yrp604 / rappel Goto Github PK

Say I'm in an interactive session and run .showmap which returns the following

f7fd8000-f7fdb000 r--p 00000000 00:00 0                                  [vvar]
f7fdb000-f7fdc000 r-xp 00000000 00:00 0                                  [vdso]
ff8aa000-ff8cd000 rwxp 00000000 00:00 0                                  [stack]

Why doesn't .write 0xff8aa000 0x7f and then reading it .read 0xff8ea000 0x1 show 7f?

If I instead do
mov dword [0xff8aa000], 0x7f and follow up with .read 0xff8ea000 0x1 it does show that 7f has been written.

P.S. What does [vvar] and [vdso] mean?

Hi I was trying the same exact example as the README.md and my esp just stays at 0x30 for any PUSH and POP operations

Hey,

Can we have a history feature in the REPL? So when I relaunch ./rappel I can use arrow up to get previous input.

on ubuntu(Linux ubuntu 5.15.0-91-generic ) amd64, after 'push rax', the rsp is always 33:

> inc rax
rax=0000000000000002 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000400004 rsp=0000000000000033 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
[cf=0, zf=0, of=0, sf=0, pf=0, af=0, df=0]
cs=002b  ss=0000  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202
> push rax
rax=0000000000000002 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000400002 rsp=0000000000000033 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
[cf=0, zf=0, of=0, sf=0, pf=0, af=0, df=0]
cs=002b  ss=0000  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202

I think it would be better by default if only registers which had changed value were displayed, and this may be none.  That would save me having to hunt for the ones I expect to change, and also highlight if unexpected ones had altered.

Someone asked about xmm registers. If you pass -x it will dump out quite a bit of info.

This is pretty cool. However, since the display is huge, it would be nice to be able to invoke a special command, that would switch the display of XMM registers.

This might be useful for making screenshots of rappel 🤷

I have submitted a package for this program to Arch's AUR: https://aur.archlinux.org/packages/rappel-git

Thanks for this, I love REPLs!

I encountered a 'make' error when using an old version of libedit-dev (3.1-20130712) on my Ubuntu Trusty box.

I am new to C, my newb question is: how are library version requirements specified?.

Details:
the commit requiring a newer version is c8aeae9 ; it uses an identifier (H_SAVE_FP) that is not present in libedit-dev 3.1-20130712-2 (latest on Ubuntu Trusty).

make fails on trusty (libedit-dev 3.1-20130712-2): https://travis-ci.org/emig/rappel/builds/544237957#L481-L488
make builds on xenial (3.1-20150325-1ubuntu2): https://travis-ci.org/emig/rappel/builds/544237957#L481-L488

I wasn't able to find the precise version of libedit-dev that starts working with the code. The closer I got is the change on the libedit history.c file that brings the new identifier http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libedit/history.c.diff?r1=1.46&r2=1.47&sortby=date&f=h
since the header file wasn't on this repository, I assume it is generated from it.

what do you think about using Keystone for assembling for Rappel, which offers more flexibility as a true framework?

http://www.keystone-engine.org/

cheers.

➜ rappel git:(master) make ARCH=x86

/usr/bin/ld: cannot find -ledit
collect2: error: ld returned 1 exit status
Makefile:52: recipe for target 'bin/rappel' failed
make: *** [bin/rappel] Error 1

OS: Linux 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
cc: gcc

Hi,
I think init_module[1] and finit_module[1] could help us run in ring 0 mode. Would it be too hard to implement? Thoughts?
Use case could be anything involving quickly hacking and prototyping stuff in kernel mode.

Ref:

1. http://man7.org/linux/man-pages/man2/init_module.2.html

Observed that assembling instructions like mov rax, rbbx remove the /dev/stdout file when running as root

I've installed libedit-dev on debian buster and tried following the steps of running CC=clang make and get the following error:

/usr/bin/ld: skipping incompatible //usr/lib/x86_64-linux-gnu/libedit.so when searching for -ledit
/usr/bin/ld: skipping incompatible //usr/lib/x86_64-linux-gnu/libedit.a when searching for -ledit
/usr/bin/ld: cannot find -ledit

what could be causing this?

When I try to execute any instruction (for example, inc rax), I get the following output before the list of registers (which do not change).

ptrace() - failed to write value 0xccccccccccc0ff48 to 0x0000000000400000

When executing with -v, I get the following:

Trying to assemble(8):
inc rax
@nasm is pid 6057
Process 6057 has exited with status 0
Got asm(3):
48 ff c0                                                H..
ptrace_write: 0x0000000000400000 = 0xccccccccccc0ff48
ptrace() - failed to write value 0xccccccccccc0ff48 to 0x0000000000400000

I am wondering if this is because of Grsec's PaX, but if it is, there was nothing registered in dmesg as there usually is. Any idea what might be going wrong?

I'd like to contribute but I would like a clear indication for the license under which a contribution would be accepted. I didn't see a COPYING or LICENSE in the repo.

As a teaser: I have a working but currently memory-leaky port of assemble_intel to use the LLVM MC assembler instead of shelling out to nasm. It definitely still needs some clean-up, and it'd probably be nice if I figure out how to support both with user choice.

I've been using this for an implementation of a vm I've been working on to debug and get proper test results but I'm starting to come into problems particularly with the string operations movs and cmps as well as anything that loops or uses subroutines. Is there a particular way I should be using this to unlock these capabilities or am I screwed?

Thanks for the great work! The tool works just as I've imagined of an ASM REPL. I'm learning x86_64 assembly, but started with ATT style and can hardly read Intel ones, let alone writing them. Is there a way to switch to ATT syntax?

Ran sudo apt-get install libedit-dev followed by make.

Then I ran bin/rappel on a Linux based x86 system.

Received the following error:

> nop
Trying to assemble(4):
nop
nasm is pid 5678
execlp: No such file or directory
nasm exited 1.
Got asm(0):
'' assembled to 0 length bytecode
> 

After:

> mov qword [rsp-0x1234], 0x1122334455667788
> mov qword rbx, [rsp-0x1234]

The result in rbx is:

rbx: 0x0000000055667788

The fact is that the first instruction is not really valid as the operand size is too big. Actually it prints out a warning about it, but it is super easy to miss it:

> mov qword [rsp-0x1234], 0x1122334455667788
/dev/fd/3:3: warning: signed dword immediate exceeds bounds [-w+number-overflow]
/dev/fd/3:3: warning: dword data exceeds bounds [-w+number-overflow]

Can we make this warning an error and not continue on that?

Originally reported in termux/termux-packages#6100

Currently Rappel displays 4 registers per column. On Android termux with visible size font, the last row gets wrapped. Is it possible to display 2 register per column for a better register view on Termux Android screen