pancake/nop
9th April 2007, 05:20 AM
I have been playing a bit with haret and decided to write a io backend plugin for radare (http://radare.nopcode.org/).
The current state is a bit slow, unstable and buggy. But it's just a first commit.
radare will allow in a near future to assemble/disassemble directly via tcp to the physical memory of the wm device using haret as IO proxy.
Would be tricky to implement scripts for radare to remotely debug applications or hooking process functions, interpret memory structures, etc..
ATM it's just a proof of concept, so follow the git -devel branch.
pancake@~/prg/radare.git/src$ ./radare -u haret://192.168.1.83
;-- Welcome, this is HaRET pre-0.4.8-20070401_144835 running on WindowsCE v5.
;--
;-- Minimal virtual address: 00010000, maximal virtual address: 7FFFFFF
;--
;-- Detected machine 'Hermes' (Plat='PocketPC' OEM='HERM200'
;--
;-- CPU is ARM ARM arch 4T stepping 0 running in system mod
;--
;-- Enter 'HELP' for a short command summary
;--
open ro haret://192.168.1.83
[0x00000000000000]> x
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 0123456789ABCDEF0123
.---------------+--------------------------------------------------+---------------------.
0x00000000000000 7d00 00ea 0d00 00ea fcff ffea fbff ffea faff ffea }...................
0x00000000000014 f9ff ffea f8ff ffea 1100 00ea 4845 524d 3130 3020 ............HERM100
0x00000000000028 4950 4c20 4456 5400 312e 3030 0000 0000 0000 0000 IPL DVT.1.00........
0x0000000000003C 0000 0000 0010 80e5 0030 82e5 0050 84e5 feff ffea .........0...P......
0x00000000000050 4029 a0e3 c025 82e2 02f0 a0e1 0000 a0e1 0000 a0e1 @)...%..............
0x00000000000064 0000 a0e1 5604 a0e3 8010 90e5 7018 c1e3 6018 81e3 ....V.......p...`...
0x00000000000078 8010 80e5 5c13 9fe5 0410 80e5 5823 9fe5 0020 80e5 ....\.......X#... ..
0x0000000000008C c81f a0e3 1410 80e5 4c23 9fe5 1020 80e5 4833 9fe5 ........L#... ..H3..
0x000000000000A0 1830 80e5 0110 a0e3 2410 80e5 3c23 9fe5 2020 80e5 .0......$...<#.. ..
The current state is a bit slow, unstable and buggy. But it's just a first commit.
radare will allow in a near future to assemble/disassemble directly via tcp to the physical memory of the wm device using haret as IO proxy.
Would be tricky to implement scripts for radare to remotely debug applications or hooking process functions, interpret memory structures, etc..
ATM it's just a proof of concept, so follow the git -devel branch.
pancake@~/prg/radare.git/src$ ./radare -u haret://192.168.1.83
;-- Welcome, this is HaRET pre-0.4.8-20070401_144835 running on WindowsCE v5.
;--
;-- Minimal virtual address: 00010000, maximal virtual address: 7FFFFFF
;--
;-- Detected machine 'Hermes' (Plat='PocketPC' OEM='HERM200'
;--
;-- CPU is ARM ARM arch 4T stepping 0 running in system mod
;--
;-- Enter 'HELP' for a short command summary
;--
open ro haret://192.168.1.83
[0x00000000000000]> x
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 0123456789ABCDEF0123
.---------------+--------------------------------------------------+---------------------.
0x00000000000000 7d00 00ea 0d00 00ea fcff ffea fbff ffea faff ffea }...................
0x00000000000014 f9ff ffea f8ff ffea 1100 00ea 4845 524d 3130 3020 ............HERM100
0x00000000000028 4950 4c20 4456 5400 312e 3030 0000 0000 0000 0000 IPL DVT.1.00........
0x0000000000003C 0000 0000 0010 80e5 0030 82e5 0050 84e5 feff ffea .........0...P......
0x00000000000050 4029 a0e3 c025 82e2 02f0 a0e1 0000 a0e1 0000 a0e1 @)...%..............
0x00000000000064 0000 a0e1 5604 a0e3 8010 90e5 7018 c1e3 6018 81e3 ....V.......p...`...
0x00000000000078 8010 80e5 5c13 9fe5 0410 80e5 5823 9fe5 0020 80e5 ....\.......X#... ..
0x0000000000008C c81f a0e3 1410 80e5 4c23 9fe5 1020 80e5 4833 9fe5 ........L#... ..H3..
0x000000000000A0 1830 80e5 0110 a0e3 2410 80e5 3c23 9fe5 2020 80e5 .0......$...<#.. ..