Scroll to navigation

RAGG2(1) General Commands Manual RAGG2(1)

NAME

ragg2
radare2 frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm.

SYNOPSIS

ragg2 [-a arch] [-b bits] [-k kernel] [-f format] [-o file] [-i shellcode] [-I path] [-e encoder] [-B hexpairs] [-c k=v] [-C file] [-n num32] [-N num64] [-d off:dword] [-D off:qword] [-w off:hexpair] [-p padding] [-P pattern] [-q fragment] [-FOLsrxvhz]

DESCRIPTION

ragg2 is a frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm.

This tool is experimental and it is a rewrite of the old rarc2 and rarc2-tool programs as a library and integrated with r_asm and r_bin.

Programs generated by r_egg are relocatable and can be injected in a running process or on-disk binary file.

ragg2-cc is another tool that comes with r2 and it is used to generate shellcodes from C code. The final code can be linked with rabin2 and it is relocatable, so it can be used to inject it on any remote process.

ragg2-cc is conceptually based on shellforge4, but only linux/osx x86-32/64 platforms are supported.

DIRECTIVES

The rr2 (ragg2) configuration file accepts the following directives, described as key=value entries and comments defined as lines starting with '#'.
arch
set architecture x86, arm
bits
32 or 64
kernel
windows, linux or osx
format
select binary format (pe, elf, mach0)
file
output file to write result of compilation
shellcode
specify shellcode name to be used (see -L)
encoder
specify encoder name to be used (see -L)
hexpair
specify shellcode as hexpairs
k=v
set configure option for the shellcode encoder. The argument must be key=value.
file
include contents of file
off:dword
Patch final buffer with given dword at specified offset
off:qword
Patch final buffer with given qword at specified offset
off:hexpairs
Patch final buffer with given hexpairs at specified offset
num32
Append a 32bit number in little endian
num64
Append a 64bit number in little endian
padding
Specify generic paddings with a format string.
size
Prepend debruijn sequence of given length.
fragment
Output offset of debruijn sequence fragment.
autodetect native file format (osx=mach0, linux=elf, ..)
use default output file (filename without extension or a.out)
path
add include path
show assembler code
show raw bytes instead of hexpairs
execute (just-in-time)
output in C string syntax

EXAMPLE


$ cat hi.r
/* hello world in r_egg */
write@syscall(4); //x64 write@syscall(1);
exit@syscall(1); //x64 exit@syscall(60);


main@global(128) {
.var0 = "hi!\n";
write(1,.var0, 4);
exit(0);
}
$ ragg2 -O -F hi.r
$ ./hi
hi!


$ cat hi.c
main() {
write(1, "Hello0, 6);
exit(0);
}
$ ragg2 hi.c
$ ./hi.c.bin
Hello

SEE ALSO

radare2(1), rahash2(1), rafind2(1), rabin2(1), rafind2(1), radiff2(1), rasm2(1),

AUTHORS

Written by pancake <pancake@nopcode.org>.
September 30, 2014