wk radare list find blog view edit

Radare


Official homepage

Radare started as a commandline hexadecimal editor aiming to use 64 bit offsets
to read and write from/to large raw devices or plain files.

The basic POSIX IO has been wrapped to support multiple IO plugins:

 * haret Remotely read WindowsCE memory ( haret://host:port )
 * ptrace Debugs or attach to a process ( dbg://file or pid://PID )
 * sysproxy Connects to a remote syscallproxy server
 * remote TCP IO ( listen://:port or connect://host:port )
 * gdb Debugs or attach to a process using gdb (gdb://file, gdb://PID, gdb://host:port)
 * posix plain posix file access
 * w32 posix to native w32 api io

The toolchain comes with other tools:

 * rasc shellcode generator and tester (outputs in raw, hexpairs or C)
 * xrefs find crossed references on raw images for ppc, arm and x86
 * hasher hash files or streams data blocks with multiple hashing algorithms
 * rsc command line helpers written in shellscript or perl
 * armasm minimalistic arm assembler
 * xc converts between multiple radix numeric bases

Some rsc tools:

# Command line assembler/disassmbler for x86/arm transparently using objdump/gas/nasm/armasm
$ rsc asm 'mov eax, 0x33'
 b8 21 00 00 00

$ rsc dasm 'b8 21 00 00 00'
 mov eax, 0x33

# scan firmware image for known file formats
$ rsc rfile-foreach my-firmware.fw

# load dwarf information into the debugger
> .!rsc syms-dbg-flag /bin/ls

# generate program graph
$ rsc bin2tab /bin/ls | rsc tab2gml > ls.gml

# assembly dictionary
$ rsc adict mov
 mov moves data from src to dst

# Bindiffing two files
$ bindiff file.orig file | rsc bdcolor 3 | less -r


There'r two current developments for a graphical frontend:

 * gradare Gtk2-C frontend using grsc scripts piped to an vte
 * vala-radare Native Gtk2-Vala frontend embedded inside the radare core implementing an OO api

The debugger now supports:

  * Support for x86/arm linux, *bsd
  * step / step-over
  * dump / restore memory and cpu state from/to disk
  * continue / until user code / until syscall / until fork
  * trace execution (running TRACECMD at a certain debug level)
  * filedescriptor manipulator
  * thread support on linux
  * memory allocation on the child process
  * process memory maps permissions manipulation
  * map files on process memory
  * run syscalls on the child process
  * DRx registers control on Linux
  * breakpoints / watchpoints (hardware and software) support
  * force core dump, jmps and calls
  * signal manipulation
  * process tree

Future:

  * SQL integration with web frontend for bindiffing, tracing, tracediffing, comments, etc..
  * Port the debugger to 64 bit architectures
  * Better debugger support for BSD
  * Port the debugger layer to w32 and Solaris

 Read more