This repository has been archived by the owner on Jan 16, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Features
Chase Kanipe edited this page Jun 13, 2020
·
1 revision
- States list registers
- States list dissassembly
- Misc easy to implement commands
- Get basic scripting working
- Document installation
- Wiki and tutorial
- Short tool overview
- Visual mode auto refresh
- Long tutorial video
- Bug fixes, make commands more robust
- Document installation
- Wiki and tutorial
- Short tool overview
- Long tutorial video
- Basic initialization:
mi - Initialize at arbitrary memory location
- Add all the exploration methods
- Symbolize arbitrary number of arguments (use -d arguments to set them initially)
- Initialize on function with current debugger args, specific args, or symbolic args
- Basic emulation:
mc,mcs,mcb,mcu,mco - Basic exploration:
me,meu - Explore for certain output
- Implement staged exploration
- Add avoid/find annotation commands
- Basic watchpoint commands:
mw,mwl - More watchpoint commands (remove watchpoints, run command at watchpoints)
- Switch between concrete and symbolic execution
- Basic state manipulation:
ms,msl,msk,msr,mse,mss - Group state operations:
mska,msra - Print more detailed state information
- Print info while killing/reviving/extracting states
- Kill/revive based on output
- State seeking by index
- States outputs and inputs printing
- Print even more detailed state information (current function, ...)
- Commands to symbolize registers or stack values with different data types
- Commands to symbolize variables
- PEDA like view option
- Finalize found/active highlighting and stashing
- Indent all printing according to call/loop hierarchy
- Implement custom radare2 panels view for exploration
- Print log of a state history
- If enabled, replace commands like
drwith symbolic information - Graph an emulation history, with branches at state splitting and annotations for loops, branches, etc
- Standardize print messages with formats like [DEBUG] [PRINT] [HOOK] etc
- Command to print detailed info about state at current address. Can be used with visual panels mode.
- Annotate graph with state split locations
- Brainstorm list of features
- Integrate or reimplement functionality of rex
- Analysis commands for loops, functions, etc
- Move analysis commands to the hook clasification
- List hooks
- When hooking function calls, print args
- Print function return values
- Command to add hooks at locations, run some r2 command there
- When state splits, print [1|2] => [1|3] with split address
- Add custom hooks for strlen, etc that ask for length or arbitrary length. Can also set this in the config.
- Deal with offets for PIE
- Commands to edit config.txt file
- Integrate ghidra with the disassembler
- Watchpoint comment hit count doesn't work
- Watchpoint hits should work per state
- Remove watchpoints unimplemented
- der command broken
- Tools for dealing with path explosion
- Get working as scripting engine
- Easy way to edit script inside radare2 that runs at the beginning. Can add custom hooks this way.
- Make commands robust, go through and check for bugs
- Write wiki for this project. Write tutorial for this project