mirror of
https://github.com/radareorg/radare2.git
synced 2025-01-28 00:33:36 +00:00
130 lines
3.3 KiB
Groff
130 lines
3.3 KiB
Groff
.Dd Sep 30, 2014
|
|
.Dt RAGG2 1
|
|
.Sh NAME
|
|
.Nm ragg2
|
|
.Nd radare2 frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm.
|
|
.Sh SYNOPSIS
|
|
.Nm ragg2
|
|
.Op Fl a Ar arch
|
|
.Op Fl b Ar bits
|
|
.Op Fl k Ar kernel
|
|
.Op Fl f Ar format
|
|
.Op Fl o Ar file
|
|
.Op Fl i Ar shellcode
|
|
.Op Fl I Ar path
|
|
.Op Fl e Ar encoder
|
|
.Op Fl B Ar hexpairs
|
|
.Op Fl c Ar k=v
|
|
.Op Fl C Ar file
|
|
.Op Fl n Ar num32
|
|
.Op Fl N Ar num64
|
|
.Op Fl d Ar off:dword
|
|
.Op Fl D Ar off:qword
|
|
.Op Fl w Ar off:hexpair
|
|
.Op Fl p Ar padding
|
|
.Op Fl P Ar pattern
|
|
.Op Fl q Ar fragment
|
|
.Op Fl FOLsrxvhz
|
|
.Sh DESCRIPTION
|
|
ragg2 is a frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm.
|
|
.Pp
|
|
This tool is experimental and it is a rewrite of the old rarc2 and rarc2-tool programs as a library and integrated with r_asm and r_bin.
|
|
.Pp
|
|
Programs generated by r_egg are relocatable and can be injected in a running process or on-disk binary file.
|
|
.Pp
|
|
ragg2-cc is another tool that comes with r2 and it is used to generate shellcodes from C code. The final code can be linked with rabin2 and it is relocatable, so it can be used to inject it on any remote process.
|
|
.Pp
|
|
ragg2-cc is conceptually based on shellforge4, but only linux/osx x86-32/64 platforms are supported.
|
|
.Sh DIRECTIVES
|
|
.Pp
|
|
The rr2 (ragg2) configuration file accepts the following directives, described as key=value entries and comments defined as lines starting with '#'.
|
|
.Bl -tag -width Fl
|
|
.It Fl a Ar arch
|
|
set architecture x86, arm
|
|
.It Fl b Ar bits
|
|
32 or 64
|
|
.It Fl k Ar kernel
|
|
windows, linux or osx
|
|
.It Fl f Ar format
|
|
select binary format (pe, elf, mach0)
|
|
.It Fl o Ar file
|
|
output file to write result of compilation
|
|
.It Fl i Ar shellcode
|
|
specify shellcode name to be used (see \-L)
|
|
.It Fl e Ar encoder
|
|
specify encoder name to be used (see \-L)
|
|
.It Fl B Ar hexpair
|
|
specify shellcode as hexpairs
|
|
.It Fl c Ar k=v
|
|
set configure option for the shellcode encoder. The argument must be key=value.
|
|
.It Fl C Ar file
|
|
include contents of file
|
|
.It Fl d Ar off:dword
|
|
Patch final buffer with given dword at specified offset
|
|
.It Fl D Ar off:qword
|
|
Patch final buffer with given qword at specified offset
|
|
.It Fl w Ar off:hexpairs
|
|
Patch final buffer with given hexpairs at specified offset
|
|
.It Fl n Ar num32
|
|
Append a 32bit number in little endian
|
|
.It Fl N Ar num64
|
|
Append a 64bit number in little endian
|
|
.It Fl p Ar padding
|
|
Specify generic paddings with a format string.
|
|
.It Fl P Ar size
|
|
Prepend debruijn sequence of given length.
|
|
.It Fl q Ar fragment
|
|
Output offset of debruijn sequence fragment.
|
|
.It Fl F
|
|
autodetect native file format (osx=mach0, linux=elf, ..)
|
|
.It Fl O
|
|
use default output file (filename without extension or a.out)
|
|
.It Fl I Ar path
|
|
add include path
|
|
.It Fl s
|
|
show assembler code
|
|
.It Fl r
|
|
show raw bytes instead of hexpairs
|
|
.It Fl x
|
|
execute (just-in-time)
|
|
.It Fl z
|
|
output in C string syntax
|
|
.El
|
|
.Sh EXAMPLE
|
|
.Pp
|
|
$ cat hi.r
|
|
/* hello world in r_egg */
|
|
write@syscall(4); //x64 write@syscall(1);
|
|
exit@syscall(1); //x64 exit@syscall(60);
|
|
.Pp
|
|
main@global(128) {
|
|
.var0 = "hi!\\n";
|
|
write(1,.var0, 4);
|
|
exit(0);
|
|
}
|
|
$ ragg2 \-O \-F hi.r
|
|
$ ./hi
|
|
hi!
|
|
.Pp
|
|
.Pp
|
|
$ cat hi.c
|
|
main() {
|
|
write(1, "Hello\n", 6);
|
|
exit(0);
|
|
}
|
|
$ ragg2 hi.c
|
|
$ ./hi.c.bin
|
|
Hello
|
|
.Sh SEE ALSO
|
|
.Pp
|
|
.Xr radare2(1) ,
|
|
.Xr rahash2(1) ,
|
|
.Xr rafind2(1) ,
|
|
.Xr rabin2(1) ,
|
|
.Xr rafind2(1) ,
|
|
.Xr radiff2(1) ,
|
|
.Xr rasm2(1) ,
|
|
.Sh AUTHORS
|
|
.Pp
|
|
Written by pancake <pancake@nopcode.org>.
|