This weekend was not extremely productive for radare, but there was some nice changes, fixups and new commands/ideas that I want to get prepared for the hackaton (day 29).
Here's a list of the new stuff: - Graphs can be now splitted by references (a code reference generates a new node) This is useful while reading calls to functions where pushed values are references to code (like the entrypoint referencing .init, main and so..) - Circular graph nodes can be created (Node.shape = Shape.CIRCLE). I plan to use them as data references and make radare identify what are the contents in a certain address - I have fixed some issues in the code analysis, and implemented a very basic code for creating a virtual machine to be able to emulate code from any architecture in a super-assembly using the arch_aop() functions. My basic idea is to use this engine to emulate some opcodes and be able to determinate register jmps and deobfuscate some stuff. This can be done with the 'av' command (analyze virtual machine). That emulates N opcodes (given as argument) from current seek showing the register changes. With a better code analysis module it will be possible to add a new pseudo architecture called 'aop' (asm.arch=aop) to disassemble any architecture in a pseudo-arch. I have also added a function to analyze code blocks (ab) and a small LUA api to access to it. (It needs more work, and testing) - arch_syscall has been ported to BSD (free,open and net). Needs more work to port the syscall proxy to it (not much work. but a bit of zen :P) and make all the syscall injection engine more arch/os independent to use it from mips for example - New search algorithm (pattern search) : Usage: "/p 10" Looks for streams of bytes repeated between current seek and config.limit (or end of file) of length 10 (or greater). This is cool for identifying unrolled code, headers, and so (Thanks esteve!) - Run the program in another terminal (not in the same of the debugger) $ radare -e child.stdio=/dev/pts/4 -d /bin/ls Fixups: The search engine now works nicer, some updates in rasm, reimplemented bytediff in C (Thanks esteve), Known bugs: Breakpoints and thread management needs more love (they were working fine on previous versions, but they need to be fixed again. I plan to release 0.9.7 with this and the previous shit you'll find in the mercurials changelog before the end of this week. And will start preparing the hackaton headlines. Have fun --pancake _______________________________________________ radare mailing list [email protected] http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
