1. Главная
  2. Книги
  3. authors Collective of
  4. The Official Radare2 Book
  5. Страница 70
Выбрать главу

bin # binary format parsing plugins

bp # breakpoint plugins

core # core plugins (implement new commands)

crypto # encrypt/decrypt/hash/...

debug # debugger backends

egg # shellcode encoders, etc

fs # filesystems and partition tables

io # io plugins

lang # embedded scripting languages

parse # disassembler parsing plugins

reg # arch register logic

Listing plugins

Some r2 tools have the -L flag to list all the plugins associated to the functionality.

rasm2 -L # list asm plugins

r2 -L # list io plugins

rabin2 -L # list bin plugins

rahash2 -L # list hash/crypto/encoding plugins

There are more plugins in r2land, we can list them from inside r2, and this is done by using the L suffix.

Those are some of the commands:

L # list core plugins

iL # list bin plugins

dL # list debug plugins

mL # list fs plugins

ph # print support hash algoriths

You can use the ? as value to get the possible values in the associated eval vars.

e asm.arch=? # list assembler/disassembler plugins

e anal.arch=? # list analysis plugins

Notes

Note there are some inconsistencies that most likely will be fixed in the future radare2 versions.

IO plugins

All access to files, network, debugger and all input/output in general is wrapped by an IO abstraction layer that allows radare to treat all data as if it were just a file.

IO plugins are the ones used to wrap the open, read, write and 'system' on virtual file systems. You can make radare understand anything as a plain file. E.g. a socket connection, a remote radare session, a file, a process, a device, a gdb session.

So, when radare reads a block of bytes, it is the task of an IO plugin to get these bytes from any place and put them into internal buffer. An IO plugin is chosen by a file's URI to be opened. Some examples:

   • Debugging URIs

$ r2 dbg:///bin/ls<br />

$ r2 pid://1927

   • Remote sessions

$ r2 rap://:1234<br />

$ r2 rap://<host>:1234//bin/ls

   • Virtual buffers

$ r2 malloc://512<br />

shortcut for

$ r2 -

You can get a list of the radare IO plugins by typing radare2 -L:

$ r2 -L

rw_ ar Open ar/lib files [ar|lib]://[file//path] (LGPL3)

rw_ bfdbg BrainFuck Debugger (bfdbg://path/to/file) (LGPL3)

rwd bochs Attach to a BOCHS debugger (LGPL3)

r_d debug Native debugger (dbg:///bin/ls dbg://1388 pidof:// waitfor://) (LGPL3) v0.2.0 pancake

rw_ default open local files using def_mmap:// (LGPL3)

rwd gdb Attach to gdbserver, 'qemu -s', gdb://localhost:1234 (LGPL3)

rw_ gprobe open gprobe connection using gprobe:// (LGPL3)

rw_ gzip read/write gzipped files (LGPL3)

rw_ http http get (http://rada.re/) (LGPL3)

rw_ ihex Intel HEX file (ihex://eeproms.hex) (LGPL)

r__ mach mach debug io (unsupported in this platform) (LGPL)

rw_ malloc memory allocation (malloc://1024 hex://cd8090) (LGPL3)

rw_ mmap open file using mmap:// (LGPL3)

rw_ null null-plugin (nulclass="underline" //23) (LGPL3)

rw_ procpid /proc/pid/mem io (LGPL3)

rwd ptrace ptrace and /proc/pid/mem (if available) io (LGPL3)

rwd qnx Attach to QNX pdebug instance, qnx://host:1234 (LGPL3)

rw_ r2k kernel access API io (r2k://) (LGPL3)

rw_ r2pipe r2pipe io plugin (MIT)

rw_ r2web r2web io client (r2web://cloud.rada.re/cmd/) (LGPL3)

rw_ rap radare network protocol (rap://:port rap://host:port/file) (LGPL3)

rw_ rbuf RBuffer IO plugin: rbuf:// (LGPL)

rw_ self read memory from myself using 'self://' (LGPL3)

rw_ shm shared memory resources (shm://key) (LGPL3)

rw_ sparse sparse buffer allocation (sparse://1024 sparse://) (LGPL3)

rw_ tcp load files via TCP (listen or connect) (LGPL3)

rwd windbg Attach to a KD debugger (windbg://socket) (LGPL3)

rwd winedbg Wine-dbg io and debug.io plugin for r2 (MIT)

rw_ zip Open zip files [apk|ipa|zip|zipall]://[file//path] (BSD)

Implementing a new disassembly plugin

Radare2 has modular architecture, thus adding support for a new architecture is very easy, if you are fluent in C. For various reasons it might be easier to implement it out of the tree. For this we will need to create single C file, called asm_mycpu.c and makefile for it.

The key thing of RAsm plugin is a structure

RAsmPlugin r_asm_plugin_mycpu = {

.name = "mycpu",

.license = "LGPL3",

.desc = "MYCPU disassembly plugin",

.arch = "mycpu",

.bits = 32,

.endian = R_SYS_ENDIAN_LITTLE,

.disassemble = &disassemble

};

where .disassemble is a pointer to disassembly function, which accepts the bytes buffer and length:

static int disassemble(RAsm *a, RAsmOp *op, const ut8 *buf, int len)

Makefile

NAME=asm_snes

R2_PLUGIN_PATH=$(shell r2 -H R2_USER_PLUGINS)

LIBEXT=$(shell r2 -H LIBEXT)

CFLAGS=-g -fPIC $(shell pkg-config --cflags r_anal)

LDFLAGS=-shared $(shell pkg-config --libs r_anal)

OBJS=$(NAME).o

LIB=$(NAME).$(LIBEXT)

alclass="underline" $(LIB)

clean:

rm -f $(LIB) $(OBJS)

$(LIB): $(OBJS)

$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $(LIB)

instalclass="underline"

cp -f asm_mycpu.$(SO_EXT) $(R2_PLUGIN_PATH)

uninstalclass="underline"

rm -f $(R2_PLUGIN_PATH)/asm_mycpu.$(SO_EXT)

asm_mycpu.c

/* radare - LGPL - Copyright 2018 - user */

#include <stdio.h>

#include <string.h>

#include <r_types.h>

#include <r_lib.h>

#include <r_asm.h>

static int disassemble(RAsm *a, RAsmOp *op, const ut8 *buf, int len) {

struct op_cmd cmd = {

.instr = "",

.operands = ""

};

if (len < 2) return -1;

int ret = decode_opcode (buf, len, &cmd);

if (ret > 0) {

snprintf (op->buf_asm, R_ASM_BUFSIZE, "%s %s",

cmd.instr, cmd.operands);

}

return op->size = ret;

}

RAsmPlugin r_asm_plugin_mycpu = {

.name = "mycpu",

.license = "LGPL3",

.desc = "MYCPU disassembly plugin",

.arch = "mycpu",

.bits = 32,

.endian = R_SYS_ENDIAN_LITTLE,

.disassemble = &disassemble

};

#ifndef R2_PLUGIN_INCORE

R_API RLibStruct radare_plugin = {

.type = R_LIB_TYPE_ASM,

~ 70 ~