Here's a small list of the latest changes in the development version:
- new command 'ax' to analyze xrefs. doesnt works well on debugger yet
- better integration from radare
- new xrefs -b flag to specify the base address (0x8048000)
- cursor in visual mode can now scroll config.seek
- some examples of code injection scripts in lua (scripts/inject) ..see below
- LWP info support for freebsd + lot of fixups for this platform
- new command 'af' to analyze functions
- tries to identify the beggingin and the end of a function starting in
current seek.
- you can interpret the output to folder code (.af)
- two new IO plugins:
- mmap:// - for mmaping files (chat in hexa? ;D)
- shm:// - to open shared memory sections (quite buggy atm)
[EMAIL PROTECTED]/prg/radare$ cat scripts/inject/inj.lua
---------------------------------------------
-- Example injecting a file and adding a hook
--
function hook_x86(from, to, file)
r.cmd("wf "..file.." @ "..to)
r.cmd("wa jmp "..from)
end
hook_x86(0x8048000, 0x8049000, "/tmp/file")
[EMAIL PROTECTED]/prg/radare$ cat scripts/inject/dump-text.lua
-- flag sections
r.cmd(".!rsc flag-sections $FILE")
r.cmd("eval file.baddr = 0x8048000")
r.cmd("seek section_text");
r.cmd("bsize section_text_end-section_text");
print("-------------");
print(r.cmd("pX"))
r.cmd("q")
[EMAIL PROTECTED]/prg/radare$ cat scripts/inject/Makefile
all:
as shellcode.s
ld shellcode.o -o shellcode
radare -i dump-text.lua shellcode > shellcode.text
this generates a hexpairs file with the bytes of the text section of our
shellcode.s
ready to be injected :)
Enjoy!
--pancake
_______________________________________________
radare mailing list
[email protected]
http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
