ellcs/r2.sh

## r2.sh
# get only import names
afl~sym.imp[3]

# get only import addrs
afl~sym.imp[0]

# set breakpoint at 0x0 and 0x1
db $$ @@= `!echo -e "0x0\n0x1"`

# set breakpoint at every imported function
db $$ @@= `afl~sym.imp[0]`

# find all crossreferences of imported methods
axt $$ @@= `afl~sym.imp[0]`
entry0 0x565d614c [CALL] call sym.imp.__libc_start_main
(nofunc) 0x565d631d [CALL] call sym.imp.read
(nofunc) 0x565d643a [CALL] call sym.imp.read
(nofunc) 0x565d63a5 [CALL] call sym.imp.signal
(nofunc) 0x565d63b2 [CALL] call sym.imp.alarm
(nofunc) 0x565d629d [CALL] call sym.imp.perror
(nofunc) 0x565d62d0 [CALL] call sym.imp.perror
(nofunc) 0x565d63f6 [CALL] call sym.imp.strcpy
(nofunc) 0x565d6425 [CALL] call sym.imp.malloc
(nofunc) 0x565d6306 [CALL] call sym.imp.open
(nofunc) 0x565d633d [CALL] call sym.imp.srand
(nofunc) 0x565d63ce [CALL] call sym.imp.mmap
(nofunc) 0x565d640c [CALL] call sym.imp.memset
(nofunc) 0x565d6287 [CALL] call sym.imp.prctl
(nofunc) 0x565d62ba [CALL] call sym.imp.prctl
(nofunc) 0x565d634e [CALL] call sym.imp.rand
(nofunc) 0x565d632b [CALL] call sym.imp.close

# store the addresses of the crossreferences of the import addresses into a file
 axt $$ @@= $(afl~sym.imp[0]) | awk '{ print $2 }' > ./imp_xrefs_addrs.txt

# load the crossreferences of the import addresses, iterate over them and set breakpoints
db $$ @@.imp_xrefs_addrs.txt
0x565d614c: db $$
0x565d631d: db $$
0x565d643a: db $$
0x565d63a5: db $$
0x565d63b2: db $$
0x565d629d: db $$
0x565d62d0: db $$
0x565d63f6: db $$
0x565d6425: db $$
0x565d6306: db $$
0x565d633d: db $$
0x565d63ce: db $$
0x565d640c: db $$
0x565d6287: db $$
0x565d62ba: db $$
0x565d634e: db $$
0x565d632b: db $$
	# get only import names
	afl~sym.imp[3]

	# get only import addrs
	afl~sym.imp[0]

	# set breakpoint at 0x0 and 0x1
	db $$ @@= `!echo -e "0x0\n0x1"`

	# set breakpoint at every imported function
	db $$ @@= `afl~sym.imp[0]`

	# find all crossreferences of imported methods
	axt $$ @@= `afl~sym.imp[0]`
	entry0 0x565d614c [CALL] call sym.imp.__libc_start_main
	(nofunc) 0x565d631d [CALL] call sym.imp.read
	(nofunc) 0x565d643a [CALL] call sym.imp.read
	(nofunc) 0x565d63a5 [CALL] call sym.imp.signal
	(nofunc) 0x565d63b2 [CALL] call sym.imp.alarm
	(nofunc) 0x565d629d [CALL] call sym.imp.perror
	(nofunc) 0x565d62d0 [CALL] call sym.imp.perror
	(nofunc) 0x565d63f6 [CALL] call sym.imp.strcpy
	(nofunc) 0x565d6425 [CALL] call sym.imp.malloc
	(nofunc) 0x565d6306 [CALL] call sym.imp.open
	(nofunc) 0x565d633d [CALL] call sym.imp.srand
	(nofunc) 0x565d63ce [CALL] call sym.imp.mmap
	(nofunc) 0x565d640c [CALL] call sym.imp.memset
	(nofunc) 0x565d6287 [CALL] call sym.imp.prctl
	(nofunc) 0x565d62ba [CALL] call sym.imp.prctl
	(nofunc) 0x565d634e [CALL] call sym.imp.rand
	(nofunc) 0x565d632b [CALL] call sym.imp.close

	# store the addresses of the crossreferences of the import addresses into a file
	axt $$ @@= $(afl~sym.imp[0]) \| awk '{ print $2 }' > ./imp_xrefs_addrs.txt

	# load the crossreferences of the import addresses, iterate over them and set breakpoints
	db $$ @@.imp_xrefs_addrs.txt
	0x565d614c: db $$
	0x565d631d: db $$
	0x565d643a: db $$
	0x565d63a5: db $$
	0x565d63b2: db $$
	0x565d629d: db $$
	0x565d62d0: db $$
	0x565d63f6: db $$
	0x565d6425: db $$
	0x565d6306: db $$
	0x565d633d: db $$
	0x565d63ce: db $$
	0x565d640c: db $$
	0x565d6287: db $$
	0x565d62ba: db $$
	0x565d634e: db $$
	0x565d632b: db $$