如何正确安装和调用 'r2snow' radare2 反编译器?
How can I properly install and invoke 'r2snow' radare2 decompiler?
过去几个小时我一直在尝试安装反编译器,但没有成功。因为我最近一直在 ~/.local/share/radare2/prefix/bin 中使用 radare2 as a disassembler, I figured using the associated decompiler package would work well. After finding out that radeco and radeco-lib aren't currently stable enough to build, I used their package manager r2pm to finally install the r2snow BASH 脚本。
但现在我不知道如何 运行 它来反编译二进制文件!我收到的错误消息是:"Usage: r2 -i '.!r2snow'"。我知道 r2 对于 radare2 是 shorthand,-i 标志是将脚本文件传递给 运行,但我已经尝试将其传递给r2snow BASH 以多种方式编写脚本均未成功。
有使用过这个特殊反编译器经验的人知道如何正确调用它吗?通常我可以自己解决这个问题,但事实证明缺乏适当的文档太困难了。
我没骗你,每次你调用程序不当,它都在嘲笑你。最近:"Usage: r2 -i '.!r2snow'" -- This should be documented, since it's not that obvious. 也许我应该尝试完全不同的反编译器。有没有更容易设置的免费反编译器?
要安装 radare2 插件,您应该从:
$ r2pm init
$ r2pm update
然后使用 r2pm:
安装你想要的插件
$ r2pm -i r2snow
您可能会遇到此错误:
ERROR: Build failed. You probably need 'brew install cartr/qt4/qt' and
'brew install boost' or 'sudo apt-get install libboost-dev libqt4-dev'
所以只需安装缺少的库:
$ sudo apt-get install libboost-dev libqt4-dev'
然后,您可以通过 !r2snow 从 r2 shell 或外部 r2 -i '.!r2snow' /bin/ls
调用 r2snow
我建议使用 r2dec 或 r2retdec。
而不是 r2snow
安装r2dec:
$ r2pm -i r2dec
然后简单地使用 pdd:
$ r2 -A my_file
...
[0x00000540]> s main
[0x000006a4]> pdd
int32_t main () {
/* arg1 */
*(local_14h) = edi;
/* arg2 */
*(local_20h) = rsi;
esi = 7;
edi = 0x61;
print_it (*(local_20h), *(local_14h));
esi = 0x11;
edi = 0x6b;
print_it (edi, esi);
*(local_4h) = 5;
edx = *(local_4h);
eax = edx;
eax += eax;
eax += edx;
*(local_4h) = eax;
eax = *(local_4h);
edi = eax;
dumb_function (edi);
esi = 9;
edi = 0x62;
print_it (edi, esi);
eax = 0;
return eax;
}
安装r2retdec:
$ r2pm -i r2retdec
确保已安装 npm 并按照 repository 中的说明进行操作。
安装后,在 r2 shell.
中使用 $dec
过去几个小时我一直在尝试安装反编译器,但没有成功。因为我最近一直在 ~/.local/share/radare2/prefix/bin 中使用 radare2 as a disassembler, I figured using the associated decompiler package would work well. After finding out that radeco and radeco-lib aren't currently stable enough to build, I used their package manager r2pm to finally install the r2snow BASH 脚本。
但现在我不知道如何 运行 它来反编译二进制文件!我收到的错误消息是:"Usage: r2 -i '.!r2snow'"。我知道 r2 对于 radare2 是 shorthand,-i 标志是将脚本文件传递给 运行,但我已经尝试将其传递给r2snow BASH 以多种方式编写脚本均未成功。
有使用过这个特殊反编译器经验的人知道如何正确调用它吗?通常我可以自己解决这个问题,但事实证明缺乏适当的文档太困难了。
我没骗你,每次你调用程序不当,它都在嘲笑你。最近:"Usage: r2 -i '.!r2snow'" -- This should be documented, since it's not that obvious. 也许我应该尝试完全不同的反编译器。有没有更容易设置的免费反编译器?
要安装 radare2 插件,您应该从:
$ r2pm init
$ r2pm update
然后使用 r2pm:
$ r2pm -i r2snow
您可能会遇到此错误:
ERROR: Build failed. You probably need 'brew install cartr/qt4/qt' and 'brew install boost' or 'sudo apt-get install libboost-dev libqt4-dev'
所以只需安装缺少的库:
$ sudo apt-get install libboost-dev libqt4-dev'
然后,您可以通过 !r2snow 从 r2 shell 或外部 r2 -i '.!r2snow' /bin/ls
我建议使用 r2dec 或 r2retdec。
安装r2dec:
$ r2pm -i r2dec
然后简单地使用 pdd:
$ r2 -A my_file
...
[0x00000540]> s main
[0x000006a4]> pdd
int32_t main () {
/* arg1 */
*(local_14h) = edi;
/* arg2 */
*(local_20h) = rsi;
esi = 7;
edi = 0x61;
print_it (*(local_20h), *(local_14h));
esi = 0x11;
edi = 0x6b;
print_it (edi, esi);
*(local_4h) = 5;
edx = *(local_4h);
eax = edx;
eax += eax;
eax += edx;
*(local_4h) = eax;
eax = *(local_4h);
edi = eax;
dumb_function (edi);
esi = 9;
edi = 0x62;
print_it (edi, esi);
eax = 0;
return eax;
}
安装r2retdec:
$ r2pm -i r2retdec
确保已安装 npm 并按照 repository 中的说明进行操作。
安装后,在 r2 shell.
$dec