* Export 'srwx' perms of sections in rabin2 -rS

- Handled by 'S' command
* Added dummy 'z' command to handle zignaturez
  - Added more dummy 'az' commands
  - RCore now depends on RSign
* Some refactoring and speedup in _update method of RSearch
  - Added support for distance search (maybe buggy and incomplete atm)
  - Fix binary mask for keywords after previous commit
* Added 'r_str_rwx*' helper functions in r_util
This commit is contained in:
pancake 2010-04-08 12:29:47 +02:00
parent ee6304ea62
commit f2563a7509
25 changed files with 352 additions and 205 deletions

View File

@ -17,6 +17,7 @@
|| bin ||
---------
- Add dex format support (android)
- rename characteristics into srwx
|| cons ||
----------

View File

@ -1,4 +1,4 @@
/* radare - LGPL - Copyright 2009 nibble<.ds@gmail.com> */
/* radare - LGPL - Copyright 2009-2010 nibble<.ds@gmail.com> */
/* TODO:
* -L [lib] dlopen library and show address
@ -70,9 +70,8 @@ static int rabin_show_entrypoints() {
if ((entries = r_bin_get_entries (bin)) == NULL)
return R_FALSE;
if (rad) {
printf ("fs symbols\n");
} else printf ("[Entrypoints]\n");
if (rad) printf ("fs symbols\n");
else printf ("[Entrypoints]\n");
r_list_foreach (entries, iter, entry) {
if (rad) {
@ -272,9 +271,9 @@ static int rabin_show_sections(ut64 at) {
} else {
if (rad) {
r_flag_name_filter (section->name);
printf ("S 0x%08llx 0x%08llx 0x%08llx 0x%08llx %s\n",
printf ("S 0x%08llx 0x%08llx 0x%08llx 0x%08llx %s %d\n",
section->offset, baddr+section->rva,
section->size, section->vsize, section->name);
section->size, section->vsize, section->name, (int)section->characteristics);
printf ("f section.%s %lli 0x%08llx\n",
section->name, section->size, va?baddr+section->rva:section->offset);
printf ("CC [%02i] va=0x%08llx pa=0x%08llx sz=%08lli vsz=%08lli "

View File

@ -1,7 +1,8 @@
NAME=r_core
DEPS=r_config r_cons r_line r_io r_cmd r_util r_print r_flags r_asm r_lib
DEPS+=r_debug r_hash r_bin r_lang r_io r_asm r_anal r_parse r_config
DEPS+=r_print r_bp r_reg r_meta r_search r_syscall
DEPS+=r_print r_bp r_reg r_meta r_search r_syscall r_sign
OBJ=core.o cmd.o file.o config.o visual.o io.o yank.o libs.o anal.o project.o

View File

@ -19,6 +19,53 @@
static int cmd_io_system(void *data, const char *input);
static int cmd_zign(void *data, const char *input) {
RCore *core = (RCore *)data;
char *ptr;
switch (input[0]) {
case 'a':
break;
case 'b':
ptr = strchr (input+2, ' ');
if (ptr) {
*ptr = 0;
r_sign_add (&core->sign, R_SIGN_BYTES, input+2, ptr+1);
} else eprintf ("Usage: zb [name] [bytes]\n");
break;
case ' ':
//r_sign_pfx (&core->sign, input+2);
break;
case '-':
//r_sign_unload (&core->sign, input+2);
break;
case '/':
{
// TODO: parse arg0 and arg1
RIOSection *s = r_io_section_get (&core->io, core->offset);
if (s) {
eprintf ("Ranges are: 0x%08llx 0x%08llx\n",
s->vaddr, s->vaddr+s->size);
} else eprintf ("Unknown section. Please specify range\n");
}
break;
default:
case '?':
r_cons_printf (
"Usage: z[-] [arg]\n"
" z show loaded zignatures\n"
" z prefix define prefix for following zignatures\n"
" z-prefix unload zignatures prefixed as\n"
" z-* unload all zignatures\n"
" za ... define new zignature for analysis\n"
" zb name bytes define new zignature for bytes\n"
" z/ addr0 addr1 search zignatures between these regions\n"
"SEE ALSO: az? to analyze code from signature results\n");
break;
}
return 0;
}
static int cmd_iopipe(void *data, const char *input) {
RCore *core = (RCore *)data;
switch (input[0]) {
@ -340,7 +387,7 @@ static int cmd_section(void *data, const char *input) {
" S ; list sections\n"
" S* ; list sections (in radare commands\n"
" S= ; list sections (in nice ascii-art bars)\n"
" S [offset] [vaddr] [size] [vsize] [name] ; adds new section\n"
" S [offset] [vaddr] [size] [vsize] [name] [rwx] ; adds new section\n"
" S -[offset] ; remove this section definition\n");
break;
case ' ':
@ -352,7 +399,7 @@ static int cmd_section(void *data, const char *input) {
break;
default:
{
int i;
int i, rwx = 7;
char *ptr = strdup(input+1);
const char *name = NULL;
ut64 vaddr = 0LL;
@ -361,7 +408,9 @@ static int cmd_section(void *data, const char *input) {
ut64 vsize = 0LL;
i = r_str_word_set0 (ptr);
switch(i) {
switch (i) {
case 6: // get rwx
rwx = r_str_rwx (r_str_word_get0 (ptr, 5));
case 5: // get name
name = r_str_word_get0 (ptr, 4);
case 4: // get vsize
@ -373,7 +422,7 @@ static int cmd_section(void *data, const char *input) {
case 1: // get offset
offset = r_num_math (&core->num, r_str_word_get0 (ptr, 0));
}
r_io_section_add (&core->io, offset, vaddr, size, vsize, 7, name);
r_io_section_add (&core->io, offset, vaddr, size, vsize, rwx, name);
free (ptr);
}
break;
@ -1079,6 +1128,23 @@ static int cmd_anal(void *data, const char *input) {
}
switch (input[0]) {
case 'z':
switch (input[1]) {
case 'g':
// TODO: generate zignaturez from analysis data
break;
case '\0':
// TODO: analyze results of zignature search
r_core_cmd (core, "ac@@sign", 0);
break;
default:
r_cons_printf ("Usage: az[g]\n"
" az analyze zignatures\n"
" azg generate zignature from current file (z-* recommended)\n"
"SEE ALSO: z?\n");
break;
}
break;
case 'h':
if (input[1]) {
if (!r_anal_use (&core->anal, input+2))
@ -2647,6 +2713,7 @@ int r_core_cmd_init(RCore *core) {
r_cmd_add (&core->cmd, "info", "get file info", &cmd_info);
r_cmd_add (&core->cmd, "cmp", "compare memory", &cmd_cmp);
r_cmd_add (&core->cmd, "seek", "seek to an offset", &cmd_seek);
r_cmd_add (&core->cmd, "zign", "zignatures", &cmd_zign);
r_cmd_add (&core->cmd, "Section", "setup section io information", &cmd_section);
r_cmd_add (&core->cmd, "bsize", "change block size", &cmd_bsize);
r_cmd_add (&core->cmd, "eval", "evaluate configuration variable", &cmd_eval);

View File

@ -129,6 +129,7 @@ R_API int r_core_init(RCore *core) {
r_meta_init (&core->meta);
r_cons_init ();
r_line_init ();
r_sign_init (&core->sign);
r_cons_singleton()->user_fgets = (void *)myfgets;
r_line_hist_load (".radare2_history");

View File

@ -5,7 +5,7 @@
grep -e DEPS */Makefile | sed -e 's,/Makefile,,' > /tmp/rdeps.txt
MODE=dot
MODE=gml
#MODE=gml
if [ $MODE = "dot" ]; then

View File

@ -13,8 +13,7 @@ static int bitnum(int bit) {
/* TODO: do it more beautiful with structs and not spaguetis */
/* TODO: find a better method name */
R_API int r_hash_calculate(struct r_hash_t *ctx, int algobit, const ut8 *buf, ut32 len)
{
R_API int r_hash_calculate(struct r_hash_t *ctx, int algobit, const ut8 *buf, ut32 len) {
if (algobit & R_HASH_MD4) {
r_hash_do_md4(ctx, buf, len);
return R_HASH_SIZE_MD4;

View File

@ -3,15 +3,13 @@
* by an anonymous gnome
* ------------------------
* That's pure mathematics, so no sense to adding license shit here.
*
*/
#include <stdlib.h>
#include <math.h>
#include "r_types.h"
static double get_px(ut8 x, const ut8 *data, ut64 size)
{
static double get_px(ut8 x, const ut8 *data, ut64 size) {
ut32 i, count = 0;
for (i = 0; i < size; i++)
if (data[i] == x)
@ -19,48 +17,15 @@ static double get_px(ut8 x, const ut8 *data, ut64 size)
return (double)count/size;
}
R_API double r_hash_entropy(const ut8 *data, ut64 size)
{
R_API double r_hash_entropy(const ut8 *data, ut64 size) {
double h = 0, px, log2;
unsigned char x;
log2 = logf((double)2);
log2 = logf ((double)2);
for (x = 0; x < 255; x++) {
px = get_px(x, data, size);
px = get_px (x, data, size);
if (px > 0)
h += -px * (log(px)/log2);
h += -px * (log (px)/log2);
}
return h;
}
#if 0
// TRASH CODE ???
int i;
int index1,index2;
int windowsize= 512; // block size
uchar ek[256];
uchar ck[256];
uchar entropy[256];
for (i = 0; i < 256; i++)
ek[i] = i/256 * Log(2,i); // pre-calculate the entropy for each possible probability
for (i = 0; i < windowsize; i++)
ck[buffer[i]]++; // count how many of each byte there is in the window
for (i = 0; i < 256; i++)
entropy[0] -= ek[ck[buffer[i]]]; // calculate the entropy for the first window position
for (i = 1; i < buffer.length - wsize; i++)
{ // slide the window position and update the new entropy as it slides.
index1 = i-1;
index2 = i+windowsize-1;
entropy[i] = entropy[i-1] + ek[ck[buffer[index1]]] + ek[ck[buffer[index2]]];
index1 = ck[buffer[index1]]--;
index2 = ck[buffer[index2]]++;
entropy[i] -= ek[index1] + ek[index2];
}
#endif

View File

@ -32,26 +32,21 @@ errors that transformed one string into the other.
#include "r_types.h"
static int hamdist(int x, ut64 y)
{
static int hamdist(int x, int y) {
int dist = 0, val = x^y;
while(val) {
while (val) {
++dist;
val &= val - 1;
}
return dist;
}
R_API ut8 r_hash_hamdist(const ut8 *buf, ut64 len)
{
R_API ut8 r_hash_hamdist(const ut8 *buf, int len) {
int i, x, y;
x = y = i = 0;
for(i=0;i<len;i++) {
for (i=0; i<len; i++) {
y = buf[i];
x = hamdist(x, y);
x = hamdist (x, y);
}
return x;
}

View File

@ -14,6 +14,7 @@
#include "r_line.h"
#include "r_print.h"
#include "r_search.h"
#include "r_sign.h"
#include "r_debug.h"
#include "r_flags.h"
#include "r_config.h"
@ -67,6 +68,7 @@ typedef struct r_core_t {
struct r_flag_t flags;
struct r_config_t config;
struct r_search_t *search;
RSign sign;
} RCore;
#ifdef R_API

View File

@ -98,7 +98,7 @@ R_API ut8 r_hash_mod255(const ut8 *b, ut64 len);
R_API const char *r_hash_name(int bit);
/* analysis */
R_API ut8 r_hash_hamdist(const ut8 *buf, ut64 len);
R_API ut8 r_hash_hamdist(const ut8 *buf, int len);
R_API double r_hash_entropy(const ut8 *data, ut64 len);
R_API int r_hash_pcprint(const ut8 *buffer, ut64 len);
#endif

View File

@ -1,9 +1,9 @@
#ifndef _INCLUDE_R_SEARCH_H_
#define _INCLUDE_R_SEARCH_H_
#include "r_types.h"
#include "r_util.h"
#include "list.h"
#include <r_types.h>
#include <r_util.h>
#include <list.h>
enum {
R_SEARCH_KEYWORD,
@ -11,9 +11,12 @@ enum {
R_SEARCH_PATTERN,
R_SEARCH_STRING,
R_SEARCH_XREFS,
R_SEARCH_AES
R_SEARCH_AES,
R_SEARCH_LAST
};
#define R_SEARCH_DISTANCE_MAX 10
typedef struct r_search_keyword_t {
char keyword[128];
char binmask[128];
@ -21,7 +24,8 @@ typedef struct r_search_keyword_t {
ut8 bin_binmask[128];
ut32 keyword_length;
ut32 binmask_length;
ut32 idx; // searching purposes
ut32 idx[R_SEARCH_DISTANCE_MAX]; // searching purposes
int distance;
void *data;
int count;
int kwidx;
@ -33,6 +37,7 @@ typedef struct r_search_hit_t {
ut64 addr;
} RSearchHit;
typedef int (*RSearchUpdate)(void *s, ut64 from, const ut8 *buf, int len);
typedef int (*RSearchCallback)(RSearchKeyword *kw, void *user, ut64 where);
typedef struct r_search_t {
@ -45,6 +50,8 @@ typedef struct r_search_t {
RSearchCallback callback;
RList *hits;
RMemoryPool *pool;
int distance;
RSearchUpdate update;
//struct r_search_binparse_t *bp;
//TODO RList *kws; // TODO: Use r_search_kw_new ()
struct list_head kws; //r_search_hw_t kws;
@ -79,12 +86,14 @@ R_API int r_search_range_reset(RSearch *s);
R_API int r_search_set_blocksize(RSearch *s, ut32 bsize);
// TODO: this is internal API?
R_API int r_search_mybinparse_update(RSearch *s, ut64 from, const ut8 *buf, int len);
R_API int r_search_aes_update(RSearch *s, ut64 from, const ut8 *buf, int len);
R_API int r_search_strings_update(RSearch *s, ut64 from, const char *buf, int len, int enc);
R_API int r_search_regexp_update(RSearch *s, ut64 from, const ut8 *buf, int len);
R_API int r_search_xrefs_update(RSearch *s, ut64 from, const ut8 *buf, int len);
R_API int r_search_mybinparse_update(void *s, ut64 from, const ut8 *buf, int len);
R_API int r_search_aes_update(void *s, ut64 from, const ut8 *buf, int len);
R_API int r_search_strings_update(void *s, ut64 from, const ut8 *buf, int len);
R_API int r_search_regexp_update(void *s, ut64 from, const ut8 *buf, int len);
R_API int r_search_xrefs_update(void *s, ut64 from, const ut8 *buf, int len);
R_API int r_search_hit_new(RSearch *s, RSearchKeyword *kw, ut64 addr);
R_API void r_search_set_distance(RSearch *s, int dist);
R_API void r_search_set_pattern_size(RSearch *s, int size);
/* pattern search */
R_API int r_search_pattern(RSearch *s, ut32 size);

View File

@ -4,6 +4,11 @@
#include <r_types.h>
#include "list.h"
enum {
R_SIGN_BYTES,
R_SIGN_GRAPH,
};
/* signature struct */
typedef struct r_sign_item_t {
char name[32];
@ -14,20 +19,25 @@ typedef struct r_sign_item_t {
} RSignItem;
typedef struct r_sign_t {
int count;
int s_byte;
int s_anal;
struct list_head items;
} RSign;
typedef int (*RSignCallback)(RSignItem *si, void *user);
#ifdef R_API
R_API RSign *r_sign_init(RSign *sig);
R_API int r_sign_add(RSign *sig, int type, const char *name, const char *arg);
R_API RSign *r_sign_free(RSign *sig);
// old api
R_API int r_sign_generate(RSign *sig, const char *file, FILE *fd);
R_API int r_sign_check(RSign *sig, const char *binfile);
R_API RSign *r_sign_free(RSign *sig);
R_API int r_sign_info(RSign *sig);
R_API int r_sign_load_file(RSign *sig, const char *file);
R_API RSignItem *r_sign_add(RSign *sig);
R_API int r_sign_option(RSign *sig, const char *option);
R_API int r_sign_item_set(RSignItem *sig, const char *key, const char *value);
R_API RSign *r_sign_init(RSign *sig);
#endif
#endif

View File

@ -185,6 +185,8 @@ R_API void r_num_init(struct r_num_t *num);
/* strings */
#define r_str_write(x,y) write (x, y, strlen(y))
R_API int r_str_rwx(const char *str);
R_API const char *r_str_rwx_i(int rwx);
R_API void r_str_writef(int fd, const char *fmt, ...);
R_API char **r_str_argv(const char *str, int *_argc);
R_API void r_str_argv_free(char **argv);

View File

@ -2,17 +2,14 @@
#include "r_io.h"
// XXX use section->foo
#define r_cons_printf printf
R_API void r_io_section_init(struct r_io_t *io) {
R_API void r_io_section_init(RIO *io) {
io->enforce_rwx = 0; // do not enforce RWX section permissions by default
io->enforce_seek = 0; // do not limit seeks out of the file by default
INIT_LIST_HEAD(&(io->sections));
}
R_API void r_io_section_add(RIO *io, ut64 offset, ut64 vaddr, ut64 size, ut64 vsize, int rwx, const char *name) {
struct r_io_section_t *s = (struct r_io_section_t *)malloc(sizeof(struct r_io_section_t));
RIOSection *s = (RIOSection *)malloc(sizeof(RIOSection));
s->offset = offset;
s->vaddr = vaddr;
s->size = size;
@ -24,11 +21,11 @@ R_API void r_io_section_add(RIO *io, ut64 offset, ut64 vaddr, ut64 size, ut64 vs
list_add(&(s->list), &io->sections);
}
R_API struct r_io_section_t *r_io_section_get_i(struct r_io_t *io, int idx) {
R_API RIOSection *r_io_section_get_i(RIO *io, int idx) {
int i = 0;
struct list_head *pos;
list_for_each_prev(pos, &io->sections) {
struct r_io_section_t *s = (struct r_io_section_t *)list_entry(pos, struct r_io_section_t, list);
RIOSection *s = (RIOSection *)list_entry(pos, RIOSection, list);
if (i == idx)
return s;
i++;
@ -36,8 +33,8 @@ R_API struct r_io_section_t *r_io_section_get_i(struct r_io_t *io, int idx) {
return NULL;
}
R_API int r_io_section_rm(struct r_io_t *io, int idx) {
struct r_io_section_t *s = r_io_section_get_i (io, idx);
R_API int r_io_section_rm(RIO *io, int idx) {
RIOSection *s = r_io_section_get_i (io, idx);
if (s != NULL) {
list_del ((&s->list));
free (s);
@ -47,24 +44,24 @@ R_API int r_io_section_rm(struct r_io_t *io, int idx) {
}
// TODO: implement as callback
R_API void r_io_section_list(struct r_io_t *io, ut64 offset, int rad) {
R_API void r_io_section_list(RIO *io, ut64 offset, int rad) {
int i = 0;
struct list_head *pos;
offset = io->va ? r_io_section_vaddr_to_offset (io, offset) : offset;
list_for_each_prev(pos, &io->sections) {
struct r_io_section_t *s = (struct r_io_section_t *)list_entry(pos, struct r_io_section_t, list);
if (rad) r_cons_printf ("S 0x%08llx 0x%08llx 0x%08llx 0x%08llx %s\n",
s->offset, s->vaddr, s->size, s->vsize, s->name);
else r_cons_printf ("[%02d] %c offset=0x%08llx vaddr=0x%08llx size=0x%08llx vsize=%08llx %s\n",
i, (offset>=s->offset && offset<s->offset+s->size)?'*':'.',
s->offset, s->vaddr, s->size, s->vsize, s->name);
RIOSection *s = (RIOSection *)list_entry(pos, RIOSection, list);
if (rad) io->printf ("S 0x%08llx 0x%08llx 0x%08llx 0x%08llx %s %d\n",
s->offset, s->vaddr, s->size, s->vsize, s->name, s->rwx);
else io->printf ("[%02d] %c 0x%08llx %s vaddr=0x%08llx size=0x%08llx vsize=%08llx %s\n",
i, (offset>=s->offset && offset<s->offset+s->size)?'*':'.',
s->offset, r_str_rwx_i (s->rwx), s->vaddr, s->size, s->vsize, s->name);
i++;
}
}
/* TODO: move to print ??? support pretty print of ranges following an array of offsetof */
R_API void r_io_section_list_visual(struct r_io_t *io, ut64 seek, ut64 len) {
R_API void r_io_section_list_visual(RIO *io, ut64 seek, ut64 len) {
struct list_head *pos;
ut64 min = -1;
ut64 max = -1;
@ -83,67 +80,64 @@ R_API void r_io_section_list_visual(struct r_io_t *io, ut64 seek, ut64 len) {
mul = (max-min) / width;
if (min != -1 && mul != 0) {
i = 0;
list_for_each_prev(pos, &io->sections) {
struct r_io_section_t *s = (struct r_io_section_t *)list_entry(pos, struct r_io_section_t, list);
r_cons_printf("%02d 0x%08llx |", i, s->offset);
list_for_each_prev (pos, &io->sections) {
RIOSection *s = (RIOSection *)list_entry(pos, RIOSection, list);
io->printf ("%02d 0x%08llx |", i, s->offset);
for(j=0;j<width;j++) {
if ((j*mul)+min >= s->offset && (j*mul)+min <=s->offset+s->size)
r_cons_printf("#");
io->printf("#");
else
r_cons_printf("-");
io->printf("-");
}
r_cons_printf("| 0x%08llx %s\n", s->offset+s->size, s->name);
io->printf ("| 0x%08llx %s\n", s->offset+s->size, s->name);
i++;
}
/* current seek */
if (i>0 && len != 0) {
r_cons_printf("=> 0x%08llx |", seek);
io->printf ("=> 0x%08llx |", seek);
for(j=0;j<width;j++) {
r_cons_printf (
io->printf (
((j*mul)+min >= seek &&
(j*mul)+min <= seek+len)
?"#":"-");
}
r_cons_printf("| 0x%08llx\n", seek+len);
io->printf ("| 0x%08llx\n", seek+len);
}
}
}
R_API struct r_io_section_t *r_io_section_get(struct r_io_t *io, ut64 offset)
{
R_API RIOSection *r_io_section_get(RIO *io, ut64 offset) {
struct list_head *pos;
list_for_each (pos, &io->sections) {
RIOSection *s = (struct r_io_section_t *)list_entry(pos, struct r_io_section_t, list);
RIOSection *s = (RIOSection *)list_entry(pos, RIOSection, list);
if (offset >= s->offset && offset <= s->offset + s->size)
return s;
}
return NULL;
}
R_API ut64 r_io_section_get_offset(struct r_io_t *io, ut64 offset)
{
R_API ut64 r_io_section_get_offset(RIO *io, ut64 offset) {
RIOSection *s = r_io_section_get(io, offset);
return s?s->offset:-1;
}
R_API ut64 r_io_section_get_vaddr(struct r_io_t *io, ut64 offset)
{
struct r_io_section_t *s = r_io_section_get(io, offset);
R_API ut64 r_io_section_get_vaddr(RIO *io, ut64 offset) {
RIOSection *s = r_io_section_get (io, offset);
return s?s->vaddr:-1;
}
R_API int r_io_section_get_rwx(struct r_io_t *io, ut64 offset)
{
struct r_io_section_t *s = r_io_section_get(io, offset);
// TODO: deprecate
R_API int r_io_section_get_rwx(RIO *io, ut64 offset) {
RIOSection *s = r_io_section_get (io, offset);
eprintf ("r_io_section_get_rwx: must be deprecated\n");
return s?s->rwx:R_IO_READ|R_IO_WRITE|R_IO_EXEC;
}
R_API int r_io_section_overlaps(struct r_io_t *io, struct r_io_section_t *s)
{
R_API int r_io_section_overlaps(RIO *io, RIOSection *s) {
int i = 0;
struct list_head *pos;
list_for_each_prev(pos, &io->sections) {
struct r_io_section_t *s2 = (struct r_io_section_t *)list_entry(pos, struct r_io_section_t, list);
RIOSection *s2 = (RIOSection *)list_entry(pos, RIOSection, list);
if (s != s2) {
if (s->offset >= s2->offset) {
if (s2->offset+s2->size < s->offset)
@ -158,24 +152,22 @@ R_API int r_io_section_overlaps(struct r_io_t *io, struct r_io_section_t *s)
return -1;
}
R_API ut64 r_io_section_vaddr_to_offset(struct r_io_t *io, ut64 vaddr)
{
R_API ut64 r_io_section_vaddr_to_offset(RIO *io, ut64 vaddr) {
struct list_head *pos;
list_for_each_prev(pos, &io->sections) {
struct r_io_section_t *s = (struct r_io_section_t *)list_entry(pos, struct r_io_section_t, list);
list_for_each_prev (pos, &io->sections) {
RIOSection *s = (RIOSection *)list_entry (pos, RIOSection, list);
if (vaddr >= s->vaddr && vaddr < s->vaddr + s->vsize)
return (vaddr - s->vaddr + s->offset);
}
return vaddr;
}
R_API ut64 r_io_section_offset_to_vaddr(struct r_io_t *io, ut64 offset)
{
R_API ut64 r_io_section_offset_to_vaddr(RIO *io, ut64 offset) {
struct list_head *pos;
list_for_each_prev(pos, &io->sections) {
struct r_io_section_t *s = (struct r_io_section_t *)list_entry(pos, struct r_io_section_t, list);
RIOSection *s = (RIOSection *)list_entry(pos, RIOSection, list);
if (offset >= s->offset && offset < s->offset + s->size)
return (s->vaddr + offset - s->offset);
}

View File

@ -37,7 +37,7 @@ static int aes_key_test(const unsigned char *buf) {
&& buf[31]==(table_sbox[buf[14]]^1))?1:0;
}
R_API int r_search_aes_update(RSearch *s, ut64 from, const ut8 *buf, int len) {
R_API int r_search_aes_update(void *s, ut64 from, const ut8 *buf, int len) {
int i, last = len-31;
if (last < 0)
return 0;

View File

@ -14,7 +14,11 @@ R_API RSearchKeyword* r_search_keyword_new(const ut8 *kw, int kwlen, const ut8 *
k->keyword_length = kwlen;
memcpy (k->bin_keyword, kw, kwlen);
if (bm && bmlen>0) {
memcpy (k->binmask, bm, bmlen);
//memcpy (k->binmask, bm, bmlen);
// XXX Fix this conversion.. r_hex_str.. ?
snprintf (k->binmask, sizeof (k->binmask),
"%02x%02x%02x..", bm[0], bm[1], bm[2]);
memcpy (k->bin_binmask, bm, bmlen);
k->binmask_length = bmlen;
} else k->binmask[0] = k->binmask_length = 0;
}

View File

@ -4,7 +4,8 @@
#if __UNIX__
#include <regex.h>
R_API int r_search_regexp_update(RSearch *s, ut64 from, const ut8 *buf, int len) {
R_API int r_search_regexp_update(void *_s, ut64 from, const ut8 *buf, int len) {
RSearch *s = (RSearch*)_s;
struct list_head *pos;
char *buffer = malloc (len+1);
char *skipz, *end;

View File

@ -4,11 +4,14 @@
R_API int r_search_init(RSearch *s, int mode) {
memset (s,'\0', sizeof (RSearch));
if (!r_search_set_mode (s, mode))
if (!r_search_set_mode (s, mode)) {
eprintf ("Cannot init search for mode %d\n", mode);
return R_FALSE;
}
s->mode = mode;
s->user = NULL;
s->callback = NULL;
s->distance = 0;
s->pattern_size = 0;
s->string_max = 255;
s->string_min = 3;
@ -45,27 +48,42 @@ R_API int r_search_set_string_limits(RSearch *s, ut32 min, ut32 max) {
}
R_API int r_search_set_mode(RSearch *s, int mode) {
int ret = R_FALSE;
int ret;
s->update = NULL;
switch (mode) {
case R_SEARCH_KEYWORD:
case R_SEARCH_REGEXP:
case R_SEARCH_PATTERN:
case R_SEARCH_STRING:
s->update = r_search_mybinparse_update;
break;
case R_SEARCH_XREFS:
s->update = r_search_xrefs_update;
break;
case R_SEARCH_REGEXP:
s->update = r_search_regexp_update;
break;
case R_SEARCH_AES:
s->update = r_search_aes_update;
break;
case R_SEARCH_STRING:
s->update = r_search_strings_update;
break;
case R_SEARCH_PATTERN:
//ret += r_search_pattern_update(buf, s->pattern_size
break;
}
if (s->update) {
s->mode = mode;
ret = R_TRUE;
}
} else ret = R_FALSE;
return ret;
}
/* control */
R_API int r_search_begin(RSearch *s) {
struct list_head *pos;
list_for_each_prev (pos, &s->kws) {
RSearchKeyword *kw = list_entry (pos, RSearchKeyword, list);
kw->count = 0;
kw->idx = 0;
kw->idx[0] = 0;
kw->distance = 0;//s->distance;
}
#if 0
/* TODO: compile regexpes */
@ -91,38 +109,61 @@ R_API int r_search_hit_new(RSearch *s, RSearchKeyword *kw, ut64 addr) {
}
// TODO: move into a plugin */
R_API int r_search_mybinparse_update(RSearch *s, ut64 from, const ut8 *buf, int len) {
// TODO: This algorithm can be simplified by just using a non-distance search
// ... split this algorithm in two for performance
R_API int r_search_mybinparse_update(void *_s, ut64 from, const ut8 *buf, int len) {
struct list_head *pos;
int i, count = 0;
int i, j, hit, count = 0;
RSearch *s = (RSearch*)_s;
for (i=0; i<len; i++) {
list_for_each_prev (pos, &s->kws) {
RSearchKeyword *kw = list_entry(pos, RSearchKeyword, list);
ut8 ch = kw->bin_keyword[kw->idx];
ut8 ch2 = buf[i];
if (kw->binmask_length != 0 && kw->idx < kw->binmask_length) {
ch &= kw->bin_binmask[kw->idx];
ch2 &= kw->bin_binmask[kw->idx];
}
if (ch == ch2) {
kw->idx++;
if (kw->idx == kw->keyword_length) {
r_search_hit_new (s, kw, (ut64)
from+i-kw->keyword_length+1);
kw->idx = 0;
kw->count++;
RSearchKeyword *kw = list_entry (pos, RSearchKeyword, list);
for (j=0;j<=kw->distance;j++) {
ut8 ch = kw->bin_keyword[kw->idx[j]];
ut8 ch2 = buf[i];
if (kw->binmask_length != 0 && kw->idx[j]<kw->binmask_length) {
ch &= kw->bin_binmask[kw->idx[j]];
ch2 &= kw->bin_binmask[kw->idx[j]];
}
} else kw->idx = 0;
count++;
if (ch != ch2) {
if (kw->distance<s->distance) {
kw->idx[kw->distance+1] = kw->idx[kw->distance];
kw->distance++;
hit = R_TRUE;
} else {
kw->idx[0] = 0;
kw->distance = 0;
hit = R_FALSE;
}
} else hit = R_TRUE;
if (hit) {
kw->idx[j]++;
if (kw->idx[j] == kw->keyword_length) {
r_search_hit_new (s, kw, (ut64)
from+i-kw->keyword_length+1);
kw->idx[0] = 0;
kw->distance = 0;
kw->count++;
count++;
}
}
}
}
count = 0;
}
return count;
}
R_API int r_search_set_pattern_size(RSearch *s, int size) {
R_API void r_search_set_distance(RSearch *s, int dist) {
if (dist>=R_SEARCH_DISTANCE_MAX) {
eprintf ("Invalid distance\n");
s->distance = 0;
} else s->distance = (dist>0)?dist:0;
}
R_API void r_search_set_pattern_size(RSearch *s, int size) {
s->pattern_size = size;
return 0;
}
R_API void r_search_set_callback(RSearch *s, RSearchCallback(callback), void *user) {
@ -130,30 +171,18 @@ R_API void r_search_set_callback(RSearch *s, RSearchCallback(callback), void *us
s->user = user;
}
/* TODO: initialize update callback in _init */
/* TODO: initialize update callback in _init or begin... */
R_API int r_search_update(RSearch *s, ut64 *from, const ut8 *buf, long len) {
int ret = 0;
switch (s->mode) {
case R_SEARCH_KEYWORD:
ret += r_search_mybinparse_update (s, *from, buf, len);
break;
case R_SEARCH_XREFS:
r_search_xrefs_update (s, *from, buf, len);
break;
case R_SEARCH_REGEXP:
ret += r_search_regexp_update (s, *from, buf, len);
break;
case R_SEARCH_AES:
ret += r_search_aes_update (s, *from, buf, len);
*from -= R_SEARCH_AES_BOX_SIZE;
break;
case R_SEARCH_STRING:
ret += r_search_strings_update (s, *from, (const char *)buf, len, 0);
break;
case R_SEARCH_PATTERN:
//ret += r_search_pattern_update(buf, s->pattern_size
break;
}
int ret = -1;
if (s->update != NULL) {
ret = s->update (s, *from, buf, len);
if (s->mode == R_SEARCH_AES) {
int l = R_SEARCH_AES_BOX_SIZE;
//*from -= R_SEARCH_AES_BOX_SIZE;
if (len<l) l = len;
return l;
}
} else eprintf ("r_search_update: No search method defined\n");
return ret;
}

View File

@ -52,7 +52,9 @@ static int is_encoded(int encoding, unsigned char c) {
return 0;
}
R_API int r_search_strings_update(struct r_search_t *s, ut64 from, const char *buf, int len, int enc) {
R_API int r_search_strings_update(void *_s, ut64 from, const ut8 *buf, int len) {
RSearch *s = (RSearch *)_s;
const int enc = 0; // hardcoded
int i = 0;
int widechar = 0;
int matches = 0;
@ -60,7 +62,7 @@ R_API int r_search_strings_update(struct r_search_t *s, ut64 from, const char *b
for (i=0; i<len; i++) {
char ch = buf[i];
if (IS_PRINTABLE(ch) || IS_WHITESPACE(ch) || is_encoded(enc, ch)) {
if (IS_PRINTABLE(ch) || IS_WHITESPACE(ch) || is_encoded (enc, ch)) {
str[matches] = ch;
if (matches < sizeof(str))
matches++;

View File

@ -1,6 +1,7 @@
#include <r_search.h>
char *buffer = "helloworldlibisniceandcoolib2loblubljb";
//static char *buffer = "helloworldlibisniceandcoolib2loblubljb";
char *buffer = "helloworldlibisnlizbiceandcoolib2loblubljb";
static int hit(RSearchKeyword *kw, void *user, ut64 addr) {
//const ut8 *buf = (ut8*)user;
@ -9,21 +10,35 @@ static int hit(RSearchKeyword *kw, void *user, ut64 addr) {
}
int main(int argc, char **argv) {
struct r_search_t *rs;
rs = r_search_new (R_SEARCH_KEYWORD);
RSearch *rs = r_search_new (R_SEARCH_KEYWORD);
r_search_kw_add (rs,
r_search_keyword_new_str ("lib", "", NULL));
r_search_set_callback (rs, &hit, buffer);
r_search_set_distance (rs, 0);
printf ("Distance: %d\n", rs->distance);
r_search_begin (rs);
printf("Searching for '%s' in '%s'\n", "lib", buffer);
printf ("Searching for '%s' in '%s'\n", "lib", buffer);
r_search_update_i (rs, 0LL, (ut8*)buffer, strlen(buffer));
printf("--\n");
r_search_set_distance (rs, 4);
printf ("Distance: %d\n", rs->distance);
r_search_begin (rs);
printf ("Searching for '%s' in '%s'\n", "lib", buffer);
r_search_update_i (rs, 0LL, (ut8*)buffer, strlen(buffer));
rs = r_search_free (rs);
printf("--\n");
/* test binmask */
rs = r_search_new (R_SEARCH_KEYWORD);
r_search_kw_add (rs,
r_search_keyword_new_str ("lib", "ff00ff", NULL));
{
RSearchKeyword *kw = r_search_keyword_new_str ("lib", "ff00ff", NULL);
printf ("Keyword (%02x %02x %02x)\n", kw->bin_binmask[0],
kw->bin_binmask[1], kw->bin_binmask[2]);
r_search_kw_add (rs, kw);
}
r_search_set_callback (rs, &hit, buffer);
r_search_begin (rs);
printf ("Searching for '%s' with binmask 'ff00ff' in '%s'\n", "lib", buffer);

View File

@ -3,8 +3,7 @@
#include "r_search.h"
//#include <regex.h>
R_API int r_search_xrefs_update(struct r_search_t *s, ut64 from, const ut8 *buf, int len)
{
R_API int r_search_xrefs_update(void *s, ut64 from, const ut8 *buf, int len) {
// ut8 code[1024];
// ut8 mask[1024];
int count = 0;

View File

@ -1,6 +1,11 @@
r_sign: signature api for radare2
=================================
Commandline:
============
z
Plugins are used to implement data collectors for r_sign.
A data collector is a piece of code that feeds the r_sign

View File

@ -1,4 +1,4 @@
/* radare - LGPL - Copyright 2009 pancake<nopcode.org> */
/* radare - LGPL - Copyright 2009-2010 pancake<nopcode.org> */
#include <r_sign.h>
@ -7,11 +7,29 @@ R_API RSign *r_sign_new() {
}
R_API RSign *r_sign_init(RSign *sig) {
sig->count = 0;
sig->s_byte = sig->s_anal = 0;
INIT_LIST_HEAD (&(sig->items));
return sig;
}
R_API int r_sign_add(RSign *sig, int type, const char *name, const char *arg) {
int ret = R_FALSE;
switch (type) {
case R_SIGN_BYTES:
eprintf ("r_sign_add: TODO (%s)(%s)\n", name, arg);
sig->s_byte++;
break;
default:
case R_SIGN_GRAPH:
eprintf ("r_sign_add: TODO\n");
break;
}
return ret;
}
#if 0
// XXX This shit depends only on the graphing stuff.. will be remove when this part gets working
// XXX : remove.. deprecated stuff
R_API int r_sign_item_set(RSignItem *sig, const char *key, const char *value) {
if (!strcmp (key, "name")) {
strncpy (sig->name, value, sizeof(sig->name));
@ -26,21 +44,11 @@ R_API int r_sign_item_set(RSignItem *sig, const char *key, const char *value) {
// eprintf("%s:%s\n", key, value);
}
// XXX: deprecate here.. must
R_API int r_sign_option(RSign *sig, const char *option) {
/* set options here */
return R_TRUE;
}
// r_sign_item_new
R_API RSignItem *r_sign_add(RSign *sig) {
RSignItem *r;
sig->count ++;
r = (RSignItem *)malloc (sizeof (RSignItem));
memset (r, '\0', sizeof (RSignItem));
list_add_tail (&(r->list), &(sig->items));
return r;
}
R_API int r_sign_load_file(RSign *sig, const char *file) {
int n;
FILE *fd;
@ -72,9 +80,23 @@ R_API int r_sign_load_file(RSign *sig, const char *file) {
fclose (fd);
return n;
}
#endif
#if 0
// r_sign_item_new
R_API RSignItem *r_sign_add(RSign *sig) {
RSignItem *r;
r = (RSignItem *)malloc (sizeof (RSignItem));
memset (r, '\0', sizeof (RSignItem));
list_add_tail (&(r->list), &(sig->items));
return r;
}
#endif
R_API int r_sign_info(RSign *sig) {
eprintf ("Loaded %d signatures\n", sig->count);
eprintf ("Loaded %d signatures\n", sig->s_byte + sig->s_anal);
eprintf (" %d byte signatures\n", sig->s_byte);
eprintf (" %d anal signatures\n", sig->s_anal);
return R_TRUE;
}
@ -89,6 +111,7 @@ R_API RSign *r_sign_free(struct r_sign_t *sig) {
return NULL;
}
/// DEPREACATE
R_API int r_sign_check(struct r_sign_t *sig, const char *binfile) {
if (binfile==NULL) {
eprintf ("No file specified\n");
@ -98,6 +121,7 @@ R_API int r_sign_check(struct r_sign_t *sig, const char *binfile) {
return R_TRUE;
}
/// DEPREACATE
R_API int r_sign_generate(struct r_sign_t *sig, const char *file, FILE *fd) {
eprintf ("Generating signature file for '%s'\n" , file);
return R_TRUE;

View File

@ -19,6 +19,31 @@ static int hex2int (ut8 *val, ut8 c) {
return 0;
}
R_API int r_str_rwx(const char *str) {
int ret = atoi (str);
if (!ret) {
ret |= strchr (str, 'r')?4:0;
ret |= strchr (str, 'w')?2:0;
ret |= strchr (str, 'x')?1:0;
}
return ret;
}
R_API const char *r_str_rwx_i(int rwx) {
static const char *rwxstr[16] = {
[0] = "---",
[1] = "--x",
[2] = "-w-",
[3] = "-wx",
[4] = "r--",
[5] = "r-x",
[6] = "rw-",
[7] = "rwx",
/* ... */
};
return rwxstr[rwx&7]; // 15 for srwx
}
R_API const char *r_str_bool(int b) {
if (b) return "true";
return "false";