Because radare2 is also an Integrated Development Environment!
To ease your workflow you can use the following script:
#!/bin/sh
if [ ! $# -eq 3 ]; then
echo "Usage: $(basename $0) <arch> <bits> <warrior.asm>"
echo "vifino's lazywarrior. (C) WTFPL"
exit 1
fi
CMD="aei;aeim;s 100; waf $3|.; aer PC=100; aer SP=SP+100qq;Vpp;s 100"
radare2 -a "$1" -b "$2" -c "$CMD" malloc://1024It sets up r2 and ESIL vm and spawns your warrior att offset 0x64 so you can debug it conveniently in Visual Mode.
For example if you have the following x86 32bit bot:
; something.asm
nop
mov eax, 0x16
mov ecx, 0x32
xor eax, ecx
push eax
jmp eaxYou start it with:
bash script.sh x86 32 something.asmIt fires up r2 and you can step through it by pressing s. This allows easy debugging:
- offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
0x00178060 2400 0000 0000 0000 0000 0000 0000 0000 $...............
0x00178070 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00178080 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00178090 0000 0000 0000 0000 0000 0000 0000 0000 ................
oeax 0x00000000 eax 0x00000024 ebx 0x00000000 ecx 0x00000032
edx 0x00000000 esi 0x00000000 edi 0x00000000 esp 0x00178060
ebp 0x00178000 eip 0x00000072 eflags P
0x00000064 90 nop
0x00000065 b816000000 mov eax, 0x16
0x0000006a b932000000 mov ecx, 0x32
0x0000006f 31c8 xor eax, ecx
0x00000071 50 push eax
;-- eip:
0x00000072 ffe0 jmp eax
0x00000074 0000 add byte [eax], al
0x00000076 0000 add byte [eax], al