From e0e02fc8dc475268f76b5ac2e74068d83f2e5d61 Mon Sep 17 00:00:00 2001 From: Emile Date: Wed, 17 Apr 2024 14:23:43 +0200 Subject: initial commit The script for importing the information provided by GoReSym into radare2. --- LICENSE | 21 +++++++++++++++++++++ README.md | 5 +++++ rename.py | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 rename.py diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..42e26d2 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 hanemile + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..1e67ec0 --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +# radare2-GoReSym + +radare2 script to load the symbol information for the functions in the json result generated by the mandiant/GoReSym project into radare2. + + diff --git a/rename.py b/rename.py new file mode 100644 index 0000000..9268744 --- /dev/null +++ b/rename.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python3 + +""" +Usage: +- Extract the symbol information using https://github.com/mandiant/GoReSym +- Store the output in a file called `goresym_out.txt` +- Within radare, execute this script: +[0x........]> . rename.py +- Wait +- Appreciate the symbols within radare2! +""" + +import json, r2pipe, re, sys + +r2p = r2pipe.open() + +# load the data from the json dump produced by goresym +with open("goresym_out.txt", "r") as data: + content = json.load(data) + + # extract the information we need in order to assemble the radare2 command + # used to name the functions + userFunctions = content["UserFunctions"] + for function in userFunctions: + start = function["Start"] + end = function["End"] + packageName = function["PackageName"] + fullName = function["FullName"] + + fullName = fullName.replace("(", "_").replace(")", "_").replace("*", "_").replace(".", "_").replace("/", "_") + fullName = re.sub("[_]+", "_", fullName) + fullName = re.sub("(\[.+\])", "", fullName) + + if hex(start) != -1: + # delete the existing function defined at that address, should one + # have already be defined + command = f"af- {hex(start)}" + r2p.cmd(command) + + # define the new function with the given name and size + command = f"af+ {hex(start)} sym.{fullName} {end-start}" + r2p.cmd(command) + + # define a new basic block at address of the function + command = f"afb+ {hex(start)} sym.{fullName} {end-start}" + r2p.cmd(command) -- cgit 1.4.1