FreeBSD Manual Pages
NAME rz-gg -- rizin frontend for RzEgg, compile programs into tiny binaries for different architectures. SYNOPSIS rz-gg [-FOLsrxvhz] [-a arch] [-b bits] [-k os] [-f format] [-o file] [-i shellcode] [-I path] [-e encoder] [-B hexpairs] [-c k=v] [-C file] [-n dword] [-N dword] [-d off:dword] [-D off:qword] [-w off:hexpairs] [-p padding] [-P size] [-q fragment] file|f.asm|- DESCRIPTION This command is part of the Rizin project. Programs generated by RzEgg are relocatable and can be injected into a running process or on-disk binary file. Since the rz-gg-cc merge, rz-gg can now generate shellcodes from C code. The final code can be linked with rz-bin, and it is relocatable, allowing injection into any remote process. This feature is conceptu- ally based on shellforge4, but only supports Linux/OSX x86-32/64 plat- forms. DIRECTIVES The rrz (rz-gg) configuration file accepts the following directives, described as key=value entries and comments defined as lines starting with '#'. -a arch Select architecture (x86, mips, arm) -b bits Set register size (32, 64, ..) -B hexpairs Append hexpair bytes -c k=v Set configure option for the shellcode encoder. The argu- ment must be key=value -C file Append contents of file -d off:dword Patch dword (4 bytes) at given offset -D off:qword Patch qword (8 bytes) at given offset -e encoder Use specific encoder. See -L -f format Output format (raw, c, pe, elf, mach0, python, javascript) -F Output native format (osx=mach0, linux=elf, ..) -h Show usage help message -i shellcode Include shellcode plugin, use options. See -L -I path Add include path -k kernel Operating system's kernel (linux, bsd, osx, w32) -L List all plugins (shellcodes and encoders) -n num32 Append 32bit number (4 bytes) -N num64 Append 64bit number (8 bytes) -o file Output file to write result of compilation -O Use default output file (filename without extension or a.out) -p padding Add padding after compilation (padding=n10s32) ntas : begin nop, trap, 'a', sequence NTAS : same as above, but at the end -P size Prepend debruijn sequence of given length -q fragment Debruijn pattern offset -r Show raw bytes instead of hexpairs -s Show assembler -S string Append a string -v Show version information -w off:hex Patch hexpairs at given offset -x Execute -X hexpairs Execute rop chain, using the stack provided -z Output in C string syntax EXAMPLE $ cat hi.r /* hello world in RzEgg */ write@syscall(4); //x64 write@syscall(1); exit@syscall(1); //x64 exit@syscall(60); main@global(128) { .var0 = "hi!\n"; write(1,.var0, 4); exit(0); } $ rz-gg -O -F hi.r $ ./hi hi! # With C file : $ cat hi.c main() { write(1, "Hello\n", 6); exit(0); } $ rz-gg -O -F hi.c $ ./hi Hello # Linked into a tiny binary. This is 165 bytes $ wc -c < hi 165 # The compiled shellcode has zeroes $ rz-gg hi.c | tail -1 eb0748656c6c6f0a00bf01000000488d35edffffffba06000000b8010 000000f0531ffb83c0000000f0531c0c3 # Use a xor encoder with key 64 to bypass $ rz-gg -e xor -c key=64 -B $(rz-gg hi.c | tail -1) 6a2d596a405be8ffffffffc15e4883c60d301e48ffc6e2f9ab4708252 c2c2f4a40ff4140404008cd75adbfbfbffa46404040f8414040404f45 71bff87c4040404f45718083 SEE ALSO rizin(1), rz-hash(1), rz-find(1), rz-bin(1), rz-find(1), rz-diff(1), rz-asm(1), AUTHORS pancake <pancake@nopcode.org> byteninjaa0 Jan 24, 2024 RZ_GG(1)
NAME | SYNOPSIS | DESCRIPTION | DIRECTIVES | EXAMPLE | SEE ALSO | AUTHORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=rz-gg&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>