radare2-based decompiler and symbol executor

Overview

Radeco

Appveyor Status Build Status Coverage Status

A radare2 based binary analysis framework consisting from the Radeco client, in ./radeco/ directory, ./radeco-lib/ - library where whole high-level logic is located, ./arch-rs/ to abstract the architectures intricacies, ./esil-rs/ to parse the radare2 ESIL, and ./rune/ to perform symbolic execution on top of ESIL. Radeco uses its own intermediate representation, which also has a text representation - RadecoIL.

Is this ready yet?

Nope. There is still a ton of work to do before this can be considered ready. That said, parts of the library are already stable enough to write your own analysis passes and use in your projects.

Usage

Build like a regular rust project, using cargo:

cargo build

To include in your rust project, add to Cargo.toml:

[dependencies.radeco-lib]
git = "https://github.com/radare/radeco"

See examples for usage.

Trace Log

To debug, you may want to enable trace output from various parts of radeco. Build with trace_log feature to enable this:

cargo build --features 'trace_log'

Profiling

Requires gperftools . Check the cpuprofiler repository for more details.

To enable profiling, build with profile feature:

cargo build --features 'profiler'

Wrap the code you want to profile with:

use cpuprofiler::PROFILER;

PROFILER.lock().unwrap().start("./my-prof.profile").unwrap();
// Code you want to sample goes here!
PROFILER.lock().unwrap().stop().unwrap();

Radeco-lib project layout

src/
├── analysis/               Analyzers on SSA form Radeco-IR
├── backend/                Analyzers on C-pseudo code
│   ├── ctrl_flow_struct/   Implementation of `No More Gotos`
│   └── lang_c/             Coverter of C-pseudo code from RadecoFunction
├── frontend/               Loaders of RadecoFunction, RadecoProject
├── middle/                 Constructer, writer, parser of Radeco-IR
│   ├── regfile/            Profile of registers
│   └── ssa/                SSA form of Radeco-IR
└── utils/                  Logger, etc

License

Licensed under The BSD 3-Clause License. Please check COPYING file for complete license.

Comments
  • My vsa

    My vsa

    I did some work on VSA. It is not by far where I want it to be, but I think its a base for future work. (And also I gained a lot of experience with radeco-lib.) I do not expect this to be pulled anytime soon. I just want to make you aware of this work. (And am very interested in your comments - maybe I did something completely unneeded, maybe it's useful)

    I will write here about what I definitely have to change soon. I just really have to go to bed now.

    feature 
    opened by some-username 30
  • Standardize the SSA API

    Standardize the SSA API

    Most functions in the SSA/SSAMod/CFG/CFGMod API follow a certain pattern in naming and arguments. It would be nice to standardize it and have all functions be uniform, making the naming and usage more consistent and predictable.

    enhancement IR discussion 
    opened by sushant94 21
  • Add LICENSE

    Add LICENSE

    I have removed the license commits for two reasons.

    1. it was not discussed, accepted by at least me. Why BSD?

    2. The commit was merged from the web user interface which poluted the commit history with two commits

    opened by radare 15
  • Lower contribution entry barrier

    Lower contribution entry barrier

    I really recommend using another language like C, C++ or Python3 to allow much more people to contribute. I'd recommend Python to allow really fast and easy progress, functionality is much more important than speed, especially in the early stage, later cython, pypy or c-extension can be used to speed up critical parts.

    The target audience is barely familiar with Rust and doesn't want to learn a new language for just this project to contribute. Many people at our chair are looking forward to radeco, but are deterred by Rust.

    This project is an awesome idea in general, but I can assure you it'll be way more successful if it's not based on Rust.

    What do you think?

    EDIT: Switching language seems to be a bad option, so the other thing to improve is to lower the entry barrier by in-repo documentation.

    opened by TheJJ 14
  • Rust package restructuring

    Rust package restructuring

    This is a proposal to restructure the radeco related rust based code and merge the related crates into a single repository that utilizes a Cargo workspace. It would include the following crates:

    • [x] radeco
    • [x] radeco-lib
    • [x] esil-rs
    • [x] arch-rs
    • [ ] radeco-regressions
    • [x] rune

    Depending on future development of rust based components with respect to r2 in general this could become the central point for others as well or kept strictly to radeco related code depending on the amount of overlap.

    Justification

    1. This is a fairly common pattern within the Rust ecosystem where multiple crates are part of a project and dependent on each other.
    2. It aids with versioning code together within development. Instead of having to pin versions in Cargo to master or a specific commit if a change is made in one crate all are kept in lock step so it reduces the risk of broken builds as one part changes
    3. It allows RLS to provide more help such as it's integration for jumping to definitions and looking up code
    4. Less overhead of managing individual repos and keeping them up to date as development is performed on various parts

    Process

    Create a new repository or choose one to be the main one and use git subtree to migrate the git histories of each current repo into the new one that is going to be the primary repo. This will retain all history from all crates within the new one. Lastly, update crates and create the top level workspace for Cargo.

    opened by jrozner 13
  • build failure

    build failure

    environment

    • rustc version: 1.26.0-nightly
    • OS: Ubuntu 16.04

    builds redeco-lib by below command. rustup run nightly cargo build

    the below message occurs and cannot build. error: linking withccfailed: exit code: 1

    opened by kenta7777 13
  • Reference strings in the output

    Reference strings in the output

    define-fun sym.main(unknown) -> unknown {
        bb_0x4004FC.0000():
            %1: $Unknown64 = rsp - #x8
            %2: $Unknown0 = Store(mem, %1, rbp)
            call 0x4003e0(r15=r15, r14=r14, r13=r13, r12=r12, rbp=%1, rbx=rbx, r11=r11, r10=r10, r9=r9, r8=r8, rax=rax, rcx=rcx, rdx=rdx, rsi=rsi, rdi=#x4005c4, rip=rip, cs=cs, cf=cf, pf=pf, af=af, zf=zf, sf=sf, tf=tf, if=if, df=df, of=of, rsp=%1, ss=ss, fs_base=fs_base, gs_base=gs_base, ds=ds, es=es, fs=fs, gs=gs)
            %4: $Unknown64 = Load(%2, [email protected])
            %5: $Unknown64  = [email protected] + #x8
            %6: $Unknown64  = %5 + #x8
            rbp = %4
            rax = #x0
            rsp = %6
            mem = %2
    }
    

    From

    push rbp
    mov rbp, rsp
    mov edi, str.Hello_World
    call sym.imp.puts
    mov eax, 0
    pop rap
    ret
    

    Looks like the string is not referenced in the output

    enhancement easy high-prio 
    opened by Maijin 12
  • sushant94-dev PR

    sushant94-dev PR

    Not for merge. There is still work to be done before this PR is ready to me merged with master.

    EDIT (19th Oct): TODO Before merge:

    • [x] #100
    • [x] #101
    • [x] #102
    • [x] #103

    Edit (27th Oct):

    • [ ] Need to decide which trace statements to keep inside phipalcement.rs, there seem to be too many, but super helpful in debugging.
    opened by sushant94 11
  • parsing json fails on 'tachikoma'

    parsing json fails on 'tachikoma'

    [12:36:45] <mom> minishwoods tools/radeco ‹master*› » ./target/debug/cfg_ssa ../../dc23/ctf-services/services/defcon_finals_2015/tachikoma/tachikoma 
    [12:36:45] <mom> Cannot find function at 0x0002b3f0
    [12:36:45] <mom> thread '<main>' panicked at 'called `Result::unwrap()` on an `Err` value: ParseError(SyntaxError("EOF While parsing value", 1, 1))', ../src/libcore/result.rs:731
    

    http://toonces.cat/tachikoma

    bug 
    opened by crowell 11
  • Standardize analysis stages' APIs

    Standardize analysis stages' APIs

    Right now, radeco-lib have several analysis stages based on SSA (dce, sccp, cse, etc.). There are different APIs of these analyzing stages.

    • Some build a newStruct, others are just a Method.
    • Some are passed a mutable SSA reference and change SSA directly, others are passed an immutable SSA reference and return result SSA.

    It makes both users and coders confused. We might need standardize these analyzing stages's APIs.

    For example, we might make a unified trait for the analysis.

    trait ModAnalyzer<'a> {
        fn new(rmod: &'a mut RadecoModule) -> Self;
        
        fn analyze(&mut self, analyze_all: bool);
        // when analyze_all is 
        //        true: analyze all the functions 
        //        false: only analyze matched functions
    }
    

    All the analyzers should implement the trait. And then we could open an API for RadecoModule for analysis.

    fn do_analysis<T: ModAnalyzer>(&mut self, analyze_all) {
        {
            analyzer = T::new(self);
            analyzer.analyze(funcs, analyze_all);
        }
         <....Some Tail-In Work....>
    }
    

    This way is much more like how LLVM handle passes. And in this way, we could make analyzing parallel if needed.

    Besides, most of analysis stages will change the structure of SSA, and some of them might destroy some invariability of SSA. Using above code, we could do some tail-in work after analyzing, like:

    • verify SSA
    • sort nodes' operands
    opened by ZhangZhuoSJTU 10
  • Add parser for textual ir

    Add parser for textual ir

    Currently, it can roundtrip all the information that was already saved by ir_writer. There's probably still some information that is lost in the process (register state?) but I'm not sure what.

    Will fix #117 when done.

    opened by HMPerson1 10
  • cargo build failed

    cargo build failed

    Received following error when running "cargo build" error[E0554]:#![feature]may not be used on the stable release channel

    For more detailed error information:

         Running `rustc --crate-name radeco_lib --edition=2018 radeco-lib/src/lib.rs --error-format=json --json=diagnostic-rendered-ansi,artifacts --crate-type lib --emit=dep-info,metadata,link -Cembed-bitcode=no -C codegen-units=4 -C debuginfo=2 --cfg 'feature="default"' -C metadata=4c441b8a1ddff7fc -C extra-filename=-4c441b8a1ddff7fc --out-dir /home/muqi/decompile_tool/radeco/target/debug/deps -C incremental=/home/muqi/decompile_tool/radeco/target/debug/incremental -L dependency=/home/muqi/decompile_tool/radeco/target/debug/deps --extern base64=/home/muqi/decompile_tool/radeco/target/debug/deps/libbase64-d1e01b2510910da2.rmeta --extern bit_set=/home/muqi/decompile_tool/radeco/target/debug/deps/libbit_set-1e8c1bc98ad76830.rmeta --extern docopt=/home/muqi/decompile_tool/radeco/target/debug/deps/libdocopt-cdc448c5ead3fcce.rmeta --extern either=/home/muqi/decompile_tool/radeco/target/debug/deps/libeither-e999de2300f8ab06.rmeta --extern esil=/home/muqi/decompile_tool/radeco/target/debug/deps/libesil-1180c3507e3d1058.rmeta --extern fixedbitset=/home/muqi/decompile_tool/radeco/target/debug/deps/libfixedbitset-3c13854e7d3d472a.rmeta --extern lalrpop_util=/home/muqi/decompile_tool/radeco/target/debug/deps/liblalrpop_util-52d1e509cd5e4dce.rmeta --extern lazy_static=/home/muqi/decompile_tool/radeco/target/debug/deps/liblazy_static-0842e599cb52a0bd.rmeta --extern linear_map=/home/muqi/decompile_tool/radeco/target/debug/deps/liblinear_map-445ea8f29d5b4cc7.rmeta --extern num=/home/muqi/decompile_tool/radeco/target/debug/deps/libnum-f4940165ed729008.rmeta --extern petgraph=/home/muqi/decompile_tool/radeco/target/debug/deps/libpetgraph-6eaefcb09edcfffb.rmeta --extern r2api=/home/muqi/decompile_tool/radeco/target/debug/deps/libr2api-7b68a197f4b5411a.rmeta --extern r2pipe=/home/muqi/decompile_tool/radeco/target/debug/deps/libr2pipe-6beaf00353a70ed6.rmeta --extern rayon=/home/muqi/decompile_tool/radeco/target/debug/deps/librayon-e18fe2a45092a532.rmeta --extern regex=/home/muqi/decompile_tool/radeco/target/debug/deps/libregex-ec189bc655c60cbc.rmeta --extern serde_json=/home/muqi/decompile_tool/radeco/target/debug/deps/libserde_json-5bd3b0bc9649cfb0.rmeta --extern typed_arena=/home/muqi/decompile_tool/radeco/target/debug/deps/libtyped_arena-5f32ff7dd3ae186b.rmeta --extern vec_map=/home/muqi/decompile_tool/radeco/target/debug/deps/libvec_map-9b6940e996809247.rmeta`
    error[E0554]: `#![feature]` may not be used on the stable release channel
      --> radeco-lib/src/lib.rs:41:1
       |
    41 | #![feature(box_patterns)]
       | ^^^^^^^^^^^^^^^^^^^^^^^^^
    
    error[E0554]: `#![feature]` may not be used on the stable release channel
      --> radeco-lib/src/lib.rs:42:1
       |
    42 | #![feature(box_syntax)]
       | ^^^^^^^^^^^^^^^^^^^^^^^
    
    error[E0554]: `#![feature]` may not be used on the stable release channel
      --> radeco-lib/src/lib.rs:43:1
       |
    43 | #![feature(slice_patterns)]
       | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
    
    error[E0554]: `#![feature]` may not be used on the stable release channel
      --> radeco-lib/src/lib.rs:44:1
       |
    44 | #![feature(try_trait)]
       | ^^^^^^^^^^^^^^^^^^^^^^
    
    warning: unnecessary braces around method argument
       --> radeco-lib/src/frontend/containers.rs:591:21
        |
    591 |             .filter({ |x| x.1.is_argument() })
        |                     ^^^^^^^^^^^^^^^^^^^^^^^^^ help: remove these braces
        |
        = note: `#[warn(unused_braces)]` on by default
    
    warning: unnecessary braces around method argument
       --> radeco-lib/src/frontend/containers.rs:599:21
        |
    599 |             .filter({ |x| x.1.is_local() })
        |                     ^^^^^^^^^^^^^^^^^^^^^^ help: remove these braces
    
    warning: unnecessary braces around method argument
       --> radeco-lib/src/frontend/containers.rs:607:21
        |
    607 |             .filter({ |x| x.1.is_return() })
        |                     ^^^^^^^^^^^^^^^^^^^^^^^ help: remove these braces
    
    warning: unnecessary braces around method argument
       --> radeco-lib/src/frontend/containers.rs:615:21
        |
    615 |             .filter({ |x| x.1.is_modified() })
        |                     ^^^^^^^^^^^^^^^^^^^^^^^^^ help: remove these braces
    
    error: aborting due to 4 previous errors; 4 warnings emitted
    
    For more information about this error, try `rustc --explain E0554`.
    error: could not compile `radeco-lib`.
    
    Caused by:
      process didn't exit successfully: `rustc --crate-name radeco_lib --edition=2018 radeco-lib/src/lib.rs --error-format=json --json=diagnostic-rendered-ansi,artifacts --crate-type lib --emit=dep-info,metadata,link -Cembed-bitcode=no -C codegen-units=4 -C debuginfo=2 --cfg 'feature="default"' -C metadata=4c441b8a1ddff7fc -C extra-filename=-4c441b8a1ddff7fc --out-dir /home/muqi/decompile_tool/radeco/target/debug/deps -C incremental=/home/muqi/decompile_tool/radeco/target/debug/incremental -L dependency=/home/muqi/decompile_tool/radeco/target/debug/deps --extern base64=/home/muqi/decompile_tool/radeco/target/debug/deps/libbase64-d1e01b2510910da2.rmeta --extern bit_set=/home/muqi/decompile_tool/radeco/target/debug/deps/libbit_set-1e8c1bc98ad76830.rmeta --extern docopt=/home/muqi/decompile_tool/radeco/target/debug/deps/libdocopt-cdc448c5ead3fcce.rmeta --extern either=/home/muqi/decompile_tool/radeco/target/debug/deps/libeither-e999de2300f8ab06.rmeta --extern esil=/home/muqi/decompile_tool/radeco/target/debug/deps/libesil-1180c3507e3d1058.rmeta --extern fixedbitset=/home/muqi/decompile_tool/radeco/target/debug/deps/libfixedbitset-3c13854e7d3d472a.rmeta --extern lalrpop_util=/home/muqi/decompile_tool/radeco/target/debug/deps/liblalrpop_util-52d1e509cd5e4dce.rmeta --extern lazy_static=/home/muqi/decompile_tool/radeco/target/debug/deps/liblazy_static-0842e599cb52a0bd.rmeta --extern linear_map=/home/muqi/decompile_tool/radeco/target/debug/deps/liblinear_map-445ea8f29d5b4cc7.rmeta --extern num=/home/muqi/decompile_tool/radeco/target/debug/deps/libnum-f4940165ed729008.rmeta --extern petgraph=/home/muqi/decompile_tool/radeco/target/debug/deps/libpetgraph-6eaefcb09edcfffb.rmeta --extern r2api=/home/muqi/decompile_tool/radeco/target/debug/deps/libr2api-7b68a197f4b5411a.rmeta --extern r2pipe=/home/muqi/decompile_tool/radeco/target/debug/deps/libr2pipe-6beaf00353a70ed6.rmeta --extern rayon=/home/muqi/decompile_tool/radeco/target/debug/deps/librayon-e18fe2a45092a532.rmeta --extern regex=/home/muqi/decompile_tool/radeco/target/debug/deps/libregex-ec189bc655c60cbc.rmeta --extern serde_json=/home/muqi/decompile_tool/radeco/target/debug/deps/libserde_json-5bd3b0bc9649cfb0.rmeta --extern typed_arena=/home/muqi/decompile_tool/radeco/target/debug/deps/libtyped_arena-5f32ff7dd3ae186b.rmeta --extern vec_map=/home/muqi/decompile_tool/radeco/target/debug/deps/libvec_map-9b6940e996809247.rmeta` (exit code: 1)
    

    How to reproduce?

    Checked following post https://github.com/radareorg/radeco/issues/128 https://github.com/radareorg/radeco/issues/124 https://github.com/radareorg/radeco/issues/327

    and here is my info: My OS: Ubuntu 18.04.5 My arch: x86_64

    rustup has been set as nightly: rustup show Default host: x86_64-unknown-linux-gnu rustup home: /home/muqi/snap/rustup/common/rustup nightly-x86_64-unknown-linux-gnu (directory override for '/home/muqi/decompile_tool/radeco') rustc 1.51.0-nightly (04caa632d 2021-01-30)

    have installed following package from default apt source: pkg-config clang libclang-dev libcapstone3 libcapstone-dev libssl-dev radare2 libradare2-dev

    apt list libcapstone3 libcapstone-dev Listing... Done libcapstone-dev/bionic,now 3.0.4-5 amd64 [installed] libcapstone3/bionic,now 3.0.4-5 amd64 [installed]

    my clang version is 6.0: clang --version clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final) Target: x86_64-pc-linux-gnu Thread model: posix InstalledDir: /usr/bin

    my cargo version: cargo -V cargo 1.46.0

    my rustc version: rustc -V rustc 1.47.0

    opened by Muqi-Zou 2
  • Stabilize used Rust features

    Stabilize used Rust features

    To be able to build it with a stable Rust version:

    #![feature(box_patterns)]
    #![feature(box_syntax)]
    #![feature(slice_patterns)]
    #![feature(try_trait)]
    #![feature(custom_attribute)]
    
    opened by XVilka 0
  • Petgraph and Quickcheck

    Petgraph and Quickcheck

    Currently petgraph doesn't support the most recent quickcheck:

    https://github.com/bluss/petgraph/issues/253

    So once it is fixed we should update our sources as well (enable quickcheck back).

    help wanted 
    opened by XVilka 0
  • AppVeyour and gcc.exe problems

    AppVeyour and gcc.exe problems

    unning `C:\projects\radeco-lib-8ycg0\target\debug\build\backtrace-sys-81eabdbdcb0144d0\build-script-build`
    [backtrace-sys 0.1.28] cargo:rustc-cfg=rbt
    [backtrace-sys 0.1.28] TARGET = Some("i686-pc-windows-gnu")
    [backtrace-sys 0.1.28] OPT_LEVEL = Some("0")
    [backtrace-sys 0.1.28] HOST = Some("i686-pc-windows-gnu")
    [backtrace-sys 0.1.28] CC_i686-pc-windows-gnu = None
    [backtrace-sys 0.1.28] CC_i686_pc_windows_gnu = None
    [backtrace-sys 0.1.28] HOST_CC = None
    [backtrace-sys 0.1.28] CC = None
    [backtrace-sys 0.1.28] CFLAGS_i686-pc-windows-gnu = None
    [backtrace-sys 0.1.28] CFLAGS_i686_pc_windows_gnu = None
    [backtrace-sys 0.1.28] HOST_CFLAGS = None
    [backtrace-sys 0.1.28] CFLAGS = None
    [backtrace-sys 0.1.28] CRATE_CC_NO_DEFAULTS = None
    [backtrace-sys 0.1.28] CARGO_CFG_TARGET_FEATURE = Some("fxsr,mmx,sse,sse2")
    [backtrace-sys 0.1.28] running: "gcc.exe" "-O0" "-ffunction-sections" "-fdata-sections" "-m32" "-I" "src/libbacktrace" "-I" "C:\\projects\\radeco-lib-8ycg0\\target\\debug\\build\\backtrace-sys-d7726cf13f88a8bc\\out" "-fvisibility=hidden" "-DBACKTRACE_SUPPORTED=1" "-DBACKTRACE_USES_MALLOC=1" "-DBACKTRACE_SUPPORTS_THREADS=0" "-DBACKTRACE_SUPPORTS_DATA=0" "-DHAVE_DL_ITERATE_PHDR=1" "-D_GNU_SOURCE=1" "-D_LARGE_FILES=1" "-Dbacktrace_full=__rbt_backtrace_full" "-Dbacktrace_dwarf_add=__rbt_backtrace_dwarf_add" "-Dbacktrace_initialize=__rbt_backtrace_initialize" "-Dbacktrace_pcinfo=__rbt_backtrace_pcinfo" "-Dbacktrace_syminfo=__rbt_backtrace_syminfo" "-Dbacktrace_get_view=__rbt_backtrace_get_view" "-Dbacktrace_release_view=__rbt_backtrace_release_view" "-Dbacktrace_alloc=__rbt_backtrace_alloc" "-Dbacktrace_free=__rbt_backtrace_free" "-Dbacktrace_vector_finish=__rbt_backtrace_vector_finish" "-Dbacktrace_vector_grow=__rbt_backtrace_vector_grow" "-Dbacktrace_vector_release=__rbt_backtrace_vector_release" "-Dbacktrace_close=__rbt_backtrace_close" "-Dbacktrace_open=__rbt_backtrace_open" "-Dbacktrace_print=__rbt_backtrace_print" "-Dbacktrace_simple=__rbt_backtrace_simple" "-Dbacktrace_qsort=__rbt_backtrace_qsort" "-Dbacktrace_create_state=__rbt_backtrace_create_state" "-Dbacktrace_uncompress_zdebug=__rbt_backtrace_uncompress_zdebug" "-o" "C:\\projects\\radeco-lib-8ycg0\\target\\debug\\build\\backtrace-sys-d7726cf13f88a8bc\\out\\src/libbacktrace\\alloc.o" "-c" "src/libbacktrace/alloc.c"
    [backtrace-sys 0.1.28] 
    [backtrace-sys 0.1.28] 
    [backtrace-sys 0.1.28] error occurred: Failed to find tool. Is `gcc.exe` installed? (see https://github.com/alexcrichton/cc-rs#compile-time-requirements for help)
    [backtrace-sys 0.1.28] 
    [backtrace-sys 0.1.28] 
    error: failed to run custom build command for `backtrace-sys v0.1.28`
    Caused by:
      process didn't exit successfully: `C:\projects\radeco-lib-8ycg0\target\debug\build\backtrace-sys-81eabdbdcb0144d0\build-script-build` (exit code: 1)
    --- stdout
    cargo:rustc-cfg=rbt
    TARGET = Some("i686-pc-windows-gnu")
    OPT_LEVEL = Some("0")
    HOST = Some("i686-pc-windows-gnu")
    CC_i686-pc-windows-gnu = None
    CC_i686_pc_windows_gnu = None
    HOST_CC = None
    CC = None
    CFLAGS_i686-pc-windows-gnu = None
    CFLAGS_i686_pc_windows_gnu = None
    HOST_CFLAGS = None
    CFLAGS = None
    CRATE_CC_NO_DEFAULTS = None
    CARGO_CFG_TARGET_FEATURE = Some("fxsr,mmx,sse,sse2")
    running: "gcc.exe" "-O0" "-ffunction-sections" "-fdata-sections" "-m32" "-I" "src/libbacktrace" "-I" "C:\\projects\\radeco-lib-8ycg0\\target\\debug\\build\\backtrace-sys-d7726cf13f88a8bc\\out" "-fvisibility=hidden" "-DBACKTRACE_SUPPORTED=1" "-DBACKTRACE_USES_MALLOC=1" "-DBACKTRACE_SUPPORTS_THREADS=0" "-DBACKTRACE_SUPPORTS_DATA=0" "-DHAVE_DL_ITERATE_PHDR=1" "-D_GNU_SOURCE=1" "-D_LARGE_FILES=1" "-Dbacktrace_full=__rbt_backtrace_full" "-Dbacktrace_dwarf_add=__rbt_backtrace_dwarf_add" "-Dbacktrace_initialize=__rbt_backtrace_initialize" "-Dbacktrace_pcinfo=__rbt_backtrace_pcinfo" "-Dbacktrace_syminfo=__rbt_backtrace_syminfo" "-Dbacktrace_get_view=__rbt_backtrace_get_view" "-Dbacktrace_release_view=__rbt_backtrace_release_view" "-Dbacktrace_alloc=__rbt_backtrace_alloc" "-Dbacktrace_free=__rbt_backtrace_free" "-Dbacktrace_vector_finish=__rbt_backtrace_vector_finish" "-Dbacktrace_vector_grow=__rbt_backtrace_vector_grow" "-Dbacktrace_vector_release=__rbt_backtrace_vector_release" "-Dbacktrace_close=__rbt_backtrace_close" "-Dbacktrace_open=__rbt_backtrace_open" "-Dbacktrace_print=__rbt_backtrace_print" "-Dbacktrace_simple=__rbt_backtrace_simple" "-Dbacktrace_qsort=__rbt_backtrace_qsort" "-Dbacktrace_create_state=__rbt_backtrace_create_state" "-Dbacktrace_uncompress_zdebug=__rbt_backtrace_uncompress_zdebug" "-o" "C:\\projects\\radeco-lib-8ycg0\\target\\debug\\build\\backtrace-sys-d7726cf13f88a8bc\\out\\src/libbacktrace\\alloc.o" "-c" "src/libbacktrace/alloc.c"
    --- stderr
    error occurred: Failed to find tool. Is `gcc.exe` installed? (see https://github.com/alexcrichton/cc-rs#compile-time-requirements for help)
    
    infra 
    opened by XVilka 0
  • Make radeco universal

    Make radeco universal

    In my previous issue in #259 , it seems quite possible to make radeco-lib independent of radare2, thus making everything universal.

    I have dug a little bit, and have some thought about how to implement this. But as I'm quite new to this project and have no knowledge about r2, some discussion and instructions are needed for me to proceed.

    If I'm right about this, current most important communication with r2 includes:

    • Within RadecoProject and RadecoModule: provide some useful information such as calling-convention, register profiles, function symbols, etc.
    • SSA construction from ESIL to Radeco IL

    So my idea about this:

    • For calling-convention and register profile information: use Provider to provide them, a Provider then works as a communication layer between disassembler (radare2, currently) and Radeco-lib. For each useful information, there will be a trait to describe what is needed for Provider to implement.
    • As for SSA construction, in order to reuse construction algorithm, my thought is to invent a new Low IR. This Low IR mostly does what ESIL can do, just be a communication layer between original unknown IR disassembler uses and SSA construction algorithm's input. Then, for a new disassembler, just translate its original IR into this Low IR. Since most IR used by disassemblers remains in non-SSA form, it should be easier to port into Low IR rather than into SSA-like Radeco IR directly.

    Overall, after the modification, the workflow will be:

    • RadecoModule saves the Provider, which is specified when constructing it.
    • Any information need can be retrieved from Provider
    • When constructing SSA, Provider converts its original form IR into Low IR.

    And the instruction I currently need:

    • I have no idea what the "register profile" should look like in Radare2. I have looked up for documentation on this, but little have I found. I know this should describe the registers, but I need more details to define a trait for Providers to implement.
    • Although I have read ESIL's documentation, there are things that I do not quite understand. In The x86 REP prefix in ESIL part I saw control flow related instructions that seem different from normal opcodes. But as I read from example, the control flow is actually an assignment to RIP (which, well, comes back to register profile problem again). Then how are they supposed to be used? And is this documentation complete? I see "TODO"s inside..

    And also, if we all agree to make radeco-lib (and radeco as well maybe?) universal, some decisions may work differently as before. Currently, I see a lot of issues concerning the integration with r2. However, I highly recommend this to happen as this project really has such potential to be not just r2.

    enhancement discussion 
    opened by Escapingbug 7
Owner
radare org
radare org
A fast Rust-based safe and thead-friendly grammar-based fuzz generator

Intro fzero is a grammar-based fuzzer that generates a Rust application inspired by the paper "Building Fast Fuzzers" by Rahul Gopinath and Andreas Ze

null 203 Nov 9, 2022
delegated, decentralized, capabilities based authorization token

Biscuit authentication/authorization token Goals Biscuit is an authentication and authorization token for microservices architectures with the followi

null 580 Jan 1, 2023
Brave's Rust-based adblock engine

Ad Block engine in Rust Native Rust module for Adblock Plus syntax (e.g. EasyList, EasyPrivacy) filter parsing and matching. It uses a tokenisation ap

Brave Software 961 Jan 5, 2023
A utility like pkg-audit for Arch Linux. Based on Arch Security Team data.

arch-audit pkg-audit-like utility for Arch Linux. Based on data from security.archlinux.org collected by the awesome Arch Security Team. Installation

Andrea Scarpino 316 Nov 22, 2022
a grammar based feedback fuzzer

Nautilus NOTE: THIS IS AN OUTDATE REPOSITORY, THE CURRENT RELEASE IS AVAILABLE HERE. THIS REPO ONLY SERVES AS A REFERENCE FOR THE PAPER Nautilus is a

Chair for Sys­tems Se­cu­ri­ty 157 Oct 26, 2022
Automated property based testing for Rust (with shrinking).

quickcheck QuickCheck is a way to do property based testing using randomly generated input. This crate comes with the ability to randomly generate and

Andrew Gallant 2k Dec 27, 2022
🥸P2P gossip network for update transparency, based on pgp 🥸

apt-swarm An attempt to make a secure public p2p protocol that gossips about signed InRelease files to implement an update transparency log. Running a

null 10 Mar 4, 2023
Fast, Concurrent, Rust based Tidal-Media-Downloader implementation.

tdl tdl is a rust implementation of the Python Script Tidal-Media-Downloader. Overview tdl offers significant performance improvements over the origin

null 42 Mar 18, 2023
Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data sources

Kepler — Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data so

Exein.io 101 Nov 12, 2022
Steals browser passwords and cookies and sends to webhook.

Browser-Stealer Steals browser passwords and cookies and sends to webhook. Donating Educational Purposes Only This code is made so you can learn from

RadonCoding 3 Sep 27, 2021
Xori is an automation-ready disassembly and static analysis library for PE32, 32+ and shellcode

Xori - Custom disassembly framework Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and pro

ENDGAME 712 Nov 28, 2022
🕵️‍♀️ Find, locate, and query files for ops and security experts ⚡️⚡️⚡️

Recon Find, locate, and query files for ops and security experts Key Features • How To Use • Download • Contributing • License Key Features Query with

Rusty Ferris Club 11 Dec 16, 2022
Semi-automatic OSINT framework and package manager

sn0int sn0int (pronounced /snoɪnt/) is a semi-automatic OSINT framework and package manager. It was built for IT security professionals and bug hunter

null 1.4k Dec 31, 2022
A Comprehensive Web Fuzzer and Content Discovery Tool

rustbuster A Comprehensive Web Fuzzer and Content Discovery Tool Introduction Check the blog post: Introducing Rustbuster — A Comprehensive Web Fuzzer

Francesco Soncina 467 Dec 26, 2022
A simple menu to keep all your most used one-liners and scripts in one place

Dama Desktop Agnostic Menu Aggregate This program aims to be a hackable, easy to use menu that can be paired to lightweight window managers in order t

null 47 Jul 23, 2022
link is a command and control framework written in rust

link link is a command and control framework written in rust. Currently in alpha. Table of Contents Introduction Features Feedback Build Process Ackno

null 427 Dec 24, 2022
A simple scanner that loops through ips and checks if a minecraft server is running on port 25565

scanolotl Scanolotl is a simple scanner that loops through ips and checks if a minecraft server is running on port 25565. Scanolotl can also preform a

JustFr33z 3 Jul 28, 2022
Rust library for building and running BPF/eBPF modules

RedBPF A Rust eBPF toolchain. Overview The redbpf project is a collection of tools and libraries to build eBPF programs using Rust. It includes: redbp

foniod 1.5k Jan 1, 2023
telemetry aggregation and shipping, last up the ladder

cernan - telemetry aggregation and shipping, last up the ladder Cernan is a telemetry and logging aggregation server. It exposes multiple interfaces f

Postmates Inc. 311 Nov 21, 2022