search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.73k stars 3.01k forks source link

why can't load script. #3764

Closed geek-li closed 8 years ago

geek-li commented 8 years ago

I write a bat file with the the content as below:

radare2.exe -qi script.py 1.bin

but throw a error :

python: can't open file ''script.py'': [Errno 2] No such file or directory

how to solve this error?

radare commented 8 years ago

Is script.py in the same directory as 1.bin? This error comes from python, not r2

On 26 Nov 2015, at 10:51, g0tmi1k notifications@github.com wrote:

I write a bat file with the the content as below: radare2.exe -qi script.py 1.bin but throw a error : python: can't open file ''script.py'': [Errno 2] No such file or directory

how to solve this error?

— Reply to this email directly or view it on GitHub.

radare commented 8 years ago

Oh i think its because the unnecessary quotes

radare commented 8 years ago

Are you using the last version of r2? because this seems fixed in master and the nightly builds

geek-li commented 8 years ago

@radare yes,it's r2.you mean the lastest verion solve the error?

Maijin commented 8 years ago

@geek-li Highly probable so please after removing your current version, use the git version:

* git clone https://github.com/radare/radare2
* cd radare2
* ./sys/install.sh
radare commented 8 years ago

If you are on windows just download the zip in the downloads page that says: "git" aka 0.10

On 26 Nov 2015, at 13:31, g0tmi1k notifications@github.com wrote:

@radare yes,it's r2.you mean the lastest verion solve the error?

— Reply to this email directly or view it on GitHub.

geek-li commented 8 years ago

@radare ok

geek-li commented 8 years ago

@radare @Maijin where can I download version 1? I find r2 not compatiable

radare commented 8 years ago

Github.com/radare/radare ... But srsly, do you really want to use an abandoned project?

On 27 Nov 2015, at 04:24, g0tmi1k notifications@github.com wrote:

@radare @Maijin where can I download version 1? I find r2 not compatiable

— Reply to this email directly or view it on GitHub.

radare commented 8 years ago

I dont know whats 'so much memory' for you, or even which binary or analysis are you loading and you didnt specified which version of r2 are you using. I did heavy improvements in memory consumption in git... Maybe if you provide more feedback i can help

On 29 Nov 2015, at 07:13, g0tmi1k notifications@github.com wrote:

@radare why radare2 cost so much memory....

— Reply to this email directly or view it on GitHub.

geek-li commented 8 years ago

@radare well, this is my script :

import sys
import os
import shutil
import r2pipe
import time
import signal

def scanex(filename,r2):
    size=os.path.getsize(filename)
    if size>1024*1024:
        r2.cmd("q")
        return
    s=str(size)
    dis="pD "+s
    a=r2.cmd(dis)
    pth="/root/Desktop/sc/"+i+".sc"
    f=open(pth,'wb+')
    f.write(a)
    f.close()
    r2.cmd("q")
    shutil.move(filename,"/root/Desktop/isok/"+i)

if __name__=="__main__":
    def handler(signum,frame):
        raise AssertionError
    j=0
    for i in os.listdir(sys.argv[1]):
        if os.path.isfile(os.path.join(sys.argv[1],i)):
            filename=os.path.join(sys.argv[1],i)
            print filename
            try:
                r2=r2pipe.open(str(filename))
                r2.cmd("e asm.bits=32")
                signal.signal(signal.SIGALRM,handler)
                signal.alarm(7)
                scanex(filename,r2)
                signal.alarm(0)
                j=j+1
                if j>=50:
                    sys.exit()
            except AssertionError:
                print "time out"
                shutil.move(filename,"/root/Desktop/isfail/"+i)
                continue
====================
when I run the script ,Radare2 cost so many memory and CPU
'this is the mointor pic:
https://pbs.twimg.com/media/CVCfk7DVEAAh2vC.png)
radare commented 8 years ago

I see several bugs in this script. Will comment them later from my laptop.

On 30 Nov 2015, at 07:03, g0tmi1k notifications@github.com wrote:

@radare well, this is my script :

import sys import os import shutil import r2pipe import time import signal

def scanex(filename,r2): size=os.path.getsize(filename) if size>1024*1024: r2.cmd("q") return s=str(size) dis="pD "+s a=r2.cmd(dis) pth="/root/Desktop/sc/"+i+".sc" f=open(pth,'wb+') f.write(a) f.close() r2.cmd("q") shutil.move(filename,"/root/Desktop/isok/"+i)

if name=="main": def handler(signum,frame): raise AssertionError j=0 for i in os.listdir(sys.argv[1]): if os.path.isfile(os.path.join(sys.argv[1],i)): filename=os.path.join(sys.argv[1],i) print filename try: r2=r2pipe.open(str(filename)) r2.cmd("e asm.bits=32") signal.signal(signal.SIGALRM,handler) signal.alarm(7) scanex(filename,r2) signal.alarm(0) j=j+1 if j>=50: sys.exit() except AssertionError: print "time out" shutil.move(filename,"/root/Desktop/isfail/"+i)

continue

when I run the script ,Radare2 cost so many memory and CPU

— Reply to this email directly or view it on GitHub.

radare commented 8 years ago

The cmd("q") does nothing. So you are basically not closing any instance of r2. if you just want to dump the disasm into a file just use the pipe >. no need to overengineer the thing into python. Also, you are loading the file in VA mode, but disassembling the entire file contents, which makes no sense at all. In fact this can be done with a single oneliner:

$ for a in * ; do r2 -nqc 'pD $s > '$a'.out' $a ; done

i use to write r2pipe scripts in nodejs, i'll review the python api and push an update if i found the bug. But in Node there's a quit() method that closes the child and the pipe

radare commented 8 years ago

Also, do not ever run anything as root unless you have no other option

geek-li commented 8 years ago

@radare thx,I have been done my work with IDA , will try your shell script later, Is there exists any memory in radare2 ? Although my script have many bugs but I think radare2 is not a good choice for running batch binary files. PS: I think radare2 need more python api since many people use python than nodejs and more doc.

radare commented 8 years ago

You'll get even better performance if you move the pipe in the output of the shell command instead of the r2 command itself because of the buffering.

Yes, we have some memory leaks, as well as almost every single software out there, but memory leaks are not the reason for your problems.

You are using the r2pipe api, which is only one of the 3 python apis to use r2. There's also the swig generated and the ctypes one. the r2pipe is fully documented and there are several examples in the repo.

But as everything in this world, you need to understand how stuff works under the hood to use it properly.

radare commented 8 years ago

Also, you are probably not interested in disassembling the entire binary, only the code, so the pD command used there is also wrong.

radare commented 8 years ago

This is what you need

$ for a in * ; do r2 -nqc 'pD $SS@$S' $a > $a.asm ; done
radare commented 8 years ago

I pushed r2pipe.py 0.8.0 adding the .quit() method you'll be interested in

On 01 Dec 2015, at 11:55, g0tmi1k notifications@github.com wrote:

@radare thx,I have been sovle the problem with IDA , will try you the shell script later,PS: I think radare2 need more python api since many people use python than nodejs.

— Reply to this email directly or view it on GitHub.

geek-li commented 8 years ago

@radare really a good news. more api more peolpe will use .And I will read r2 source code ,wish to be a develop :)