Rizin
unix-like reverse engineering framework and cli tools
Classes | Functions
rz-find.c File Reference
#include <stdio.h>
#include <stdlib.h>
#include <rz_core.h>
#include <rz_main.h>
#include <rz_types.h>
#include <rz_search.h>
#include <rz_util.h>
#include <rz_util/rz_print.h>
#include <rz_cons.h>
#include <rz_lib.h>
#include <rz_io.h>
#include <rz_bin.h>

Go to the source code of this file.

Classes

struct  RzfindOptions
 

Functions

static void rzfind_options_fini (RzfindOptions *ro)
 
static void rzfind_options_init (RzfindOptions *ro)
 
static int rzfind_open (RzfindOptions *ro, const char *file)
 
static int hit (RzSearchKeyword *kw, void *user, ut64 addr)
 
static void print_bin_string (RzBinFile *bf, RzBinString *string, PJ *pj)
 
static int show_help (const char *argv0, int line)
 
static int rzfind_open_file (RzfindOptions *ro, const char *file, const ut8 *data, int datalen)
 
static int rzfind_open_dir (RzfindOptions *ro, const char *dir)
 
RZ_API int rz_main_rz_find (int argc, const char **argv)
 

Function Documentation

◆ hit()

static int hit ( RzSearchKeyword kw,
void *  user,
ut64  addr 
)
static

Definition at line 58 of file rz-find.c.

58  {
59  RzfindOptions *ro = (RzfindOptions *)user;
60  int delta = addr - ro->cur;
61  if (ro->cur > addr && (ro->cur - addr == kw->keyword_length - 1)) {
62  // This case occurs when there is hit in search left over
63  delta = ro->cur - addr;
64  }
65  if (delta < 0 || delta >= ro->bsize) {
66  eprintf("Invalid delta\n");
67  return 0;
68  }
69  char _str[128];
70  char *str = _str;
71  *_str = 0;
72  if (ro->showstr) {
73  if (ro->widestr) {
74  str = _str;
75  int i, j = 0;
76  for (i = delta; ro->buf[i] && i < sizeof(_str); i++) {
77  char ch = ro->buf[i];
78  if (ch == '"' || ch == '\\') {
79  ch = '\'';
80  }
81  if (!IS_PRINTABLE(ch)) {
82  break;
83  }
84  str[j++] = ch;
85  i++;
86  if (j > 80) {
87  strcpy(str + j, "...");
88  j += 3;
89  break;
90  }
91  if (ro->buf[i]) {
92  break;
93  }
94  }
95  str[j] = 0;
96  } else {
97  size_t i;
98  for (i = 0; i < sizeof(_str) - 1; i++) {
99  char ch = ro->buf[delta + i];
100  if (ch == '"' || ch == '\\') {
101  ch = '\'';
102  }
103  if (!ch || !IS_PRINTABLE(ch)) {
104  break;
105  }
106  str[i] = ch;
107  }
108  str[i] = 0;
109  }
110  } else {
111  size_t i;
112  for (i = 0; i < sizeof(_str) - 1; i++) {
113  char ch = ro->buf[delta + i];
114  if (ch == '"' || ch == '\\') {
115  ch = '\'';
116  }
117  if (!ch || !IS_PRINTABLE(ch)) {
118  break;
119  }
120  str[i] = ch;
121  }
122  str[i] = 0;
123  }
124  if (ro->json) {
125  const char *type = "string";
126  printf("%s{\"offset\":%" PFMT64d ",\"type\":\"%s\",\"data\":\"%s\"}",
127  ro->comma, addr, type, str);
128  ro->comma = ",";
129  } else if (ro->rad) {
130  printf("f hit%d_%d @ 0x%08" PFMT64x " ; %s\n", 0, kw->count, addr, ro->curfile);
131  } else {
132  if (ro->showstr) {
133  printf("0x%" PFMT64x " %s\n", addr, str);
134  } else {
135  printf("0x%" PFMT64x "\n", addr);
136  if (ro->pr) {
137  char *dump = rz_print_hexdump_str(ro->pr, addr, (ut8 *)ro->buf + delta, 78, 16, 1, 1);
138  printf("%s", dump);
139  free(dump);
140  }
141  }
142  }
143  return 1;
144 }
i
lzma_index ** i
Definition: index.h:629
printf
_Use_decl_annotations_ int __cdecl printf(const char *const _Format,...)
Definition: cs_driver.c:93
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
ut8
uint8_t ut8
Definition: lh5801.h:11
type
int type
Definition: mipsasm.c:17
cmd_descs_generate.str
str
Definition: cmd_descs_generate.py:785
rz_print_hexdump_str
RZ_API RZ_OWN char * rz_print_hexdump_str(RZ_NONNULL RzPrint *p, ut64 addr, RZ_NONNULL const ut8 *buf, int len, int base, int step, size_t zoomsz)
Prints a hexdump of buf at addr.
Definition: print.c:573
eprintf
#define eprintf(x, y...)
Definition: rlcc.c:7
IS_PRINTABLE
#define IS_PRINTABLE(x)
Definition: rz_str_util.h:10
PFMT64d
#define PFMT64d
Definition: rz_types.h:394
PFMT64x
#define PFMT64x
Definition: rz_types.h:393
RzfindOptions::showstr
bool showstr
Definition: rz-find.c:19
RzfindOptions::buf
ut8 * buf
Definition: rz-find.c:31
RzfindOptions::rad
bool rad
Definition: rz-find.c:20
RzfindOptions::bsize
ut64 bsize
Definition: rz-find.c:32
RzfindOptions::widestr
bool widestr
Definition: rz-find.c:26
RzfindOptions::pr
RzPrint * pr
Definition: rz-find.c:36
RzfindOptions::comma
const char * comma
Definition: rz-find.c:40
RzfindOptions::curfile
const char * curfile
Definition: rz-find.c:39
RzfindOptions::cur
ut64 cur
Definition: rz-find.c:35
RzfindOptions::json
bool json
Definition: rz-find.c:28
rz_search_keyword_t::keyword_length
ut32 keyword_length
Definition: rz_search.h:37
rz_search_keyword_t::count
int count
Definition: rz_search.h:40
delta
static st64 delta
Definition: vmenus.c:2425
addr
static int addr
Definition: z80asm.c:58

References addr, RzfindOptions::bsize, RzfindOptions::buf, RzfindOptions::comma, rz_search_keyword_t::count, RzfindOptions::cur, RzfindOptions::curfile, delta, eprintf, free(), i, IS_PRINTABLE, RzfindOptions::json, rz_search_keyword_t::keyword_length, PFMT64d, PFMT64x, RzfindOptions::pr, printf(), RzfindOptions::rad, rz_print_hexdump_str(), RzfindOptions::showstr, cmd_descs_generate::str, type, and RzfindOptions::widestr.

Referenced by add_hit_to_hits(), add_hit_to_sorted_hits(), construct_rop_gadget(), do_asm_search(), handle_forward_disassemble(), is_hit_inrange(), listcb(), print_rop(), prune_hits_in_addr_range(), prune_hits_in_hit_range(), rz_cmd_search(), rz_cons_grep_line(), rz_core_asm_back_disassemble_all(), rz_core_asm_bwdis_len(), rz_core_asm_hit_free(), rz_core_asm_hit_new(), rz_core_asm_strsearch(), rz_core_search_rop(), rz_core_visual_config(), rz_core_visual_trackflags(), rz_search_hit_new(), and rzfind_open_file().

◆ print_bin_string()

static void print_bin_string ( RzBinFile bf,
RzBinString string,
PJ pj 
)
static

Definition at line 146 of file rz-find.c.

146  {
147  rz_return_if_fail(bf && string);
148 
149  RzBinSection *s = rz_bin_get_section_at(bf->o, string->paddr, false);
150  if (s) {
151  string->vaddr = s->vaddr + (string->paddr - s->paddr);
152  }
153  string->vaddr = bf->o ? rz_bin_object_get_vaddr(bf->o, string->paddr, string->vaddr) : UT64_MAX;
154 
155  if (pj) {
156  const char *section_name = s ? s->name : "";
157  const char *type_string = rz_str_enc_as_string(string->type);
158  pj_o(pj);
159  pj_kn(pj, "vaddr", string->vaddr);
160  pj_kn(pj, "paddr", string->paddr);
161  pj_kn(pj, "ordinal", string->ordinal);
162  pj_kn(pj, "size", string->size);
163  pj_kn(pj, "length", string->length);
164  pj_ks(pj, "section", section_name);
165  pj_ks(pj, "type", type_string);
166  pj_ks(pj, "string", string->string);
167  pj_end(pj);
168  } else {
169  printf("%s\n", string->string);
170  }
171 }
rz_bin_get_section_at
RZ_API RZ_BORROW RzBinSection * rz_bin_get_section_at(RzBinObject *o, ut64 off, int va)
Find the binary section at offset off.
Definition: bin.c:611
rz_bin_object_get_vaddr
RZ_API ut64 rz_bin_object_get_vaddr(RzBinObject *o, ut64 paddr, ut64 vaddr)
Definition: bobj.c:669
s
static RzSocket * s
Definition: rtr.c:28
rz_return_if_fail
#define rz_return_if_fail(expr)
Definition: rz_assert.h:100
pj_end
RZ_API PJ * pj_end(PJ *j)
Definition: pj.c:87
pj_o
RZ_API PJ * pj_o(PJ *j)
Definition: pj.c:75
pj_ks
RZ_API PJ * pj_ks(PJ *j, const char *k, const char *v)
Definition: pj.c:170
pj_kn
RZ_API PJ * pj_kn(PJ *j, const char *k, ut64 n)
Definition: pj.c:121
rz_str_enc_as_string
RZ_API const char * rz_str_enc_as_string(RzStrEnc enc)
Definition: str.c:44
UT64_MAX
#define UT64_MAX
Definition: rz_types_base.h:86
rz_bin_file_t::o
RzBinObject * o
Definition: rz_bin.h:305
rz_bin_section_t
Definition: rz_bin.h:618
rz_bin_string_t::ordinal
ut32 ordinal
Definition: rz_bin.h:755
rz_bin_string_t::length
ut32 length
Definition: rz_bin.h:757
rz_bin_string_t::string
char * string
Definition: rz_bin.h:752
rz_bin_string_t::size
ut32 size
Definition: rz_bin.h:756
rz_bin_string_t::type
char type
Definition: rz_bin.h:758
rz_bin_string_t::paddr
ut64 paddr
Definition: rz_bin.h:754
rz_bin_string_t::vaddr
ut64 vaddr
Definition: rz_bin.h:753

References rz_bin_string_t::length, rz_bin_file_t::o, rz_bin_string_t::ordinal, rz_bin_string_t::paddr, pj_end(), pj_kn(), pj_ks(), pj_o(), printf(), rz_bin_get_section_at(), rz_bin_object_get_vaddr(), rz_return_if_fail, rz_str_enc_as_string(), s, rz_bin_string_t::size, rz_bin_string_t::string, rz_bin_string_t::type, UT64_MAX, and rz_bin_string_t::vaddr.

Referenced by rzfind_open_file().

◆ rz_main_rz_find()

RZ_API int rz_main_rz_find ( int  argc,
const char **  argv 
)

Definition at line 474 of file rz-find.c.

474  {
475  RzfindOptions ro;
476  rzfind_options_init(&ro);
477 
478  int c;
479  const char *file = NULL;
480 
481  RzGetopt opt;
482  rz_getopt_init(&opt, argc, argv, "a:ie:b:jmM:s:w:S:I:x:Xzf:F:t:E:rqnhvZ");
483  while ((c = rz_getopt_next(&opt)) != -1) {
484  switch (c) {
485  case 'a':
486  ro.align = rz_num_math(NULL, opt.arg);
487  break;
488  case 'r':
489  ro.rad = true;
490  break;
491  case 'i':
492  ro.identify = true;
493  break;
494  case 'j':
495  ro.json = true;
496  break;
497  case 'n':
498  ro.nonstop = 1;
499  break;
500  case 'm':
501  ro.mode = RZ_SEARCH_MAGIC;
502  break;
503  case 'e':
504  ro.mode = RZ_SEARCH_REGEXP;
505  ro.hexstr = 0;
506  rz_list_append(ro.keywords, (void *)opt.arg);
507  break;
508  case 'E':
509  ro.mode = RZ_SEARCH_ESIL;
510  rz_list_append(ro.keywords, (void *)opt.arg);
511  break;
512  case 's':
513  ro.mode = RZ_SEARCH_KEYWORD;
514  ro.hexstr = false;
515  ro.widestr = false;
516  rz_list_append(ro.keywords, (void *)opt.arg);
517  break;
518  case 'w':
519  ro.mode = RZ_SEARCH_KEYWORD;
520  ro.hexstr = false;
521  ro.widestr = true;
522  rz_list_append(ro.keywords, (void *)opt.arg);
523  break;
524  case 'I':
525  ro.import = true;
526  rz_list_append(ro.keywords, (void *)opt.arg);
527  break;
528  case 'S':
529  ro.symbol = true;
530  rz_list_append(ro.keywords, (void *)opt.arg);
531  break;
532  case 'b':
533  ro.bsize = rz_num_math(NULL, opt.arg);
534  break;
535  case 'M':
536  // XXX should be from hexbin
537  ro.mask = opt.arg;
538  break;
539  case 'f':
540  ro.from = rz_num_math(NULL, opt.arg);
541  break;
542  case 'F': {
543  size_t data_size;
544  char *data = rz_file_slurp(opt.arg, &data_size);
545  if (!data) {
546  eprintf("Cannot slurp '%s'\n", opt.arg);
547  return 1;
548  }
549  char *hexdata = rz_hex_bin2strdup((ut8 *)data, data_size);
550  if (hexdata) {
551  ro.mode = RZ_SEARCH_KEYWORD;
552  ro.hexstr = true;
553  ro.widestr = false;
554  rz_list_append(ro.keywords, (void *)hexdata);
555  }
556  free(data);
557  } break;
558  case 't':
559  ro.to = rz_num_math(NULL, opt.arg);
560  break;
561  case 'x':
562  ro.mode = RZ_SEARCH_KEYWORD;
563  ro.hexstr = 1;
564  ro.widestr = 0;
565  rz_list_append(ro.keywords, (void *)opt.arg);
566  break;
567  case 'X':
568  ro.pr = rz_print_new();
569  break;
570  case 'q':
571  ro.quiet = true;
572  break;
573  case 'v':
574  return rz_main_version_print("rz-find");
575  case 'h':
576  return show_help(argv[0], 0);
577  case 'z':
578  ro.mode = RZ_SEARCH_STRING;
579  break;
580  case 'Z':
581  ro.showstr = true;
582  break;
583  default:
584  return show_help(argv[0], 1);
585  }
586  }
587  if (opt.ind == argc) {
588  return show_help(argv[0], 1);
589  }
590  /* Enable quiet mode if searching just a single file */
591  if (opt.ind + 1 == argc && RZ_STR_ISNOTEMPTY(argv[opt.ind]) && !rz_file_is_directory(argv[opt.ind])) {
592  ro.quiet = true;
593  }
594  if (ro.json) {
595  printf("[");
596  }
597  for (; opt.ind < argc; opt.ind++) {
598  file = argv[opt.ind];
599 
600  if (RZ_STR_ISEMPTY(file)) {
601  eprintf("Cannot open empty path\n");
602  rz_list_free(ro.keywords);
603  return 1;
604  }
605  rzfind_open(&ro, file);
606  }
607  rz_list_free(ro.keywords);
608  if (ro.json) {
609  printf("]\n");
610  }
611  return 0;
612 }
NULL
#define NULL
Definition: cris-opc.c:27
show_help
static int show_help(const char *argv0, int line)
Definition: rz-find.c:173
rzfind_open
static int rzfind_open(RzfindOptions *ro, const char *file)
Definition: rz-find.c:456
rzfind_options_init
static void rzfind_options_init(RzfindOptions *ro)
Definition: rz-find.c:48
rz_list_append
RZ_API RZ_BORROW RzListIter * rz_list_append(RZ_NONNULL RzList *list, void *data)
Appends at the end of the list a new element.
Definition: list.c:288
rz_list_free
RZ_API void rz_list_free(RZ_NONNULL RzList *list)
Empties the list and frees the list pointer.
Definition: list.c:137
argv
static static fork const void static count static fd const char const char static newpath char char argv
Definition: sflib.h:40
rz_print_new
RZ_API RzPrint * rz_print_new(void)
Definition: print.c:56
rz_file_is_directory
RZ_API bool rz_file_is_directory(const char *str)
Definition: file.c:167
rz_file_slurp
RZ_API RZ_OWN char * rz_file_slurp(const char *str, RZ_NULLABLE size_t *usz)
Definition: file.c:454
rz_getopt_init
RZ_API void rz_getopt_init(RzGetopt *go, int argc, const char **argv, const char *ostr)
Definition: getopt.c:17
rz_getopt_next
RZ_API int rz_getopt_next(RzGetopt *opt)
Definition: getopt.c:29
rz_hex_bin2strdup
RZ_API char * rz_hex_bin2strdup(const ut8 *in, int len)
Definition: hex.c:415
rz_main_version_print
RZ_API int rz_main_version_print(const char *program)
Definition: main.c:49
rz_num_math
RZ_API ut64 rz_num_math(RzNum *num, const char *str)
Definition: unum.c:456
RZ_SEARCH_REGEXP
@ RZ_SEARCH_REGEXP
Definition: rz_search.h:18
RZ_SEARCH_STRING
@ RZ_SEARCH_STRING
Definition: rz_search.h:20
RZ_SEARCH_ESIL
@ RZ_SEARCH_ESIL
Definition: rz_search.h:16
RZ_SEARCH_MAGIC
@ RZ_SEARCH_MAGIC
Definition: rz_search.h:25
RZ_SEARCH_KEYWORD
@ RZ_SEARCH_KEYWORD
Definition: rz_search.h:17
RZ_STR_ISNOTEMPTY
#define RZ_STR_ISNOTEMPTY(x)
Definition: rz_str.h:68
RZ_STR_ISEMPTY
#define RZ_STR_ISEMPTY(x)
Definition: rz_str.h:67
c
#define c(i)
Definition: sha256.c:43
RzfindOptions::import
bool import
Definition: rz-find.c:22
RzfindOptions::symbol
bool symbol
Definition: rz-find.c:23
RzfindOptions::hexstr
bool hexstr
Definition: rz-find.c:25
RzfindOptions::mask
const char * mask
Definition: rz-find.c:38
RzfindOptions::keywords
RzList * keywords
Definition: rz-find.c:37
RzfindOptions::nonstop
bool nonstop
Definition: rz-find.c:27
RzfindOptions::quiet
bool quiet
Definition: rz-find.c:24
RzfindOptions::from
ut64 from
Definition: rz-find.c:33
RzfindOptions::identify
bool identify
Definition: rz-find.c:21
file
Definition: gzappend.c:170
rz_getopt_t
Definition: rz_getopt.h:10
rz_getopt_t::ind
int ind
Definition: rz_getopt.h:12
rz_getopt_t::arg
const char * arg
Definition: rz_getopt.h:15

References RzfindOptions::align, rz_getopt_t::arg, argv, RzfindOptions::bsize, c, eprintf, free(), RzfindOptions::from, RzfindOptions::hexstr, RzfindOptions::identify, RzfindOptions::import, rz_getopt_t::ind, RzfindOptions::json, RzfindOptions::keywords, RzfindOptions::mask, RzfindOptions::mode, RzfindOptions::nonstop, NULL, RzfindOptions::pr, printf(), RzfindOptions::quiet, RzfindOptions::rad, rz_file_is_directory(), rz_file_slurp(), rz_getopt_init(), rz_getopt_next(), rz_hex_bin2strdup(), rz_list_append(), rz_list_free(), rz_main_version_print(), rz_num_math(), rz_print_new(), RZ_SEARCH_ESIL, RZ_SEARCH_KEYWORD, RZ_SEARCH_MAGIC, RZ_SEARCH_REGEXP, RZ_SEARCH_STRING, RZ_STR_ISEMPTY, RZ_STR_ISNOTEMPTY, rzfind_open(), rzfind_options_init(), show_help(), RzfindOptions::showstr, RzfindOptions::symbol, RzfindOptions::to, and RzfindOptions::widestr.

Referenced by MAIN_NAME(), and rz_main_rizin().

◆ rzfind_open()

static int rzfind_open ( RzfindOptions ro,
const char *  file 
)
static

Definition at line 456 of file rz-find.c.

456  {
457  if (!strcmp(file, "-")) {
458  int sz = 0;
459  ut8 *buf = (ut8 *)rz_stdin_slurp(&sz);
460  if (!buf) {
461  return 0;
462  }
463  char *ff = rz_str_newf("malloc://%d", sz);
464  int res = rzfind_open_file(ro, ff, buf, sz);
465  free(ff);
466  free(buf);
467  return res;
468  }
469  return rz_file_is_directory(file)
470  ? rzfind_open_dir(ro, file)
471  : rzfind_open_file(ro, file, NULL, -1);
472 }
buf
voidpf void * buf
Definition: ioapi.h:138
rzfind_open_file
static int rzfind_open_file(RzfindOptions *ro, const char *file, const ut8 *data, int datalen)
Definition: rz-find.c:205
rzfind_open_dir
static int rzfind_open_dir(RzfindOptions *ro, const char *dir)
Definition: rz-find.c:434
rz_stdin_slurp
RZ_API char * rz_stdin_slurp(int *sz)
Definition: file.c:408
rz_str_newf
RZ_API char * rz_str_newf(const char *fmt,...) RZ_PRINTF_CHECK(1

References free(), NULL, rz_file_is_directory(), rz_stdin_slurp(), rz_str_newf(), rzfind_open_dir(), and rzfind_open_file().

Referenced by rz_main_rz_find(), and rzfind_open_dir().

◆ rzfind_open_dir()

static int rzfind_open_dir ( RzfindOptions ro,
const char *  dir 
)
static

Definition at line 434 of file rz-find.c.

434  {
435  RzListIter *iter;
436  char *fullpath;
437  char *fname = NULL;
438 
439  RzList *files = rz_sys_dir(dir);
440 
441  if (files) {
442  rz_list_foreach (files, iter, fname) {
443  /* Filter-out unwanted entries */
444  if (*fname == '.') {
445  continue;
446  }
447  fullpath = rz_file_path_join(dir, fname);
448  (void)rzfind_open(ro, fullpath);
449  free(fullpath);
450  }
451  rz_list_free(files);
452  }
453  return 0;
454 }
files
checking print the parsed form of the magic use in n conjunction with m to debug a new magic file n before installing it n output MIME type special files
Definition: file_opts.h:46
create_tags_rz.fname
fname
Definition: create_tags_rz.py:12
rz_file_path_join
RZ_API RZ_OWN char * rz_file_path_join(RZ_NONNULL const char *s1, RZ_NULLABLE const char *s2)
Concatenate two paths to create a new one with s1+s2 with the correct path separator.
Definition: file.c:1312
rz_sys_dir
RZ_API RzList * rz_sys_dir(const char *path)
Definition: sys.c:216
rz_list_iter_t
Definition: rz_list.h:13
rz_list_t
Definition: rz_list.h:18

References files, create_tags_rz::fname, free(), NULL, rz_file_path_join(), rz_list_free(), rz_sys_dir(), and rzfind_open().

Referenced by rzfind_open().

◆ rzfind_open_file()

static int rzfind_open_file ( RzfindOptions ro,
const char *  file,
const ut8 data,
int  datalen 
)
static

Definition at line 205 of file rz-find.c.

205  {
206  RzListIter *iter;
207  RzSearch *rs = NULL;
208  const char *kw;
209  bool last = false;
210  int ret, result = 0;
211 
212  ro->buf = NULL;
213  if (!ro->quiet) {
214  printf("File: %s\n", file);
215  }
216 
217  char *efile = rz_str_escape_sh(file);
218 
219  if (ro->identify) {
220  char *cmd = rz_str_newf("rizin -e search.show=false -e search.maxhits=1 -nqcpm \"%s\"", efile);
221  rz_sys_xsystem(cmd);
222  free(cmd);
223  free(efile);
224  return 0;
225  }
226 
227  if (ro->import || ro->symbol) {
228  RzBinFile *bf;
229  const RzList *symbols, *imports;
230  RzListIter *iter, *it;
231  RzBinSymbol *symbol;
232  RzBinImport *import;
233  RzBin *bin = rz_bin_new();
234  RzIO *rio = rz_io_new();
235  RzBinOptions opt = { 0 };
236 
237  if (!bin || !rio) {
238  result = 1;
239  goto sym_end;
240  }
241 
242  rz_io_bind(rio, &bin->iob);
243  rz_bin_options_init(&opt, 0, 0, 0, false);
244 
245  bf = rz_bin_open(bin, file, &opt);
246  if (!bf) {
247  result = 1;
248  goto sym_end;
249  }
250 
251  if (ro->import) {
252  imports = rz_bin_object_get_imports(bf->o);
253  rz_list_foreach (ro->keywords, iter, kw) {
254  rz_list_foreach (imports, it, import) {
255  if (!strcmp(import->name, kw)) {
256  printf("ordinal: %d %s\n", import->ordinal, kw);
257  }
258  }
259  }
260  }
261 
262  if (ro->symbol) {
263  symbols = rz_bin_object_get_symbols(bf->o);
264  rz_list_foreach (ro->keywords, iter, kw) {
265  rz_list_foreach (symbols, it, symbol) {
266  if (!symbol->name) {
267  continue;
268  }
269 
270  if (!strcmp(symbol->name, kw)) {
271  printf("paddr: 0x%08" PFMT64x " vaddr: 0x%08" PFMT64x " type: %s %s\n", symbol->paddr, symbol->vaddr, symbol->type, symbol->name);
272  }
273  }
274  }
275  }
276 
277  result = 0;
278 
279  sym_end:
280  rz_bin_free(bin);
281  rz_io_free(rio);
282  free(efile);
283  return result;
284  }
285 
286  RzIO *io = rz_io_new();
287  if (!io) {
288  free(efile);
289  return 1;
290  }
291 
292  if (!rz_io_open_nomap(io, file, RZ_PERM_R, 0)) {
293  eprintf("Cannot open file '%s'\n", file);
294  result = 1;
295  goto err;
296  }
297 
298  if (data) {
299  rz_io_write_at(io, 0, data, datalen);
300  }
301 
302  rs = rz_search_new(ro->mode);
303  if (!rs) {
304  result = 1;
305  goto err;
306  }
307 
308  ro->buf = calloc(1, ro->bsize);
309  if (!ro->buf) {
310  eprintf("Cannot allocate %" PFMT64d " bytes\n", ro->bsize);
311  result = 1;
312  goto err;
313  }
314  rs->align = ro->align;
315  rz_search_set_callback(rs, &hit, ro);
316  ut64 to = ro->to;
317  if (to == -1) {
318  to = rz_io_size(io);
319  }
320 
321  if (!rz_cons_new()) {
322  result = 1;
323  goto err;
324  }
325 
326  RzBinOptions opt;
327  rz_bin_options_init(&opt, 0, 0, 0, false);
328  RzBin *bin = rz_bin_new();
329  rz_io_bind(io, &bin->iob);
330  io->cb_printf = printf;
331  RzBinFile *bf = rz_bin_open(bin, file, &opt);
332 
333  if (ro->mode == RZ_SEARCH_STRING) {
334  PJ *pj = NULL;
335  if (ro->json) {
336  pj = pj_new();
337  if (!pj) {
338  eprintf("rz-bin: Cannot allocate buffer for json array\n");
339  result = 1;
340  goto err;
341  }
342  pj_a(pj);
343  }
344  RzList *list = rz_bin_file_strings(bf, bin->minstrlen, true);
345  RzListIter *it;
346  RzBinString *string;
347  rz_list_foreach (list, it, string) {
348  print_bin_string(bf, string, pj);
349  }
350  rz_list_free(list);
351  if (pj) {
352  pj_end(pj);
353  printf("%s", pj_string(pj));
354  pj_free(pj);
355  }
356  goto done;
357  }
358 
359  if (ro->mode == RZ_SEARCH_MAGIC) {
360  /* TODO: implement using api */
361  char *tostr = (to && to != UT64_MAX) ? rz_str_newf("-e search.to=%" PFMT64d, to) : strdup("");
362  rz_sys_cmdf("rizin"
363  " -e search.in=range"
364  " -e search.align=%d"
365  " -e search.from=%" PFMT64d
366  " %s -qnc/m%s \"%s\"",
367  ro->align, ro->from, tostr, ro->json ? "j" : "", efile);
368  free(tostr);
369  goto done;
370  }
371  if (ro->mode == RZ_SEARCH_ESIL) {
372  /* TODO: implement using api */
373  rz_list_foreach (ro->keywords, iter, kw) {
374  rz_sys_cmdf("rizin -qc \"/E %s\" \"%s\"", kw, efile);
375  }
376  goto done;
377  }
378  if (ro->mode == RZ_SEARCH_KEYWORD) {
379  rz_list_foreach (ro->keywords, iter, kw) {
380  if (ro->hexstr) {
381  if (ro->mask) {
382  rz_search_kw_add(rs, rz_search_keyword_new_hex(kw, ro->mask, NULL));
383  } else {
384  rz_search_kw_add(rs, rz_search_keyword_new_hexmask(kw, NULL));
385  }
386  } else if (ro->widestr) {
387  rz_search_kw_add(rs, rz_search_keyword_new_wide(kw, ro->mask, NULL, 0));
388  } else {
389  rz_search_kw_add(rs, rz_search_keyword_new_str(kw, ro->mask, NULL, 0));
390  }
391  }
392  } else if (ro->mode == RZ_SEARCH_STRING) {
393  rz_search_kw_add(rs, rz_search_keyword_new_hexmask("00", NULL)); // XXX
394  }
395 
396  ro->curfile = file;
397  rz_search_begin(rs);
398  (void)rz_io_seek(io, ro->from, RZ_IO_SEEK_SET);
399  result = 0;
400  ut64 bsize = ro->bsize;
401  for (ro->cur = ro->from; !last && ro->cur < to; ro->cur += bsize) {
402  if ((ro->cur + bsize) > to) {
403  bsize = to - ro->cur;
404  last = true;
405  }
406  ret = rz_io_pread_at(io, ro->cur, ro->buf, bsize);
407  if (ret == 0) {
408  if (ro->nonstop) {
409  continue;
410  }
411  result = 1;
412  break;
413  }
414  if (ret != bsize && ret > 0) {
415  bsize = ret;
416  }
417 
418  if (rz_search_update(rs, ro->cur, ro->buf, ret) == -1) {
419  eprintf("search: update read error at 0x%08" PFMT64x "\n", ro->cur);
420  break;
421  }
422  }
423 done:
424  rz_cons_free();
425  rz_bin_free(bin);
426 err:
427  free(efile);
428  rz_search_free(rs);
429  rz_io_free(io);
430  rzfind_options_fini(ro);
431  return result;
432 }
rs
#define rs()
Definition: analysis_h8300.c:31
err
static bool err
Definition: armass.c:435
rz_bin_file_strings
RZ_API RZ_OWN RzList * rz_bin_file_strings(RZ_NONNULL RzBinFile *bf, size_t min_length, bool raw_strings)
Generates a RzList struct containing RzBinString from a given RzBinFile.
Definition: bfile_string.c:325
rz_bin_new
RZ_API RzBin * rz_bin_new(void)
Definition: bin.c:716
rz_bin_options_init
RZ_API void rz_bin_options_init(RzBinOptions *opt, int fd, ut64 baseaddr, ut64 loadaddr, bool patch_relocs)
Definition: bin.c:75
rz_bin_open
RZ_API RzBinFile * rz_bin_open(RzBin *bin, const char *file, RzBinOptions *opt)
Definition: bin.c:200
rz_bin_free
RZ_API void rz_bin_free(RzBin *bin)
Definition: bin.c:440
symbols
RzList * symbols(RzBinFile *bf)
Definition: bin_ne.c:102
imports
RzList * imports(RzBinFile *bf)
Definition: bin_ne.c:106
rz_bin_object_get_imports
RZ_API const RzList * rz_bin_object_get_imports(RZ_NONNULL RzBinObject *obj)
Get list of RzBinImport representing the imports of the binary object.
Definition: bobj.c:726
rz_bin_object_get_symbols
RZ_API const RzList * rz_bin_object_get_symbols(RZ_NONNULL RzBinObject *obj)
Get list of RzBinSymbol representing the symbols in the binary object.
Definition: bobj.c:817
rz_cons_new
RZ_API RzCons * rz_cons_new(void)
Definition: cons.c:589
rz_cons_free
RZ_API RzCons * rz_cons_free(void)
Definition: cons.c:658
cmd
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags cmd
Definition: sflib.h:79
done
struct tab * done
Definition: enough.c:233
rz_search_keyword_new_str
RZ_API RzSearchKeyword * rz_search_keyword_new_str(const char *kwbuf, const char *bmstr, const char *data, int ignore_case)
Definition: keyword.c:58
rz_search_keyword_new_wide
RZ_API RzSearchKeyword * rz_search_keyword_new_wide(const char *kwbuf, const char *bmstr, const char *data, int ignore_case)
Definition: keyword.c:82
rz_search_keyword_new_hex
RZ_API RzSearchKeyword * rz_search_keyword_new_hex(const char *kwstr, const char *bmstr, const char *data)
Definition: keyword.c:132
rz_search_keyword_new_hexmask
RZ_API RzSearchKeyword * rz_search_keyword_new_hexmask(const char *kwstr, const char *data)
Definition: keyword.c:173
print_bin_string
static void print_bin_string(RzBinFile *bf, RzBinString *string, PJ *pj)
Definition: rz-find.c:146
hit
static int hit(RzSearchKeyword *kw, void *user, ut64 addr)
Definition: rz-find.c:58
rzfind_options_fini
static void rzfind_options_fini(RzfindOptions *ro)
Definition: rz-find.c:43
list
static void list(RzEgg *egg)
Definition: rz-gg.c:52
calloc
void * calloc(size_t number, size_t size)
Definition: malloc.c:102
strdup
return strdup("=SP r13\n" "=LR r14\n" "=PC r15\n" "=A0 r0\n" "=A1 r1\n" "=A2 r2\n" "=A3 r3\n" "=ZF zf\n" "=SF nf\n" "=OF vf\n" "=CF cf\n" "=SN or0\n" "gpr lr .32 56 0\n" "gpr pc .32 60 0\n" "gpr cpsr .32 64 0 ____tfiae_________________qvczn\n" "gpr or0 .32 68 0\n" "gpr tf .1 64.5 0 thumb\n" "gpr ef .1 64.9 0 endian\n" "gpr jf .1 64.24 0 java\n" "gpr qf .1 64.27 0 sticky_overflow\n" "gpr vf .1 64.28 0 overflow\n" "gpr cf .1 64.29 0 carry\n" "gpr zf .1 64.30 0 zero\n" "gpr nf .1 64.31 0 negative\n" "gpr itc .4 64.10 0 if_then_count\n" "gpr gef .4 64.16 0 great_or_equal\n" "gpr r0 .32 0 0\n" "gpr r1 .32 4 0\n" "gpr r2 .32 8 0\n" "gpr r3 .32 12 0\n" "gpr r4 .32 16 0\n" "gpr r5 .32 20 0\n" "gpr r6 .32 24 0\n" "gpr r7 .32 28 0\n" "gpr r8 .32 32 0\n" "gpr r9 .32 36 0\n" "gpr r10 .32 40 0\n" "gpr r11 .32 44 0\n" "gpr r12 .32 48 0\n" "gpr r13 .32 52 0\n" "gpr r14 .32 56 0\n" "gpr r15 .32 60 0\n" "gpr r16 .32 64 0\n" "gpr r17 .32 68 0\n")
rz_io_seek
RZ_API ut64 rz_io_seek(RzIO *io, ut64 offset, int whence)
Definition: io.c:632
rz_io_free
RZ_API void rz_io_free(RzIO *io)
Definition: io.c:126
rz_io_size
RZ_API ut64 rz_io_size(RzIO *io)
Definition: io.c:399
rz_io_bind
RZ_API void rz_io_bind(RzIO *io, RzIOBind *bnd)
Definition: io.c:550
RZ_IO_SEEK_SET
#define RZ_IO_SEEK_SET
Definition: rz_io.h:15
rz_io_write_at
RZ_API bool rz_io_write_at(RzIO *io, ut64 addr, const ut8 *buf, int len)
Definition: io.c:358
rz_io_open_nomap
RZ_API RzIODesc * rz_io_open_nomap(RzIO *io, const char *uri, int flags, int mode)
Definition: io.c:145
rz_io_pread_at
RZ_API int rz_io_pread_at(RzIO *io, ut64 paddr, ut8 *buf, int len)
Definition: io.c:269
rz_io_new
RZ_API RzIO * rz_io_new(void)
Definition: io.c:110
pj_new
RZ_API PJ * pj_new(void)
Definition: pj.c:25
pj_string
RZ_API const char * pj_string(PJ *pj)
Definition: pj.c:57
pj_free
RZ_API void pj_free(PJ *j)
Definition: pj.c:34
pj_a
RZ_API PJ * pj_a(PJ *j)
Definition: pj.c:81
rz_str_escape_sh
RZ_API char * rz_str_escape_sh(const char *buf)
Definition: str.c:1560
rz_sys_cmdf
RZ_API int rz_sys_cmdf(const char *fmt,...) RZ_PRINTF_CHECK(1
rz_sys_xsystem
#define rz_sys_xsystem(cmd)
Definition: rz_sys.h:83
RZ_PERM_R
#define RZ_PERM_R
Definition: rz_types.h:93
rz_search_update
RZ_API int rz_search_update(RzSearch *s, ut64 from, const ut8 *buf, long len)
Definition: search.c:470
rz_search_set_callback
RZ_API void rz_search_set_callback(RzSearch *s, RzSearchCallback(callback), void *user)
Definition: search.c:463
rz_search_begin
RZ_API int rz_search_begin(RzSearch *s)
Definition: search.c:96
rz_search_new
RZ_API RzSearch * rz_search_new(int mode)
Definition: search.c:19
rz_search_free
RZ_API RzSearch * rz_search_free(RzSearch *s)
Definition: search.c:52
rz_search_kw_add
RZ_API int rz_search_kw_add(RzSearch *s, RzSearchKeyword *kw)
Definition: search.c:506
to
static struct sockaddr static addrlen static backlog const void static flags void struct sockaddr socklen_t static fromlen const void const struct sockaddr to
Definition: sfsocketcall.h:125
bin
Definition: malloc.c:26
pj_t
Definition: rz_pj.h:12
rz_bin_file_t
XX curplugin == o->plugin.
Definition: rz_bin.h:298
rz_bin_import_t
Definition: rz_bin.h:700
rz_bin_string_t
Definition: rz_bin.h:750
rz_bin_symbol_t
Definition: rz_bin.h:673
rz_bin_symbol_t::type
const char * type
Definition: rz_bin.h:682
rz_bin_symbol_t::paddr
ut64 paddr
Definition: rz_bin.h:690
rz_bin_symbol_t::name
char * name
Definition: rz_bin.h:675
rz_bin_symbol_t::vaddr
ut64 vaddr
Definition: rz_bin.h:689
rz_bin_t
Definition: rz_bin.h:328
rz_io_t
Definition: rz_io.h:59
rz_io_t::cb_printf
PrintfCallback cb_printf
Definition: rz_io.h:91
rz_search_t
Definition: rz_search.h:54
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()
file
static int file
Definition: z80asm.c:58

References RzfindOptions::align, RzfindOptions::bsize, RzfindOptions::buf, calloc(), rz_io_t::cb_printf, cmd, RzfindOptions::cur, RzfindOptions::curfile, done, eprintf, err, file, free(), RzfindOptions::from, RzfindOptions::hexstr, hit(), RzfindOptions::identify, RzfindOptions::import, imports(), RzfindOptions::json, RzfindOptions::keywords, list(), RzfindOptions::mask, RzfindOptions::mode, rz_bin_symbol_t::name, RzfindOptions::nonstop, NULL, rz_bin_file_t::o, rz_bin_symbol_t::paddr, PFMT64d, PFMT64x, pj_a(), pj_end(), pj_free(), pj_new(), pj_string(), print_bin_string(), printf(), RzfindOptions::quiet, rs, rz_bin_file_strings(), rz_bin_free(), rz_bin_new(), rz_bin_object_get_imports(), rz_bin_object_get_symbols(), rz_bin_open(), rz_bin_options_init(), rz_cons_free(), rz_cons_new(), rz_io_bind(), rz_io_free(), rz_io_new(), rz_io_open_nomap(), rz_io_pread_at(), rz_io_seek(), RZ_IO_SEEK_SET, rz_io_size(), rz_io_write_at(), rz_list_free(), RZ_PERM_R, rz_search_begin(), RZ_SEARCH_ESIL, rz_search_free(), RZ_SEARCH_KEYWORD, rz_search_keyword_new_hex(), rz_search_keyword_new_hexmask(), rz_search_keyword_new_str(), rz_search_keyword_new_wide(), rz_search_kw_add(), RZ_SEARCH_MAGIC, rz_search_new(), rz_search_set_callback(), RZ_SEARCH_STRING, rz_search_update(), rz_str_escape_sh(), rz_str_newf(), rz_sys_cmdf(), rz_sys_xsystem, rzfind_options_fini(), strdup(), RzfindOptions::symbol, symbols(), to, RzfindOptions::to, rz_bin_symbol_t::type, ut64(), UT64_MAX, rz_bin_symbol_t::vaddr, and RzfindOptions::widestr.

Referenced by rzfind_open().

◆ rzfind_options_fini()

static void rzfind_options_fini ( RzfindOptions ro)
static

Definition at line 43 of file rz-find.c.

43  {
44  free(ro->buf);
45  ro->cur = 0;
46 }

References RzfindOptions::buf, RzfindOptions::cur, and free().

Referenced by rzfind_open_file().

◆ rzfind_options_init()

static void rzfind_options_init ( RzfindOptions ro)
static

Definition at line 48 of file rz-find.c.

48  {
49  memset(ro, 0, sizeof(RzfindOptions));
50  ro->mode = RZ_SEARCH_STRING;
51  ro->bsize = 4096;
52  ro->to = UT64_MAX;
53  ro->keywords = rz_list_newf(NULL);
54 }
memset
return memset(p, 0, total)
rz_list_newf
RZ_API RZ_OWN RzList * rz_list_newf(RzListFree f)
Returns a new initialized RzList pointer and sets the free method.
Definition: list.c:248

References RzfindOptions::bsize, RzfindOptions::keywords, memset(), RzfindOptions::mode, NULL, rz_list_newf(), RZ_SEARCH_STRING, RzfindOptions::to, and UT64_MAX.

Referenced by rz_main_rz_find().

◆ show_help()

static int show_help ( const char *  argv0,
int  line 
)
static

Definition at line 173 of file rz-find.c.

173  {
174  printf("Usage: %s [-mXnzZhqv] [-a align] [-b sz] [-f/t from/to] [-[e|s|w|S|I] str] [-x hex] -|file|dir ..\n", argv0);
175  if (line) {
176  return 0;
177  }
178  printf(
179  " -a [align] only accept aligned hits\n"
180  " -b [size] set block size\n"
181  " -e [regex] search for regex matches (can be used multiple times)\n"
182  " -f [from] start searching from address 'from'\n"
183  " -F [file] read the contents of the file and use it as keyword\n"
184  " -h show this help\n"
185  " -i identify filetype (rizin -nqcpm file)\n"
186  " -j output in JSON\n"
187  " -m magic search, file-type carver\n"
188  " -M [str] set a binary mask to be applied on keywords\n"
189  " -n do not stop on read errors\n"
190  " -r print using rizin commands\n"
191  " -s [str] search for a specific string (can be used multiple times)\n"
192  " -w [str] search for a specific wide string (can be used multiple times). Assumes str is UTF-8.\n"
193  " -I [str] search for an entry in import table.\n"
194  " -S [str] search for a symbol in symbol table.\n"
195  " -t [to] stop search at address 'to'\n"
196  " -q quiet - do not show headings (filenames) above matching contents (default for searching a single file)\n"
197  " -v print version and exit\n"
198  " -x [hex] search for hexpair string (909090) (can be used multiple times)\n"
199  " -X show hexdump of search results\n"
200  " -z search for zero-terminated strings\n"
201  " -Z show string found on each search hit\n");
202  return 0;
203 }
setup.line
line
Definition: setup.py:34

References setup::line, and printf().

Referenced by rz_diff_draw_tui(), rz_diff_hex_visual(), and rz_main_rz_find().