RAGG2(1) BSD General Commands Manual RAGG2(1)NAMEragg2 — radare2 frontend for r_egg, compile programs into tiny binaries
for x86-32/64 and arm.
SYNOPSISragg2 [-a arch] [-b bits] [-k kernel] [-f format] [-o file]
[-i shellcode] [-I path] [-e encoder] [-B hexpairs] [-c k=v]
[-C file] [-n num32] [-N num64] [-d off:dword] [-D off:qword]
[-w off:hexpair] [-p padding] [-P pattern] [-q fragment]
[-FOLsrxvhz]
DESCRIPTIONragg2 is a frontend for r_egg, compile programs into tiny binaries for
x86-32/64 and arm.
This tool is experimental and it is a rewrite of the old rarc2 and
rarc2-tool programs as a library and integrated with r_asm and r_bin.
Programs generated by r_egg are relocatable and can be injected in a run‐
ning process or on-disk binary file.
ragg2-cc is another tool that comes with r2 and it is used to generate
shellcodes from C code. The final code can be linked with rabin2 and it
is relocatable, so it can be used to inject it on any remote process.
ragg2-cc is conceptually based on shellforge4, but only linux/osx
x86-32/64 platforms are supported.
DIRECTIVES
The rr2 (ragg2) configuration file accepts the following directives,
described as key=value entries and comments defined as lines starting
with '#'.
-a arch set architecture x86, arm
-b bits 32 or 64
-k kernel windows, linux or osx
-f format select binary format (pe, elf, mach0)
-o file output file to write result of compilation
-i shellcode
specify shellcode name to be used (see -L)
-e encoder specify encoder name to be used (see -L)
-B hexpair specify shellcode as hexpairs
-c k=v set configure option for the shellcode encoder. The argument
must be key=value.
-C file include contents of file
-d off:dword
Patch final buffer with given dword at specified offset
-D off:qword
Patch final buffer with given qword at specified offset
-w off:hexpairs
Patch final buffer with given hexpairs at specified offset
-n num32 Append a 32bit number in little endian
-N num64 Append a 64bit number in little endian
-p padding Specify generic paddings with a format string. Use lowercase
letters to prefix, and uppercase to suffix, keychars are. 'n'
for nop, 't' for trap, 'a' for sequence and 's' for zero.
-P size Prepend debruijn sequence of given length.
-q fragment
Output offset of debruijn sequence fragment.
-F autodetect native file format (osx=mach0, linux=elf, ..)
-O use default output file (filename without extension or a.out)
-I path add include path
-s show assembler code
-r show raw bytes instead of hexpairs
-x execute (just-in-time)
-z output in C string syntax
EXAMPLE
$ cat hi.r
/* hello world in r_egg */
write@syscall(4); //x64 write@syscall(1);
exit@syscall(1); //x64 exit@syscall(60);
main@global(128) {
.var0 = "hi!\n";
write(1,.var0, 4);
exit(0);
}
$ ragg2-O -F hi.r
$ ./hi
hi!
$ cat hi.c
main() {
write(1, "Hello0, 6);
exit(0);
}
$ ragg2 hi.c
$ ./hi.c.bin
Hello
SEE ALSOradare2(1), rahash2(1), rafind2(1), rabin2(1), rafind2(1), radiff2(1),
rasm2(1),
AUTHORS
Written by pancake <pancake@nopcode.org>.
Sep 30, 2014