标题: Ubuntu 22中安装radare2
创建: 2022-09-22 11:26 更新: 2024-11-18 17:13 链接: https://scz.617.cn/unix/202209221126.txt
缺省情况下Ubuntu 22中找不到radare2,只能用snap安装,参看
Getting started https://snapcraft.io/docs/getting-started
aptitude install snapd snap info radare2 snap install --edge --devmode radare2 snap list snap list --all radare2 snap refresh --edge --devmode radare2 snap remove radare2 ls -l /snap/bin/radare2.rasm2 readlink -f /snap/bin/radare2.rasm2
radare2.rasm2是到/usr/bin/snap的符号链接,类似busybox的套路。"/snap/bin"在 PATH环境变量中。
$ radare2.rasm2 -a x86 -b 64 -s intel -o 0 "mov eax,dword [rsp+0x20]" 448b442420
$ radare2.rasm2 -a x86 -b 64 -s att -o 0 -D 448b442420 0x00000000 5 448b442420 movl 0x20(%rsp), %r8d
radare2.rasm2有BUG,目标寄存器是eax,不是r8d,汇编结果已错,反汇编结果自然 对不上。
snap版rasm2无法指定x86.nasm,这需要去snap中找nasm,不会去找/usr/bin/nasm, 但snap中并没有nasm。
$ radare2.rasm2 -a x86.nasm -b 64 -s intel -o 0 "mov eax,dword [rsp+0x20]" ... sh: 1: nasm: not found Error running 'nasm' ...
$ ls -l /snap/radare2/current/usr/bin/rasm2
snap版rasm2实际位于此处,所在目录位于只读文件系统,无法在此创建nasm的符号 链接。
$ cd /snap/radare2/current/usr/bin/ $ ln -s /usr/bin/nasm . ln: failed to create symbolic link './nasm': Read-only file system
rasm2不能指定x86.nasm的话,有些BUG无法规避,snap版rasm2鸡肋了。
虽然Ubuntu 22无法apt安装radare2,但总是可以源码编译安装。
https://github.com/radareorg/radare2
不要用root干这事
cd /home/scz/src
export https_proxy=socks5://
设代理是因为GFW对github有干扰,调整http.postBuffer是为了对付下列错误
error: RPC failed; curl 56 GnuTLS recv error (-9): A TLS packet with unexpected length was received.
install.sh会git下载一些依赖组件的源码,最终sudo时输入当前普通用户密码,以 便安装到/usr/local/bin/去,缺省用ln,而不是cp,有命令行参数改变此行为。
安装结束后回滚临时设置
git config --global --unset http.postBuffer unset https_proxy
测试汇编引擎"x86.nasm"
$ rasm2 -a x86.nasm -b 64 -s intel -o 0 "mov eax,dword [rsp+0x20]" 8b442420
$ rasm2 -a x86 -b 64 -s att -o 0 -D 8b442420 0x00000000 4 8b442420 movl 0x20(%rsp), %eax
"8b442420"是正确的汇编结果,前面那个"448b442420"是错误的汇编结果。
2024-11-18 17:13
我艹,radare2升级后,将rasm2命令行参数变了,目前我碰上几处
old new -s -S -o -s -O -o
$ rasm2 -h Usage: rasm2 [-ACdDehLBvw] [-a arch] [-b bits] [-s addr] [-S syntax] [-f file] [-o file] [-F fil:ter] [-i skip] [-l len] 'code'|hex|0101b|- -a [arch] set architecture to assemble/disassemble (see -L) -A show Analysis information from given hexpairs -b [bits] set cpu register size (8, 16, 32, 64) (RASM2_BITS) -B binary input/output (-l is mandatory for binary input) -c [cpu] select specific CPU (depends on arch) -C output in C format -d, -D disassemble from hexpair bytes (-D show hexpairs) -e use big endian instead of little endian -E display ESIL expression (same input as in -d) -f [file] read data from file -F [in:out] specify input and/or output filters (att2intel, x86.pseudo, ..) -h, -hh show this help, -hh for long -i [len] ignore/skip N bytes of the input buffer -j output in json format -k [kernel] select operating system (linux, windows, darwin, android, ios, ..) -l [len] input/Output length -L list RArch plugins: (a=asm, d=disasm, e=esil) -N same as r2 -N (or R2_NOPLUGINS) (not load any plugin) -o [file] output file name (rasm2 -Bf a.asm -o a) -p run SPP over input for assembly -q quiet mode -r output in radare commands -s,-@ [addr] define initial start/seek address (default 0) -S [syntax] select syntax (intel, att) -v show version information -x use hex dwords instead of hex pairs when assembling. -w what's this instruction for? describe opcode
$ rasm2 -a x86.nasm -b 64 -S intel -s 0 "mov eax,dword [rsp+0x20]" 8b442420
$ rasm2 -a x86 -b 64 -S att -s 0 -D 8b442420 0x00000000 4 8b442420 movl 0x20(%rsp), %eax