Yesterday..well this morning..but before going to sleep O:) I commited
into the repository a new namespace for the radare lua api to analyze
code and data.
Actually this matches with the latest changes in the core while
deprecating commands like (pA, pC and pG) into a more logical new
command called 'a' (analyze) to merge all code and data analysis.
So if you want to analyze an opcode you type "ao" and it will show a
hashtable like this one.
[0x00000000]> ao
index = 0
opcode = jg 0x47
size = 2
type = conditional-jump
bytes = 7f 45
base = 0x00000000
jump = 0x00000047
fail = 0x00000002
This output can be easily parsed in lua in this way:
function Radare.Analyze.opcode(addr)
if addr == nil then addr = "" else addr= "@ "..addr end
local res = split(Radare.cmd("ao "..addr),"\n")
local ret = {}
for i = 1, #res do
local line = split(res[i], "=")
ret[chop(line[1])] = chop(line[2])
end
return ret;
end
-------------------
So from our scripts we can write something like this:
--------------------
op = Radare.Analyze.opcode()
print("Attributes for this opcode")
for k,v in pairs(op) do
print (" - "..k.." = "..v)
end
print("Opcode size: "..op["size"])
-- change EIP instead of perform a call
if op["type"] == "call" then
Radare.Debugger.set("eip", op["jump"])
fi
----------------------
Im currently having a look on different APIs like the IDA one to try to
get a good approach to ease the code analysis from scripts.
But for now, using the "ac" command you can analyze code and get the
code blocks with a certain depth. Expect a mostly stable api for
analyzing code blocks, data, opcodes for all the current supported
architectures of radare before the 0.9.7 release. (~20 of Jun)
As you see. using lua as scripting lang for radare is really easy and
extensible, just adapting output of commands and providing a minimal lua
layer to handle it.
PD: Something I have in mind is to provide in a (not near future) an IPC
plugin and an a lua API for communicating different radare instances.
--pancake
_______________________________________________
radare mailing list
[email protected]
http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
