public void Disassemble()
{
using (DataTable dt = rizin.CommandDataTable("iSj"))
{
int i = 0;
foreach (var dr in dt.Rows.OfType <DataRow>().Where(x => ((string)x[".perm"]).Contains("x")))
{
string name, perm;
decimal vaddr, vsize;
if (TryGetValue(dr, ".name", out name) &&
TryGetValue(dr, ".perm", out perm) &&
TryGetValue(dr, ".vaddr", out vaddr) &&
TryGetValue(dr, ".vsize", out vsize))
{
using (var stream = new FileStream($"{path}/{i++}_{perm}_{name}.txt", FileMode.Create, FileAccess.Write, FileShare.Read))
{
stream.Write(Encoding.UTF8.GetBytes($"[{name}]\n"));
DisassembleSection(vaddr, vsize, stream);
stream.WriteByte(10);
stream.Flush();
}
}
}
}
}
private void Sections()
{
decimal fileSize = GetMainFileSize();
MapMainFileToOffsetZero();
using (DataTable dt = rizin.CommandDataTable("iSj"))
{
if (dt == null || dt.Rows.Count == 0)
{
return;
}
int index = 0;
foreach (DataRow dr in dt.Rows)
{
string name;
decimal paddr, size;
if (TryGetValue(dr, ".name", out name) &&
TryGetValue(dr, ".paddr", out paddr) &&
TryGetValue(dr, ".size", out size))
{
using (var stream = new FileStream($"{path}/sec_{index++}_{name}.bin", FileMode.Create, FileAccess.Write, FileShare.Read))
{
DumpRangeToFile(paddr, size, stream);
stream.Flush();
}
}
}
decimal overlayOffset = GetOverlayOffset(dt);
if (overlayOffset < fileSize)
{
using (var stream = new FileStream($"{path}/sec_{index++}_overlay.bin", FileMode.Create, FileAccess.Write, FileShare.Read))
{
DumpRangeToFile(overlayOffset, fileSize - overlayOffset, stream);
stream.Flush();
}
}
}
UnloadMappedFileAtOffsetZero();
}
static void Main(string[] args)
{
if (args.Length > 1)
{
Parallel.ForEach(args, new ParallelOptions
{
MaxDegreeOfParallelism = Environment.ProcessorCount
}, (arg) => ShellUtils.RunShellAsync(
"dotnet",
$"\"{Assembly.GetExecutingAssembly().Location}\" \"{arg}\"")
.GetAwaiter().GetResult()
);
}
else if (args.Length == 1)
{
string arg = args[0];
if (File.Exists(arg))
{
using (var rizin = new Rizin())
{
rizin.Command($"o \"{arg}\"");
string fileName = Path.GetFileName(arg);
using (DataTable dt = rizin.CommandDataTable("itj"))
{
if (dt.Columns.Contains(".md5"))
{
fileName = (string)dt.Rows[0][".md5"];
}
}
string path = $"rz_report/{fileName}";
Directory.CreateDirectory(path);
Report report = new Report(rizin, path);
rizin.CommandAnalyzeBinary();
Yara yara = new Yara(rizin, path);
yara.TryYaraCheck();
report.Hashes();
report.Info();
if (CheckIsNotExecutable(rizin))
{
return;
}
if (CheckIsCilExecutable(rizin))
{
try
{
var decompiler = new CSharpDecompiler(arg, new DecompilerSettings());
string code = decompiler.DecompileWholeModuleAsString();
string cilFileName = string.Concat(path, Path.DirectorySeparatorChar, "cil.txt");
File.WriteAllText(cilFileName, code);
}
catch (Exception)
{ }
return;
}
report.Headers();
report.Sections();
report.Resources();
report.Libraries();
report.Signature();
report.Entrypoints();
report.Imports();
report.Exports();
report.Strings();
report.StackStrings();
report.Functions();
rizin.Command($"Ps \"{path}/project.rzdb\"");
// Opcodes opcodes = new Opcodes(rizin, path);
// opcodes.Disassemble();
Data data = new Data(rizin, path);
data.Export();
}
}
}
else
{
Console.WriteLine(@"usage: rz_report [FILE]...");
Console.WriteLine(@"creates a folder ""./rz_report"" and writes the analysis " +
@"results inside subfolders named after their MD5 sums.");
}
}