/* Disassemble binary in range [offset, offset+len] */ void dis_offset(r_disa_s *dis, r_binfmt_s *bin, u64 offset, u64 len) { r_disa_instr_t *instr; u64 length; u64 off; /* Check offset */ if(offset >= bin->mapped_size) R_UTILS_ERR("Offset out of range"); /* Len is out of range, adjust it */ if(len == 0 || len > bin->mapped_size - offset) len = bin->mapped_size - offset; length = 0; while(length < len) { off = offset + length; r_disa_code(dis, bin->mapped+off, bin->mapped_size-off, off, 1); instr = r_disa_next_instr(dis); /* We have disassembled an instruction */ if(instr != NULL) { R_UTILS_PRINT_GREEN_BG_BLACK(dis_options_color, " %.16"PRIx64" ", off); R_UTILS_PRINT_YELLOW_BG_BLACK(dis_options_color, "%-8s ", instr->mnemonic); R_UTILS_PRINT_RED_BG_BLACK(dis_options_color, "%s\n", instr->op_str); length += instr->size; } else { /* Disassembler failed : print BAD instruction */ R_UTILS_PRINT_GREEN_BG_BLACK(dis_options_color, " %.16"PRIx64" ", off); R_UTILS_PRINT_YELLOW_BG_BLACK(dis_options_color, "BAD\n"); length += 1; } } }
static void search_print_all_strings(r_binfmt_s *bin, r_binfmt_segment_s *seg) { u64 i; int cur_len; char flag_str[4]; int found = 0; int addr_size; cur_len = 0; r_binfmt_get_segment_flag_str(flag_str, seg); addr_size = r_binfmt_addr_size(bin->arch); for(i = 0; i < seg->length; i++) { if(isprint(seg->start[i])) { cur_len++; } else { if(cur_len >= search_options_strlen) { if(!r_binfmt_is_bad_addr(search_options_bad, (seg->addr+i)-cur_len, bin->arch)) { R_UTILS_PRINT_BLACK_BG_WHITE(search_options_color, " %s ", flag_str); if(addr_size == 4) { R_UTILS_PRINT_GREEN_BG_BLACK(search_options_color, " %#.8" PRIx32 " ", (u32)((seg->addr + i) - cur_len)); } else { R_UTILS_PRINT_GREEN_BG_BLACK(search_options_color, " %#.16" PRIx64 " ", (seg->addr + i) - cur_len); } R_UTILS_PRINT_WHITE_BG_BLACK(search_options_color, "-> "); R_UTILS_PRINT_RED_BG_BLACK(search_options_color, "%.*s\n", cur_len, (char*)&seg->start[i-cur_len]); found++; } } cur_len = 0; } } R_UTILS_PRINT_YELLOW_BG_BLACK(search_options_color, " %d strings found.\n", found); }
int search_print_bytes_in_mem(r_binfmt_s *bin, byte_t *bytes, u64 len) { r_binfmt_mem_s *m; r_utils_bytes_s b; char *string; char flag_str[4]; int addr_size; u64 i; addr_size = r_binfmt_addr_size(bin->arch); for(m = bin->mlist->head; m != NULL; m = m->next) { if(m->flags & R_BINFMT_MEM_FLAG_PROT_R) { if(len <= m->length) { r_binfmt_get_mem_flag_str(flag_str, m); for(i = 0; i < m->length - len; i++) { if(!r_binfmt_is_bad_addr(search_options_bad, m->addr+i, bin->arch)) { if(!memcmp(m->start+i, bytes, len)) { b.bytes = bytes; b.len = len; string = r_utils_bytes_hexlify(&b); R_UTILS_PRINT_BLACK_BG_WHITE(search_options_color, " %s ", flag_str); if(addr_size == 4) { R_UTILS_PRINT_GREEN_BG_BLACK(search_options_color, " %#.8" PRIx32 " ", (u32)(m->addr + i)); } else { R_UTILS_PRINT_GREEN_BG_BLACK(search_options_color, " %#.16" PRIx64 " ", m->addr + i); } R_UTILS_PRINT_WHITE_BG_BLACK(search_options_color, "-> "); R_UTILS_PRINT_RED_BG_BLACK(search_options_color, "%s\n", string); free(string); return 1; } } } } } } return 0; }
/* Disassemble binary at specified address */ void dis_address(r_disa_s *dis, r_binfmt_s *bin, addr_t addr, u64 len, int stop_next_sym) { r_binfmt_segment_s *seg; r_disa_instr_t *instr; const char *sym; u64 length; u64 off; size_t i, num; int sym_processed = 0; num = r_utils_list_size(&bin->segments); /* Test every loadable segment */ for(i = 0; i < num; i++) { seg = r_utils_list_access(&bin->segments, i); /* addr is in [seg->addr, seg->addr+seg->length] range */ if(addr >= seg->addr && addr <= seg->addr+seg->length) { /* In case of len is out of range */ if(len == 0 || len > seg->length - (addr - seg->addr)) len = seg->length - (addr - seg->addr); length = 0; while(length < len) { off = (addr - seg->addr) + length; r_disa_code(dis, seg->start+off, seg->length-off, seg->addr+off, 1); instr = r_disa_next_instr(dis); /* We have disassembled the instruction, now print it ! */ if(instr != NULL) { /* Print symbol, if it exists */ if((sym = r_binfmt_get_sym_by_addr(bin, instr->address)) != NULL) { if(stop_next_sym) { if(sym_processed > 0) return; else sym_processed++; } R_UTILS_PRINT_YELLOW_BG_BLACK(dis_options_color, "\n<%s>:\n", sym); } if(r_binfmt_addr_size(bin->arch) == 8) { R_UTILS_PRINT_GREEN_BG_BLACK(dis_options_color, " %.16"PRIx64" ", instr->address); } else { R_UTILS_PRINT_GREEN_BG_BLACK(dis_options_color, " %.8"PRIx32" ", (u32)(instr->address)); } R_UTILS_PRINT_YELLOW_BG_BLACK(dis_options_color, "%-8s ", instr->mnemonic); R_UTILS_PRINT_RED_BG_BLACK(dis_options_color, "%s\n", instr->op_str); length += instr->size; } else { /* We have failed to disassemble instruction, print the BAD instruction */ if(r_binfmt_addr_size(bin->arch) == 8) { R_UTILS_PRINT_GREEN_BG_BLACK(dis_options_color, " %.16"PRIx64" ", addr+length); } else { R_UTILS_PRINT_GREEN_BG_BLACK(dis_options_color, " %.8"PRIx32" ", (u32)(addr+length)); } R_UTILS_PRINT_YELLOW_BG_BLACK(dis_options_color, "BAD\n"); length += 1; } } } } }