radareorg / radare2-extras Goto Github PK

Source graveyard and random candy for radare2

License: GNU Lesser General Public License v3.0

Shell 0.09% C 96.01% Makefile 0.38% CSS 0.02% Awk 0.03% C++ 1.21% Vala 0.15% Python 0.52% JavaScript 0.29% HTML 0.08% Rebol 0.66% Assembly 0.17% Batchfile 0.01% M4 0.01% R 0.03% Rust 0.06% Roff 0.01% Pawn 0.27% Perl 0.01% D 0.01%

radare2 r2pm

radare2-extras's Introduction

radare2-extras

This repository contains extra plugins for radare2.

The reasons why those plugins are distributed in a separate repository are the following:

Depends on external libraries (yara, ewf)
Marginal/specific use (ctf-specific asm/anal vm f.ex)
r2 must be self-contained (no optional/external deps)
Simplify packagers work, and makes it more flexible
Duplicates functionality from r2 (no need to have multiple disassemblers for the same arch in core)

The compiled plugins will be installed at

/usr/lib/radare2-extras/$(VERSION)

Some of the plugins/code doesnt compiles, it will be reviewed and cleaned up, merged into core, updated or removed.

In addition, this repository will be useful to new contributors, comers who want to write his own r2 plugins for example.

The aim of this repository is to make the master radare2 repository to be as concise as possible, and reduce the amount of unnecessary plugins to shrink the install size and keep it usable for 99% of users.

Building

The recommended way to build and install those plugins for users is to use r2pm. See the radare2 plugins documentation for details.

radare2-extras's People

Contributors

Stargazers

Watchers

Forkers

peterclemenko sanguinawer hotelzululima ninjahacker synthor sha0coder billymeter davispuh crowell bigendiansmalls cephurs zined andy737 q6r grandemk normallytangent lukas-dresel ret2libc xn0px90 zlowram maijin gareth8118 ibabushkin l4l r-jenish vpaulv tjemg saucec0de snare alexkornitzer j123123 leberus fabianfreyer nevun srimantabarua geek guedou mrexodia kamou goyo2600 drozdziak1 team-firebugs mgarcir whb224117 wenzel scvsh sadesyllas silur cuu ilovezfs ultramango zamaudio jroimartin xzcvczx hewittc cloudxtreme d4em0n yssource rlaemmert douardda anutrix condret eo-zanzo reanimat0r fgsch kamos86 stevenjohnstone mrmacete aronsky bwry cyru dissonant-research meme huseyinozkilic harmzway logerse ehooo sylvainpelissier pelijah babakmenbari seabreg andelf fxti 5l1v3r1 jerome-ps abcsup emilbayes peymanmajidi lucianmaxx darkreaper-skmc masterscott aemmitt-ns hartl3y94 shadorain crackercat delspon mattdf dvestal thejeon clayne

radare2-extras's Issues

Upgrade BEA engine and package the asm/anal plugs in r2pm

https://github.com/BeaEngine/beaengine

debug_unicorn.c:215:8: error: ‘RIOSection {aka struct r_io_section_t}’ has no member named ‘rwx’ sect->rwx, 0);

Fresh from git as of Apr 1, 2017

$ r2pm -i unicorn
... 
Final report:
 - PREFIX = /root/.config/radare2/prefix
make: Entering directory '/root/.config/radare2/r2pm/git/radare2-extras/unicorn'
make -C ../libr/debug clean
make[1]: Entering directory '/root/.config/radare2/r2pm/git/radare2-extras/libr/debug'
make -C p clean
make[2]: Entering directory '/root/.config/radare2/r2pm/git/radare2-extras/libr/debug/p'
Makefile:21: warning: overriding recipe for target 'debug_unicorn.so'
unicorn.mk:15: warning: ignoring old recipe for target 'debug_unicorn.so'
rm *.so *.o
rm: cannot remove '*.so': No such file or directory
rm: cannot remove '*.o': No such file or directory
Makefile:31: recipe for target 'clean' failed
make[2]: *** [clean] Error 1
make[2]: Leaving directory '/root/.config/radare2/r2pm/git/radare2-extras/libr/debug/p'
Makefile:5: recipe for target 'clean' failed
make[1]: *** [clean] Error 2
make[1]: Leaving directory '/root/.config/radare2/r2pm/git/radare2-extras/libr/debug'
Makefile:6: recipe for target 'clean' failed
make: *** [clean] Error 2
make: Leaving directory '/root/.config/radare2/r2pm/git/radare2-extras/unicorn'
make: Entering directory '/root/.config/radare2/r2pm/git/radare2-extras/unicorn'
make -C ../libr/debug
make[1]: Entering directory '/root/.config/radare2/r2pm/git/radare2-extras/libr/debug'
make -C p
make[2]: Entering directory '/root/.config/radare2/r2pm/git/radare2-extras/libr/debug/p'
Makefile:21: warning: overriding recipe for target 'debug_unicorn.so'
unicorn.mk:15: warning: ignoring old recipe for target 'debug_unicorn.so'
gcc -I/root/.config/radare2/prefix/include -I/usr/include/libr -g -I/usr/local/include -L/usr/local/lib -I/usr/include/libr -g -DHAVE_PKGCFG_UNICORN=1 -I/root/.config/radare2/prefix/include -fPIC -L/root/.config/radare2/prefix/lib -lr_debug -lr_reg -lr_anal -lr_bp -lr_io -lr_parse -lr_cons -lr_syscall -lr_hash -lr_flag -lr_util -lr_socket -lr_reg -lr_util -g  -c debug_unicorn.c -o debug_unicorn.o
debug_unicorn.c: In function ‘r_debug_unicorn_map_get’:
debug_unicorn.c:215:8: error: ‘RIOSection {aka struct r_io_section_t}’ has no member named ‘rwx’
    sect->rwx, 0);
        ^~
debug_unicorn.c: In function ‘r_debug_unicorn_init’:
debug_unicorn.c:544:11: error: ‘RIOSection {aka struct r_io_section_t}’ has no member named ‘rwx’
   if (sect->rwx & R_IO_READ) perms |= UC_PROT_READ;
           ^~
debug_unicorn.c:545:11: error: ‘RIOSection {aka struct r_io_section_t}’ has no member named ‘rwx’
   if (sect->rwx & R_IO_WRITE) perms |= UC_PROT_WRITE;
           ^~
debug_unicorn.c:546:11: error: ‘RIOSection {aka struct r_io_section_t}’ has no member named ‘rwx’
   if (sect->rwx & R_IO_EXEC) perms |= UC_PROT_EXEC;
           ^~
debug_unicorn.c:554:13: error: ‘RIOSection {aka struct r_io_section_t}’ has no member named ‘rwx’
   if (!(sect->rwx & 1))
             ^~
debug_unicorn.c:561:14: error: ‘RIO {aka struct r_io_t}’ has no member named ‘raw’
   dbg->iob.io->raw = 0;
              ^~
debug_unicorn.c: At top level:
debug_unicorn.c:646:12: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types]
  .detach = &r_debug_unicorn_detach,
            ^
debug_unicorn.c:646:12: note: (near initialization for ‘r_debug_plugin_unicorn.detach’)
debug_unicorn.c:651:10: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types]
  .pids = &r_debug_unicorn_pids,
          ^
debug_unicorn.c:651:10: note: (near initialization for ‘r_debug_plugin_unicorn.pids’)
debug_unicorn.c:652:10: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types]
  .tids = &r_debug_unicorn_tids,
          ^
debug_unicorn.c:652:10: note: (near initialization for ‘r_debug_plugin_unicorn.tids’)
Makefile:15: recipe for target 'debug_unicorn.o' failed
make[2]: *** [debug_unicorn.o] Error 1
make[2]: Leaving directory '/root/.config/radare2/r2pm/git/radare2-extras/libr/debug/p'
Makefile:2: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/root/.config/radare2/r2pm/git/radare2-extras/libr/debug'
Makefile:2: recipe for target 'all' failed
make: *** [all] Error 2
make: Leaving directory '/root/.config/radare2/r2pm/git/radare2-extras/unicorn'

mdmp false install

I got inspired by the radare.today post about analyzing minidumps with r2 and followed along.
I've installed radare from the git master repo and then installed r2pm.
However, every time I try to install mdmp this is the console output:

r2pm -i mdmp
Already up-to-date.
Install Done For mdmp
checking build system type... x86_64-unknown-darwin
checking host system type... x86_64-unknown-darwin
checking target system type... x86_64-unknown-darwin
checking for working directories... current
using prefix '/Users/rivaldealer/.config/radare2/prefix'
checking for c compiler... gcc
Using PKGCONFIG: pkg-config
checking pkg-config flags for r_core... no
This package is required

Two things to note

"Install Done for mdmp"
Not quite a convincing install with the last words of "This package is required." I checked the directory ~/.config/radare2/plugins and no plugins are in the folder.
"using prefix '/Users/rivaldealer/.config/radare2/prefix'
Similar to the above issue, the file prefix doesn't exist.

I'm not quite sure what to do. I made sure that my own PKG_CONFIG_PATH is set to /usr/local/lib/pkgconfig , but that wasn't the remedy it was looking for I'm afraid.

Thank you to any and all help,
Cheers! 🍺

Add Google's ART disassembler asm plugins

https://android.googlesource.com/platform/art.git/+/master/disassembler/

Split yara2/yara3 rules

They are incompatible

Improve yara3 plugin building

Right now I'm calling this from the CI script. Preferably script should figure out some things by itself:

r2_orig="$PWD"
if [ ! -d yara3.git ]; then
    git clone https://github.com/plusvic/yara.git yara3.git
    cd yara3.git
else
    cd yara3.git
    git clean -xdf
    git pull
fi
sh bootstrap.sh
NOSUDO=1 DESTDIR=/tmp/r2 PREFIX=/tmp/r2 PKG_CONFIG_PATH=/tmp/r2/lib/pkgconfig PATH=/tmp/valabind/bin:$PATH PYTHON_INSTALL_DIR=/tmp/r2 ./configure --prefix=${PREFIX} --libdir=${PREFIX}/lib
NOSUDO=1 DESTDIR=/tmp/r2 PREFIX=/tmp/r2 PKG_CONFIG_PATH=/tmp/r2/lib/pkgconfig PATH=/tmp/valabind/bin:$PATH PYTHON_INSTALL_DIR=/tmp/r2 make
NOSUDO=1 DESTDIR=/tmp/r2 PREFIX=/tmp/r2 PKG_CONFIG_PATH=/tmp/r2/lib/pkgconfig PATH=/tmp/valabind/bin:$PATH PYTHON_INSTALL_DIR=/tmp/r2 make install
cd "${r2_orig}/yara/yara3"
NOSUDO=1 DESTDIR=/tmp/r2 PREFIX=/tmp/r2 PKG_CONFIG_PATH=/tmp/r2/lib/pkgconfig LDFLAGS=-L/tmp/r2/lib CFLAGS=-I/tmp/r2/include PATH=/tmp/valabind/bin:$PATH PYTHON_INSTALL_DIR=/tmp/r2 ./configure --prefix=/tmp/r2 --libdir=/tmp/r2/lib
NOSUDO=1 DESTDIR=/tmp/r2 PREFIX=/tmp/r2 PKG_CONFIG_PATH=/tmp/r2/lib/pkgconfig LDFLAGS=-L/tmp/r2/lib CFLAGS=-I/tmp/r2/include PATH=/tmp/valabind/bin:$PATH PYTHON_INSTALL_DIR=/tmp/r2 make
NOSUDO=1 DESTDIR=/tmp/r2 PREFIX=/tmp/r2 PKG_CONFIG_PATH=/tmp/r2/lib/pkgconfig LDFLAGS=-L/tmp/r2/lib PATH=/tmp/valabind/bin:$PATH PYTHON_INSTALL_DIR=/tmp/r2 make install

PyREBox Integration

Cisco-Talos group has a nice looking python project called PyREBox.

https://github.com/Cisco-Talos/pyrebox

Adding them as a debugger handler or something would be cool. Being able to use radare2 to drive debugging of a full windows system through the normal radare2 interface. This could also assist in some of the challenges with debugging Windows from Linux using radare2 that have been encountered, better support malware reversing using radare2, etc.

unicorn doesn't map loaded libraries

try

r2 -D unicorn /bin/ls
dpa
dr rip=entry0
1000 dso

Unicorn in Docker install failing

I'm utilizing the docker image of radare and installing unicorn through the following:

r2pm init
r2pm update
r2pm install unicorn-lib
r2pm install unicorn

Everything seems to go well until the very final command, where I see this error at the bottom:

/usr/bin/r2pm: 8: /usr/bin/r2pm: configure: not found

When I attempt to list debuggers with dL, i do not see unicorn as an option. Further, the unicorn plugin page says to use dh, which doesn't appear to be a valid command anymore.

Fix yara3 compilation

A bug?

It seems a bug in Makefile ... The command log:

radare2-extras-1.6.0$ make all
for a in  ; do \
	( cd $a ; ./configure --prefix=/usr ; make ) ; \
	done

yes, make all doesn't work...

By the way, The documentation is out of date.
I can't successfully install through the documentation.
Are you ready to update?
link:https://rada.re/r/down.html

Add command/option to show yara results in JSON format

Docker install: debugger: [p/io_debug.c:348 fork_and_ptraceme] fork_and_attach: execv: No such file or directory

Hello,

Can you confirm if the debugger functionality is supposed to work or not inside docker?
I supposed kernel restrictions prevent that or need a flag?
running --privileged doesn't help.

$ docker run radare/radare2 r2 -Ad baby_validator_elf_x86
[p/io_debug.c:348 fork_and_ptraceme] fork_and_attach: execv: No such file or directory
Cannot open 'dbg://baby_validator_elf_x86' for writing.
$ docker run --rm -it -v /path/RE:/home radare/radare2 r2 -Ad /home/baby_validator_elf_x86
[p/io_debug.c:348 fork_and_ptraceme] fork_and_attach: execv: No such file or directory
Cannot open 'dbg:///home/baby_validator_elf_x86' for writing.
$ docker run --rm -it -v /path/RE:/home radare/radare2 bash
root@116823836a09:/# ls /home/
MBE  baby_validator_elf_x86  baby_validator_elf_x86.orig  basic.c  basic.no-sp  basic.sp  radare2  vuln  vuln.c
root@116823836a09:/# r2 -Ad /home/baby_validator_elf_x86
[p/io_debug.c:348 fork_and_ptraceme] fork_and_attach: execv: No such file or directory
Cannot open 'dbg:///home/baby_validator_elf_x86' for writing.
root@116823836a09:/# r2 -A /home/baby_validator_elf_x86
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze len bytes of instructions for references (aar)
[x] Analyze function calls (aac)
[ ] [*] Use -AA or aaaa to perform additional experimental analysis.
[x] Constructing a function name for fcn.* and sym.func.* functions (aan))
 -- Wait a minute! I found a bug, self-fixing ... OK
[0x080483a0]>

Thanks

Cannot build yara on Mac OS X.

Can't build yara plugin for r2 either with script or with make.

$ yara/install-yara3.sh
Already up-to-date.
bootstrap.sh: line 2: autoreconf: command not found
yara/install-yara3.sh: line 23: ./configure: No such file or directory

$ CFLAGS=-I/usr/local/Cellar/yara/3.4.0/include LDFLAGS="-L/usr/local/Cellar/yara/3.4.0/lib -L/opt/Tools/radare2/r2-static/usr/lib" make yara3
cd yara/yara3 ; ./configure --prefix=/usr
checking build system type... x86_64-unknown-darwin
checking host system type... x86_64-unknown-darwin
checking target system type... x86_64-unknown-darwin
checking for working directories... current
using prefix '/usr'
checking for c compiler... gcc
checking for libyara ... yes
Using PKGCONFIG: pkg-config
checking pkg-config flags for yara... yes
Using PKGCONFIG: pkg-config
checking pkg-config flags for r_core... yes
creating ./Makefile
cleaning temporally files... done
Final report:
 - PREFIX = /usr
/Applications/Xcode.app/Contents/Developer/usr/bin/make -C yara/yara3
gcc core_yara3.o -I/usr/local/Cellar/yara/3.4.0/include -I/usr/local/include/libr  -I/usr/local/Cellar/yara/3.4.0/include -I. -fPIC -L/usr/local/Cellar/yara/3.4.0/lib -L/opt/Tools/radare2/r2-static/usr/lib -L/usr/local/lib -lr_core -lr_config -lr_cons -lr_io -lr_util -lr_flags -lr_asm -lr_db -lr_debug -lr_hash -lr_bin -lr_lang -lr_io -lr_anal -lr_parse -lr_bp -lr_egg -lr_reg -lr_search -lr_syscall -lr_socket -lr_fs -lr_magic -lyara -L/usr/local/Cellar/yara/3.4.0/lib -lyara -shared -o core_yara3.dylib
Undefined symbols for architecture x86_64:
  "_cs_close", referenced from:
      _analop in libr_anal.a(anal_arm_cs.o)
      _analop in libr_anal.a(anal_mips_cs.o)
      _analop in libr_anal.a(anal_ppc_cs.o)
      _analop in libr_anal.a(anal_sparc_cs.o)
      _analop in libr_anal.a(anal_sysz.o)
      _analop in libr_anal.a(anal_x86_cs.o)
      _analop in libr_anal.a(anal_xcore_cs.o)
      ...
  "_cs_disasm", referenced from:
      _analop in libr_anal.a(anal_arm_cs.o)
      _analop in libr_anal.a(anal_mips_cs.o)
      _analop in libr_anal.a(anal_ppc_cs.o)
      _analop in libr_anal.a(anal_sparc_cs.o)
      _analop in libr_anal.a(anal_sysz.o)
      _analop in libr_anal.a(anal_x86_cs.o)
      _analop in libr_anal.a(anal_xcore_cs.o)
      ...
  "_cs_free", referenced from:
      _analop in libr_anal.a(anal_arm_cs.o)
      _analop in libr_anal.a(anal_mips_cs.o)
      _analop in libr_anal.a(anal_ppc_cs.o)
      _analop in libr_anal.a(anal_sparc_cs.o)
      _analop in libr_anal.a(anal_sysz.o)
      _analop in libr_anal.a(anal_x86_cs.o)
      _analop in libr_anal.a(anal_xcore_cs.o)
      ...
  "_cs_group_name", referenced from:
      _check_features in libr_asm.a(asm_arm_cs.o)
      _check_features in libr_asm.a(asm_x86_cs.o)
  "_cs_insn_group", referenced from:
      _analop in libr_anal.a(anal_x86_cs.o)
  "_cs_open", referenced from:
      _analop in libr_anal.a(anal_arm_cs.o)
      _analop in libr_anal.a(anal_mips_cs.o)
      _analop in libr_anal.a(anal_ppc_cs.o)
      _analop in libr_anal.a(anal_sparc_cs.o)
      _analop in libr_anal.a(anal_sysz.o)
      _analop in libr_anal.a(anal_x86_cs.o)
      _analop in libr_anal.a(anal_xcore_cs.o)
      ...
  "_cs_option", referenced from:
      _analop in libr_anal.a(anal_arm_cs.o)
      _analop in libr_anal.a(anal_mips_cs.o)
      _analop in libr_anal.a(anal_ppc_cs.o)
      _analop in libr_anal.a(anal_sparc_cs.o)
      _analop in libr_anal.a(anal_sysz.o)
      _analop in libr_anal.a(anal_x86_cs.o)
      _analop in libr_anal.a(anal_xcore_cs.o)
      ...
  "_cs_reg_name", referenced from:
      _analop64_esil in libr_anal.a(anal_arm_cs.o)
      _analop_esil in libr_anal.a(anal_arm_cs.o)
      _arg in libr_anal.a(anal_arm_cs.o)
      _arm64math in libr_anal.a(anal_arm_cs.o)
      _analop_esil in libr_anal.a(anal_mips_cs.o)
      _arg in libr_anal.a(anal_mips_cs.o)
      _analop in libr_anal.a(anal_x86_cs.o)
      ...
  "_dso_json_obj_del", referenced from:
      _r_cmd_java_print_json_definitions in libr_core.a(core_java.o)
  "_dso_json_obj_to_str", referenced from:
      _r_cmd_java_print_json_definitions in libr_core.a(core_java.o)
  "_gdbr_connect", referenced from:
      ___open in libr_io.a(io_gdb.o)
  "_gdbr_continue", referenced from:
      _r_debug_gdb_continue in libr_debug.a(debug_gdb.o)
  "_gdbr_disconnect", referenced from:
      _r_debug_gdb_detach in libr_debug.a(debug_gdb.o)
  "_gdbr_init", referenced from:
      ___open in libr_io.a(io_gdb.o)
  "_gdbr_read_memory", referenced from:
      _debug_gdb_read_at in libr_io.a(io_gdb.o)
  "_gdbr_read_registers", referenced from:
      _r_debug_gdb_reg_read in libr_debug.a(debug_gdb.o)
  "_gdbr_remove_bp", referenced from:
      _r_debug_gdb_breakpoint in libr_debug.a(debug_gdb.o)
  "_gdbr_remove_hwbp", referenced from:
      _r_debug_gdb_breakpoint in libr_debug.a(debug_gdb.o)
  "_gdbr_set_architecture", referenced from:
      _r_debug_gdb_attach in libr_debug.a(debug_gdb.o)
  "_gdbr_set_bp", referenced from:
      _r_debug_gdb_breakpoint in libr_debug.a(debug_gdb.o)
  "_gdbr_set_hwbp", referenced from:
      _r_debug_gdb_breakpoint in libr_debug.a(debug_gdb.o)
  "_gdbr_step", referenced from:
      _r_debug_gdb_step in libr_debug.a(debug_gdb.o)
  "_gdbr_write_memory", referenced from:
      _debug_gdb_write_at in libr_io.a(io_gdb.o)
  "_gdbr_write_reg", referenced from:
      _r_debug_gdb_reg_write in libr_debug.a(debug_gdb.o)
  "_grub_amiga_partition_map", referenced from:
      _partitions in libr_fs.a(fs.o)
  "_grub_apple_partition_map", referenced from:
      _partitions in libr_fs.a(fs.o)
  "_grub_bsdlabel_partition_map", referenced from:
      _partitions in libr_fs.a(fs.o)
  "_grub_cpio_fs", referenced from:
      _cpio__open in libr_fs.a(fs_cpio.o)
      _cpio__mount in libr_fs.a(fs_cpio.o)
  "_grub_ext2_fs", referenced from:
      _ext2__open in libr_fs.a(fs_ext2.o)
      _ext2__mount in libr_fs.a(fs_ext2.o)
  "_grub_fat_fs", referenced from:
      _fat__open in libr_fs.a(fs_fat.o)
      _fat__mount in libr_fs.a(fs_fat.o)
  "_grub_fb_fs", referenced from:
      _fb__open in libr_fs.a(fs_fb.o)
      _fb__mount in libr_fs.a(fs_fb.o)
  "_grub_gpt_partition_map", referenced from:
      _partitions in libr_fs.a(fs.o)
  "_grub_hack_lastoff", referenced from:
      _cpio__read in libr_fs.a(fs_cpio.o)
      _ext2__read in libr_fs.a(fs_ext2.o)
      _fat__read in libr_fs.a(fs_fat.o)
      _fb__read in libr_fs.a(fs_fb.o)
      _grub_hfs_read in libr_fs.a(fs_hfs.o)
      _hfsplus__read in libr_fs.a(fs_hfsplus.o)
      _iso9660__read in libr_fs.a(fs_iso9660.o)
      ...
  "_grub_hfs_fs", referenced from:
      _grub_hfs_open in libr_fs.a(fs_hfs.o)
      _grub_hfs_mount in libr_fs.a(fs_hfs.o)
  "_grub_hfsplus_fs", referenced from:
      _hfsplus__open in libr_fs.a(fs_hfsplus.o)
      _hfsplus__mount in libr_fs.a(fs_hfsplus.o)
  "_grub_iso9660_fs", referenced from:
      _iso9660__open in libr_fs.a(fs_iso9660.o)
      _iso9660__mount in libr_fs.a(fs_iso9660.o)
  "_grub_jfs_fs", referenced from:
      _jfs__open in libr_fs.a(fs_jfs.o)
      _jfs__mount in libr_fs.a(fs_jfs.o)
  "_grub_minix_fs", referenced from:
      _minix__open in libr_fs.a(fs_minix.o)
      _minix__mount in libr_fs.a(fs_minix.o)
  "_grub_msdos_partition_map", referenced from:
      _partitions in libr_fs.a(fs.o)
  "_grub_ntfs_fs", referenced from:
      _ntfs__open in libr_fs.a(fs_ntfs.o)
      _ntfs__mount in libr_fs.a(fs_ntfs.o)
  "_grub_reiserfs_fs", referenced from:
      _reiserfs__open in libr_fs.a(fs_reiserfs.o)
      _reiserfs__mount in libr_fs.a(fs_reiserfs.o)
  "_grub_sfs_fs", referenced from:
      _sfs__open in libr_fs.a(fs_sfs.o)
      _sfs__mount in libr_fs.a(fs_sfs.o)
  "_grub_sun_partition_map", referenced from:
      _partitions in libr_fs.a(fs.o)
  "_grub_sun_pc_partition_map", referenced from:
      _partitions in libr_fs.a(fs.o)
  "_grub_tar_fs", referenced from:
      _tar__open in libr_fs.a(fs_tar.o)
      _tar__mount in libr_fs.a(fs_tar.o)
  "_grub_udf_fs", referenced from:
      _udf__open in libr_fs.a(fs_udf.o)
      _udf__mount in libr_fs.a(fs_udf.o)
  "_grub_ufs_fs", referenced from:
      _ufs__open in libr_fs.a(fs_ufs.o)
      _ufs__mount in libr_fs.a(fs_ufs.o)
  "_grub_xfs_fs", referenced from:
      _xfs__open in libr_fs.a(fs_xfs.o)
      _xfs__mount in libr_fs.a(fs_xfs.o)
  "_grubfs_bind_io", referenced from:
      _r_fs_partitions in libr_fs.a(fs.o)
      _cpio__open in libr_fs.a(fs_cpio.o)
      _cpio__read in libr_fs.a(fs_cpio.o)
      _cpio__dir in libr_fs.a(fs_cpio.o)
      _cpio__mount in libr_fs.a(fs_cpio.o)
      _ext2__open in libr_fs.a(fs_ext2.o)
      _ext2__read in libr_fs.a(fs_ext2.o)
      ...
  "_grubfs_disk", referenced from:
      _r_fs_partitions in libr_fs.a(fs.o)
  "_grubfs_free", referenced from:
      _r_fs_partitions in libr_fs.a(fs.o)
      _cpio__open in libr_fs.a(fs_cpio.o)
      _cpio__umount in libr_fs.a(fs_cpio.o)
      _ext2__open in libr_fs.a(fs_ext2.o)
      _ext2__umount in libr_fs.a(fs_ext2.o)
      _fat__open in libr_fs.a(fs_fat.o)
      _fat__umount in libr_fs.a(fs_fat.o)
      ...
  "_grubfs_new", referenced from:
      _cpio__open in libr_fs.a(fs_cpio.o)
      _cpio__mount in libr_fs.a(fs_cpio.o)
      _ext2__open in libr_fs.a(fs_ext2.o)
      _ext2__mount in libr_fs.a(fs_ext2.o)
      _fat__open in libr_fs.a(fs_fat.o)
      _fat__mount in libr_fs.a(fs_fat.o)
      _fb__open in libr_fs.a(fs_fb.o)
      ...
  "_inflate", referenced from:
      _r_inflate in libr_util.a(zip.o)
     (maybe you meant: _r_inflate)
  "_inflateEnd", referenced from:
      _r_inflate in libr_util.a(zip.o)
  "_inflateInit2_", referenced from:
      _r_inflate in libr_util.a(zip.o)
  "_iob_open", referenced from:
      ___open in libr_io.a(io_windbg.o)
  "_iob_select", referenced from:
      ___open in libr_io.a(io_windbg.o)
  "_ls_delete", referenced from:
      _r_anal_xrefs_load in libr_anal.a(xrefs.o)
  "_r_bin_java_build_obj_key", referenced from:
      _add_bin_obj_to_sdb in libr_bin.a(bin_java.o)
  "_r_bin_java_calc_class_size", referenced from:
      _r_cmd_java_handle_calc_class_sz in libr_core.a(core_java.o)
      _r_cmd_java_handle_isvalid in libr_core.a(core_java.o)
  "_r_bin_java_calculate_class_access_value", referenced from:
      _r_cmd_java_handle_set_flags in libr_core.a(core_java.o)
      _r_cmd_java_print_class_access_flags_value in libr_core.a(core_java.o)
  "_r_bin_java_calculate_field_access_value", referenced from:
      _r_cmd_java_handle_set_flags in libr_core.a(core_java.o)
      _r_cmd_java_print_field_access_flags_value in libr_core.a(core_java.o)
  "_r_bin_java_calculate_method_access_value", referenced from:
      _r_cmd_java_handle_set_flags in libr_core.a(core_java.o)
      _r_cmd_java_print_method_access_flags_value in libr_core.a(core_java.o)
  "_r_bin_java_cp_get_bytes", referenced from:
      _r_cmd_java_get_cp_bytes_and_write in libr_core.a(core_java.o)
  "_r_bin_java_cp_get_idx_bytes", referenced from:
      _r_cmd_java_handle_replace_classname_value in libr_core.a(core_java.o)
  "_r_bin_java_cp_get_size", referenced from:
      _r_cmd_java_get_cp_bytes_and_write in libr_core.a(core_java.o)
  "_r_bin_java_extract_all_bin_type_values", referenced from:
      _java_update_anal_types in libr_anal.a(anal_java.o)
  "_r_bin_java_extract_type_values", referenced from:
      _java_set_function_prototype in libr_anal.a(anal_java.o)
  "_r_bin_java_find_cp_const_by_val", referenced from:
      _cpfind_str in libr_core.a(core_java.o)
      _cpfind_int in libr_core.a(core_java.o)
      _cpfind_long in libr_core.a(core_java.o)
      _cpfind_float in libr_core.a(core_java.o)
      _cpfind_double in libr_core.a(core_java.o)
  "_r_bin_java_free", referenced from:
      _destroy in libr_bin.a(bin_java.o)
  "_r_bin_java_get_bin_obj_json", referenced from:
      _r_cmd_java_print_json_definitions in libr_core.a(core_java.o)
  "_r_bin_java_get_bin_obj_list_thru_obj", referenced from:
      _get_java_bin_obj_list in libr_anal.a(anal_java.o)
      _r_cmd_java_get_bin_obj_list in libr_core.a(core_java.o)
  "_r_bin_java_get_classes", referenced from:
      _classes in libr_bin.a(bin_java.o)
  "_r_bin_java_get_entrypoint", referenced from:
      _binsym in libr_bin.a(bin_java.o)
  "_r_bin_java_get_entrypoints", referenced from:
      _entries in libr_bin.a(bin_java.o)
  "_r_bin_java_get_field_definitions", referenced from:
      _r_cmd_java_print_field_definitions in libr_core.a(core_java.o)
      _r_cmd_java_print_class_definitions in libr_core.a(core_java.o)
  "_r_bin_java_get_field_name", referenced from:
      _r_cmd_java_print_field_name in libr_core.a(core_java.o)
  "_r_bin_java_get_field_num_name", referenced from:
      _r_cmd_java_print_field_num_name in libr_core.a(core_java.o)
  "_r_bin_java_get_field_offsets", referenced from:
      _r_cmd_java_print_field_definitions in libr_core.a(core_java.o)
      _r_cmd_java_print_class_definitions in libr_core.a(core_java.o)
  "_r_bin_java_get_import_definitions", referenced from:
      _r_cmd_java_print_import_definitions in libr_core.a(core_java.o)
      _r_cmd_java_print_class_definitions in libr_core.a(core_java.o)
  "_r_bin_java_get_imports", referenced from:
      _imports in libr_bin.a(bin_java.o)
  "_r_bin_java_get_item_desc_from_bin_cp_list", referenced from:
      _r_cmd_java_get_descriptor in libr_core.a(core_java.o)
  "_r_bin_java_get_item_from_bin_cp_list", referenced from:
      _r_cmd_java_handle_replace_classname_value in libr_core.a(core_java.o)
      _r_cmd_java_get_descriptor in libr_core.a(core_java.o)
      _r_cmd_java_get_cp_bytes_and_write in libr_core.a(core_java.o)
  "_r_bin_java_get_item_from_cp", referenced from:
      _r_cmd_java_handle_find_cp_const in libr_core.a(core_java.o)
  "_r_bin_java_get_item_name_from_bin_cp_list", referenced from:
      _r_cmd_java_get_descriptor in libr_core.a(core_java.o)
  "_r_bin_java_get_lib_names", referenced from:
      _libs in libr_bin.a(bin_java.o)
  "_r_bin_java_get_method_code_attribute", referenced from:
      _analyze_from_code_attr in libr_anal.a(anal_java.o)
  "_r_bin_java_get_method_code_offset", referenced from:
      _check_addr_less_start in libr_anal.a(anal_java.o)
  "_r_bin_java_get_method_code_size", referenced from:
      _check_addr_less_end in libr_anal.a(anal_java.o)
  "_r_bin_java_get_method_definitions", referenced from:
      _r_cmd_java_print_method_definitions in libr_core.a(core_java.o)
      _r_cmd_java_print_class_definitions in libr_core.a(core_java.o)
  "_r_bin_java_get_method_end", referenced from:
      _r_cmd_java_handle_print_exceptions in libr_core.a(core_java.o)
  "_r_bin_java_get_method_exception_table_with_addr", referenced from:
      _r_cmd_java_handle_print_exceptions in libr_core.a(core_java.o)
  "_r_bin_java_get_method_name", referenced from:
      _r_cmd_java_print_method_name in libr_core.a(core_java.o)
  "_r_bin_java_get_method_num_name", referenced from:
      _r_cmd_java_print_method_num_name in libr_core.a(core_java.o)
  "_r_bin_java_get_method_offsets", referenced from:
      _r_cmd_java_print_method_definitions in libr_core.a(core_java.o)
      _r_cmd_java_print_class_definitions in libr_core.a(core_java.o)
  "_r_bin_java_get_method_start", referenced from:
      _r_cmd_java_handle_print_exceptions in libr_core.a(core_java.o)
  "_r_bin_java_get_methods_list", referenced from:
      _java_analyze_fns in libr_anal.a(anal_java.o)
  "_r_bin_java_get_name_from_bin_cp_list", referenced from:
      _r_cmd_java_get_descriptor in libr_core.a(core_java.o)
  "_r_bin_java_get_sections", referenced from:
      _sections in libr_bin.a(bin_java.o)
  "_r_bin_java_get_strings", referenced from:
      _strings in libr_bin.a(bin_java.o)
  "_r_bin_java_get_symbols", referenced from:
      _symbols in libr_bin.a(bin_java.o)
  "_r_bin_java_get_this_class_name", referenced from:
      _r_cmd_java_print_class_definitions in libr_core.a(core_java.o)
  "_r_bin_java_get_version", referenced from:
      _info in libr_bin.a(bin_java.o)
  "_r_bin_java_load_bin", referenced from:
      _r_cmd_java_reload_bin_from_buf in libr_core.a(core_java.o)
  "_r_bin_java_new_buf", referenced from:
      _load_bytes in libr_bin.a(bin_java.o)
  "_r_bin_java_print_field_idx_summary", referenced from:
      _r_cmd_java_print_field_summary in libr_core.a(core_java.o)
  "_r_bin_java_print_method_idx_summary", referenced from:
      _r_cmd_java_print_method_summary in libr_core.a(core_java.o)
  "_r_bin_java_resolve_b64_encode", referenced from:
      _r_cmd_java_resolve_cp_idx_b64 in libr_core.a(core_java.o)
  "_r_bin_java_resolve_cp_idx_address", referenced from:
      _r_cmd_java_handle_resolve_cp in libr_core.a(core_java.o)
      _cpfind in libr_core.a(core_java.o)
      _r_cmd_java_handle_replace_cp_value in libr_core.a(core_java.o)
      _r_cmd_java_resolve_cp_address in libr_core.a(core_java.o)
  "_r_bin_java_resolve_cp_idx_print_summary", referenced from:
      _r_cmd_java_resolve_cp_summary in libr_core.a(core_java.o)
  "_r_bin_java_resolve_cp_idx_tag", referenced from:
      _r_cmd_java_handle_replace_cp_value in libr_core.a(core_java.o)
  "_r_bin_java_resolve_cp_idx_to_string", referenced from:
      _r_cmd_java_resolve_cp_to_key in libr_core.a(core_java.o)
  "_r_bin_java_resolve_cp_idx_type", referenced from:
      _r_cmd_java_handle_resolve_cp in libr_core.a(core_java.o)
      _r_cmd_java_handle_list_code_references in libr_core.a(core_java.o)
      _r_cmd_java_resolve_cp_type in libr_core.a(core_java.o)
  "_r_bin_java_resolve_without_space", referenced from:
      _r_cmd_java_handle_list_code_references in libr_core.a(core_java.o)
      _r_cmd_java_handle_print_exceptions in libr_core.a(core_java.o)
      _r_cmd_java_resolve_cp_idx in libr_core.a(core_java.o)
  "_r_bin_java_unmangle_without_flags", referenced from:
      _r_cmd_java_get_descriptor in libr_core.a(core_java.o)
  "_r_java_assemble", referenced from:
      _assemble in libr_asm.a(asm_java.o)
  "_r_java_disasm", referenced from:
      _disassemble in libr_asm.a(asm_java.o)
  "_r_java_new_method", referenced from:
      _java_reset_counter in libr_anal.a(anal_java.o)
      _java_cmd_ext in libr_anal.a(anal_java.o)
      _java_new_method in libr_anal.a(anal_java.o)
  "_retrieve_all_class_access_string_and_value", referenced from:
      _r_cmd_java_get_all_access_flags_value in libr_core.a(core_java.o)
  "_retrieve_all_field_access_string_and_value", referenced from:
      _r_cmd_java_get_all_access_flags_value in libr_core.a(core_java.o)
  "_retrieve_all_method_access_string_and_value", referenced from:
      _r_cmd_java_get_all_access_flags_value in libr_core.a(core_java.o)
  "_retrieve_class_method_access_string", referenced from:
      _r_cmd_java_handle_flags_str_at in libr_core.a(core_java.o)
      _r_cmd_java_handle_flags_str in libr_core.a(core_java.o)
  "_retrieve_field_access_string", referenced from:
      _r_cmd_java_handle_flags_str_at in libr_core.a(core_java.o)
      _r_cmd_java_handle_flags_str in libr_core.a(core_java.o)
  "_retrieve_method_access_string", referenced from:
      _r_cmd_java_handle_flags_str_at in libr_core.a(core_java.o)
      _r_cmd_java_handle_flags_str in libr_core.a(core_java.o)
  "_sdb_add", referenced from:
      _r_anal_fcn_xref_add in libr_anal.a(fcn.o)
      _r_anal_var_access in libr_anal.a(var.o)
      _cmd_meta_add_fileline in libr_core.a(cmd.o)
      _r_anal_fcn_label_set in libr_anal.a(labels.o)
      _add_sdb_addrline in libr_bin.a(dwarf.o)
  "_sdb_anext", referenced from:
      _r_anal_var_list in libr_anal.a(var.o)
      _cmd_seek in libr_core.a(cmd.o)
      _r_anal_fcn_labels in libr_anal.a(labels.o)
      _r_anal_hint_from_string in libr_anal.a(hint.o)
      _r_anal_xrefs_from in libr_anal.a(xrefs.o)
      _r_core_visual_comments in libr_core.a(vmenus.o)
      _r_meta_del in libr_anal.a(meta.o)
      ...
  "_sdb_array_add", referenced from:
      _r_agraph_add_node in libr_core.a(graph.o)
      _r_agraph_add_edge in libr_core.a(graph.o)
      _r_anal_var_add in libr_anal.a(var.o)
      _trace_hook_reg_read in libr_anal.a(esil_trace.o)
      _trace_hook_reg_write in libr_anal.a(esil_trace.o)
      _r_anal_fcn_label_set in libr_anal.a(labels.o)
      _r_meta_add in libr_anal.a(meta.o)
      ...
  "_sdb_array_add_num", referenced from:
      _r_anal_fcn_xref_add in libr_anal.a(fcn.o)
      _r_anal_var_access in libr_anal.a(var.o)
      _r_core_anal_graph_nodes in libr_core.a(anal.o)
      _trace_hook_mem_read in libr_anal.a(esil_trace.o)
      _trace_hook_mem_write in libr_anal.a(esil_trace.o)
      _r_anal_xrefs_set in libr_anal.a(xrefs.o)
      _meta_type_add in libr_anal.a(meta.o)
      ...
  "_sdb_array_delete", referenced from:
      _r_anal_fcn_var_del_bydelta in libr_anal.a(var.o)
  "_sdb_array_get", referenced from:
      _r_anal_var_rename in libr_anal.a(var.o)
      _r_anal_type_del in libr_anal.a(types.o)
      _r_anal_type_format in libr_anal.a(types.o)
      _r_bin_dwarf_parse_lnp_header in libr_bin.a(dwarf.o)
  "_sdb_array_get_num", referenced from:
      _handle_print_meta_infos in libr_core.a(disasm.o)
      _getswi in libr_syscall.a(syscall.o)
      _r_syscall_get_num in libr_syscall.a(syscall.o)
      _r_anal_type_set in libr_anal.a(types.o)
      _r_meta_set_string in libr_anal.a(meta.o)
      _analyzeFunction in libr_core.a(core_anal.o)
  "_sdb_array_indexof", referenced from:
      _r_anal_fcn_var_del_bydelta in libr_anal.a(var.o)
      _setHint in libr_anal.a(hint.o)
  "_sdb_array_insert", referenced from:
      _r_agraph_add_edge_at in libr_core.a(graph.o)
  "_sdb_array_insert_num", referenced from:
      _analyzeIterative in libr_core.a(core_anal.o)
  "_sdb_array_pop_num", referenced from:
      _r_core_pseudo_code in libr_core.a(pseudo.o)
  "_sdb_array_push", referenced from:
      _setHint in libr_anal.a(hint.o)
  "_sdb_array_push_num", referenced from:
      _r_core_anal_graph_nodes in libr_core.a(anal.o)
      _r_core_pseudo_code in libr_core.a(pseudo.o)
  "_sdb_array_remove", referenced from:
      _r_agraph_del_edge in libr_core.a(graph.o)
      _r_anal_var_delete in libr_anal.a(var.o)
      _r_anal_fcn_label_del in libr_anal.a(labels.o)
  "_sdb_array_remove_num", referenced from:
      _r_anal_xrefs_deln in libr_anal.a(xrefs.o)
      _meta_inrange_del in libr_anal.a(meta.o)
  "_sdb_array_set", referenced from:
      _r_anal_var_rename in libr_anal.a(var.o)
      _setHint in libr_anal.a(hint.o)
      _r_anal_xrefs_init in libr_anal.a(xrefs.o)
      _add_sdb_include_dir in libr_bin.a(dwarf.o)
  "_sdb_array_set_num", referenced from:
      _bbAdd in libr_core.a(core_anal.o)
  "_sdb_atoi", referenced from:
      _user_node_cb in libr_core.a(graph.o)
      _user_edge_cb in libr_core.a(graph.o)
      _free_anode_cb in libr_core.a(graph.o)
      _cb in libr_core.a(anal.o)
      _cmd_seek in libr_core.a(cmd.o)
      _print_addrinfo in libr_core.a(cmd.o)
      _r_anal_hint_from_string in libr_anal.a(hint.o)
      ...
  "_sdb_bool_set", referenced from:
      _agraph_sdb_init in libr_core.a(graph.o)
      _info in libr_bin.a(bin_pe.o)
      _info in libr_bin.a(bin_pe64.o)
      _Elf32_r_bin_elf_init_phdr in libr_bin.a(elf.o)
      _Elf64_r_bin_elf_init_phdr in libr_bin.a(elf64.o)
  "_sdb_close", referenced from:
      _r_syscall_setup in libr_syscall.a(syscall.o)
  "_sdb_const_anext", referenced from:
      _r_anal_esil_trace_show in libr_anal.a(esil_trace.o)
      _sdb_array_get_closer_num in libr_core.a(core_anal.o)
  "_sdb_const_get", referenced from:
      _getenumname in libr_core.a(core.o)
      _getbitfield in libr_core.a(core.o)
      _cmd_seek in libr_core.a(cmd.o)
      _cmd_type in libr_core.a(cmd.o)
      _handle_print_meta_infos in libr_core.a(disasm.o)
      _r_syscall_get in libr_syscall.a(syscall.o)
      _r_syscall_get_i in libr_syscall.a(syscall.o)
      ...
  "_sdb_decode", referenced from:
      _foreach_comment in libr_core.a(cmd.o)
      _cmd_seek in libr_core.a(cmd.o)
      _cmd_meta_comment in libr_core.a(cmd.o)
      _handle_print_meta_infos in libr_core.a(disasm.o)
      _r_anal_hint_from_string in libr_anal.a(hint.o)
      _r_core_visual_comments in libr_core.a(vmenus.o)
      _r_meta_get_string in libr_anal.a(meta.o)
      ...
  "_sdb_drain", referenced from:
      _cmd_kuery in libr_core.a(cmd.o)
  "_sdb_encode", referenced from:
      _r_agraph_add_node in libr_core.a(graph.o)
      _sdb_set_enc in libr_core.a(graph.o)
      _r_core_anal_graph_nodes in libr_core.a(anal.o)
      _r_core_print_disasm_json in libr_core.a(disasm.o)
      _setHint in libr_anal.a(hint.o)
      _r_meta_set_string in libr_anal.a(meta.o)
      _r_meta_add in libr_anal.a(meta.o)
      ...
  "_sdb_exists", referenced from:
      _r_bin_filter_name in libr_bin.a(filter.o)
      _r_meta_add in libr_anal.a(meta.o)
  "_sdb_file", referenced from:
      _cmd_kuery in libr_core.a(cmd.o)
      _r_core_project_save in libr_core.a(project.o)
  "_sdb_fmt", referenced from:
      _getenumname in libr_core.a(core.o)
      _getbitfield in libr_core.a(core.o)
      _r_agraph_add_node in libr_core.a(graph.o)
      _r_agraph_add_edge in libr_core.a(graph.o)
      _r_agraph_add_edge_at in libr_core.a(graph.o)
      _r_agraph_del_edge in libr_core.a(graph.o)
      _agraph_set_layout in libr_core.a(graph.o)
      ...
  "_sdb_fmt_free", referenced from:
      _r_anal_var_get in libr_anal.a(var.o)
      _r_anal_var_list in libr_anal.a(var.o)
      _r_anal_fcn_labels in libr_anal.a(labels.o)
  "_sdb_fmt_init", referenced from:
      _r_anal_var_list in libr_anal.a(var.o)
  "_sdb_fmt_tobin", referenced from:
      _r_anal_var_get in libr_anal.a(var.o)
      _r_anal_var_list in libr_anal.a(var.o)
      _r_anal_fcn_labels in libr_anal.a(labels.o)
  "_sdb_foreach", referenced from:
      _r_agraph_foreach in libr_core.a(graph.o)
      _r_agraph_foreach_edge in libr_core.a(graph.o)
      _agraph_free_nodes in libr_core.a(graph.o)
      _r_core_anal_hint_list in libr_core.a(anal.o)
      _cmd_type in libr_core.a(cmd.o)
      _cmd_kuery in libr_core.a(cmd.o)
      _cmd_meta_lineinfo in libr_core.a(cmd.o)
      ...
  "_sdb_free", referenced from:
      _r_core_fini in libr_core.a(core.o)
      _agraph_free_nodes in libr_core.a(graph.o)
      _r_agraph_free in libr_core.a(graph.o)
      _assign_layers in libr_core.a(graph.o)
      _place_dummies in libr_core.a(graph.o)
      _place_original in libr_core.a(graph.o)
      _compute_pos in libr_core.a(graph.o)
      ...
  "_sdb_get", referenced from:
      _getenumname in libr_core.a(core.o)
      _r_anal_var_get in libr_anal.a(var.o)
      _r_anal_var_list in libr_anal.a(var.o)
      _r_asm_describe in libr_asm.a(asm.o)
      _cmd_seek in libr_core.a(cmd.o)
      _print_meta_fileline in libr_core.a(cmd.o)
      _r_egg_option_get in libr_egg.a(egg.o)
      ...
  "_sdb_hash", referenced from:
      _r_anal_esil_set_op in libr_anal.a(esil.o)
      _iscommand in libr_anal.a(esil.o)
      _r_bin_filter_name in libr_bin.a(filter.o)
      _hashify in libr_bin.a(filter.o)
  "_sdb_itoa", referenced from:
      _r_anal_fcn_var_del_bydelta in libr_anal.a(var.o)
      _cmd_meta_add_fileline in libr_core.a(cmd.o)
      _remove_meta_offset in libr_core.a(cmd.o)
      _r_anal_esil_set_op in libr_anal.a(esil.o)
      _r_anal_esil_set_interrupt in libr_anal.a(esil.o)
      _r_anal_esil_fire_interrupt in libr_anal.a(esil.o)
      _iscommand in libr_anal.a(esil.o)
      ...
  "_sdb_list", referenced from:
      _r_anal_esil_trace_list in libr_anal.a(esil_trace.o)
  "_sdb_new", referenced from:
      _r_core_init in libr_core.a(core.o)
      _r_asm_use in libr_asm.a(asm.o)
      _cmd_kuery in libr_core.a(cmd.o)
      _r_egg_new in libr_egg.a(egg.o)
      _r_syscall_setup in libr_syscall.a(syscall.o)
      _r_anal_xrefs_load in libr_anal.a(xrefs.o)
      _init in libr_bin.a(bin_java.o)
      ...
  "_sdb_new0", referenced from:
      _r_agraph_reset in libr_core.a(graph.o)
      _agraph_init in libr_core.a(graph.o)
      _assign_layers in libr_core.a(graph.o)
      _place_original in libr_core.a(graph.o)
      _compute_vertical_nodes in libr_core.a(graph.o)
      _compute_pos in libr_core.a(graph.o)
      _r_anal_new in libr_anal.a(anal.o)
      ...
  "_sdb_now", referenced from:
      _r_debug_snap_map in libr_debug.a(snap.o)
  "_sdb_ns", referenced from:
      _update_sdb in libr_core.a(core.o)
      _r_anal_new in libr_anal.a(anal.o)
      _r_bin_file_new in libr_bin.a(bin.o)
      _r_core_anal_graph_nodes in libr_core.a(anal.o)
      _cmd_kuery in libr_core.a(cmd.o)
      _get_compile_time in libr_core.a(bin.o)
  "_sdb_ns_free", referenced from:
      _r_anal_free in libr_anal.a(anal.o)
  "_sdb_ns_path", referenced from:
      _cmd_kuery in libr_core.a(cmd.o)
  "_sdb_ns_set", referenced from:
      _update_sdb in libr_core.a(core.o)
      _r_bin_file_new in libr_bin.a(bin.o)
      _r_bin_object_new in libr_bin.a(bin.o)
      _r_anal_xrefs_load in libr_anal.a(xrefs.o)
      _load_bytes in libr_bin.a(bin_art.o)
      _load_bytes in libr_bin.a(bin_elf.o)
      _load_bytes in libr_bin.a(bin_elf64.o)
      ...
  "_sdb_num_add", referenced from:
      _r_anal_fcn_xref_add in libr_anal.a(fcn.o)
      _r_anal_fcn_label_set in libr_anal.a(labels.o)
      _get_symbol in libr_core.a(bin.o)
      _r_bin_dwarf_parse_comp_unit in libr_bin.a(dwarf.o)
  "_sdb_num_exists", referenced from:
      _r_anal_esil_set_op in libr_anal.a(esil.o)
      _r_anal_esil_set_interrupt in libr_anal.a(esil.o)
      _r_anal_esil_fire_interrupt in libr_anal.a(esil.o)
      _iscommand in libr_anal.a(esil.o)
  "_sdb_num_get", referenced from:
      _r_agraph_get_node in libr_core.a(graph.o)
      _place_dummies in libr_core.a(graph.o)
      _original_traverse_l in libr_core.a(graph.o)
      _adjust_directions in libr_core.a(graph.o)
      _compute_vertical_nodes in libr_core.a(graph.o)
      _compute_pos in libr_core.a(graph.o)
      _compute_classes in libr_core.a(graph.o)
      ...
  "_sdb_num_inc", referenced from:
      _r_bin_filter_name in libr_bin.a(filter.o)
      _meta_type_add in libr_anal.a(meta.o)
  "_sdb_num_max", referenced from:
      _bbAdd in libr_core.a(core_anal.o)
  "_sdb_num_min", referenced from:
      _bbAdd in libr_core.a(core_anal.o)
  "_sdb_num_set", referenced from:
      _r_agraph_add_node in libr_core.a(graph.o)
      _agraph_set_layout in libr_core.a(graph.o)
      _update_graph_sizes in libr_core.a(graph.o)
      _place_original in libr_core.a(graph.o)
      _original_traverse_l in libr_core.a(graph.o)
      _adjust_directions in libr_core.a(graph.o)
      _compute_vertical_nodes in libr_core.a(graph.o)
      ...
  "_sdb_ptr_get", referenced from:
      _r_anal_pin_call in libr_anal.a(pin.o)
  "_sdb_ptr_set", referenced from:
      _r_anal_pin_init in libr_anal.a(pin.o)
  "_sdb_query", referenced from:
      _cmd_type in libr_core.a(cmd.o)
      _cmd_anal_refs in libr_core.a(cmd.o)
  "_sdb_query_lines", referenced from:
      _r_core_run_script in libr_core.a(cmd.o)
      _cmd_type in libr_core.a(cmd.o)
  "_sdb_queryf", referenced from:
      _r_debug_signal_setup in libr_debug.a(signal.o)
  "_sdb_querys", referenced from:
      _num_callback in libr_core.a(core.o)
      _r_core_cmd_foreach in libr_core.a(cmd.o)
      _cmd_info in libr_core.a(cmd.o)
      _cmd_kuery in libr_core.a(cmd.o)
      _cmd_anal_esil in libr_core.a(cmd.o)
      _cmd_anal_trace in libr_core.a(cmd.o)
      _cmd_anal_syscall in libr_core.a(cmd.o)
      ...
  "_sdb_reset", referenced from:
      _r_agraph_reset in libr_core.a(graph.o)
      _r_anal_purge in libr_anal.a(anal.o)
      _cmd_meta_lineinfo in libr_core.a(cmd.o)
      _cmd_anal_esil in libr_core.a(cmd.o)
      _r_debug_tracenodes_reset in libr_debug.a(debug.o)
      _r_anal_hint_clear in libr_anal.a(hint.o)
      _r_anal_xrefs_init in libr_anal.a(xrefs.o)
      ...
  "_sdb_set", referenced from:
      _r_agraph_set_title in libr_core.a(graph.o)
      _r_agraph_add_node in libr_core.a(graph.o)
      _set_curnode in libr_core.a(graph.o)
      _sdb_set_enc in libr_core.a(graph.o)
      _r_anal_fcn_add in libr_anal.a(fcn.o)
      _r_anal_type_init in libr_anal.a(anal.o)
      _r_anal_var_add in libr_anal.a(var.o)
      ...
  "_sdb_set_owned", referenced from:
      _Pe32_r_bin_pe_init_hdr in libr_bin.a(pe.o)
      _Pe64_r_bin_pe_init_hdr in libr_bin.a(pe64.o)
  "_sdb_sync", referenced from:
      _cmd_kuery in libr_core.a(cmd.o)
      _r_anal_xrefs_save in libr_anal.a(xrefs.o)
      _r_core_project_save in libr_core.a(project.o)
  "_sdb_unset", referenced from:
      _r_anal_var_delete in libr_anal.a(var.o)
      _r_anal_var_access_clear in libr_anal.a(var.o)
      _r_anal_var_rename in libr_anal.a(var.o)
      _r_anal_fcn_var_del_bydelta in libr_anal.a(var.o)
      _r_bin_list_archs in libr_bin.a(bin.o)
      _remove_meta_fileline in libr_core.a(cmd.o)
      _remove_meta_offset in libr_core.a(cmd.o)
      ...
  "_wind_bkpt", referenced from:
      _r_debug_wind_breakpoint in libr_debug.a(debug_wind.o)
  "_wind_break", referenced from:
      _r_debug_wind_wait in libr_debug.a(debug_wind.o)
  "_wind_break_read", referenced from:
      _wstatic_debug_break in libr_debug.a(debug_wind.o)
  "_wind_continue", referenced from:
      _r_debug_wind_continue in libr_debug.a(debug_wind.o)
      _r_debug_wind_wait in libr_debug.a(debug_wind.o)
  "_wind_ctx_free", referenced from:
      ___close in libr_io.a(io_windbg.o)
      _r_debug_wind_attach in libr_debug.a(debug_wind.o)
  "_wind_ctx_new", referenced from:
      ___open in libr_io.a(io_windbg.o)
  "_wind_get_target", referenced from:
      ___read in libr_io.a(io_windbg.o)
      ___write in libr_io.a(io_windbg.o)
      _r_debug_wind_select in libr_debug.a(debug_wind.o)
  "_wind_get_target_base", referenced from:
      _r_debug_wind_select in libr_debug.a(debug_wind.o)
  "_wind_list_process", referenced from:
      _r_debug_wind_pids in libr_debug.a(debug_wind.o)
  "_wind_read_at", referenced from:
      ___read in libr_io.a(io_windbg.o)
  "_wind_read_at_phys", referenced from:
      ___read in libr_io.a(io_windbg.o)
  "_wind_read_reg", referenced from:
      _r_debug_wind_reg_read in libr_debug.a(debug_wind.o)
  "_wind_read_ver", referenced from:
      _r_debug_wind_attach in libr_debug.a(debug_wind.o)
  "_wind_set_cpu", referenced from:
      _r_debug_wind_wait in libr_debug.a(debug_wind.o)
  "_wind_set_target", referenced from:
      _r_debug_wind_select in libr_debug.a(debug_wind.o)
  "_wind_sync", referenced from:
      _r_debug_wind_attach in libr_debug.a(debug_wind.o)
  "_wind_va_to_pa", referenced from:
      ___read in libr_io.a(io_windbg.o)
      ___write in libr_io.a(io_windbg.o)
  "_wind_wait_packet", referenced from:
      _r_debug_wind_wait in libr_debug.a(debug_wind.o)
  "_wind_write_at", referenced from:
      ___write in libr_io.a(io_windbg.o)
  "_wind_write_at_phys", referenced from:
      ___write in libr_io.a(io_windbg.o)
  "_wind_write_reg", referenced from:
      _r_debug_wind_reg_write in libr_debug.a(debug_wind.o)
  "_zip_add", referenced from:
      _r_io_zip_flush_file in libr_io.a(io_zip.o)
  "_zip_close", referenced from:
      _r_io_zip_slurp_file in libr_io.a(io_zip.o)
      _r_io_zip_get_files in libr_io.a(io_zip.o)
      _r_io_zip_flush_file in libr_io.a(io_zip.o)
      _r_io_zip_alloc_zipfileobj in libr_io.a(io_zip.o)
      _r_io_zip_get_by_file_idx in libr_io.a(io_zip.o)
  "_zip_fclose", referenced from:
      _r_io_zip_slurp_file in libr_io.a(io_zip.o)
  "_zip_fopen_index", referenced from:
      _r_io_zip_slurp_file in libr_io.a(io_zip.o)
  "_zip_fread", referenced from:
      _r_io_zip_slurp_file in libr_io.a(io_zip.o)
  "_zip_get_num_files", referenced from:
      _r_io_zip_get_files in libr_io.a(io_zip.o)
      _r_io_zip_alloc_zipfileobj in libr_io.a(io_zip.o)
      _r_io_zip_get_by_file_idx in libr_io.a(io_zip.o)
  "_zip_name_locate", referenced from:
      _r_io_zip_flush_file in libr_io.a(io_zip.o)
  "_zip_open", referenced from:
      _r_io_zip_open_archive in libr_io.a(io_zip.o)
     (maybe you meant: _r_io_zip_open_archive, _r_io_zip_open_zip_file )
  "_zip_replace", referenced from:
      _r_io_zip_flush_file in libr_io.a(io_zip.o)
  "_zip_source_buffer", referenced from:
      _r_io_zip_flush_file in libr_io.a(io_zip.o)
  "_zip_source_free", referenced from:
      _r_io_zip_flush_file in libr_io.a(io_zip.o)
  "_zip_stat_index", referenced from:
      _r_io_zip_slurp_file in libr_io.a(io_zip.o)
      _r_io_zip_get_files in libr_io.a(io_zip.o)
      _r_io_zip_alloc_zipfileobj in libr_io.a(io_zip.o)
      _r_io_zip_get_by_file_idx in libr_io.a(io_zip.o)
  "_zip_stat_init", referenced from:
      _r_io_zip_slurp_file in libr_io.a(io_zip.o)
      _r_io_zip_get_files in libr_io.a(io_zip.o)
      _r_io_zip_alloc_zipfileobj in libr_io.a(io_zip.o)
      _r_io_zip_get_by_file_idx in libr_io.a(io_zip.o)
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [core_yara3.dylib] Error 1
make: *** [yara3] Error 2
$

Can't install radeco with r2pm

$ r2pm -i radeco
/Users/dukebarman/.config/radare2/www
Processing radeco ...
Already up-to-date.
Install Done For radeco
a Cargo.lock must exist before it is updated
$

Install Rust from official site
radare2 from git
OS: OS X 10.11.4

BCL - missing -fPIC argument to CC

Installing BCL in my environment triggers error like this:

> r2pm -i bcl
Processing bcl ...
Already up-to-date.
Install Done For bcl
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking target system type... x86_64-unknown-linux-gnu
checking for working directories... current
using prefix '/home/user/.config/radare2/prefix/'
checking for c compiler... gcc
Using PKGCONFIG: pkg-config
checking pkg-config flags for r_core... yes
checking for libewf ... yes
Using PKGCONFIG: pkg-config
checking pkg-config flags for libewf... yes
Using PKGCONFIG: pkg-config
checking pkg-config flags for unicorn... no
checking for libyara ... yes
Using PKGCONFIG: pkg-config
checking pkg-config flags for yara... yes
creating ./Makefile
creating ./options.mk
cleaning temporally files... done

Final report:
 - PREFIX = /home/user/.config/radare2/prefix/
make: Entering directory '/home/user/.config/radare2/r2pm/git/radare2-extras/bcl'
gcc -shared -I/home/user/.config/radare2/prefix//include/ -I/home/user/bin/prefix/radare2//include/libr -L/home/user/.config/radare2/prefix//lib/ -L/home/user/bin/prefix/radare2//lib -lr_asm -lr_syscall -lr_lang -lr_util -lr_parse -lr_flag -lr_cons -lr_reg -lr_anal -o asm_bcl.so asm_bcl.c
/usr/bin/ld: /tmp/ccFMMShm.o: relocation R_X86_64_PC32 against symbol `stderr@@GLIBC_2.2.5' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Bad value
collect2: error: ld returned 1 exit status
Makefile:11: recipe for target 'all' failed
make: *** [all] Error 1
make: Leaving directory '/home/user/.config/radare2/r2pm/git/radare2-extras/bcl'

feature: unicorn non x86 versions

missing mips/arm/etc. unicorns.

Add IPv6 support in PCAP plugin.

Currently it supports only IPv6. May be @SrimantaBarua has interest in this (or may be not).

Add scripts to detect if packed/obfuscated

Add a small script that compiled information from iI, p=? iS entropy yara, ssdeep, etc. and give a stats back if it's packed/obfuscated -> radareorg/radare2#7051

Read/Write DRX on r2k-x86

cc @jpenalbae @skuater @p4n74

Kill Yara2 support

3 years passed already - yara2 is dead, no reason to support it
move yara plugin back to the core?

question: should x86 keystone use nasm syntax

Loading gzipped yara rules is broken

This is most likely a problem in our gzip code.
We can't tell which rules are yara3 compatible until then.

libc detector for static binaries

apply zignatures/string matching with popular libc

Add r2pm for ramoji2

unicorn installation fails, debug_unicorn.c:199:23: error: too few arguments to function ‘r_debug_pid_new’ r_list_append (list, r_debug_pid_new ("???", pid, 's', 0));

r2pm up to date
radare2 1.4.0 14535 @ linux-x86-64 git.1.4.0-1-g40babe0

martin@Portable-Blue:~$ r2pm -i unicorn
Processing unicorn ...
Already up-to-date.
DEPENDS: unicorn-lib
on. 19. april 00:57:21 +0200 2017
Install Done For unicorn
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking target system type... x86_64-unknown-linux-gnu
checking for working directories... current
using prefix '/home/martin/.config/radare2/prefix'
checking for c compiler... gcc
Using PKGCONFIG: pkg-config
checking pkg-config flags for r_core... yes
checking for libewf ... no
Using PKGCONFIG: pkg-config
checking pkg-config flags for libewf... no
Using PKGCONFIG: pkg-config
checking pkg-config flags for unicorn... yes
checking for libyara ... no
Using PKGCONFIG: pkg-config
checking pkg-config flags for yara... no
creating ./Makefile
creating ./options.mk
cleaning temporally files... done

Final report:
 - PREFIX = /home/martin/.config/radare2/prefix
make: Entering directory '/home/martin/.config/radare2/r2pm/git/radare2-extras/unicorn'
make -C ../libr/debug clean
make[1]: Entering directory '/home/martin/.config/radare2/r2pm/git/radare2-extras/libr/debug'
make -C p clean
make[2]: Entering directory '/home/martin/.config/radare2/r2pm/git/radare2-extras/libr/debug/p'
Makefile:21: warning: overriding recipe for target 'debug_unicorn.so'
unicorn.mk:15: warning: ignoring old recipe for target 'debug_unicorn.so'
rm *.so *.o
rm: klarte ikke å fjerne '*.so': Fila eller mappa finnes ikke
rm: klarte ikke å fjerne '*.o': Fila eller mappa finnes ikke
Makefile:31: recipe for target 'clean' failed
make[2]: *** [clean] Error 1
make[2]: Leaving directory '/home/martin/.config/radare2/r2pm/git/radare2-extras/libr/debug/p'
Makefile:5: recipe for target 'clean' failed
make[1]: *** [clean] Error 2
make[1]: Leaving directory '/home/martin/.config/radare2/r2pm/git/radare2-extras/libr/debug'
Makefile:6: recipe for target 'clean' failed
make: *** [clean] Error 2
make: Leaving directory '/home/martin/.config/radare2/r2pm/git/radare2-extras/unicorn'
make: Entering directory '/home/martin/.config/radare2/r2pm/git/radare2-extras/unicorn'
make -C ../libr/debug
make[1]: Entering directory '/home/martin/.config/radare2/r2pm/git/radare2-extras/libr/debug'
make -C p
make[2]: Entering directory '/home/martin/.config/radare2/r2pm/git/radare2-extras/libr/debug/p'
Makefile:21: warning: overriding recipe for target 'debug_unicorn.so'
unicorn.mk:15: warning: ignoring old recipe for target 'debug_unicorn.so'
gcc -I/home/martin/.config/radare2/prefix/include -I/usr/include/libr -g -I/usr/local/include -L/usr/local/lib -I/usr/include/libr -g -DHAVE_PKGCFG_UNICORN=1 -I/home/martin/.config/radare2/prefix/include -fPIC -L/home/martin/.config/radare2/prefix/lib -lr_debug -lr_reg -lr_anal -lr_bp -lr_io -lr_parse -lr_cons -lr_syscall -lr_hash -lr_flag -lr_util -lr_socket -lr_reg -lr_util -g  -c debug_unicorn.c -o debug_unicorn.o
debug_unicorn.c: In function ‘r_debug_unicorn_pids’:
debug_unicorn.c:199:23: error: too few arguments to function ‘r_debug_pid_new’
  r_list_append (list, r_debug_pid_new ("???", pid, 's', 0));
                       ^
In file included from debug_unicorn.c:11:0:
/usr/include/libr/r_debug.h:396:18: note: declared here
 R_API RDebugPid *r_debug_pid_new(const char *path, int pid, int uid, char status, ut64 pc);
                  ^
debug_unicorn.c: At top level:
debug_unicorn.c:645:12: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types]
  .detach = &r_debug_unicorn_detach,
            ^
debug_unicorn.c:645:12: note: (near initialization for ‘r_debug_plugin_unicorn.detach’)
debug_unicorn.c:650:10: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types]
  .pids = &r_debug_unicorn_pids,
          ^
debug_unicorn.c:650:10: note: (near initialization for ‘r_debug_plugin_unicorn.pids’)
debug_unicorn.c:651:10: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types]
  .tids = &r_debug_unicorn_tids,
          ^
debug_unicorn.c:651:10: note: (near initialization for ‘r_debug_plugin_unicorn.tids’)
Makefile:15: recipe for target 'debug_unicorn.o' failed
make[2]: *** [debug_unicorn.o] Error 1
make[2]: Leaving directory '/home/martin/.config/radare2/r2pm/git/radare2-extras/libr/debug/p'
Makefile:2: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/home/martin/.config/radare2/r2pm/git/radare2-extras/libr/debug'
Makefile:2: recipe for target 'all' failed
make: *** [all] Error 2
make: Leaving directory '/home/martin/.config/radare2/r2pm/git/radare2-extras/unicorn'

Add Frida plugins (io, debug, core)

@radare is working on this and will push as soon as it's in an usable state

Creating Yara rule on the fly from the radare2 session

E.g. select block of hex and run some command to make Yara rule, based on that pattern.

(moved from radareorg/radare2#844)

unicorn problems

sudo r2pm -i unicorn
Processing unicorn ...
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 6 (delta 0), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (6/6), done.
From https://github.com/radare/radare2-extras
a409256..973bb8d master -> origin/master
Updating a409256..973bb8d
Fast-forward
libr/debug/p/debug_unicorn.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
Install Done For unicorn
make: Entering directory `/home/reu/.config/radare2/r2pm/git/radare2-extras/unicorn'
cd ../libr/debug ; PKG_CONFIG_PATH=/usr/lib/pkgconfig make
make[1]: Entering directory `/home/reu/.config/radare2/r2pm/git/radare2-extras/libr/debug'
make -C p
make[2]: Entering directory `/home/reu/.config/radare2/r2pm/git/radare2-extras/libr/debug/p'
Makefile:9: ../../../options.mk: No such file or directory
Makefile:21: warning: overriding commands for target `debug_unicorn.'
unicorn.mk:15: warning: ignoring old commands for target `debug_unicorn.'
make[2]: *** No rule to make target `../../../options.mk'. Stop.
make[2]: Leaving directory `/home/reu/.config/radare2/r2pm/git/radare2-extras/libr/debug/p'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/home/reu/.config/radare2/r2pm/git/radare2-extras/libr/debug'
make: *** [all] Error 2
make: Leaving directory `/home/reu/.config/radare2/r2pm/git/radare2-extras/unicorn'
make: *** No rule to make target `unicorn-install'. Stop

Adding MyCPU and a demo file format examples

Could be nice to add the MyCPU from https://github.com/radare/radare2/wiki/Implementing-a-new-architecture and also a demo fileformat https://github.com/radare/radare2/wiki/Implementing-a-new-format to show how to implement this in radare2-extras

Implement disSssembler and analyzer plugin for lua

Implement debugger for LibVMI

http://libvmi.com/

supporting KVM/XEN/QEMU io and debugging with r2.

The api is pretty simple, so its an easy task

Add all radare2-extras stuff to the coverity build

To build both radare2 and radare2-extras in one coverity build.

m68k negative branch produces invalid instruction

$ r2pm -i m68k
$ r2 -a m68k -b 32 -qc "s 0x100; wx 6affffffff7e; pi 1" -
invalid

expecting bpl.w 0x80

Implement plugins for naked-asm

We cant put this in core becauase of the license, but fits good in radare2-extras

https://github.com/mikeakohn/naken_asm

Feature: 6809 plugin

This issue is to track the bits of the MC6809 plugin currently in work.

Let me know in comments if anything else needed or wanted.

(please assign to me)

feature: 6800 plugin

note this is different from the 68k

https://en.wikipedia.org/wiki/Motorola_6800

Add script to convert magic rule into yara one

Makefile fatal issue when installing r2snow

Hello, I had a small problem during installation of r2snow.

>sudo r2pm -i r2snow
Already up-to-date.
Install Done For r2snow
cmake --version
cmake version 3.5.1

CMake suite maintained and supported by Kitware (kitware.com/cmake).
git clone -b feature/output-ranges https://github.com/fabianfreyer/snowman.git
fatal: destination path '"snowman" already exists and is not an empty directory.
...
ERROR: Build failed. You probably need 'brew install cartr/qt4/qt' and 'brew install boost' or 'sudo apt-get install libboost-dev libqt4-dev'

Before this I tried same command, but I didn't have libboost-dev and libqt4-dev dependencies. So problem in git clone, I guess. Can you edit Makefile so that he doesn't clone repository if it exists? Thank you.

Use qAPI for emulation

The full QAPI is describer here
It would be cool to have direct qemu support

Stack buffer overflow of parsing swf

Hi,

When I play with r2 and the swf plugin, it crashes with a buffer overflow.

(lldb) run
Process 54371 launched: '/usr/local/bin/r2' (x86_64)
2017-11-09 08:40:51.921302+0800 r2[54371:19870295] detected buffer overflow
Process 54371 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
    frame #0: 0x00007fff98965d42 libsystem_kernel.dylib`__pthread_kill + 10
libsystem_kernel.dylib`__pthread_kill:
->  0x7fff98965d42 <+10>: jae    0x7fff98965d4c            ; <+20>
    0x7fff98965d44 <+12>: movq   %rax, %rdi
    0x7fff98965d47 <+15>: jmp    0x7fff9895ecaf            ; cerror_nocancel
    0x7fff98965d4c <+20>: retq
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x00007fff98965d42 libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff98a53457 libsystem_pthread.dylib`pthread_kill + 90
    frame #2: 0x00007fff988cb420 libsystem_c.dylib`abort + 129
    frame #3: 0x00007fff988cb592 libsystem_c.dylib`abort_report_np + 181
    frame #4: 0x00007fff988f1f28 libsystem_c.dylib`__chk_fail + 48
    frame #5: 0x00007fff988f1ef8 libsystem_c.dylib`__chk_fail_overflow + 16
    frame #6: 0x00007fff988f1f8e libsystem_c.dylib`__memset_chk + 37
    frame #7: 0x0000000101a2de09 bin_swf.dylib`r_bin_swf_get_header + 169
    frame #8: 0x0000000101a2d9b7 bin_swf.dylib`entries + 119
    frame #9: 0x0000000100357d90 libr_bin.dylib`r_bin_object_set_items(binfile=0x0000000101c09ca0, o=0x0000000101b373a0) at bin.c:770
    frame #10: 0x000000010035aa35 libr_bin.dylib`r_bin_object_new(binfile=0x0000000101c09ca0, plugin=0x0000000101d00740, baseaddr=18446744073709551615, loadaddr=0, offset=0, sz=856) at bin.c:1377
    frame #11: 0x0000000100359ebc libr_bin.dylib`r_bin_file_new_from_bytes(bin=0x0000000101b09220, file="testfk.swf", bytes="CWS\x1b, sz=856, file_sz=856, rawstr=0, baseaddr=18446744073709551615, loadaddr=0, fd=3, pluginname=0x0000000000000000, xtrname=0x0000000000000000, offset=0, steal_ptr=true) at bin.c:1567
    frame #12: 0x00000001003598c4 libr_bin.dylib`r_bin_load_io_at_offset_as_sz(bin=0x0000000101b09220, fd=3, baseaddr=18446744073709551615, loadaddr=0, xtr_idx=0, offset=0, name=0x0000000000000000, sz=856) at bin.c:1118
    frame #13: 0x0000000100358ad6 libr_bin.dylib`r_bin_load_io_at_offset_as(bin=0x0000000101b09220, fd=3, baseaddr=18446744073709551615, loadaddr=0, xtr_idx=0, offset=0, name=0x0000000000000000) at bin.c:1132
    frame #14: 0x0000000100358970 libr_bin.dylib`r_bin_load_io(bin=0x0000000101b09220, fd=3, baseaddr=18446744073709551615, loadaddr=0, xtr_idx=0) at bin.c:1021
    frame #15: 0x0000000100196584 libr_core.dylib`r_core_file_do_load_for_io_plugin(r=0x00000001000084e0, baseaddr=18446744073709551615, loadaddr=0) at file.c:406
    frame #16: 0x000000010019507f libr_core.dylib`r_core_bin_load(r=0x00000001000084e0, filenameuri="testfk.swf", baddr=18446744073709551615) at file.c:563
    frame #17: 0x0000000100003962 r2`main(argc=2, argv=0x00007fff5fbff548, envp=0x00007fff5fbff560) at radare2.c:1009
    frame #18: 0x00007fff98837235 libdyld.dylib`start + 1
    frame #19: 0x00007fff98837235 libdyld.dylib`start + 1

Checking the code, turns out a simple stack buffer overflow.

// https://github.com/radare/radare2-extras/blob/master/libr/bin/format/swf/swf_specs.h
#define SWF_HDR_MIN_SIZE 12

// https://github.com/radare/radare2-extras/blob/master/libr/bin/format/swf/swf.h
typedef struct __attribute__((__packed__)) {
  ut8 signature[3];
  ut8 version;
  ut32 file_size;
  ut8 rect_size;
  ut16 frame_rate;
  ut16 frame_count;
} swf_hdr;

// https://github.com/radare/radare2-extras/blob/master/libr/bin/p/bin_swf.c
static RList* entries(RBinFile *arch) {
  RList *ret = NULL;
  RBinAddr *ptr = NULL;

  if (!(ret = r_list_new()))
    return NULL;
  if (!(ptr = R_NEW0 (RBinAddr)))
    return ret;

  swf_hdr header;        // stack variable
  header = r_bin_swf_get_header(arch);
  // ...
}

// https://github.com/radare/radare2-extras/blob/master/libr/bin/format/swf/swf.c
swf_hdr r_bin_swf_get_header(RBinFile *arch) {
  swf_hdr header;     // stack variable
  ut8 nBits;

  /* First, get the rect size */
  r_buf_read_at (arch->buf, 8, (ut8*)&nBits, 1);
  nBits = (nBits & 0xf8) >> 3;
  ut32 rect_size_bits = nBits*4 + 5;
  ut32 rect_size_bytes = rect_size_bits / 8;
  if (rect_size_bits % 8) rect_size_bytes++;

  /* Read the whole header */
  memset(&header, 0, SWF_HDR_MIN_SIZE + rect_size_bytes);   // stack overflow
  r_buf_read_at(arch->buf, 0, (ut8*)&header, 8);
  // ...
}

the header is a variable on the stack, the memset call with size of SWF_HDR_MIN_SIZE + rect_size_bytes will easily exceeds the bound, leads to buffer overflow.

The parser needs to decompress the flash file first when it's compressed flash(CWS/ZWS) and proceed the parse logic IMHO.

Cheers.

unicorn can't write to stack

http://asciinema.org/a/0hmkp0d1hmoperusk09v2hck6

notice stack never does anything on push/pop

Add some useful rules to yara

It would be nice to be able to have rules for:

hostnames
ipv4 and ipv6
credit-card numbers
emails

for credit cards we should cook some regexes compatible with libmagic from this: http://www.paypalobjects.com/en_US/vhelp/paypalmanager_help/credit_card_numbers.htm

Moved from radareorg/radare2#1139

Without debugger handler for Unicorn

Try to install unicorn plugin to radare2 but don't see in list:

$ r2 /bin/ls
[0x00404890]> dh unicorn
[0x00404890]>
[0x00404890]> dh?
0  ---  wind     LGPL3
1  ---  rap      LGPL3
2  dbg  native   LGPL3
3  ---  gdb      LGPL3
4  ---  esil     LGPL3
5  ---  bf       LGPL3

Unicorn work. For install used readme-file https://github.com/radare/radare2-extras/tree/master/unicorn

P.S. May be add some text for absent debuggers?

Building and using radare2-extras.

Hi,
I want use radare2 for analyze programs written for processors BlackFin. As I understand, disassembler for BlaskFin contains only in radare2-extras branch. I installed radare2 on Ubuntu as it describe in https://github.com/radare/radare2 . As I understand, now i should build radare2-extras for add BlackFin disassembler in radare2. I used git clone and get file from https://github.com/radare/radare2-extras , this file contains in home folder. After this I try build radare2-extras as it describe in https://github.com/radare/radare2-extras , but I meet the following challenges:
After
./configure --prefix=/usr
make baleful
I can't found baleful-install and can't use make for this.
Sorry for stupid question, but what I should to do? Should I download or install another packet? Should I make radare2-extras with file, contains in main branch?

I tried to install a new version of unicorn (with patch) but r2pm installed old version.
I tried install unicorn plugin on other comp and haven't got libglibc2.0-dev package so process was stopped. And I couldn't restart install because some files from qemu had other permissions (~/.config/radare2/r2pm/git/unicorn/qemu/config-temp/*)

Can't install unicorn with r2pm

$ r2pm -i unicorn
/Users/dukebarman/.config/radare2/www
Processing unicorn ...
Already up-to-date.
Install Done For unicorn
checking build system type... x86_64-unknown-darwin
checking host system type... x86_64-unknown-darwin
checking target system type... x86_64-unknown-darwin
checking for working directories... current
using prefix '/Users/dukebarman/.config/radare2/prefix'
checking for c compiler... gcc
Using PKGCONFIG: pkg-config
checking pkg-config flags for r_core... no
This package is required
cd ../libr/debug ; PKG_CONFIG_PATH=/usr/lib/pkgconfig /Applications/Xcode.app/Contents/Developer/usr/bin/make
/Applications/Xcode.app/Contents/Developer/usr/bin/make -C p
Makefile:9: ../../../options.mk: No such file or directory
Makefile:21: warning: overriding commands for target `debug_unicorn.dylib'
unicorn.mk:15: warning: ignoring old commands for target `debug_unicorn.dylib'
make[2]: *** No rule to make target `../../../options.mk'.  Stop.
make[1]: *** [all] Error 2
make: *** [all] Error 2
make: *** No rule to make target `unicorn-install'.  Stop.

radare2 from git
OS: OS X 10.11.4

keystone build fails because -lc++ flag used

In this commit 467d478 flag -lc++ is added, and compiling fails:

$ r2pm -i keystone
r_config_set: variable 'file.id' not found
r_config_set: variable 'file.flag' not found
r_config_set: variable 'file.analyze' not found
Processing keystone ...
Already up-to-date.
Install Done For keystone
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking target system type... x86_64-unknown-linux-gnu
checking for working directories... current
using prefix '/home/user/.config/radare2/prefix/'
checking for c compiler... gcc
checking for c++ compiler... g++
checking for libkeystone ... yes
Using PKGCONFIG: pkg-config
checking pkg-config flags for r_asm... yes
creating ./config.mk
cleaning temporally files... done
rm -f *.so
make asm_arm_ks.so
make[1]: Entering directory `/home/user/.config/radare2/r2pm/git/radare2-extras/keystone'
gcc -lc++ -fPIC -shared -Wall -I/usr/include/libr -lr_asm -lr_syscall -lr_lang -lr_util -lr_parse -lr_flags -lr_cons -lr_reg -lr_anal -I/usr/local/include   -L/usr/local/lib -lkeystone   -o asm_arm_ks.so asm_arm_ks.c -lkeystone
/usr/bin/ld: cannot find -lc++
collect2: error: ld returned 1 exit status
make[1]: *** [asm_arm_ks.so] Error 1
make[1]: Leaving directory `/home/user/.config/radare2/r2pm/git/radare2-extras/keystone'
make: *** [arm] Error 2

I had to edit Makefile and remove this -lc++ flag. Maybe on some OS-es this flag is important
OS: Ubuntu 14.04.5 LTS if this matters