radare2/libr/core/cmd_zign.c

240 lines
6.9 KiB
C
Raw Normal View History

/* radare - LGPL - Copyright 2009-2015 - pancake */
2016-05-02 22:52:41 -04:00
#include "r_anal.h"
#include "r_cons.h"
#include "r_core.h"
#include "r_list.h"
#include "r_sign.h"
2012-02-27 02:40:27 +01:00
static int cmd_zign(void *data, const char *input) {
RCore *core = (RCore *)data;
RAnalFunction *fcni;
2012-02-27 02:40:27 +01:00
RListIter *iter;
RSignItem *item;
int i, fd = -1, len;
char *ptr, *name;
switch (*input) {
case 'B':
if (input[1]==' ' && input[2]) {
ut8 buf[128];
ut64 addr = core->offset;
int size = 32;
ptr = strchr (input+2, ' ');
if (ptr) {
size = atoi (ptr+1);
if (size<1) size = 1;
}
if (r_io_read_at (core->io, core->offset, buf,
sizeof (buf)) == sizeof (buf)) {
RFlagItem *flag = r_flag_get_i (core->flags, addr);
if (flag) {
name = flag->name;
r_cons_printf ("zb %s ", name);
len = R_MIN (size, sizeof (buf));
for (i=0; i<len; i++)
r_cons_printf ("%02x", buf[i]);
r_cons_newline ();
} else eprintf ("Unnamed function at 0x%08"PFMT64x"\n", addr);
} else eprintf ("Cannot read at 0x%08"PFMT64x"\n", addr);
} else eprintf ("Usage: zB [size] @@ sym*\nNote: Use zn and zn-");
break;
2012-02-27 02:40:27 +01:00
case 'g':
if (input[1]==' ' && input[2]) {
int fdold = r_cons_singleton ()->fdout;
ptr = strchr (input+2, ' ');
if (ptr) {
*ptr = '\0';
fd = r_sandbox_open (ptr+1, O_RDWR|O_CREAT|O_TRUNC, 0644);
2012-02-27 02:40:27 +01:00
if (fd == -1) {
eprintf ("Cannot open %s in read-write\n", ptr+1);
2016-07-12 22:15:19 +02:00
return false;
2012-02-27 02:40:27 +01:00
}
r_cons_singleton ()->fdout = fd;
r_cons_strcat ("# Signatures\n");
}
r_cons_printf ("zn %s\n", input+2);
2012-02-27 02:40:27 +01:00
r_list_foreach (core->anal->fcns, iter, fcni) {
ut8 buf[128];
if (r_io_read_at (core->io, fcni->addr, buf,
sizeof (buf)) == sizeof (buf)) {
RFlagItem *flag = r_flag_get_i (
core->flags, fcni->addr);
2012-02-27 02:40:27 +01:00
if (flag) {
name = flag->name;
r_cons_printf ("zb %s ", name);
len = (r_anal_fcn_size (fcni) > sizeof (buf))?
sizeof (buf): r_anal_fcn_size(fcni);
2012-02-27 02:40:27 +01:00
for (i=0; i<len; i++)
r_cons_printf ("%02x", buf[i]);
r_cons_newline ();
} else eprintf ("Unnamed function at 0x%08"PFMT64x"\n", fcni->addr);
} else eprintf ("Cannot read at 0x%08"PFMT64x"\n", fcni->addr);
}
r_cons_strcat ("zn-\n");
2012-02-27 02:40:27 +01:00
if (ptr) {
r_cons_flush ();
r_cons_singleton ()->fdout = fdold;
close (fd);
}
} else eprintf ("Usage: zg libc [libc.sig]\n");
break;
2014-08-17 12:21:04 +02:00
case 'n':
2012-02-27 02:40:27 +01:00
if (!input[1])
r_cons_println (core->sign->ns);
2012-02-27 02:40:27 +01:00
else if (!strcmp ("-", input+1))
2014-08-17 01:41:53 +02:00
r_sign_ns (core->sign, "");
else r_sign_ns (core->sign, input+2);
2012-02-27 02:40:27 +01:00
break;
case 'a':
case 'b':
case 'h':
case 'f':
2015-12-24 11:56:12 +01:00
case 'p':
2015-06-13 11:56:36 +02:00
if (*(input+1) == '\0' || *(input+2) == '\0')
eprintf ("Usage: z%c [name] [arg]\n", *input);
else{
ptr = strchr (input+3, ' ');
if (ptr) {
*ptr = 0;
r_sign_add (core->sign, core->anal, (int)*input, input+2, ptr+1);
2016-05-02 22:52:41 -04:00
}
}
2012-02-27 02:40:27 +01:00
break;
case 'c':
item = r_sign_check (core->sign, core->block, core->blocksize);
if (item)
r_cons_printf ("f sign.%s @ 0x%08"PFMT64x"\n", item->name, core->offset);
break;
case '-':
if (input[1] == '*') {
2012-02-27 02:40:27 +01:00
r_sign_reset (core->sign);
} else {
int i = r_sign_remove_ns (core->sign, input+1);
r_cons_printf ("%d zignatures removed\n", i);
}
2012-02-27 02:40:27 +01:00
break;
case '/':
{
// TODO: parse arg0 and arg1
ut8 *buf;
int len, idx;
ut64 ini, fin;
RSignItem *si;
RIOSection *s;
if (input[1]) {
2015-12-25 09:21:50 +01:00
if(input[1] != ' ') {
eprintf ("Usage: z%c [ini] [end]\n", *input);
2016-07-12 22:15:19 +02:00
return false;
2015-12-25 09:21:50 +01:00
}
2012-02-27 02:40:27 +01:00
char *ptr = strchr (input+2, ' ');
if (ptr) {
*ptr = '\0';
ini = r_num_math (core->num, input+2);
fin = r_num_math (core->num, ptr+1);
} else {
ini = core->offset;
fin = ini+r_num_math (core->num, input+2);
}
} else {
s = r_io_section_vget (core->io, core->io->off);
2012-02-27 02:40:27 +01:00
if (s) {
ini = core->io->va?s->vaddr:s->offset;
fin = ini + (core->io->va?s->vsize:s->size);
} else {
eprintf ("No section identified, please provide range.\n");
2016-07-12 22:15:19 +02:00
return false;
2012-02-27 02:40:27 +01:00
}
}
if (ini>=fin) {
eprintf ("Invalid range (0x%"PFMT64x"-0x%"PFMT64x").\n", ini, fin);
2016-07-12 22:15:19 +02:00
return false;
2012-02-27 02:40:27 +01:00
}
len = fin-ini;
buf = malloc (len);
if (buf != NULL) {
int count = 0;
2012-02-27 02:40:27 +01:00
eprintf ("Ranges are: 0x%08"PFMT64x" 0x%08"PFMT64x"\n", ini, fin);
r_cons_printf ("fs sign\n");
r_cons_break (NULL, NULL);
2012-02-27 02:40:27 +01:00
if (r_io_read_at (core->io, ini, buf, len) == len) {
for (idx=0; idx<len; idx++) {
if (r_cons_singleton ()->breaked)
break;
2012-02-27 02:40:27 +01:00
si = r_sign_check (core->sign, buf+idx, len-idx);
if (si) {
count++;
2012-02-27 02:40:27 +01:00
if (si->type == 'f')
r_cons_printf ("f sign.fun_%s_%d @ 0x%08"PFMT64x"\n",
si->name, idx, ini+idx); //core->offset);
2015-12-24 11:56:12 +01:00
else if(si->type == 'p')
r_cons_printf ("afn sign.fun_%s_%d 0x%08"PFMT64x"\n",
si->name, idx, ini+idx);
2012-02-27 02:40:27 +01:00
else r_cons_printf ("f sign.%s @ 0x%08"PFMT64x"\n",
si->name, ini+idx); //core->offset+idx);
eprintf ("- Found %d matching function signatures\r", count);
2012-02-27 02:40:27 +01:00
}
}
} else eprintf ("Cannot read %d bytes at 0x%08"PFMT64x"\n", len, ini);
r_cons_break_end ();
2012-02-27 02:40:27 +01:00
free (buf);
core->sign->matches = count;
} else {
eprintf ("Cannot alloc %d bytes\n", len);
core->sign->matches = 0;
}
2012-02-27 02:40:27 +01:00
}
break;
case '\0':
case '*':
2015-10-14 17:50:17 +02:00
r_sign_list (core->sign, (*input=='*'), 0);
break;
case 'j':
r_sign_list (core->sign, (*input=='*'), 1);
2012-02-27 02:40:27 +01:00
break;
case 'F':
if (input[1] == 'd') {
if (input[2] != ' ') {
2015-11-13 01:41:09 +01:00
eprintf ("Usage: zFd <flirt-sig-file>\n");
return false;
}
r_sign_flirt_dump (core->anal, input + 3);
} else {
if(input[1] != ' ') {
2015-11-13 01:41:09 +01:00
eprintf ("Usage: zF <flirt-sig-file>\n");
return false;
}
r_sign_flirt_scan (core->anal, input + 2);
}
break;
2012-02-27 02:40:27 +01:00
default:
2014-06-21 10:32:09 +02:00
case '?':{
const char* help_msg[] = {
"Usage:", "z[abcp/*-] [arg]", "Zignatures",
"z", "", "show status of zignatures",
"z*", "", "display all zignatures",
2015-12-25 09:23:39 +01:00
"z-", " namespace", "Unload zignatures in namespace",
2014-06-21 10:32:09 +02:00
"z-*", "", "unload all zignatures",
2015-12-25 09:23:39 +01:00
"z/", " [ini] [end]", "search zignatures between these regions",
2014-06-21 10:32:09 +02:00
"za", " ...", "define new zignature for analysis",
"zb", " name bytes", "define zignature for bytes",
"zB", " size", "Generate zignatures for current offset/flag",
"zc", " @ fcn.foo", "flag signature if matching (.zc@@fcn)",
"zf", " name fmt", "define function zignature (fast/slow, args, types)",
2015-11-13 01:41:09 +01:00
"zF", " file", "Open a FLIRT signature file and scan opened file",
"zFd", " file", "Dump a FLIRT signature",
2014-08-17 01:41:53 +02:00
"zg", " namespace [file]", "Generate zignatures for current file",
2014-06-21 10:32:09 +02:00
"zh", " name bytes", "define function header zignature",
2014-08-17 12:21:04 +02:00
"zn", " namespace", "Define namespace for following zignatures (until zn-)",
"zn", "", "Display current namespace",
"zn-", "", "Unset namespace",
2015-12-24 11:56:12 +01:00
"zp", " name bytes", "define new zignature for function body",
2014-06-21 10:32:09 +02:00
"NOTE:", "", "bytes can contain '.' (dots) to specify a binary mask",
NULL};
r_core_cmd_help (core, help_msg);
}
2012-02-27 02:40:27 +01:00
break;
}
return 0;
}