radare2/TODO

 ____  ___ ____  ___ ____  ___  ______   ____
|  _ \/   \'   \/   \  _ \/ _ \ \__   | /    \
|    <  V  . T  . V      <   _/ .-' _/ |  ()  |
|_|\__|_|__|___/|_|_|_|\__\___/ |_____(_)____/


<{include libr/TODO}>

Questions
=========
* rarc2 allows to compile invalid code like calling puts() out of context
* add asm.profile into r2
* Merge r_vm into r_anal ?
* Merge r_vm into r_parse ?
* Add rabin2 .! calls into r_core api? r_core_rabin_import(core, "rIs") ?

0.6 RELEASE
===========
* Add support for STATIC_PLUGINS in r_lang
  - r_lang_define is implemented in lang.c, but requires the collaboration
    of the plugins to properly setup the environment for the script execution.
  - Add support for STATIC_PLUGINS in r_lang
  - dlerror(/usr/lib/radare2/lang_perl.so): libperl.so: cannot open shared object file: No such file or directory
    This issue is fixed by setting LD_LIBRARY_PATH...looks like dlopen ignores rpath
* Colorize destination address when cursor in branch
* Reimplement or fix the delta diffing in C
  - first we need to do it for ired..
* Add dex format support to rabin (android)
* Trace contents of buffers: filter search results..?  cc 8080 @@ hit* .. check for values that has changed.
* Cx/CX are not displayed in disasm as they should.. (C! must die)
* Create radare2-testsuite project
* Colorize registers that has changed 

Build system:
-------------
* Write documentation about how to build r2, r2-swig, valaswig, make symstall and
  some basics about the organization of the code (boring++)
* Store version information in libraries ? debian claims for it
* install.sh (to track installed files ..)
* acr -ldl check must be fixed for kfreebsd

TODO nibble
-----------
* use r_anal_value everywhere in r_anal
* make x86_x86im the default backend for x86 analysis
* implement analysis for more instructions in x86_x86im
* big-ssl.c big-gmp.c ...
* native fat bins support (push uncommited changes)
* diff code analysis
  - diff two programs
     1st level:
        - check all functions EQUAL, DIFFERENT, REMOVED, ADDED
        - check all symbols
        - check all imports
        - check all strings
     2nd level:
        - basic block level diffing (output in graph mode)

TODO edu
--------
* print data timestamps with 'p'
* Implement more get_main()
* typedef all function pointers, like in r_bp
* Implement /A : search AES
* Implement case-insensitive search (e search.casematters ?) any better name? Use /i?
* Implement /. to search using a file .. isnt zignatures about this?
* Implement /p to search for patterns
* Implement search and replace /s

TODO pancake
------------
* Display eflags in ascii mode
  - r_reg_eflags(dbg->reg, "cpastidor")
  - static buffer in dbg->reg..fixed size (32)
  - printf("eflags: %s\n", r_reg_get_flags (dbg->reg, "cpastidor");
  void foo(RRegister *r, RRegisterItem *ri, const char *str) {
  }
* Import r_vm register values from flags or from r_debug->r_reg
  - r_vm must use mmu cache when emulating code
    - use the one from r_io? and deprecate vm->mmu_cache?
* Record trace of register status for each function when running
{
 * Implement RAnalCall (analyze function arguments, return values, propagate types..)
  - define number of arguments for given function
  - warn if signature and analysis differs in number of args or so..
  - when calling a function
    - identify arguments passed and compare with arguments required
    - if they do not match: we need to warn/ask user/store multiple options
       - function signature comparsion if they dont match
       r_anal_fcn_cmp (anal, f1, f2);
}
  - add support for sign/unsigned registers..or at least a way to cast them
  - add push/pop of register states (maybe we only need 2 levels of states)
    - display regs in colors
    - can be used for diffing registers
    - is also useful to store values before emulating code
    - we can probably implement this in a clone() method? (too heavy? more orgtogonal)

TODO gerardo
------------
* http://etutorials.org/Programming/secure+programming/Chapter+7.+Public+Key+Cryptography/7.5+Generating+a+Prime+Number+Testing+for+Primality/
* implement GMP in util/big.c

unassigned TODO pointz
----------------------
* Implement minimalist 'ar' and add support for .a archive libs? (not necessary in this life)
* Realign flags when using project in debug mode
* FileDescriptors: dd -- copy from !fd in r1
* distribute 'spp' with 'rarc2' ?
* Initial analysis looking for xrefs to strings and so? ax? ./a@@entry0 - Launched at startup

Bindings
========
* generate accessors from valaswig
* Script plugins
 - We should enable r_lib to implement plugins in any
   scripting language, so we can for example prepare
   a .c stub interface for python/perl/ruby/..
   - this requires a swig bridge

Refactoring
===========
* Merge r_socket inside r_util ?
* Add SSL support to r_socket ?
* Discuss missing r_core_sysenv_update in core/file.c:33
* Add RLog API.. pipeable to disk and stderr..also hookable ..cool for ui (partially done)
* Move disasm loop into r_print (r_print should depend on r_asm)
  - thats hard :)
* Move 'r_syscall_t' stuff into r_debug (sync r_core)
* Implement r_bind api to link multiple pointers
  core->asm = r_bind_set (core->asm->bind, r_asm_new ());
* r_config set_int and so..simplify
* what do we have to do with r_th, r_parse and r_vm ?
* Find a better name for r_buf_fread (really?)
* Review r_io API
* semi-ok state (R_TRUFAE), implement r_errno and r_errstr in r_util?
  - useful in r_sys_mkdir ?
* Finish and import the spp's getopt owns implementation in r_util (like in p9)

0.7
===
* Is RCore->block and blocksize a RBuf ? refactor!11
* Implement rap:// upload/download protocol commands (maybe just system() with rsc2+wget?
 
Future
======
* radare2 -e dbg.engine=vm -d ls
  - load the program using r_bin in virtual space
  - initialize vm and set regs
  - debug backend should use the vm

Transaction notes
=================
Loading big binaries results on broken interaction.
  - Optimize bottlenecks
    - Index flags by name and offset
    - Dont walk all the entries all the time
    - Use RDB or RHashMap
  - Cache
    - We can just cache the last N used pointers to resolve them faster
    - Should work fine for disassembling and others
  - Transactions and threads
    - BIGLOCK is enought i think
    - A background thread can load rabin info
    - r_th is required
    - We need a way to get 'status' info from thread (msg passing?)
      - r_th_msg
    - We can lock the loading thread when a shell command is going to be executed
      |
      |--- (while (prompt,lock,run,unlock))
      \
       `-- (while (lock,load,unlock))


.------------------------.
|   ___       ___  ____  |
|  | - ) _ _ | _ |/  _/  |    please!
|  | - \| | |\_  |\_  \  |___.  report! :)
|  |___/'___'|___'|___/   ___/
|                        |
`------------------------'