Today I have pushed some interesting stuff into the mercurial repository: rabin:
The current dietelf is ready for human use! It supports imports, exports, and sections, for static/shared/stripped ELF binaries. Returns information about the size of the exported symbols and you can get this information from radare passing the '-r' flag: $ rabin -i /bin/ls # list imports with offsets resolving PLT addr (the plt resolution only works on intel (like gnu objdump) but it's planeed to add support for sparc, mips and arm. $ rabin -s /bin/ls # list exported symbols $ rabin -S /bin/ls # list sections This has been tested on *BSD and GNU systems and seems to work fine. If we have a closer look to the output of "rabin -rs" (symbols with radare output format): $ rabin -rs rabin ... b 16 && f sym_exp_dietelf_get_entry_addr @ 0x08049898 b 154 && f sym_exp_rabin_show_libs @ 0x0804925d b 481 && f sym_exp_rabin_identify_header @ 0x080492f7 b 1225 && f sym_exp_dietelf_list_exports @ 0x0804a154 b 963 && f sym_exp_dietelf_open @ 0x0804a61d b 148 && f sym_exp_do_elf_checks @ 0x080497e4 ... So while importing the flags radare will be conscient about the block size required to read the full symbol, so you can do somehting like: $ radare /bin/ls > .!rabin -rs $FILE > s sym_main ; seek to sym_main > bf sym_main ; adapt block size to the flag size sym_main > pr > sym_main.bin ; binary dump of the sym_main symbol to a file Future work will be on dietmacho and dietpe (contribs are welcome!!) waf: There's an initial -non-working- port of acr+gnumake to waf. Try using $ waf configure $ waf $ waf install It is currently not working, because the build way is a bit weird atm, but waf will help me to refactor all the build stages splitting the source into several static libraries and do a little cleanup on it. fmi: http://code.google.com/p/waf/ lua: I wrote some little stuff (for fun) to 'emulate' some opcodes using LUA code on top of the debugger layer. So you can push and pop values from to stack/registers/memory/inmediates without injecting code, just emulating what it will do. Maybe i'll make this library more complete adding jump, call, movs and similar opcodes to it. So it will be possible to execute code without altering the process memory. Here's the sauce: $ cat scripts/pushpop.lua -- -- debugger helpers for pushing and poping -- data from/to stack/registers/memory -- function dbg_push(hex) r.cmd("!set esp esp-4") r.cmd("wx "..hex.." @ "..esp) end function dbg_push_reg(flag) r.cmd("!set esp esp-4") r.cmd("wv "..reg.." @ "..esp) end function dbg_pop(addr) r.cmd("m 4 "..addr.." @ "..esp) r.cmd("!set esp esp+4") end function dbg_pop_reg(reg) r.cmd("!set reg = [esp]") r.cmd("!set esp esp+4") end Enjoy --pancake _______________________________________________ radare mailing list [email protected] http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
