* Add ragg2-cc

- shellcode compiler using gcc or llvm-gcc as backend - inspired in shellforge, written in shellscript - works on x86-32 with linux and osx * Fix rax2 -S for binary data
2025-04-03 01:52:04 +00:00 · 2011-11-26 05:14:03 +01:00 · 2011-11-26 05:14:03 +01:00 · a5cb0c7810
commit a5cb0c7810
parent f1bee51c94
5 changed files with 152 additions and 9 deletions
--- a/1
+++ b/1
@ -141,6 +141,7 @@ purge:
 	rm -f ${DESTDIR}/${BINDIR}/rarc2
 	rm -f ${DESTDIR}/${BINDIR}/rahash2
 	rm -f ${DESTDIR}/${BINDIR}/ragg2
+	rm -f ${DESTDIR}/${BINDIR}/ragg2-cc
 	rm -f ${DESTDIR}/${BINDIR}/rarun2
 	rm -f ${DESTDIR}/${BINDIR}/rasc2
 	rm -f ${DESTDIR}/${BINDIR}/radiff2
--- a/1
+++ b/1
@ -6,6 +6,7 @@
 ------8<-------------------8<--------------------8<-----------------8<----------

 ====[[ 0.9 ]]====
+* rax2 must convert bin from stdin to hexpairs to stdout
 * r_cons_visual_write_tail() -> fill end of screen with spaces \o/
 * Add graph.nodecolor graph.bgcolor graph.edgecolor ??
 * Add !load in r2 (oo args)
--- a/binr/Makefile
+++ b/binr/Makefile
@ -17,6 +17,7 @@ install:
 	mkdir -p ${BFX}
 	pwd
 	for a in ${BINS} ; do ${INSTALL_PROGRAM} $$a/$$a ${BFX}/$$a ; done
+	${INSTALL_PROGRAM} ragg2/ragg2-cc ${BFX}/ragg2-cc
 	#cp -f rarc2/rarc2 rarc2/rarc2-tool ${BFX}
 	# shortcut
 	-cd ${BFX} && rm -f r2 ; ln -fs radare2 r2
@ -34,7 +35,7 @@ symstall-rsc2:
 symstall install-symlink:
 	mkdir -p ${BFX}
 	for a in ${BINS} ; do ln -fs ${PWD}/$$a/$$a ${BFX}/$$a ; done
-	# ln -fs ${PWD}/rarc2/rarc2-tool ${BFX}/rarc2-tool
+	ln -fs ${PWD}/ragg2/ragg2-cc ${BFX}/ragg2-cc
 	-ln -fs ${PFX}/bin/radare2 ${BFX}/r2

 deinstall uninstall:
--- a/binr/ragg2/ragg2-cc
+++ b/binr/ragg2/ragg2-cc
@ -0,0 +1,135 @@
+#!/bin/sh
+# ragg2-cc : a shellcode compiler -- pancake<nopcode.org> 2011
+#   - for bsd, linux and osx
+# TODO
+#  add support for x86-64 bits
+#  add support for arm
+#  add support for nested shellcodes
+
+B=0
+D=""
+O=""
+F=""
+ASM=0
+while : ; do
+	[ -z "$1" ] && break
+	F=$1
+	case "$F" in
+	-b)
+		B=1
+		;;
+	-d)
+		D=1
+		;;
+	-s)
+		ASM=1
+		;;
+	-o)
+		shift
+		O=$1
+		if [ -z "$O" ]; then
+			echo "Missing argument for -o"
+			exit 1
+		fi
+		;;
+	-h)
+		echo "Usage: ragg2-cc [-opt] [file.c]"
+		echo "  -s   generate assembly file"
+		echo "  -d   enable debug mode"
+		echo "  -b   show hexpair bytes"
+		exit 0
+		;;
+	-v)
+		echo "ragg2-cc 0.9"
+		exit 0
+		;;
+	esac
+	shift
+done
+if [ -z "$F" ]; then
+	echo "Missing argument"
+	exit 1
+fi
+[ -z "$O" ] && O=$F.bin
+
+if [ "`uname`" = Darwin ]; then
+	#CC=/opt/local/bin/i386-mingw32-gcc
+	#OBJCOPY=/opt/local/bin/i386-mingw32-objcopy
+	CC=gcc
+	CC=llvm-gcc # llvm generate smaller binaries
+	OBJCOPY=gobjcopy
+	CFLAGS="-arch i386 "
+	LDFLAGS="-arch i386 -shared -c"
+	ARCH=darwin_i386
+	SHDR="
+.text
+jmp _main"
+else
+	CC=gcc
+	OBJCOPY=objcopy
+	ARCH=linux_i386
+	CFLAGS="-fPIC -fPIE -pie"
+	SHDR="
+.section text
+.globl  main
+.type   main, @function
+jmp main
+"
+	#ARCH=linux_amd64
+fi
+OPT=-Os
+#CFLAGS="-shared -fPIC -fPIE -pie "
+#CFLAGS="${CFLAGS} -shared -fPIC -fPIE -pie "
+CFLAGS="${CFLAGS} -nostdinc -include /usr/include/sflib/${ARCH}/sflib.h"
+CFLAGS="${CFLAGS} -fomit-frame-pointer -finline-functions -fno-zero-initialized-in-bss"
+LDFLAGS="${LDFLAGS} -nostdlib"
+
+rmtemps() {
+	[ -z "$D" ] && rm -f $F.tmp $F.text $F.text $F.s $F.o
+}
+
+fail() {
+	rmtemps
+	exit 1
+}
+
+if [ "$D" ]; then
+	echo "==> Compile"
+	echo "${CC} ${CFLAGS} -o $F.tmp -S ${OPT} $F"
+fi
+rm -f $F.bin
+${CC} ${CFLAGS} -o $F.tmp -S ${OPT} $F || fail
+echo "${SHDR}" > $F.s
+cat $F.tmp \
+	| sed -e s,rdata,text, -e s,rodata,text, -e 's,__i686.get_pc_thunk.bx,__getesp__,g' \
+	| grep -v .cstring | grep -v size | grep -v ___main | grep -v section \
+	| grep -v __alloca | grep -v zero | grep -v cfi >> $F.s
+rm -f $F.tmp
+if [ $ASM = 1 ]; then
+	echo $F.s
+	exit 0
+fi
+
+if [ "$D" ]; then
+	echo "==> Assemble"
+	echo "${CC} -c ${LDFLAGS} -Os -o $F.o $F.s"
+fi
+${CC} ${LDFLAGS} ${OPT} -o $F.o $F.s || fail
+
+if [ "$D" ]; then
+	echo "==> Link"
+	echo "${OBJCOPY} -j .text -O binary $F.o $.text"
+fi
+${OBJCOPY} -j .text -O binary $F.o $F.text || fail
+
+[ $B = 1 ] && exec rax2 -S - < $F.text
+
+if [ "$D" ]; then
+#	hexdump -C $F.text
+	rax2 -S - < $F.text
+	ls -l $F.text
+fi
+ragg2 -C $F.text -F -o $O || fail
+echo $O
+rmtemps
+exit 0
--- a/binr/rax2/rax2.c
+++ b/binr/rax2/rax2.c
@ -6,7 +6,7 @@ static int flags = 0;

 static int format_output (char mode, ut64 n);
 static int help ();
-static int rax (char *str, int last);
+static int rax (char *str, int len, int last);
 static int use_stdin ();

 static int format_output (char mode, ut64 n) {
@ -63,10 +63,12 @@ static int help () {
 	return R_TRUE;
 }

-static int rax (char *str, int last) {
+static int rax (char *str, int len, int last) {
 	float f;
 	char *p, *buf, out_mode = '0';
 	int i;
+	if (!len)
+		len = strlen (str);

 	if (*str=='-') {
 		switch (str[1]) {
@ -116,9 +118,9 @@ static int rax (char *str, int last) {
 		free (buf);
 		return R_TRUE;
 	}
-	if (flags & 4) {
-		for (i=0; str[i]; i++)
-			printf ("%02x", str[i]);
+	if (flags & 4) { // -S
+		for (i=0; i<len; i++)
+			printf ("%02x", (ut8)str[i]);
 		printf ("\n");
 		return R_TRUE;
 	}
@ -177,10 +179,13 @@ static int rax (char *str, int last) {
 static int use_stdin () {
 	char buf[4096]; // TODO: remove this limit
 	while (!feof (stdin)) {
-		fgets (buf, sizeof (buf), stdin);
+		int n = read (0, buf, sizeof (buf));
+		if (n<1) break;
+		buf[n] = 0;
+		//fgets (buf, sizeof (buf), stdin);
 		if (feof (stdin)) break;
 		buf[strlen (buf)-1] = '\0';
-		if (!rax (buf, 0)) break;
+		if (!rax (buf, n, 0)) break;
 	}
 	return 0;
 }
@ -190,6 +195,6 @@ int main (int argc, char **argv) {
 	if (argc == 1)
 		return use_stdin ();
 	for (i=1; i<argc; i++)
-		rax (argv[i], (i+1)==argc);
+		rax (argv[i], 0, (i+1)==argc);
 	return 0;
 }