rnicro 0.1.0

A Linux x86_64 debugger and exploit development toolkit written in Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

//! rnicro — A Linux x86_64 debugger and exploit development toolkit written in Rust.
//!
//! Based on the architecture of [sdb](https://github.com/TartanLlama/sdb),
//! the reference implementation for the book
//! ["Building a Debugger"](https://nostarch.com/building-a-debugger) by Sy Brand.
//! Extended with offensive security tooling for binary exploitation,
//! reverse engineering, and vulnerability research.
//!
//! # Module overview
//!
//! ## Core debugger
//!
//! - [`error`] — Error types used throughout the crate.
//! - [`types`] — Core types: `VirtAddr`, `StopReason`, `ProcessState`.
//! - [`pipe`] — Fork/exec synchronization pipe.
//! - [`procfs`] — Linux procfs utilities (`/proc/pid/maps`, etc.).
//! - [`process`] — Process control via ptrace (launch, attach, continue, step). *(Linux-only)*
//! - [`registers`] — x86_64 register read/write with a table-driven design. *(Linux-only)*
//! - [`breakpoint`] — Software breakpoint management (INT3 patching). *(Linux-only)*
//! - [`watchpoint`] — Hardware watchpoint management via debug registers. *(Linux-only)*
//! - [`target`] — High-level debugger API integrating all components. *(Linux-only)*
//!
//! ## Debug information
//!
//! - [`elf`] — ELF binary loading and symbol resolution.
//! - [`dwarf`] — DWARF debug info parsing (line tables, function names, source-to-address resolution).
//! - [`dwarf_expr`] — DWARF expression evaluator (location expressions).
//! - [`expr_eval`] — Simple C expression parser and evaluator.
//! - [`variables`] — Variable and type inspection via DWARF.
//! - [`rust_type`] — Rust symbol demangling, type detection, and pretty-printing.
//! - [`unwind`] — Stack unwinding via DWARF Call Frame Information (CFI).
//! - [`disasm`] — x86_64 disassembly using iced-x86.
//!
//! ## Offensive security — Reconnaissance
//!
//! - [`checksec`] — Security mechanism analysis (RELRO, NX, PIE, canary, FORTIFY).
//! - [`strings`] — String extraction from ELF binaries.
//! - [`entropy`] — Per-section Shannon entropy analysis.
//! - [`antidebug`] — Anti-debugging detection and bypass.
//! - [`memscan`] — Memory scanning with IDA-style wildcard patterns.
//! - [`syscall`] — Linux x86_64 syscall name/number mapping.
//! - [`syscall_trace`] — Enhanced syscall tracing with argument decoding.
//!
//! ## Offensive security — Exploit development
//!
//! - [`rop`] — ROP gadget search in ELF segments.
//! - [`rop_chain`] — Automated ROP chain builder with BFS register assignment.
//! - [`one_gadget`] — One-gadget / magic gadget finder for libc.
//! - [`sigrop`] — Sigreturn-Oriented Programming (SROP) chain builder.
//! - [`fmtstr`] — Format string exploit payload generation.
//! - [`shellcode`] — Shellcode analysis and transformation toolkit.
//! - [`pattern`] — De Bruijn cyclic pattern for buffer overflow offset detection.
//! - [`aslr`] — ASLR/PIE leak calculator and libc offset database.
//! - [`heap`] — glibc heap structure parsing (malloc_chunk, tcache, arenas).
//! - [`heap_exploit`] — Heap exploit primitives (tcache poison, fastbin dup, House of Force).
//!
//! ## Offensive security — Runtime analysis
//!
//! - [`patch`] — Binary patching (on-disk ELF and live memory).
//! - [`got_hook`] — GOT/PLT function hooking for call interception.
//! - [`coredump`] — ELF core dump generation from a stopped process.
//! - [`shared_lib`] — Shared library tracking via `r_debug` / `link_map`. *(Linux-only)*
//!
//! ## Automation
//!
//! - [`event_log`] — Structured event logging for debug sessions (syscalls, signals, bypass actions, secrets).
//! - [`antianalysis`] — Runtime anti-analysis bypass engine (ptrace, /proc, timing, INT3).
//! - [`secret_scan`] — Automated memory secret extraction (differential strings, entropy, known patterns).
//!
//! ## Integration
//!
//! - [`gdb_rsp`] — GDB Remote Serial Protocol server for external tool integration.
//! - [`dap_server`] — Debug Adapter Protocol server for editor integration. *(Linux-only)*
//! - [`tube`] — Process I/O tubes for automated exploit delivery (pwntools-style).

// Platform-independent modules
pub mod error;
pub mod types;
pub mod pipe;
pub mod procfs;
pub mod disasm;
pub mod elf;
pub mod dwarf;
pub mod dwarf_expr;
pub mod expr_eval;
pub mod variables;
pub mod rust_type;
pub mod unwind;
pub mod syscall;
pub mod checksec;
pub mod strings;
pub mod rop;
pub mod entropy;
pub mod pattern;
pub mod patch;
pub mod antidebug;
pub mod heap;
pub mod coredump;
pub mod gdb_rsp;
pub mod syscall_trace;
pub mod fmtstr;
pub mod memscan;
pub mod got_hook;
pub mod shellcode;
pub mod sigrop;
pub mod aslr;
pub mod heap_exploit;
pub mod rop_chain;
pub mod one_gadget;
pub mod tube;
pub mod event_log;
pub mod antianalysis;
pub mod secret_scan;

// Linux-only modules (ptrace, user_regs_struct, etc.)
#[cfg(target_os = "linux")]
pub mod process;
#[cfg(target_os = "linux")]
pub mod registers;
#[cfg(target_os = "linux")]
pub mod breakpoint;
#[cfg(target_os = "linux")]
pub mod watchpoint;
#[cfg(target_os = "linux")]
pub mod shared_lib;
#[cfg(target_os = "linux")]
pub mod target;
#[cfg(target_os = "linux")]
pub mod dap_server;