diff --git a/src/core/Cutter.cpp b/src/core/Cutter.cpp index e8bb865a..1a084f84 100644 --- a/src/core/Cutter.cpp +++ b/src/core/Cutter.cpp @@ -398,30 +398,30 @@ QString CutterCore::cmdRawAt(const char *cmd, RVA address) RVA oldOffset = getOffset(); seekSilent(address); - { - CORE_LOCK(); - r_cons_push (); - - // r_cmd_call does not return the output of the command - r_cmd_call(core->rcmd, cmd); - - // we grab the output straight from r_cons - res = r_cons_get_buffer(); - - // cleaning up - r_cons_pop (); - r_cons_echo (NULL); - } + res = cmdRaw(cmd); seekSilent(oldOffset); return res; } -QString CutterCore::cmdRaw(const QString &str) +QString CutterCore::cmdRaw(const char *cmd) { - QString cmdStr = str; - cmdStr.replace('\"', QStringLiteral("\\\"")); - return cmd(cmdStr.prepend('\"').append('\"')); + QString res; + CORE_LOCK(); + r_cons_push (); + + // r_cmd_call does not return the output of the command + bool success = r_cmd_call(core->rcmd, cmd); + + qInfo() << "---" << success << "----\n"; + // we grab the output straight from r_cons + res = r_cons_get_buffer(); + + // cleaning up + r_cons_pop (); + r_cons_echo (NULL); + + return res; } QJsonDocument CutterCore::cmdj(const char *str) @@ -794,7 +794,7 @@ void CutterCore::applyStructureOffset(const QString &structureOffset, RVA offset offset = getOffset(); } - this->cmdRaw("aht " + structureOffset + " @ " + QString::number(offset)); + this->cmdRawAt("aht " + structureOffset, QString::number(offset)); emit instructionChanged(offset); } diff --git a/src/core/Cutter.h b/src/core/Cutter.h index c15c462c..582d43ea 100644 --- a/src/core/Cutter.h +++ b/src/core/Cutter.h @@ -72,10 +72,23 @@ public: */ bool asyncCmd(const char *str, QSharedPointer &task); bool asyncCmd(const QString &str, QSharedPointer &task) { return asyncCmd(str.toUtf8().constData(), task); } - QString cmdRaw(const QString &str); /** - * @brief Execute a command \a cmd at \a address. The function will preform a silent seek to the address + * @brief Execute a radare2 command \a cmd. By nature, the API + * is executing raw commands, and thus ignores multiple commands and overcome command injections. + * @param cmd - a raw command to execute. If multiple commands will be passed (e.g "px 5; pd 7 && pdf") then + * only the first command will be executed. + * @return the output of the command + */ + QString cmdRaw(const char *cmd); + + /** + * @brief a wrapper around cmdRaw(const char *cmd,). + */ + QString cmdRaw(const QString &cmd) { return cmdRaw(cmd.toUtf8().constData()); }; + + /** + * @brief Execute a radare2 command \a cmd at \a address. The function will preform a silent seek to the address * without triggering the seekChanged event nor adding new entries to the seek history. By nature, the * API is executing raw commands, and thus ignores multiple commands and overcome command injections. * @param cmd - a raw command to execute. If multiple commands will be passed (e.g "px 5; pd 7 && pdf") then @@ -89,6 +102,7 @@ public: * @brief a wrapper around cmdRawAt(const char *cmd, RVA address). */ QString cmdRawAt(const QString &str, RVA address) { return cmdRawAt(str.toUtf8().constData(), address); } + QJsonDocument cmdj(const char *str); QJsonDocument cmdj(const QString &str) { return cmdj(str.toUtf8().constData()); } QStringList cmdList(const char *str) { return cmd(str).split(QLatin1Char('\n'), QString::SkipEmptyParts); }