rnicro 0.3.0

A Linux x86_64 debugger and exploit development toolkit written in Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

//! rnicro — A Linux x86_64 debugger and exploit development toolkit written in Rust.
//!
//! Based on the architecture of [sdb](https://github.com/TartanLlama/sdb),
//! the reference implementation for the book
//! ["Building a Debugger"](https://nostarch.com/building-a-debugger) by Sy Brand.
//! Extended with offensive security tooling for binary exploitation,
//! reverse engineering, and vulnerability research.
//!
//! # Module overview
//!
//! ## Core debugger
//!
//! - [`error`] — Error types used throughout the crate.
//! - [`types`] — Core types: `VirtAddr`, `StopReason`, `ProcessState`.
//! - [`pipe`] — Fork/exec synchronization pipe.
//! - [`procfs`] — Linux procfs utilities (`/proc/pid/maps`, etc.).
//! - [`process`] — Process control via ptrace (launch, attach, continue, step). *(Linux-only)*
//! - [`registers`] — x86_64 register read/write with a table-driven design. *(Linux-only)*
//! - [`breakpoint`] — Software breakpoint management (INT3 patching). *(Linux-only)*
//! - [`watchpoint`] — Hardware watchpoint management via debug registers. *(Linux-only)*
//! - [`target`] — High-level debugger API integrating all components. *(Linux-only)*
//!
//! ## Debug information
//!
//! - [`elf`] — ELF binary loading and symbol resolution.
//! - [`dwarf`] — DWARF debug info parsing (line tables, function names, source-to-address resolution).
//! - [`dwarf_expr`] — DWARF expression evaluator (location expressions).
//! - [`expr_eval`] — Simple C expression parser and evaluator.
//! - [`variables`] — Variable and type inspection via DWARF.
//! - [`rust_type`] — Rust symbol demangling, type detection, and pretty-printing.
//! - [`unwind`] — Stack unwinding via DWARF Call Frame Information (CFI).
//! - [`disasm`] — x86_64 disassembly using iced-x86.
//!
//! ## Offensive security — Reconnaissance
//!
//! - [`checksec`] — Security mechanism analysis (RELRO, NX, PIE, canary, FORTIFY).
//! - [`strings`] — String extraction from ELF binaries.
//! - [`entropy`] — Per-section Shannon entropy analysis.
//! - [`antidebug`] — Anti-debugging detection and bypass.
//! - [`memscan`] — Memory scanning with IDA-style wildcard patterns.
//! - [`syscall`] — Linux x86_64 syscall name/number mapping.
//! - [`syscall_trace`] — Enhanced syscall tracing with argument decoding.
//!
//! ## Offensive security — Exploit development
//!
//! - [`rop`] — ROP gadget search in ELF segments.
//! - [`rop_chain`] — Automated ROP chain builder with BFS register assignment.
//! - [`one_gadget`] — One-gadget / magic gadget finder for libc.
//! - [`sigrop`] — Sigreturn-Oriented Programming (SROP) chain builder.
//! - [`fmtstr`] — Format string exploit payload generation.
//! - [`shellcode`] — Shellcode analysis and transformation toolkit.
//! - [`pattern`] — De Bruijn cyclic pattern for buffer overflow offset detection.
//! - [`aslr`] — ASLR/PIE leak calculator and libc offset database.
//! - [`heap`] — glibc heap structure parsing (malloc_chunk, tcache, arenas).
//! - [`heap_exploit`] — Heap exploit primitives (tcache poison, fastbin dup, House of Force).
//!
//! ## Offensive security — Runtime analysis
//!
//! - [`patch`] — Binary patching (on-disk ELF and live memory).
//! - [`got_hook`] — GOT/PLT function hooking for call interception.
//! - [`coredump`] — ELF core dump generation from a stopped process.
//! - [`shared_lib`] — Shared library tracking via `r_debug` / `link_map`. *(Linux-only)*
//!
//! ## Automation
//!
//! - [`event_log`] — Structured event logging for debug sessions (syscalls, signals, bypass actions, secrets).
//! - [`antianalysis`] — Runtime anti-analysis bypass engine (ptrace, /proc, timing, INT3).
//! - [`secret_scan`] — Automated memory secret extraction (differential strings, entropy, known patterns).
//! - [`emulator`] — x86_64 CPU emulator via unicorn-engine for offline analysis and shellcode execution.
//!
//! ## Integration
//!
//! - [`gdb_rsp`] — GDB Remote Serial Protocol server for external tool integration.
//! - [`dap_server`] — Debug Adapter Protocol server for editor integration. *(Linux-only)*
//! - [`tube`] — Process I/O tubes for automated exploit delivery (pwntools-style).

// Platform-independent modules
pub mod antianalysis;
pub mod antidebug;
pub mod aslr;
pub mod checksec;
pub mod coredump;
pub mod disasm;
pub mod dwarf;
pub mod dwarf_expr;
pub mod elf;
pub mod emulator;
pub mod entropy;
pub mod error;
pub mod event_log;
pub mod expr_eval;
pub mod fmtstr;
pub mod gdb_rsp;
pub mod got_hook;
pub mod heap;
pub mod heap_exploit;
pub mod memscan;
pub mod one_gadget;
pub mod patch;
pub mod pattern;
pub mod pipe;
pub mod procfs;
pub mod rop;
pub mod rop_chain;
pub mod rust_type;
pub mod secret_scan;
pub mod shellcode;
pub mod sigrop;
pub mod strings;
pub mod syscall;
pub mod syscall_trace;
pub mod tube;
pub mod types;
pub mod unwind;
pub mod variables;

// Linux-only modules (ptrace, user_regs_struct, etc.)
#[cfg(target_os = "linux")]
pub mod breakpoint;
#[cfg(target_os = "linux")]
pub mod dap_server;
#[cfg(target_os = "linux")]
pub mod process;
#[cfg(target_os = "linux")]
pub mod registers;
#[cfg(target_os = "linux")]
pub mod shared_lib;
#[cfg(target_os = "linux")]
pub mod target;
#[cfg(target_os = "linux")]
pub mod watchpoint;