Monday 22 February 2016
» » » » » » A Linux-Based Janky Assembly REPL Tool For x86, amd64, And armv7
0 comments
23:46:00

A Linux-Based Janky Assembly REPL Tool For x86, amd64, And armv7

A Linux-Based Janky Assembly REPL Tool For x86, amd64, And armv7

A Linux-Based Janky Assembly REPL Tool For x86, amd64, and armv7.


Rappel is a janky assembly REPL which works starting it under ptrace, by creating shell ELF, then continuously rewriting/running the .text section. Rappel supports on amd64, armv7 and Linux x86.


Features Of Rappel:

Rappel provides many features some of them are:

To-dos: It is associated with the currently worked project. To-dos lists contain specific To-dos, assign & reassign to team members, set due dates, mark To-dos and add To-dos and you can also view them.

Overview: It enables us to view discussions, files of our project and to-dos also. It also shows us the activity of other people associated with our projects. It contains Key dates and events.

Discussions: This feature allows us to view discussions around To-dos within your projects.

Files: It allows quick access to the project files.

How to install Rappel:

The only dependencies are libedit an assembler (nasm on x86/amd64, as on ARM) , which on debian can be installed with thelibedit-dev and nasm/binutils packages.
$ CC=clang make

It should work fine with gcc, albiet with a few more warnings.

By default rappel is compiled with your native architecture. If you're on amd64 and want to target x86 you can do this with

$ ARCH=i386 CC=clang make

For the functioning of rappel, the architecture of the main rappel binary must match that of the process it creates, and the host must be able to run binaries of this architecture.


For Running:

Rappel has two modes it can operate in. A pipe mode for one off things.

$ echo "inc eax" | bin/rappel
rax:0x0000000000000001  rbx:0x0000000000000000  rcx:0x0000000000000000  rdx:0x0000000000000000
rsi:0x0000000000000000  rdi:0x0000000000000000  r8 :0x0000000000000000  r9 :0x0000000000000000
r10:0x0000000000000000  r11:0x0000000000000000  r12:0x0000000000000000  r13:0x0000000000000000
r14:0x0000000000000000  r15:0x0000000000000000
rip:0x0000000000400003  rsp:0x00007fffffffee80  rbp:0x0000000000000000
flags:0x0000000000000202 [CF: 0, ZF: 0, OF: 0, SF: 0, PF: 0, AF: 0]
$

Or an interactive mode:

$ bin/rappel
rax:0x0000000000000000  rbx:0x0000000000000000  rcx:0x0000000000000000  rdx:0x0000000000000000
rsi:0x0000000000000000  rdi:0x0000000000000000  r8 :0x0000000000000000  r9 :0x0000000000000000
r10:0x0000000000000000  r11:0x0000000000000000  r12:0x0000000000000000  r13:0x0000000000000000
r14:0x0000000000000000  r15:0x0000000000000000
rip:0x0000000000400001  rsp:0x00007fffffffee80  rbp:0x0000000000000000
flags:0x0000000000000202 [CF: 0, ZF: 0, OF: 0, SF: 0, PF: 0, AF: 0]
> inc rax
rax:0x0000000000000001  rbx:0x0000000000000000  rcx:0x0000000000000000  rdx:0x0000000000000000
rsi:0x0000000000000000  rdi:0x0000000000000000  r8 :0x0000000000000000  r9 :0x0000000000000000
r10:0x0000000000000000  r11:0x0000000000000000  r12:0x0000000000000000  r13:0x0000000000000000
r14:0x0000000000000000  r15:0x0000000000000000
rip:0x0000000000400004  rsp:0x00007fffffffee80  rbp:0x0000000000000000
flags:0x0000000000000202 [CF: 0, ZF: 0, OF: 0, SF: 0, PF: 0, AF: 0]
> push rax
rax:0x0000000000000001  rbx:0x0000000000000000  rcx:0x0000000000000000  rdx:0x0000000000000000
rsi:0x0000000000000000  rdi:0x0000000000000000  r8 :0x0000000000000000  r9 :0x0000000000000000
r10:0x0000000000000000  r11:0x0000000000000000  r12:0x0000000000000000  r13:0x0000000000000000
r14:0x0000000000000000  r15:0x0000000000000000
rip:0x0000000000400002  rsp:0x00007fffffffee78  rbp:0x0000000000000000
flags:0x0000000000000202 [CF: 0, ZF: 0, OF: 0, SF: 0, PF: 0, AF: 0]
> pop rbx
rax:0x0000000000000001  rbx:0x0000000000000001  rcx:0x0000000000000000  rdx:0x0000000000000000
rsi:0x0000000000000000  rdi:0x0000000000000000  r8 :0x0000000000000000  r9 :0x0000000000000000
r10:0x0000000000000000  r11:0x0000000000000000  r12:0x0000000000000000  r13:0x0000000000000000
r14:0x0000000000000000  r15:0x0000000000000000
rip:0x0000000000400002  rsp:0x00007fffffffee80  rbp:0x0000000000000000
flags:0x0000000000000202 [CF: 0, ZF: 0, OF: 0, SF: 0, PF: 0, AF: 0]
> cmp rax, rbx
rax:0x0000000000000001  rbx:0x0000000000000001  rcx:0x0000000000000000  rdx:0x0000000000000000
rsi:0x0000000000000000  rdi:0x0000000000000000  r8 :0x0000000000000000  r9 :0x0000000000000000
r10:0x0000000000000000  r11:0x0000000000000000  r12:0x0000000000000000  r13:0x0000000000000000
r14:0x0000000000000000  r15:0x0000000000000000
rip:0x0000000000400004  rsp:0x00007fffffffee80  rbp:0x0000000000000000
flags:0x0000000000000246 [CF: 0, ZF: 1, OF: 0, SF: 0, PF: 0, AF: 0]
> ^D
$

x86 looks like:

$ echo "nop" | bin/rappel
eax:0x00000000  ebx:0x00000000  ecx:0x00000000  edx:0x00000000
esi:0x00000000  edi:0x00000000
eip:0x00400002  esp:0xffffdf10  ebp:0x00000000
flags:0x00000202 [CF: 0, ZF: 0, OF: 0, SF: 0, PF: 0, AF: 0]
$

ARM looks like:

$ echo "nop" | bin/rappel
R0 :0x00000000  R1 :0x00000000  R2 :0x00000000  R3 :0x00000000
R4 :0x00000000  R5 :0x00000000  R6 :0x00000000  R7 :0x00000000
R8 :0x00000000  R9 :0x00000000  R10:0x00000000
FP :0x00000000  IP :0x00000000
SP :0xbe927f30  LR :0x00000000  PC :0x00400004
APSR:0x00000010
$


Share This To :

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)
 
Toggle Footer
Top