SYNOPSIS
ragg2 [-a arch ] [-b bits ] [-k kernel ] [-f format ] [-o file ] [-i shellcode ] [-I path ] [-e encoder ] [-B hexpairs ] [-c k=v ] [-C file ] [-d off:dword ] [-D off:qword ] [-w off:hexpair ] [-p padding ] [-FOLsrxvh ]DESCRIPTION
ragg2 is a frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm.This tool is experimental and it is a rewrite of the old rarc2 and rarc2-tool programs as a library and integrated with r_asm and r_bin.
Programs generated by r_egg are relocatable and can be injected in a running process or on-disk binary file.
ragg2-cc is another tool that comes with r2 and it is used to generate shellcodes from C code. The final code can be linked with rabin2 and it is relocatable, so it can be used to inject it on any remote process.
ragg2-cc is conceptually based on shellforge4, but only linux/osx x86-32/64 platforms are supported.
DIRECTIVES
The rr2 (ragg2) configuration file accepts the following directives, described as key=value entries and comments defined as lines starting with '#'.
- -a arch
- set architecture x86, arm
- -b bits
- 32 or 64
- -k kernel
- windows, linux or osx
- -f format
- select binary format (pe, elf, mach0)
- -o file
- output file to write result of compilation
- -i shellcode
- specify shellcode name to be used (see -L)
- -e encoder
- specify encoder name to be used (see -L)
- -B hexpair
- specify shellcode as hexpairs
- -c k=v
- set configure option for the shellcode encoder. The argument must be key=value.
- -C file
- include contents of file
- -d off:dword
- Patch final buffer with given dword at specified offset
- -D off:qword
- Patch final buffer with given qword at specified offset
- -w off:hexpairs
- Patch final buffer with given hexpairs at specified offset
- -p padding
- Specify generic paddings with a format string.
- -F
- autodetect native file format (osx=mach0, linux=elf, ..)
- -O
- use default output file (filename without extension or a.out)
- -I path
- add include path
- -s
- show assembler code
- -x
- execute (just-in-time)
EXAMPLE
$ cat hi.r
/* hello world in r_egg */
write@syscall(4);
l(4);
exit@syscall(1);
l(1);
main@global(128) {
.var0 = "hi!\n";
write(1,.var0, 4);
exit(0);
}
$ ragg2 -O -F hi.r
$ ./hi
hi!
$ cat hi.c
main() {
write(1, "Hello, 6);
exit(0);
}
$ ragg2 hi.c
$ ./hi.c.bin
Hello