this is a reversing platform for bsd/linux x86
it takes inspiration from secdev's python ptrace tool and vtrace and PAIMEI
libdasm + pydasm from nologin.org kicks ass
MAJOR TODO:
-> use secdevs ptrace interface, its much nicer
(could simplify it though)
TODO:
merge x86 helper functions and target interface: status =almost complete
halting problem
Features:
. hit trace debugging
. more useful disassembly
. major c++ features
. vtti
Dwarf
OS X support
Goals:
-> be resilient to failure and true to execution. gdb, ltrace fail on stripped binaries,
they depend on section headers + symbol information (which are independent of
data+execution)
most tools fail miserably with corrupted shdr information
...
-> Allow for flexible, interactive annotations
-> Allow active reversing from opcodez -> C
Contributions Wanted:
-> GUI
... annotations
... pretty graphs
-> user config for colors
-> scripting interface for annotating functions and code patterns
(IL representation may be needed)
------------
Code guidelines
target.py
-> abstracted interface for dealing with binary formats and
architectures
elf.py
-> everything ELF related
platform specific ELF things go in here as well (and may be messy)
keep code related stuff out of here, this is just for the file format
x86.py
-> lower level implementations for x86
:: finding functions
:: making graphs
:: disassembling
:: resolving extended info
(the format itself should do most of symbols)
breakpoints.py
-> abstracted interface for dealing with debugging information
things to fully support on each architecture
1) Breakpoints
hardware (debug registers) and software (int3s)
single-stepping [if supported]
2) Reading/Writing to another processes' memory space
3) Hooks
Support for hooking the entry and exit points
of routines or specified memory addresses.
platforms.py
platform implementations of things
-> breakpoints.py support
-> ?
trace.py
-> use the above functionality to trace a process
(and fuzz input / monitor code coverage/ or whatever the goal may be)
main.py
-> does some stuff
-----------------------------------
A Target() should implement the following
data
.segments list of memory segments
.mem sliceabley accessible memory (read-only for a file, rw for a running proc)
.functions list of function code blocks
.blocks XXX
.imports XXX list of imported functions (from libraries, etc)
.exports XXX list of exported functions
.symbols XXX list of all symbols
.format XX binary format of the target
add_func(addr)
has_func(addr)
find_func(addr)
find_functions() scan for all functions
resolve_symbols() use resolver info/debugging data to find symbols
disas(addr, sz=0) dump code starting at memory address until a reasonable end or specified end
dump_symbols() XXX
dump_code() display all code to stdout, make it pretty and useful if possible
-=-=-
Active targets
mem[] array is writeable :: XXX todo
TESTING TODO: DONE , seems to work
FreeBSD
attach()
detach()
start()
end()
cont()
stop()
read()
write()
getregs()
setregs()
getpc()
setpc()
get_events()