Radare2, gcc and Docker toolkit
October 19, 2016
radare
docker
Let’s begin by creating a docker-compose.yml file in our project root.
version: "2"
services:
build:
image: gcc
volumes:
- ./src:/src
command: "true"
radare:
image: remnux/radare2
volumes:
- ./src:/home/nonroot/workdir
command: "true"
Create a directory called src in your project root and create a file
sample.c inside that directory.
#include <stdio.h>
int main() {
int a = 1;
int b = 2;
printf("Hello, world");
return 0;
}
Build binary
$ docker-compose run --rm build gcc -o /src/sample /src/sample.c
Analyze binary
Launch the radare2 container.
$ docker-compose run --rm radare r2 sample
Use commands aa to analyze the binary and pdf@main to
print-disassemble-function main function.
-- Thank you for using radare2. Have a nice night!
[0x004003f0]> aa
[x] Analyze all flags starting with sym. and entry0 (aa)
[0x004003f0]> pdf@main
;-- main:
/ (fcn) sym.main 40
| ; var int local_4h @ rbp-0x4
| ; var int local_8h @ rbp-0x8
| ; DATA XREF from 0x0040040d (entry0)
| 0x004004e6 55 push rbp
| 0x004004e7 4889e5 mov rbp, rsp
| 0x004004ea 4883ec10 sub rsp, 0x10
| 0x004004ee c745fc010000. mov dword [rbp - local_4h], 1
| 0x004004f5 c745f8020000. mov dword [rbp - local_8h], 2
| 0x004004fc bf94054000 mov edi, str.Hello__world ; "Hello, world" @ 0x400594
| 0x00400501 b800000000 mov eax, 0
| 0x00400506 e8b5feffff call sym.imp.printf
| 0x0040050b 90 nop
| 0x0040050c c9 leave
\ 0x0040050d c3 ret
[0x004003f0]>