Provided by: radare2_2.3.0+dfsg-2_amd64 
NAME
ragg2 — radare2 frontend for r_egg, compile programs into tiny binaries for x86-32/64 and
arm.
SYNOPSIS
ragg2 [-a arch] [-b bits] [-k kernel] [-f format] [-o file] [-i shellcode] [-I path]
[-e encoder] [-B hexpairs] [-c k=v] [-C file] [-n num32] [-N num64] [-d off:dword]
[-D off:qword] [-w off:hexpair] [-p padding] [-P pattern] [-q fragment] [-FOLsrxvhz]
DESCRIPTION
ragg2 is a frontend for r_egg, compile programs into tiny binaries for x86-32/64 and arm.
This tool is experimental and it is a rewrite of the old rarc2 and rarc2-tool programs as a
library and integrated with r_asm and r_bin.
Programs generated by r_egg are relocatable and can be injected in a running process or on-
disk binary file.
ragg2-cc is another tool that comes with r2 and it is used to generate shellcodes from C
code. The final code can be linked with rabin2 and it is relocatable, so it can be used to
inject it on any remote process.
ragg2-cc is conceptually based on shellforge4, but only linux/osx x86-32/64 platforms are
supported.
DIRECTIVES
The rr2 (ragg2) configuration file accepts the following directives, described as key=value
entries and comments defined as lines starting with '#'.
-a arch set architecture x86, arm
-b bits 32 or 64
-k kernel windows, linux or osx
-f format select binary format (pe, elf, mach0)
-o file output file to write result of compilation
-i shellcode
specify shellcode name to be used (see -L)
-e encoder specify encoder name to be used (see -L)
-B hexpair specify shellcode as hexpairs
-c k=v set configure option for the shellcode encoder. The argument must be key=value.
-C file include contents of file
-d off:dword
Patch final buffer with given dword at specified offset
-D off:qword
Patch final buffer with given qword at specified offset
-w off:hexpairs
Patch final buffer with given hexpairs at specified offset
-n num32 Append a 32bit number in little endian
-N num64 Append a 64bit number in little endian
-p padding Specify generic paddings with a format string. Use lowercase letters to prefix,
and uppercase to suffix, keychars are. 'n' for nop, 't' for trap, 'a' for
sequence and 's' for zero.
-P size Prepend debruijn sequence of given length.
-q fragment
Output offset of debruijn sequence fragment.
-F autodetect native file format (osx=mach0, linux=elf, ..)
-O use default output file (filename without extension or a.out)
-I path add include path
-s show assembler code
-r show raw bytes instead of hexpairs
-x execute (just-in-time)
-z output in C string syntax
EXAMPLE
$ cat hi.r
/* hello world in r_egg */
write@syscall(4); //x64 write@syscall(1);
exit@syscall(1); //x64 exit@syscall(60);
main@global(128) {
.var0 = "hi!\n";
write(1,.var0, 4);
exit(0);
}
$ ragg2 -O -F hi.r
$ ./hi
hi!
$ cat hi.c
main() {
write(1, "Hello0, 6);
exit(0);
}
$ ragg2 hi.c
$ ./hi.c.bin
Hello
SEE ALSO
radare2(1), rahash2(1), rafind2(1), rabin2(1), rafind2(1), radiff2(1), rasm2(1),
AUTHORS
Written by pancake <pancake@nopcode.org>.
Sep 30, 2014