PDA

View Full Version : rr0d: rasta ring 0 debugger


Serpilliere
August 27th, 2005, 08:34
Hi

Little post to present you RR0D: the rasta ring0 debugger.

Here is [another] ring0 debugger. Its goal is to be platform independant: It actually runs on win9X winXP linux* BSD*

To achieve this goal, it s processor dependant: only x86 is supported. This debugger has the form of a driver and so can be dynamicly loaded/unloaded.

There is plenty of things to do in order to make it usefull but it works
It supports concole/x/framebuffer display, ps2 keyboard & mouse.
Sources include in CVS.

link:
rr0d.droids-corp.org

it has a rasta mode [very important.].

Have Fun!

JimmyClif
August 27th, 2005, 10:54
Rasta, Man?

Where can I find it? In the rr0d folder of the CVS are a lot of files, but no zipped archive or similar...

What license is it? Is it OpenSource?

Serpilliere
August 27th, 2005, 14:54
RR0D is under GPL (or maybe in CeCil for futur (just for a french kiss))

A cvs snap is on www.droids-corp.org/~serpilliere/rr0d.tgz

To compile on nux:
copy config.h.sample as config.h
comment intel_style line (if got gcc)
chose either frame buffer or AA (console) (i advise start with console: btw, it is for *real* console ie not frame buffer one...)
copy either Makefile-linux (if got 24 ) or Makefile-26 as Makefile
run Make
insmod

You can run a little example than trigger a div/0 or int 3
read doc/source for keys

I know, i sould do a *real* doc.
note that rr0d is not completed so many bug, easy to detect, .... but its for fun!

if it doesnt work, maybe you are not rasta/lucky

Serpilliere

0xf001
August 29th, 2005, 17:23
heya,

i am running in unsigned int rasta_mode now the thing works just smooth! c00l! ! i saw it is based on deblin, or?

btw i found a bug in da README on line 75:

'As root, run 'insmod ./rr0d.o'. You have just loaded the module'

misses the k in rr0d.ko

i need to check the hotkey ...

cheers, 0xf001

Serpilliere
August 30th, 2005, 08:17
yep!

Happy to meet a new rasta man on the boat
rr0d was inspired by deblin yes: one day, i was looking around porn stuff on the web, and i discovered this ring0 debugger. It was quite crapy but the idea was there anyway. I decided to code rr0d just after, man. arf: rr0d is messy too.

im happy it works for you: rr0d is not yet very userfriendly and there is still some completely *un-natural* tweaks to do in order to make it work. This can stop someone using rr0d and saying "oo my god: this stuff is a real piece of shit, hope the author will brun in hell. ok who's next?"

for windows users, you need ddk sdk pdk and xp spk vc++ 14.6 dev platinium gold in order to *think* of a possible compilation. Once you got that, copy the Makefile-Xp as Makefile and just type build in a cmd.exe. -quite simple-

oo btw, the readme was written during linux 2.4 rr0d development: so kernel modules ended by .o but there are other errors in the readme, dont giveup

last news: rr0d handles tsd & general procetion fault so if an ap uses rdtsc to do timing mesure for anti tracing, rr0d "hooks" those rdtsc by general protection fault. then it can put anything in eax:edx as if the time was freezed.

0xf001
August 30th, 2005, 15:25
hi again!

thanks for your explanations !

And I l0VE your documentation!!! Especially I think you did the most serious and useful windows installation documentation EVER in the README hehehe

and I think you definately made it into knoppix|RE which is intended to be released sooooon .... so pls hurry if you want any changes. The cool thing is so we take away the compilation etc hurdles from ppl who just wanna check da thing out and be a little rasta do you agree?

oh also thx for the direct download link, not that webspiders are out of date but ...... thx!

i know when c0ding everybody gets lazy at some time. some parts are interesting some not so much but need to be done. definately
no bullshit rr0d! bah!

thanks and keep rasta,

0xf001

PS: 2 last news: veery good! i must study the source a bit i think ....

Serpilliere
August 31st, 2005, 03:41
yup!

The knoppix idea sounds rasta good.

The main problem i see is that rr0d is far from being the perfect debugger:
-rr0d doesn't even think of hiding the eflag yet (gnarf)
-rr0d doesn't even think of handling cli/sti during code tracing (gnarf²)
-There is (oo my god) a buffer overflow in the command line [CAN-07-666-1337]
-ok in fact there are buffer overflows everywhere.
-the 'embedded' std[lib/io] smells like the blood in the little morning
-the command line parser automat code is so messy that i suspect it from auto-mutating dynamicly ("It liiiiives againnn". Hope it wont fertilize the stdio stuff
-to finish with, i need to redraw a 32 bit perpixel font with antialiased & trilinear filtering but the M!cros0ft graphic suite (mspaint) seems to be a bit limitating. Moreover, the only thing my mspaint java plugin does is making the garbage collector vomit.

I agree for the installation&compilation improvment. Maybe the best solution is to do a complete film which could be titled:
"My life & how to install rr0d on a X86 sex machine step by step"

But erf, im having good time porting nasm for ring0: i want a dynamik assembler in rr0d engine -sweet-. This was on my wish list. Another wish is having good time with twin sisters.
But, NasM engine first.

For the documentation, the french one is better from far but english language cannot handle philisophic idea evoked in the doc.

0xf001
August 31st, 2005, 05:15
rasta man,

I am aware of the limits of rr0d. and even before you mentioned it - when i looked through the code i was a bit scared of the state machine you built for command parsing hahaha (i just say "adresse_tmp = 0xDEADFACE;" mhm)

anyway i think the project at least can be presented and as it is GPL maybe some ppl will start improving it? i find it good for knoppix|RE as it is quite "small" compared to linice etc ... and it has rasta mode. of course. so you can study this work. to seriously use it as debugger it really is kinda too limited. it will be on CD as a goody cool you can dynamically load/unload it so it does not conflict with other debuggers.

we can use knoppix|RE to present those tools like rr0d i think. when ppl can look at it how it really is quickly, maybe it will spread more. interested ppl could potentially start working on it.

if i find some time (definately i want) then i would look at some things like kbd handling, implement a few commands - and maybe rewrite the state machine haha!

ah and pls when you completed the film with the twin sisters just post it here into the off-topic section pls

cheers, 0xf001

Serpilliere
September 2nd, 2005, 14:56
yip!

Fiends of rr0d & rasta spirit lovers:
A new wonderful system, based on metamorphic scripts allows rr0d users to have their dayly snapshot of rr0d cvs on: http://rr0d.droids-corp.org/rr0d_snapshot.tar.gz

ok, in fact we dont have a clue of how scripts work. We taugth a monkey the way to tarball cvs shot. His name is "kiki" and he loves bananas & twin sisters.
Kiki 's last job was to pass binaries's multi crypted layers by manual tracing, but he was tired of that. Hope data compression will pleased kiki in the futur.

[no animal was hurt in this post.]

RaStA them all, man

Remote Serpilliere

0xf001
September 4th, 2005, 14:55
hi friends and rastas,

thanks for the daily download link man! first thing when I saw the rasta
debugger was (besides not believing this could ever work and finding
it rasta cool) to see how it works and play with it (mess the whole code up )!

so it happened i immediately had to add a f001 mode to it

it is of course only playing around, but i have attached the source - if somebody is interested he can ie run a diff to the snapshot source and so see quickly how to implement new commands. oldough this commands affect only the display.

new commands are
f001
unf001

to enter or leave f001 mode. f001 mode is animated btw
[very very important]

the rasta mode i changed also just for test purposes

and the keyboared to qwertz - is configurable via #if 1, the french layout i had to fight with was too unrasta compatible for me i think

when i surfed the code and i made some other changes which are a suggestion to change, and first steps to optimize the command.c

1) command.c:
- MAX_REG, MAX_CMD removed,
changed table_command, table_reg to end with 0,
changed chose_command() and chose_reg() to handle this

2) command.c, video.c:
- added commands f001 and unf001


3) keyboard.c
- added list of avail commands to helptext
- switched to querty layout (via #if 1)

ad 1) in order to make the code more flexible i removed the constants for the array lengths. a NULL terminates the arrays now as end indicator, so the for( i=0; i<MAX_CMD; i++) loops could be changed to while(table_command[i++]) loops.
Next I would suggest to change the state parser. In steps. First I would do is use the "state" for the return code of parse_command() (same values as in switch(state)) so the constants like CMD_HELP etc ... can be used in keyboard.c as well and so all will be a lot easier i think ! If you agree I do that and send you a version with all those changes.

ad 3) the keyboard can easily be switched back to french or any other layout - see keyboard.c

playing with rr0d is big fun! thanks rasta man! I definately want to support you guys and rewrite ie the command parser as a first task and make it ultra rasta cool and dynamic OK?

cheers, 0xf001

0xf001
September 4th, 2005, 15:01
... and a screenshot of da f001 mode if you are too lazy to compile

Serpilliere
September 4th, 2005, 16:33
yap!

Man, I think the rAsTa gods are pleased for your sacrifice. Last night at sleep time, i dream of another cool lookin' mode. Its now realized. Tx to you for da f001 mode. The ultimate thing could be a plasma rift effect with colors. [humm, i wish old school demo time] its possible, the video driver of rr0d is very flexible (nv!dia wanna use it in next 3D card generation).

For the command line, you are welcome to update or redo the code from scratch. It can be only better than the actual one (huston , we got a problem: embended stdio got nacked.)
I will have a look to the one you post, and update the cvs this week with it if you agree (or next one if i find twins).

humm, just a question:
is your console mode is undulated in native mode or is it a picture? if its native undulated, please, send your screen firmware source code.
by the way did you notive your leds on your keyboard during rasta sessions? rr0d ownz your keyboard

by the way i thought about porting lex&yacc to ring0 (in fact just some fget puts wrappers i think) to complete beautiful command line as:

bpx @eax+0x4+ esi ,
r ESI = dword ptr [EAX*0x1337+ EDX] + sp
or even:
search 0x1337BEEF L 0xCAFE "TwIn SisTeRS"

but hey, do as you like, just keep in mind that EACH line of rr0d should be written in a rasta spirit. (this is part of rasta gpl) . No violence is allowed in the source

OKI, i have just diffy & update cvs. The 0xf001 mode is now a native rr0d mode. Screen shoot on web site. (little update for X f001 mode, but im too lazy to look for every blue colors in 16/24/32 bit per pixel mode.:/ i guest the actua X result is a bit crapy)

Serpilliere

0xf001
September 5th, 2005, 14:37
wow! thx rasta man for incorporating da f001 mode and the screenshot/mentioning on your website hehehe

i am just about to totally mess up command.c now. of course i take care the whole code will be a sign of peace, freedom, and rasta spirit

i send you the changes when i feel the code is enough obfuscated

... and why not while messing around invent some new modes like plasma mode, or scrolling messages, or ... hehehe ....

about the enhanced commands you mention .... good to think about that now ... while doing the parser. i try to make it flexible enough to handle this (simple calculations with "symbols". why not use regexps for parsing hehehe

peace, 0xf001

Serpilliere
September 12th, 2005, 00:57
yyp!

Just to introduce a warning in rr0d, so:
/!\ Caution: if you put software breakpoint (or you step over a call), and the app quit and you didn't remove the breakpoint, it "seems" to be on the hard disk: if you hex edit the file at the bp place on the disk you will see a beautifell 0xCC. But in fact, this should be just an artefact (i say should because one day *it was a wednesday* my machine said me: hey man dyou hope i will boot with a piece of Gruyere instead of a lib?) in fact the file may be mapped in ram even if the app has ended. but if you reboot (so the file is no more in ram. YES! the big new is if you reboot your rasta machine, and you edit its ram, in most cases, things are regenerated again: this is the life cycle. And some win machine are very happy to have this full cycle again) the 0xCC is (or erf, may not be) not there anymore.

The rasta god wont be pleased with destroyed lib.

rasta'em all

0xf001
October 24th, 2005, 18:13
hi!

huch after plenty of other stuff - i finally came to work on the parser. it is almost finished hehe

it now works with lexical scanning, is based on tokens and has an expression evaluator which handles COMPLETE ALGEBRAIC EXPRESSIONS regardless of how many bracket levels hehehe. so (2*eax+bp-(30*(esi+4))/(edx+4)) is absolutely peanuts for the parser hehehe

i kept it outside the rr0d source tree, so i/you can apply it to any tool +hrhr+ like i will put it into a new coming disasembler as well *gggg*
now i apply it onto the latest rr0d snapshot ...

within the next 1-2 weeks the new rr0d parser should be fully integrated hehe

cheers, 0xf001

PS: what u say to my new design on http://home.pages.at/f001 ?

Aquatic
October 24th, 2005, 19:37
Is there a binary installer for RR0D?

0xf001
October 25th, 2005, 09:59
hi Aquatic,

hehe the simple answer is no. rr0d consists of a kernel module so there is no real way around compiling this module. i think noone really wants to compile and make packages for all sorts of "standard" kernels shipped by the major distros - which is still limited to those exact kernel etc versions then (and just too many ppl build their own very specific kernels) so this makes too limited sense imho and is a bit dangerous as ppl for sure will come and just complain "why does rr0d not work on my 2.x.y.z fscking kernel? why do you choose rh and not mandriva blaablaaalblaaaa.

on the bright side it is really not hard to compile.
i am new to rr0d myself but that i can answer i think and if the rasta gods are good with me hehe. of course the rasta man himself _only_ knows if there will be a binary installer. i personally doubt it makes sense at all hehe

did u try to compile it?

cheers, 0xf001

Aquatic
October 25th, 2005, 12:05
I'm not using Linux, I'm using XP. I've never used Linux before.

I would rather compile this myself though, unless Serpilliere can post some kind of MD5 of the compiled files.

0xf001
October 25th, 2005, 13:38
hehe its ok aquatic,

nice you are interested. pls let me explain, there can not be a binary download. the kernel module must match _your_ kernel. there are addresses as entrypoints to kernel functions used. these addresses are different on eachs kernel that is why it is getting compiled and "linked" against your current kernel.

if you ie tell me what linux u are wanting to use it might be possible i can compile 4 u. but that can not be a real solution hehe, better is you compile it yourself. but dont b afraid it is not difficult. you even need not understand it perfectly to make it work. during time you will get used then to the compile yourself way. it is quite exciting in the beginning and you learn a lot.

once you installed gnu/linux and have difficulties compiling we are here to help

aaah - maybe i dint understand your post at all hehe. is it you want to use it on win? hm better post your questions in the tools of the trade section then i guess. i watch it as well hehehe

regards, 0xf001

Aquatic
October 25th, 2005, 18:33
Sorry, I should of said that I don't want to use it with Linux.

Serpilliere
October 29th, 2005, 09:44
yup!

Sorry for not answering before. I was just thinking about the video driver. I made some research on "how the hell can i do a generik video driver on windows and linux". i will explain this later.

So first 0xf001, your site is cool. i love the disco stuff on the title. Next, I read you have made some very interesting things on the parser. In fact, it sounds great.
But i have another news. Pierre, the best rasta man of the Droids corp is a kind of super teacher in a hight school (in fact its real job is gogo danser in a very known company but erf, don't say that to his students). And the rasta man proposes to two of its students to build some script engine in rr0d. And those students decided to challenge this. I don't have at this time a clue of what it will result in, but the goal should be to have some script engine like olly does... but in ring0 man.
I don't know if those both little rasta men will start a script engine from scratch and resetting the command parser once again. I don't know if they will do a sort of lex & yacc port for ring0 or if they will just build a script parser & executer, so i don't want you think the current parser you are writting will be obsolet. i don't want you think you are in concurence with them. I just wanted to inform you that we are not alone, working on rr0d dev


For Aquatic, i think i actually can build a binary of rr0D for windows XP. Because every Win are the same, a binary should be oki for them. The only truble im front of is the adress of the Frame buffer ie the graphic zone. This is dependant of many thinks (graphic card, video driver, ...) and as i said before, i don't have any technical solution at this time to solve this problem. The way i do actually sux. browsing the whole ram searching some bytes looking like pixel is *not* acceptable. But man, don't worry, one day, i will hurt my head when cleaning the toilets, and i will find a solution (or re-inventing the flux capacitor. dunno.)

Just to inform you that some code has been updated in rr0d. some bug on the segmentation have been fixed, and a little port of the stdlib, for those who complained their was no str* in rr0d. This is now done. The convention used is to call them rr0d_strlen for strlen, because on some OS the compilator complains because this interfers with previous def. (but not on other Os like win, that why this solution.)

By the way f001, where can a i find your parser to test it? can you upload or link it pleaze?
tx

pfffiouu, long post, but that was a while

Serpilliere
October 31st, 2005, 02:20
oh by the way,

Does anyone has already had a look at the xorg or xfree sources ?
Does anyone knows a bit on how they store addresses or strutures when they do *not* use frame buffer?

I know rtfm, read the source, but erf. if a rasta has already played with that...

0xf001
October 31st, 2005, 06:17
hey rasta man,

please guide me - i am a bit feeling unsure whether i shall continue with the parser now hehe. its a standalone "app" expecting the "input line" as cmd arg. it then evaluates the line and prints out debug info about what it would do etc.
yes i will send you the source you can decide then if you want to use it.
ah to stdlib, i implemented the main strN functions i needed. basically counterparts or new functions but the thing is they all use N
(strncpy, strncat, ...) just to piss of the buffer hackers

for da screen, hmm i don't understand your question hehe. i mean not using a framebuffer there's the console text mode video u allready use - i get sthg wrong i thinnk

cheers, 0xf001

Serpilliere
October 31st, 2005, 09:41
oki.

The fact is that i have included just last week a little stdlib in the source of rr0d. (because you are not supposed to have strlen and company in ring0 (in fact not in every kenels))
So i think we have done dup work for this. It doesn't really matter: i ripped the code from a stdlib... :=)

A list of the current implemented functions is in the file Utils.h (on the cvs for exemple hxxp://cvs.droids-corp.org/cgi-bin/viewcvs.cgi/rr0d/0.3/utils.h)

For the screen, don't bother with that. It has no link with the parser. (it was another problem)

For the parser, i propose (if you agree) you to work with the two little rasta men of Pierre. Their goal is to do a script interpretor for rr0d so its a bit liked to a parser. I think they didn't start the job right no, so you know a bit more on rr0d compared to them. But it could be a great team

If you want to concentrate only on the parser for the moment, there is no problem. keep going on


I haven't meet them, i haven't got their mail yet.

maybe soon

+

0xf001
October 31st, 2005, 10:22
doki, 8)

i continue parsing, ... and hehe i went pretty much through utils.[ch], video.[ch], keyboard.[ch], command.[ch], etc .... da whole mess so to say in order to understand what i claim to do hehe

as i sayed i want to unify all _command_ related functions etc into possibly 1 .c and 1.h file, propably the _parser_ could stay standalone that will show then hehe.

hey thats cool to get support!! in case of any blonde student girl needing direct support or probably a deep introduction, into rr0d, and some optional other topics - just send them to me !! LoL

and the las idea for now: why not link libc statically into rr0d hehehehehe

cheers, 0xf001

Serpilliere
November 1st, 2005, 09:12
hi man,

In fact, they are rasta men (not rasta women) so i think you should keep being handy .
For linking the stdlib, if i remember well, under windows you simply cannot include stdlib in your header.
May the rasta gods help you in your task. R4sta'hem all.

remote Serpilliere