initial commit

The script for importing the information provided by GoReSym into
radare2.

3 files changed, 72 insertions, 0 deletions

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..42e26d2
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 hanemile
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..1e67ec0
--- /dev/null
+++ b/README.md
@@ -0,0 +1,5 @@
+# radare2-GoReSym
+
+radare2 script to load the symbol information for the functions in the json result generated by the mandiant/GoReSym project into radare2.
+
+
diff --git a/rename.py b/rename.py
new file mode 100644
index 0000000..9268744
--- /dev/null
+++ b/rename.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+
+"""
+Usage:
+- Extract the symbol information using https://github.com/mandiant/GoReSym
+- Store the output in a file called `goresym_out.txt` 
+- Within radare, execute this script:
+[0x........]> . rename.py
+- Wait
+- Appreciate the symbols within radare2!
+"""
+
+import json, r2pipe, re, sys
+
+r2p = r2pipe.open()
+
+# load the data from the json dump produced by goresym
+with open("goresym_out.txt", "r") as data:
+    content = json.load(data)
+
+    # extract the information we need in order to assemble the radare2 command
+    # used to name the functions
+    userFunctions = content["UserFunctions"]
+    for function in userFunctions:
+        start = function["Start"]
+        end  = function["End"]
+        packageName = function["PackageName"]
+        fullName = function["FullName"]
+
+        fullName = fullName.replace("(", "_").replace(")", "_").replace("*", "_").replace(".", "_").replace("/", "_")
+        fullName = re.sub("[_]+", "_", fullName)
+        fullName = re.sub("(\[.+\])", "", fullName)
+
+        if hex(start) != -1:
+            # delete the existing function defined at that address, should one
+            # have already be defined
+            command = f"af- {hex(start)}"
+            r2p.cmd(command)
+
+            # define the new function with the given name and size
+            command = f"af+ {hex(start)} sym.{fullName} {end-start}"
+            r2p.cmd(command)
+
+            # define a new basic block at address of the function
+            command = f"afb+ {hex(start)} sym.{fullName} {end-start}"
+            r2p.cmd(command)