{"id":13438918,"url":"https://github.com/yrp604/rappel","last_synced_at":"2025-05-16T06:07:32.100Z","repository":{"id":38802849,"uuid":"51426860","full_name":"yrp604/rappel","owner":"yrp604","description":"A linux-based assembly REPL for x86, amd64, armv7, and armv8","archived":false,"fork":false,"pushed_at":"2024-03-07T04:45:15.000Z","size":108,"stargazers_count":1191,"open_issues_count":2,"forks_count":58,"subscribers_count":41,"default_branch":"master","last_synced_at":"2025-04-08T16:05:48.244Z","etag":null,"topics":["aarch64","amd64","arm64","armv7","armv8","asm","assembly","assembly-language","assembly-repl","debugger","linux","ptrace","rappel","repl","x64","x86","x86-64"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yrp604.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-10T07:28:58.000Z","updated_at":"2025-04-07T01:03:21.000Z","dependencies_parsed_at":"2024-10-29T17:51:03.577Z","dependency_job_id":null,"html_url":"https://github.com/yrp604/rappel","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yrp604%2Frappel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yrp604%2Frappel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yrp604%2Frappel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yrp604%2Frappel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yrp604","download_url":"https://codeload.github.com/yrp604/rappel/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254478190,"owners_count":22077676,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aarch64","amd64","arm64","armv7","armv8","asm","assembly","assembly-language","assembly-repl","debugger","linux","ptrace","rappel","repl","x64","x86","x86-64"],"created_at":"2024-07-31T03:01:09.608Z","updated_at":"2025-05-16T06:07:27.014Z","avatar_url":"https://github.com/yrp604.png","language":"C","readme":"# rappel\n\n[![Build Status](https://dev.azure.com/yrp604/rappel/_apis/build/status/yrp604.rappel?branchName=master)](https://dev.azure.com/yrp604/rappel/_build/latest?definitionId=1\u0026branchName=master)\n\nRappel is a pretty janky assembly REPL. It works by creating a shell ELF, starting it under ptrace, then continiously rewriting/running the `.text` section, while showing the register states. It's maybe half done right now, and supports Linux x86, amd64, armv7 (no thumb), and armv8 at the moment.\n\n* If you're looking for a Windows version, please see [@zerosum0x0](https://twitter.com/zerosum0x0)'s [WinREPL](https://github.com/zerosum0x0-archive/archive/raw/main/WinREPL-master.zip) (archived)\n* If you're looking for a macOS version, please see [@tyilol](https://twitter.com/tyilol)'s [asm_repl](https://github.com/Tyilo/asm_repl)\n* If you're looking for a hacked together with gdb and Python version, please see amtal's [rappel.py](https://gist.github.com/amtal/c457176af7f8770e0ad519aadc86013c/)\n\n## Install\n\nThe only dependencies are `libedit` and an assembler (`nasm` on x86/amd64, `as` on ARM) , which on Debian can be installed with the `libedit-dev` and `nasm`/`binutils` packages. Please note, as `rappel` requires the ability to write to executable memory via `ptrace`, the program is broken under `PAX_MPROTECT` on grsec kernels (see [#2](https://github.com/yrp604/rappel/issues/2)).\n\n```\n$ CC=clang make\n```\n\nIt should work fine with `gcc`, albeit with a few more warnings.\n\nBy default rappel is compiled with your native architecture. If you're on amd64 and want to target x86 you can do this with\n\n```\n$ ARCH=x86 CC=clang make\n```\n\nIn theory you can also compile an armv7 binary this way, but I really doubt it will work. For rappel to function, the architecture of the main rappel binary must match that of the process it creates, and the host must be able to run binaries of this architecture.\n\n## Running\n\nRappel has two modes it can operate in. A pipe mode for one off things, a la\n\n```\n$ echo \"inc eax\" | bin/rappel\nrax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000\nrdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000\nrip=0000000000400004 rsp=00007ffc73019c20 rbp=0000000000000000\n r8=0000000000000000  r9=0000000000000000 r10=0000000000000000\nr11=0000000000000000 r12=0000000000000000 r13=0000000000000000\nr14=0000000000000000 r15=0000000000000000\n[cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]\ncs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202\n$\n```\n\nOr an interactive mode:\n\n```\n$ bin/rappel\nrax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000\nrdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000\nrip=0000000000400001 rsp=00007ffdedb264a0 rbp=0000000000000000\n r8=0000000000000000  r9=0000000000000000 r10=0000000000000000\nr11=0000000000000000 r12=0000000000000000 r13=0000000000000000\nr14=0000000000000000 r15=0000000000000000\n[cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]\ncs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202\n\u003e inc rax\nrax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000\nrdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000\nrip=0000000000400004 rsp=00007ffdedb264a0 rbp=0000000000000000\n r8=0000000000000000  r9=0000000000000000 r10=0000000000000000\nr11=0000000000000000 r12=0000000000000000 r13=0000000000000000\nr14=0000000000000000 r15=0000000000000000\n[cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]\ncs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202\n\u003e push rax\nrax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000\nrdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000\nrip=0000000000400002 rsp=00007ffdedb26498 rbp=0000000000000000\n r8=0000000000000000  r9=0000000000000000 r10=0000000000000000\nr11=0000000000000000 r12=0000000000000000 r13=0000000000000000\nr14=0000000000000000 r15=0000000000000000\n[cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]\ncs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202\n\u003e pop rbx\nrax=0000000000000001 rbx=0000000000000001 rcx=0000000000000000\nrdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000\nrip=0000000000400002 rsp=00007ffdedb264a0 rbp=0000000000000000\n r8=0000000000000000  r9=0000000000000000 r10=0000000000000000\nr11=0000000000000000 r12=0000000000000000 r13=0000000000000000\nr14=0000000000000000 r15=0000000000000000\n[cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]\ncs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202\n\u003e cmp rax, rbx\nrax=0000000000000001 rbx=0000000000000001 rcx=0000000000000000\nrdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000\nrip=0000000000400004 rsp=00007ffdedb264a0 rbp=0000000000000000\n r8=0000000000000000  r9=0000000000000000 r10=0000000000000000\nr11=0000000000000000 r12=0000000000000000 r13=0000000000000000\nr14=0000000000000000 r15=0000000000000000\n[cf:0, zf:1, of:0, sf:0, pf:1, af:0, df:0]\ncs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000246\n\u003e ^D\n$\n```\n\nx86 looks like:\n```\n$ echo \"nop\" | bin/rappel\neax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000\neip=00400002 esp=ffc67240 ebp=00000000 [cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]\ncs=0023  ss=002b  ds=002b  es=002b  fs=0000  gs=0000            efl=00000202\n$\n```\n\nARMv7 looks like:\n```\n$ echo \"nop\" | bin/rappel\nR0 :0x00000000\tR1 :0x00000000\tR2 :0x00000000\tR3 :0x00000000\nR4 :0x00000000\tR5 :0x00000000\tR6 :0x00000000\tR7 :0x00000000\nR8 :0x00000000\tR9 :0x00000000\tR10:0x00000000\nFP :0x00000000\tIP :0x00000000\nSP :0xbe927f30\tLR :0x00000000\tPC :0x00400004\nAPSR:0x00000010\n$\n```\n\nARMv8 looks like:\n```\n$ echo \"nop\" | bin/rappel\nX0:  0x0000000000000000\tX1:  0x0000000000000000\tX2:  0x0000000000000000\tX3:  0x0000000000000000\nX4:  0x0000000000000000\tX5:  0x0000000000000000\tX6:  0x0000000000000000\tX7:  0x0000000000000000\nX8:  0x0000000000000000\tX9:  0x0000000000000000\tX10: 0x0000000000000000\tX11: 0x0000000000000000\nX12: 0x0000000000000000\tX13: 0x0000000000000000\tX14: 0x0000000000000000\tX15: 0x0000000000000000\nX16: 0x0000000000000000\tX17: 0x0000000000000000\tX18: 0x0000000000000000\tX19: 0x0000000000000000\nX20: 0x0000000000000000\tX21: 0x0000000000000000\tX22: 0x0000000000000000\tX23: 0x0000000000000000\nX24: 0x0000000000000000\tX25: 0x0000000000000000\tX26: 0x0000000000000000\tX27: 0x0000000000000000\nX28: 0x0000000000000000\tX29: 0x0000000000000000\tX30: 0x0000000000000000\nPC:  0x0000000000400004\tSP:  0x0000007fedb9be40\tPS:  0x0000000000000000\n```\n\n## Notes\nSomeone asked about xmm registers. If you pass `-x` it will dump out quite a bit of info.\n\n```\nGP Regs:\nrax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000\nrdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000\nrip=0000000000400001 rsp=00007ffca03d9370 rbp=0000000000000000\n r8=0000000000000000  r9=0000000000000000 r10=0000000000000000\nr11=0000000000000000 r12=0000000000000000 r13=0000000000000000\nr14=0000000000000000 r15=0000000000000000\n[cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]\ncs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202\nFP Regs:\nrip: 0000000000000000   rdp: 0000000000000000   mxcsr: 00001f80 mxcsr_mask:0000ffff\ncwd: 037f       swd: 0000       ftw: 0000       fop: 0000\nst_space:\n0x00:   00000000        00000000        00000000        00000000\n0x10:   00000000        00000000        00000000        00000000\n0x20:   00000000        00000000        00000000        00000000\n0x30:   00000000        00000000        00000000        00000000\n0x40:   00000000        00000000        00000000        00000000\n0x50:   00000000        00000000        00000000        00000000\n0x60:   00000000        00000000        00000000        00000000\n0x70:   00000000        00000000        00000000        00000000\nxmm_space:\n0x00:   00000000        00000000        00000000        00000000\n0x10:   00000000        00000000        00000000        00000000\n0x20:   00000000        00000000        00000000        00000000\n0x30:   00000000        00000000        00000000        00000000\n0x40:   00000000        00000000        00000000        00000000\n0x50:   00000000        00000000        00000000        00000000\n0x60:   00000000        00000000        00000000        00000000\n0x70:   00000000        00000000        00000000        00000000\n0x80:   00000000        00000000        00000000        00000000\n0x90:   00000000        00000000        00000000        00000000\n0xa0:   00000000        00000000        00000000        00000000\n0xb0:   00000000        00000000        00000000        00000000\n0xc0:   00000000        00000000        00000000        00000000\n0xd0:   00000000        00000000        00000000        00000000\n0xe0:   00000000        00000000        00000000        00000000\n0xf0:   00000000        00000000        00000000        00000000\n```\n\nThere are some other regsets the kernel exports via ptrace(), but they're dependent on kernel version, and I didn't want to try to detect and adjust at runtime. If you want them, you should just need to add the storage in `proc_info_t`, edit `ptrace_collect_regs_\u003carch\u003e()`, then add the display in the relevant `display` function.\n\nRight now supported platforms are determined by what hardware I own. Adding a new architecture shouldn't be too difficult, as most of the code can be adapted from existing archs.\n\n## Docs\n\nYou can get pretty much all the documentation with either `-h` from the command line, or `.help` from the interactive bit.\n","funding_links":[],"categories":["C","linux","\u003ca id=\"89e277bca2740d737c1aeac3192f374c\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"203d00ef3396d68f5277c90279f4ebf3\"\u003e\u003c/a\u003e新添加"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyrp604%2Frappel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyrp604%2Frappel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyrp604%2Frappel/lists"}