mirror of
https://github.com/radareorg/radare2.git
synced 2024-12-03 10:51:01 +00:00
Initial working code injection with r_debug_execute()
This commit is contained in:
pancake
parent
4cf83c6a63
commit
0d993c8cbd
@ -666,11 +666,6 @@ static int cmd_debug(void *data, const char *input) {
|
||||
char *ptr;
|
||||
|
||||
switch (input[0]) {
|
||||
case 'x': // XXX : only for testing
|
||||
r_debug_execute (core->dbg, (ut8*)
|
||||
"\xc7\xc0\x03\x00\x00\x00\x33\xdb\x33"
|
||||
"\xcc\xc7\xc2\x10\x00\x00\x00\xcd\x80", 18);
|
||||
break;
|
||||
case 't':
|
||||
switch (input[1]) {
|
||||
case '?':
|
||||
@ -1013,6 +1008,16 @@ static int cmd_debug(void *data, const char *input) {
|
||||
r_debug_use (core->dbg, input+2);
|
||||
else r_debug_plugin_list (core->dbg);
|
||||
break;
|
||||
case 'i':
|
||||
if (input[1] ==' ') {
|
||||
char bytes[4096];
|
||||
int bytes_len = r_hex_str2bin (input+2, bytes);
|
||||
r_debug_execute (core->dbg, bytes, bytes_len, 0);
|
||||
} else {
|
||||
eprintf ("Usage: di 9090\n");
|
||||
eprintf ("TODO: option to not restore registers\n");
|
||||
}
|
||||
break;
|
||||
case 'o':
|
||||
r_core_file_reopen (core, input[1]? input+2: NULL, 0);
|
||||
break;
|
||||
@ -1034,6 +1039,7 @@ static int cmd_debug(void *data, const char *input) {
|
||||
" dd file descriptors (!fd in r1)\n"
|
||||
" ds[ol] N step, over, source line\n"
|
||||
" do open process (reload, alias for 'oo')\n"
|
||||
" di [bytes] inject code on running process and execute it\n"
|
||||
" dp[=*?t][pid] list, attach to process or thread id\n"
|
||||
" dc[?] continue execution. dc? for more\n"
|
||||
" dr[?] cpu registers, dr? for extended help\n"
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* radare - LGPL - Copyright 2009-2012 - pancake */
|
||||
/* radare - LGPL - Copyright 2009-2013 - pancake */
|
||||
|
||||
#include <r_debug.h>
|
||||
#include <r_anal.h>
|
||||
@ -125,8 +125,9 @@ R_API int r_debug_set_arch(RDebug *dbg, int arch, int bits) {
|
||||
/*
|
||||
* Save 4096 bytes from %esp
|
||||
* TODO: Add support for reverse stack architectures
|
||||
* Also known as r_debug_inject()
|
||||
*/
|
||||
R_API ut64 r_debug_execute(struct r_debug_t *dbg, ut8 *buf, int len) {
|
||||
R_API ut64 r_debug_execute(RDebug *dbg, const ut8 *buf, int len, int restore) {
|
||||
int orig_sz;
|
||||
ut8 stackbackup[4096];
|
||||
ut8 *backup, *orig = NULL;
|
||||
@ -135,7 +136,7 @@ R_API ut64 r_debug_execute(struct r_debug_t *dbg, ut8 *buf, int len) {
|
||||
if (r_debug_is_dead (dbg))
|
||||
return R_FALSE;
|
||||
ripc = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], R_REG_TYPE_GPR);
|
||||
risp = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], R_REG_TYPE_GPR);
|
||||
risp = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_SP], R_REG_TYPE_GPR);
|
||||
if (ripc) {
|
||||
r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE);
|
||||
orig = r_reg_get_bytes (dbg->reg, -1, &orig_sz);
|
||||
@ -156,19 +157,26 @@ R_API ut64 r_debug_execute(struct r_debug_t *dbg, ut8 *buf, int len) {
|
||||
|
||||
/* execute code here */
|
||||
dbg->iob.write_at (dbg->iob.io, rpc, buf, len);
|
||||
//r_bp_add_sw (dbg->bp, rpc+len, 4, R_BP_PROT_EXEC);
|
||||
r_debug_continue (dbg);
|
||||
//r_bp_del (dbg->bp, rpc+len);
|
||||
/* TODO: check if stopped in breakpoint or not */
|
||||
|
||||
r_bp_del (dbg->bp, rpc+len);
|
||||
dbg->iob.write_at (dbg->iob.io, rpc, backup, len);
|
||||
dbg->iob.write_at (dbg->iob.io, rsp, stackbackup, len);
|
||||
if (restore) {
|
||||
dbg->iob.write_at (dbg->iob.io, rsp, stackbackup, len);
|
||||
}
|
||||
|
||||
r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE);
|
||||
ri = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_A0], R_REG_TYPE_GPR);
|
||||
ra0 = r_reg_get_value (dbg->reg, ri);
|
||||
r_reg_set_bytes (dbg->reg, -1, orig, orig_sz);
|
||||
if (restore) {
|
||||
r_reg_set_bytes (dbg->reg, -1, orig, orig_sz);
|
||||
} else {
|
||||
r_reg_set_value (dbg->reg, ripc, rpc);
|
||||
}
|
||||
r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_TRUE);
|
||||
|
||||
free (backup);
|
||||
free (orig);
|
||||
eprintf ("ra0=0x%08"PFMT64x"\n", ra0);
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* radare - LGPL - Copyright 2010 pancake<nopcode.org> */
|
||||
/* radare - LGPL - Copyright 2010-2013 - pancake */
|
||||
|
||||
// XXX: All this stuff must be linked to the code injection api
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* radare - LGPL - Copyright 2009-2011 pancake<nopcode.org> */
|
||||
/* radare - LGPL - Copyright 2009-2013 - pancake */
|
||||
|
||||
#include <r_debug.h>
|
||||
#include <r_list.h>
|
||||
|
||||
@ -275,7 +275,7 @@ R_API int r_debug_reg_set(RDebug *dbg, const char *name, ut64 num);
|
||||
R_API ut64 r_debug_reg_get(RDebug *dbg, const char *name);
|
||||
|
||||
R_API void r_debug_io_bind(RDebug *dbg, RIO *io);
|
||||
R_API ut64 r_debug_execute(RDebug *dbg, ut8 *buf, int len);
|
||||
R_API ut64 r_debug_execute(RDebug *dbg, const ut8 *buf, int len, int restore);
|
||||
R_API int r_debug_map_sync(RDebug *dbg);
|
||||
|
||||
R_API int r_debug_stop(RDebug *dbg);
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* radare - LGPL - Copyright 2007-2012 pancake<nopcode.org> */
|
||||
/* radare - LGPL - Copyright 2007-2013 - pancake */
|
||||
|
||||
#include "r_types.h"
|
||||
#include "r_util.h"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user