2010-10-18 18:47:13 +00:00
|
|
|
____ ___ ___ ___ ____ ___ _____ ____
|
|
|
|
| _ \/ \| \/ \ _ \/ _ \ \__ \ / \
|
|
|
|
| < V . | . V . < _/ .-' _/| () |
|
|
|
|
|__\__|_|__|___/__|__|_\__\___/ |____(_)____/
|
2010-06-17 22:08:10 +00:00
|
|
|
|
2009-04-02 00:07:58 +00:00
|
|
|
<{include libr/TODO}>
|
2010-02-05 11:21:37 +00:00
|
|
|
|
2011-01-22 23:53:09 +00:00
|
|
|
Things to improve in r2 (from radare.org/pad)
|
|
|
|
=======================
|
|
|
|
|
2011-01-23 12:12:16 +00:00
|
|
|
- Implement print Zoom mode (copypasta from r1)
|
2011-01-22 23:53:09 +00:00
|
|
|
- allow to hook r_asm_disassemble and assemble with custom callbacks
|
|
|
|
- extend a disassembler with own instructions.
|
|
|
|
- code analysis must resolve jump tables
|
|
|
|
- register renaming (per-instruction or ranges)
|
|
|
|
- visual mode with screen sizes not block size
|
|
|
|
- cursor mode by default?
|
|
|
|
- focus in single arch (beat ida) mips, ppc64 or arm?
|
|
|
|
- display filesize info instead of virtual space address limit
|
|
|
|
- cursor can move outside screen (visual broken)
|
|
|
|
- fix instruction navigation (earada)
|
|
|
|
- do not allow to disassemble unaligned addresses (toggle)
|
|
|
|
- use 'jk' with bwdisasm to go up to previous opcode.
|
|
|
|
- r_asm can reduce cpu without disasm on fixed size ops archs.
|
|
|
|
|
|
|
|
---
|
|
|
|
|
2011-01-21 23:57:43 +00:00
|
|
|
* Enhace code analysis
|
|
|
|
- calculate multiple execution paths to give branch prediction results
|
|
|
|
- get/set register status of the vm
|
|
|
|
- analyze from various parent functions and resolve ranged values
|
|
|
|
- a ranged value can be:
|
|
|
|
- ut64 from, to
|
|
|
|
- limit : %2 (module)
|
|
|
|
- ...
|
2011-01-22 23:18:26 +00:00
|
|
|
|
|
|
|
* Add ewf.mk
|
2011-01-20 23:21:32 +00:00
|
|
|
* mount /mnt/ must chop last '/'
|
2011-01-20 21:52:16 +00:00
|
|
|
* jk in visual mode for disassembly print format must scroll by opcodes, not bytes
|
2011-01-20 23:21:32 +00:00
|
|
|
* "wx jeje" does not says "invalid hexpair string" (must report error)
|
2011-01-20 21:52:16 +00:00
|
|
|
|
2011-01-11 23:01:06 +00:00
|
|
|
* Add support for aout binaries?
|
|
|
|
* eprintf should be modified to log into a file
|
|
|
|
- eprintf_open() -- start log to file
|
|
|
|
- eprintf_close() -- stop log to file
|
2010-12-22 00:23:35 +00:00
|
|
|
/a ??? deprecated analyze code? srsly?
|
2010-12-24 00:43:34 +00:00
|
|
|
* Search for wide strings /Z or so?
|
2010-12-22 00:23:35 +00:00
|
|
|
|
|
|
|
Asm
|
|
|
|
===
|
|
|
|
* Embed bits/arch/endian in a separated structure
|
|
|
|
- So one can change from one arch to another with a pointer
|
|
|
|
- Cool for defining ranges of memory
|
|
|
|
|
2010-11-24 12:41:58 +00:00
|
|
|
Bindings
|
|
|
|
========
|
|
|
|
* Distribute generated .i files or cxx files.. so build is faster
|
|
|
|
|
2010-11-17 20:15:34 +00:00
|
|
|
Debugger
|
2010-10-17 21:03:54 +00:00
|
|
|
========
|
2010-11-17 20:15:34 +00:00
|
|
|
* Implement DRX support
|
|
|
|
* stepover waits for one unknown event that cannot be stopped
|
|
|
|
* Implement list threads on ALL supported platforms (win,lin,osx)
|
|
|
|
* ALL threads must be stopped when a breakpoint is handled..
|
|
|
|
* Floating point registers
|
|
|
|
* MMX/XMM/DRX control
|
|
|
|
* Implement dump+restore as macros (dump,)
|
|
|
|
* Add support for windbg+virtualkd
|
|
|
|
|
|
|
|
pancake
|
|
|
|
-------
|
2010-11-29 09:27:11 +00:00
|
|
|
* Implement PTRACE_BLOCK on Linux
|
|
|
|
* Implement software stepping (with code analysis+breakpoints)
|
2010-11-18 21:57:28 +00:00
|
|
|
* Implement dbg.bep - in r_core? in r_debug after attach? maybe only in r2 binr?
|
|
|
|
- must be refined.. and look for better names
|
2010-11-17 01:47:19 +00:00
|
|
|
* fork/clone child . inject code to create new threads or pids
|
2010-11-15 10:06:10 +00:00
|
|
|
* Functions in r_util to get lil/big ut8,16,32 from ut8*
|
2010-11-17 20:15:34 +00:00
|
|
|
- already done..must find better names probably
|
|
|
|
* merge asm.arch vm.arch
|
2010-11-03 19:46:53 +00:00
|
|
|
* _ZN7WebCore11CounterNode7recountERKNS_12AtomicStringE
|
|
|
|
- demangle c++ and objc names
|
|
|
|
WebCore.CounterNode.recount(AtomicString)
|
|
|
|
_ZN = begin of stream
|
|
|
|
0-9+ = count of chars
|
|
|
|
E = end of stream
|
|
|
|
RKNS_ = start of arguments
|
2010-11-17 20:15:34 +00:00
|
|
|
* Implement rap:// upload/download protocol commands (maybe just system() with rsc2+wget?
|
|
|
|
* support for macro scripting
|
|
|
|
* better debugger support for OSX and iOS
|
|
|
|
* rarc2 allows to compile invalid code like calling puts() out of context
|
|
|
|
* Implement RAnalCall (analyze function arguments, return values, propagate types..)
|
|
|
|
- define number of arguments for given function
|
|
|
|
- warn if signature and analysis differs in number of args or so..
|
|
|
|
- when calling a function
|
|
|
|
- identify arguments passed and compare with arguments required
|
|
|
|
- if they do not match: we need to warn/ask user/store multiple options
|
|
|
|
- function signature comparsion if they dont match
|
|
|
|
r_anal_fcn_cmp (anal, f1, f2);
|
2010-10-18 18:47:13 +00:00
|
|
|
|
2010-11-17 20:15:34 +00:00
|
|
|
nibble
|
|
|
|
------
|
2010-11-18 10:41:17 +00:00
|
|
|
* Display getsym() stuff in rabin2, not only legit syms
|
2010-11-17 20:15:34 +00:00
|
|
|
* Check if python plugin works from inside
|
|
|
|
- write tuto, how to call py code from shell or r2
|
|
|
|
* dmi command must read from memory if no file path provided
|
|
|
|
- rabin from memory ftw
|
|
|
|
- to get libnames of dll, so..
|
|
|
|
-- from 0.6
|
2010-09-25 10:33:30 +00:00
|
|
|
* r_anal
|
|
|
|
- use r_anal_value everywhere
|
2010-10-06 16:04:47 +00:00
|
|
|
- x86im
|
|
|
|
- make x86_x86im the default backend for x86 analysis
|
2010-08-16 15:48:47 +00:00
|
|
|
* diff code analysis
|
|
|
|
- diff two programs
|
|
|
|
1st level:
|
|
|
|
- check all functions EQUAL, DIFFERENT, REMOVED, ADDED
|
|
|
|
- check all symbols
|
|
|
|
- check all imports
|
|
|
|
- check all strings
|
|
|
|
2nd level:
|
|
|
|
- basic block level diffing (output in graph mode)
|
2010-09-25 10:33:30 +00:00
|
|
|
* GMP
|
|
|
|
- big-ssl.c big-gmp.c ...
|
|
|
|
- implement GMP in util/big.c
|
|
|
|
- http://etutorials.org/Programming/secure+programming/Chapter+7.+Public+Key+Cryptography/7.5+Generating+a+Prime+Number+Testing+for+Primality/
|
2010-08-16 15:48:47 +00:00
|
|
|
|
2010-11-17 20:15:34 +00:00
|
|
|
@earada
|
|
|
|
-------
|
|
|
|
* r_file_slurp should work fine for big files
|
|
|
|
- mmap if supported
|
|
|
|
- add r_file_mmap ?
|
|
|
|
- read file in blocks instead of the whole file in a single syscall
|
|
|
|
* remove all uses of alloca() // mingw and grep reports them all :)
|
|
|
|
* Only use uppercase KMG for Kilo,Mega,Giga in r_num? - 'g' is for double
|
2010-07-21 23:32:30 +00:00
|
|
|
* typedef all function pointers, like in r_bp
|
2010-08-10 10:34:10 +00:00
|
|
|
* Implement /A : search AES
|
|
|
|
* Implement case-insensitive search (e search.casematters ?) any better name? Use /i?
|
|
|
|
* Implement /. to search using a file .. isnt zignatures about this?
|
|
|
|
* Implement /p to search for patterns
|
2010-11-15 10:06:10 +00:00
|
|
|
- implement it in r_core ?? or add r_io_bind support
|
2010-08-10 10:34:10 +00:00
|
|
|
* Implement search and replace /s
|
2010-11-17 20:15:34 +00:00
|
|
|
- insert or append? (see r1 cfg vars)
|
|
|
|
|
|
|
|
TODO 0.7
|
|
|
|
========
|
|
|
|
* inject code someway?
|
|
|
|
* Create radare2-testsuite project
|
|
|
|
- tests for ired, rax2, radare2, rabin2 ...
|
|
|
|
* Record trace of register status for each function when running
|
|
|
|
- r_reg_arena_copy();
|
|
|
|
* Add lua and dalvik disassembler (volunteers?)
|
|
|
|
- Add dex format support to rabin (android)
|
|
|
|
* Reimplement or fix the delta diffing in C
|
|
|
|
- first we need to do it for ired..
|
|
|
|
* Trace contents of buffers: filter search results..? cc 8080 @@ hit* .. check for values that has changed.
|
|
|
|
* Is RCore->block and blocksize a RBuf ? refactor!11
|
|
|
|
* add support for sign/unsigned registers..or at least a way to cast them
|
|
|
|
* Add support for STATIC_PLUGINS in r_lang
|
|
|
|
- r_lang_define is implemented in lang.c, but requires the collaboration
|
|
|
|
of the plugins to properly setup the environment for the script execution.
|
|
|
|
- Add support for STATIC_PLUGINS in r_lang
|
|
|
|
- dlerror(/usr/lib/radare2/lang_perl.so): libperl.so: cannot open shared object file: No such file or directory
|
|
|
|
This issue is fixed by setting LD_LIBRARY_PATH...looks like dlopen ignores rpath
|
|
|
|
|
|
|
|
Questions
|
|
|
|
=========
|
|
|
|
* radare2.c:217 . find name for maxfilesize to hash
|
|
|
|
* r_list_foreach_prev is buggy, review and remove..
|
|
|
|
* make symstall in swig/ ?
|
|
|
|
* What about rsc2 ? deprecate, maintain? cleanup from 1? build? install?
|
|
|
|
* Add deltified offset in PC? +10, +30 ... asm.reladdr
|
|
|
|
* Add "pm ?" for bit print like in pb?
|
|
|
|
* regio not implemented // it is really necessary? imho no..
|
|
|
|
* distribute 'spp' with 'rarc2' ? imho no
|
2010-04-07 09:07:59 +00:00
|
|
|
|
2010-07-12 19:37:40 +00:00
|
|
|
|
2010-06-17 00:22:50 +00:00
|
|
|
Bindings
|
|
|
|
========
|
2010-11-17 20:15:34 +00:00
|
|
|
* generate accessors from valaswig ? why?
|
2010-06-17 00:22:50 +00:00
|
|
|
* Script plugins
|
|
|
|
- We should enable r_lib to implement plugins in any
|
|
|
|
scripting language, so we can for example prepare
|
|
|
|
a .c stub interface for python/perl/ruby/..
|
|
|
|
- this requires a swig bridge
|
2010-03-25 20:14:28 +00:00
|
|
|
|
2010-06-17 00:22:50 +00:00
|
|
|
Refactoring
|
|
|
|
===========
|
2010-10-01 09:10:59 +00:00
|
|
|
* Import r_vm register values from flags or from r_debug->r_reg
|
|
|
|
- r_vm must use mmu cache when emulating code
|
|
|
|
- use the one from r_io? and deprecate vm->mmu_cache?
|
2010-09-24 14:45:56 +00:00
|
|
|
* Review the r_flags api
|
2010-10-17 21:03:54 +00:00
|
|
|
* Add pipe_to_buffer..not only file descriptors
|
2010-09-24 02:09:39 +00:00
|
|
|
* r_config set_int and so..simplify
|
2010-09-24 14:45:56 +00:00
|
|
|
- find/use more common cases for char* or &int maps
|
|
|
|
- automatic callbacks for most common usecases
|
2010-10-17 21:03:54 +00:00
|
|
|
* What do we have to do with r_th, r_vm ?
|
2010-09-14 09:22:31 +00:00
|
|
|
* Merge r_vm into r_anal ?
|
2010-08-22 15:56:50 +00:00
|
|
|
* Merge r_socket inside r_util ?
|
|
|
|
* Add SSL support to r_socket ?
|
2010-08-19 18:28:25 +00:00
|
|
|
* Discuss missing r_core_sysenv_update in core/file.c:33
|
2010-07-15 22:02:33 +00:00
|
|
|
* Add RLog API.. pipeable to disk and stderr..also hookable ..cool for ui (partially done)
|
2010-06-17 00:22:50 +00:00
|
|
|
* Move disasm loop into r_print (r_print should depend on r_asm)
|
2010-06-21 09:55:48 +00:00
|
|
|
- thats hard :)
|
2010-06-18 15:52:30 +00:00
|
|
|
* Move 'r_syscall_t' stuff into r_debug (sync r_core)
|
2010-06-21 09:55:48 +00:00
|
|
|
* Implement r_bind api to link multiple pointers
|
|
|
|
core->asm = r_bind_set (core->asm->bind, r_asm_new ());
|
2010-06-18 15:52:30 +00:00
|
|
|
* Find a better name for r_buf_fread (really?)
|
2010-09-24 02:09:39 +00:00
|
|
|
* Review r_io and r_reg API
|
2010-06-21 09:55:48 +00:00
|
|
|
* semi-ok state (R_TRUFAE), implement r_errno and r_errstr in r_util?
|
2010-07-22 23:15:03 +00:00
|
|
|
- useful in r_sys_mkdir ?
|
2010-06-18 15:52:30 +00:00
|
|
|
* Finish and import the spp's getopt owns implementation in r_util (like in p9)
|
2010-08-16 15:48:47 +00:00
|
|
|
|
2009-09-08 18:16:52 +00:00
|
|
|
|
2010-06-17 00:22:50 +00:00
|
|
|
Future
|
|
|
|
======
|
2010-10-17 21:03:54 +00:00
|
|
|
* Implement minimalist 'ar' and add support for .a archive libs? (not necessary in this life)
|
|
|
|
* Realign flags when using project in debug mode
|
|
|
|
* FileDescriptors: dd -- copy from !fd in r1
|
|
|
|
* Initial analysis looking for xrefs to strings and so? ax? ./a@@entry0 - Launched at startup
|
|
|
|
* Store version information in libraries ? debian claims for it
|
|
|
|
* install.sh (to track installed files ..)
|
|
|
|
* acr -ldl check must be fixed for kfreebsd
|
|
|
|
* Add support for float/double in r_num :?
|
2009-02-09 11:42:54 +00:00
|
|
|
* radare2 -e dbg.engine=vm -d ls
|
|
|
|
- load the program using r_bin in virtual space
|
|
|
|
- initialize vm and set regs
|
|
|
|
- debug backend should use the vm
|
2010-06-28 18:30:20 +00:00
|
|
|
|
2010-09-24 14:45:56 +00:00
|
|
|
Flags
|
|
|
|
=====
|
|
|
|
- metaflags? support to define relations between flags
|
|
|
|
(flag hirearchies)
|
|
|
|
r_flagtree
|
|
|
|
- r_flags should have a tree construction to access to them faster
|
|
|
|
- btree? following pointers like bigger,smaller
|
|
|
|
{ struct r_flag_t *bigger, *smaller; }
|
|
|
|
- hooks r_flag_add to recalculate in r_flag_optimize(), bigger/smaller pointers
|
|
|
|
- hooks r_flag_del to recalculate too.
|
|
|
|
- the r_flag_get by string should have another construction with btree
|
|
|
|
for the string of the name
|
|
|
|
|
2010-07-12 19:37:40 +00:00
|
|
|
|
2010-06-28 18:30:20 +00:00
|
|
|
.------------------------.
|
|
|
|
| ___ ___ ____ |
|
|
|
|
| | - ) _ _ | _ |/ _/ | please!
|
|
|
|
| | - \| | |\_ |\_ \ |___. report! :)
|
|
|
|
| |___/'___'|___'|___/ ___/
|
|
|
|
| |
|
|
|
|
`------------------------'
|