because of begin 0.. this may report wrong info con corkami tests
if (import_dir_size == 0) {
// asume 1 entry for each
import_dir_size = data_dir_import->Size = 0xffff;
}
if (delay_import_dir_size == 0) {
// asume 1 entry for each
delay_import_dir_size = data_dir_delay_import->Size = 0xffff;
}
if (import_dir_offset == 0 && delay_import_dir_offset == 0)
return R_FALSE;
if (import_dir_offset != 0) {
if (import_dir_size<1 || import_dir_size>0xffff) {
eprintf ("Warning: Invalid import directory size: 0x%x\n", import_dir_size);
import_dir_size = 0xffff;
import_dir_size = 0xFFFF;
}
if (!(bin->import_directory = malloc(import_dir_size))) {
if (!(bin->import_directory = malloc (import_dir_size))) {
perror("malloc (import directory)");
return R_FALSE;
}
if (r_buf_read_at (bin->b, import_dir_offset, (ut8*)bin->import_directory, import_dir_size) == -1) {
eprintf("Error: read (import directory)\n");
eprintf ("Error: read (import directory)\n");
return R_FALSE;
}
}
if (delay_import_dir_offset != 0) {
if (!(bin->delay_import_directory = malloc(delay_import_dir_size))) {
perror("malloc (delay import directory)");
if (!(bin->delay_import_directory = malloc (delay_import_dir_size))) {
perror ("malloc (delay import directory)");
return R_FALSE;
}
if (r_buf_read_at (bin->b, delay_import_dir_offset,

View File

@ -137,14 +137,14 @@ static RBinInfo* info(RBinFile *arch) {
struct EXE *exe = (struct EXE*) arch->buf->buf;
RBinInfo *ret = NULL;
// TODO: remove those strings
eprintf ("SS : %x\n", exe->ss);
eprintf ("SP : %x\n", exe->sp);
eprintf ("IP : %x\n", exe->ip);
eprintf ("CS : %x\n", exe->cs);
eprintf ("NRELOCS: %x\n", exe->num_relocs);
eprintf ("RELOC : %x\n", exe->reloc_table_offset);
eprintf ("CHKSUM : %x\n", exe->checksum);
sdb_num_set (arch->sdb, "ss", exe->ss, 0);
sdb_num_set (arch->sdb, "sp", exe->sp, 0);
sdb_num_set (arch->sdb, "ip", exe->ip, 0);
sdb_num_set (arch->sdb, "cs", exe->cs, 0);
sdb_num_set (arch->sdb, "mz.relocs.count", exe->num_relocs, 0);
sdb_num_set (arch->sdb, "mz.relocs.offset", exe->reloc_table_offset, 0);
sdb_num_set (arch->sdb, "mz.checksum", exe->checksum, 0);
if ((ret = R_NEW0 (RBinInfo)) == NULL)
return NULL;
strncpy (ret->file, arch->file, R_BIN_SIZEOF_STRINGS);

View File

@ -201,7 +201,6 @@ static RList* imports(RBinFile *arch) {
r_list_append (relocs, rel);
}
free (imports);
return ret;
}
@ -254,7 +253,7 @@ static int has_canary(RBinFile *arch) {
r_list_free (imports_list);
return 1;
}
r_list_free (imports_list);
// DO NOT FREE IT! r_list_free (imports_list);
}
return 0;
}

View File

@ -11,6 +11,7 @@ rabin2 \- Binary program info extractor
.Op Fl B Ar addr
.Op Fl c Ar fmt:C:[D]
.Op Fl f Ar subbin
.Op Fl k Ar query
.Op Fl O Ar str
.Op Fl o Ar str
.Op Fl m Ar addr
@ -40,6 +41,8 @@ Select sub-binary architecture. Useful for fat-mach0 binaries
Same as \-SMRevsiz (Show all possible information). See \-r
.It Fl i
Show imports (symbols imported from libraries)
.It Fl k Ar query
Perform SDB query on loaded file
.It Fl s
Show exported symbols
.It Fl S