Expand description
rnicro — A Linux x86_64 debugger and exploit development toolkit written in Rust.
Based on the architecture of sdb, the reference implementation for the book “Building a Debugger” by Sy Brand. Extended with offensive security tooling for binary exploitation, reverse engineering, and vulnerability research.
§Module overview
§Core debugger
error— Error types used throughout the crate.types— Core types:VirtAddr,StopReason,ProcessState.pipe— Fork/exec synchronization pipe.procfs— Linux procfs utilities (/proc/pid/maps, etc.).process— Process control via ptrace (launch, attach, continue, step). (Linux-only)registers— x86_64 register read/write with a table-driven design. (Linux-only)breakpoint— Software breakpoint management (INT3 patching). (Linux-only)watchpoint— Hardware watchpoint management via debug registers. (Linux-only)target— High-level debugger API integrating all components. (Linux-only)
§Debug information
elf— ELF binary loading and symbol resolution.dwarf— DWARF debug info parsing (line tables, function names, source-to-address resolution).dwarf_expr— DWARF expression evaluator (location expressions).expr_eval— Simple C expression parser and evaluator.variables— Variable and type inspection via DWARF.rust_type— Rust symbol demangling, type detection, and pretty-printing.unwind— Stack unwinding via DWARF Call Frame Information (CFI).disasm— x86_64 disassembly using iced-x86.
§Offensive security — Reconnaissance
checksec— Security mechanism analysis (RELRO, NX, PIE, canary, FORTIFY).strings— String extraction from ELF binaries.entropy— Per-section Shannon entropy analysis.antidebug— Anti-debugging detection and bypass.memscan— Memory scanning with IDA-style wildcard patterns.syscall— Linux x86_64 syscall name/number mapping.syscall_trace— Enhanced syscall tracing with argument decoding.
§Offensive security — Exploit development
rop— ROP gadget search in ELF segments.rop_chain— Automated ROP chain builder with BFS register assignment.one_gadget— One-gadget / magic gadget finder for libc.sigrop— Sigreturn-Oriented Programming (SROP) chain builder.fmtstr— Format string exploit payload generation.shellcode— Shellcode analysis and transformation toolkit.pattern— De Bruijn cyclic pattern for buffer overflow offset detection.aslr— ASLR/PIE leak calculator and libc offset database.heap— glibc heap structure parsing (malloc_chunk, tcache, arenas).heap_exploit— Heap exploit primitives (tcache poison, fastbin dup, House of Force).
§Offensive security — Runtime analysis
patch— Binary patching (on-disk ELF and live memory).got_hook— GOT/PLT function hooking for call interception.coredump— ELF core dump generation from a stopped process.shared_lib— Shared library tracking viar_debug/link_map. (Linux-only)
§Automation
event_log— Structured event logging for debug sessions (syscalls, signals, bypass actions, secrets).antianalysis— Runtime anti-analysis bypass engine (ptrace, /proc, timing, INT3).secret_scan— Automated memory secret extraction (differential strings, entropy, known patterns).emulator— x86_64 CPU emulator via unicorn-engine for offline analysis and shellcode execution.
§Integration
gdb_rsp— GDB Remote Serial Protocol server for external tool integration.dap_server— Debug Adapter Protocol server for editor integration. (Linux-only)tube— Process I/O tubes for automated exploit delivery (pwntools-style).
Modules§
- antianalysis
- Runtime anti-analysis bypass engine.
- antidebug
- Anti-debugging detection and bypass.
- aslr
- ASLR/PIE leak calculator and libc offset database.
- breakpoint
- Software breakpoint management.
- checksec
- Security mechanism analysis for ELF binaries (checksec).
- coredump
- ELF core dump generation.
- dap_
server - Debug Adapter Protocol (DAP) server for editor integration.
- disasm
- x86_64 disassembly using iced-x86.
- dwarf
- DWARF debug information parsing.
- dwarf_
expr - DWARF expression evaluator.
- elf
- ELF binary loading and symbol resolution.
- emulator
- x86_64 CPU emulator for offline binary analysis.
- entropy
- Shannon entropy analysis for ELF sections.
- error
- Error types used throughout the crate.
- event_
log - Structured event logging for automated debugging.
- expr_
eval - Simple C expression parser and evaluator.
- fmtstr
- Format string exploit helper.
- gdb_rsp
- GDB Remote Serial Protocol (RSP) server.
- got_
hook - GOT/PLT hooking for function interception.
- heap
- glibc heap analysis for exploit development.
- heap_
exploit - Heap exploit primitives for glibc.
- memscan
- Memory scanning and pattern matching.
- one_
gadget - One-gadget / magic gadget finder.
- patch
- Binary patching utilities.
- pattern
- De Bruijn cyclic pattern generation for buffer overflow analysis.
- pipe
- Inter-process pipe for fork/exec synchronization.
- process
- Process control via ptrace.
- procfs
- Linux procfs utilities for inspecting tracee state.
- registers
- x86_64 register access via ptrace.
- rop
- ROP (Return-Oriented Programming) gadget search.
- rop_
chain - Automated ROP chain builder.
- rust_
type - Rust symbol demangling, type detection, and pretty-printing.
- secret_
scan - Automated memory secret extraction.
- shared_
lib - Shared library tracking via the dynamic linker’s
r_debug/link_map. - shellcode
- Shellcode analysis and transformation toolkit.
- sigrop
- Sigreturn-Oriented Programming (SROP) chain builder.
- strings
- String extraction from ELF binaries.
- syscall
- Linux x86_64 syscall name/number mapping.
- syscall_
trace - Enhanced syscall tracing with argument decoding.
- target
- High-level debugger API.
- tube
- Process I/O tubes for exploit interaction.
- types
- Core types used throughout the crate.
- unwind
- Stack unwinding via DWARF Call Frame Information (CFI).
- variables
- Variable and type inspection via DWARF debug information.
- watchpoint
- Hardware watchpoint management via x86_64 debug registers.