metasm 1.0.3 → 1.0.4

data/samples/emudbg.rb

@@ -0,0 +1,127 @@
+#!/usr/bin/ruby
+
+# Demo of using the EmuDebugger to work on the SSTIC2017 challenge (EBPF program)
+
+require 'metasm'
+include Metasm
+require 'zlib'
+
+bpf_prog = "eNrlWk9sVEUYn7f7nq8lxS5QpDZEinSxIUEKASnEhNYGQYS0WGsBY8LBUA4YKq"  <<
+"Dl8UICQRLkQFbBSLiUFpH2BJ7KbTi2F7NHDx4w8cCRI6mQdWa+b/6+t/voAhdtsp2dN/PNfN/8" <<
+"vvl+38xb+gYRfzMhlJ3s08Q+Q6TskwZCutj3FaL+u78E2wvsQxugP29/ndcbtXyH6D/rbwsIaf" <<
+"UIeVKpVAj+NbdCOcL651g5zMr3WbnqOjyPbzwSfUP2nKs24+HztifieStTIk/0H52EMszBPBfZ" <<
+"d0/MD4KBmIWQCMcZ8j637B1hdrSzcgzLoYbf/ALqJ55jOVDC+dDuaFrrucJoH2btFTHOlL+X1w" <<
+"nWya/+kCFHf0C9mV5vCfsewnNch5CN08afX54Vz3vO4TosKif6vW21/yHaowkYr6dg68315RDs" <<
+"Ltn2RxMg14/4cNzO9h7Zx7+f6Pty5xetV3wYF+Yf8XB9sBzyLvv7h7/9QNhb4fZe8uN9sM586e" <<
+"MzgJ/G83Emno8ZnvQW1vOA74wPdY5zTugza9l5R8xfqYwQ1A/LeBHMH595WfM+XNC83O7cS7S7" <<
+"NYT5pHxADvm1/fozvyhwGvK9Gv6t/XWn/zHX62d4vgtxHBhFfXEe0w+5XgPnkv6WTx1/mx9b+2" <<
+"Wrf5DXQ6yHW/ydfJ3v4D5jz7cb8+txuvyzuL5eHXFiBvXUfgn7YLkTN+RzU582C9eFzbsc41OE" <<
+"88eXYV+p+FB1f99PtK+z2h8k2jdZ7ei3ozZOEmdu11qjPV50r+K2v2u130y0v2e1z6o4yeNcj4" <<
+"yj32OJ6zvsAZ7SL/uRT+iPUI6x9eOq0rzeF2W2nsN5kCvmc6QR4yl/HggWs/tTp3+A/edE/9dU" <<
+"PJ5mde7e47w/+tkMk+M91uc9y1/oVdQvj7zYgfb4IEeLOH+A+gY4f5AX+o6wfnzjhvzfM67HYh" <<
+"jXkKOOXODIlZ5q/WcC7W9C/xzK5VLk5lmc2Yk4HUK/u4b2+MATdAvag/PTTXr8sjO+sCcAnLje" <<
+"vIOyx5CjaXqZcnOGPTmN37iFX4ocA45+ksSF+5O0U9nRg+MStANxjteVxDoUibanSY7PAFL2GP" <<
+"LUkOdygSvHAErY46M96CdFP01uXtuD+5nHc55j0c2On21J97O47Trw3rpLYJfhdwXpd0xC6meO" <<
+"Y/vdCuU/Wm6uItchmrTjxFgIuSG9gHoibvQ7bX/ZsD+agLjG10Hox/q3IO584QMCiaopT631aw" <<
+"L9LLnS04A0w7qTdD+SehfzjypJ+6aVfQH5G3jc13FVjIP8VWzIp80/L3FS+RIzrpvbcTI9jsV7" <<
+"plAfXIcQ9mEIfFsORLZty9O0fWHLzQUEvkj9TfnxbPlpegr696+291dSf7meEI95PF8p1q8pIW" <<
+"fr7Yl5AxJYcczsn6onjh8CX5ToTyjnxuFWvX8Ej6ypov+h+5b+0k+V/msy+MR3+MRHPnHiseKT" <<
+"NZ6Nywq9fwoGT/JzUsXYT0n+y6v19uV6mHxyIcNfDDmLT3IZ/m7KcT5BvjbXW/BI5NhxMtuOBm" <<
+"mHySMns+1QciaP5HV+IuzAPLMYpshxHkG/i7ePVlxc2uvEpUn56bMF4aLkTB7JZ+Oi5eYNe45W" <<
+"XHw668SnoOwpLwgfLTe3IHy03LRhz+EEPl114tOi48izheCj5TjfPD8+hty8tucAnAOmII9X5z" <<
+"ivNm+8Mr5orJMv0J+iO3A+6D+N4yyrnb9zngS+KCT6p+qN/UMIo6WAgMJ0uX2uo4PZeeRKlecx" <<
+"Htkvz30D4F9f2+cU6Rc8vxR88o3237Lhv/Gec5h/nYbyBuBaDKucV4b1ONTaBxnnlQDtwnyN3w" <<
+"MIfhl2zisXiZVHjWG+Q7c5+6Vb+2/Z8N+4DfDkflyTbwx5msUbJt80ZPO9xTeYF9ODaA/eb9E+" <<
+"J+/clY4Pjy8y32yQeZvJN7uq4aHzPSWXdm6pluebcpxv8Hwk8Vc8c9Wx41p6/mzmzU0q/zR45l" <<
+"q1vFnro+RMnvH0PY6wA/2j2Jgmx3hmYxKPTiN+KDtOZdtRUHYY/HIq2w4tZ/CLn8EvlhzjF8zb" <<
+"4z3dFReXrjpxsc8zz4+LfZ5x7KmBS9o5JN7TBfxyC+6BRvB8HG+H+lhQm2eiX2Zf7fnkBfkmbu" <<
+"ux7Ovvk7yK9+uDVfL+G51ol6/O/SsN3KMJOEcr+wbT7ZP9EueZsE4ewvnjM+1oF9zTNC+TduG9" <<
+"DcYp6dfRNOKJeS3t1e8bhN2evO/YDfp6YLeMjxTPX9HNS2g3nKPNcagxjuxf9MAOPg7nKS0fqv" <<
+"0n+MqJizzOvGbMt77Xs9Ytmizhew20f7XE+5H1voPnSQXj3lCet6qdV5Uf55BXcg6PXc3wY0PO" <<
+"4rF8xv405TiPrZF4wv6KJtFO5JF4Hdp5E/04p+9FW408ScWjlmrxKEjlO8n/8v2OwrslPT5F02" <<
+"V1X1OTBxu1v4wb/iL9JMGDSg+0H/Mwmc/J+2L53kmum7K7o05+7KiTH/2M+1aXH1UcRjwn4b6n" <<
+"Ge97TVw7F4RrBm+2vCBv1sAvnTencF/CfVBzCn5ddeKXyqMdL8ijNfBL49Fo8r6FG3/fJ3hzac" <<
+"b9uIe85Tl8uTTjftyW03yJccaUH8+Wn5Z+Jd/73nXwSfDEDbxHxvs9yafcDxqNfI+//1xp8qSX" <<
+"zhdFD84zUk7dP2Nd5s+mfKr/4XxIEyWq4iXgw/fQWuN9oRzvHVZGx46P3n1T/x7BfB861HibfP" <<
+"Tp4GA0cQ73KZzfmpfKdRt16ked+mGnfsCpP3DqA04d4uvdpfoce+TE8a92oP6S/5Lv4a+Q3X3t" <<
+"fdEEnNPk7y2iid1Ovcepdzv1Lqfe6dTbnTr6UWv6+2d6Hp5vWIK/L2A4rb/94WX1nhT9cQfGgw" <<
+"1Yrtpoy2X1k+fyRHv3wsb5z/Q7/3z9hrxdpHfv3naZ3zefsvPe5haHl1V9yqnfc+oPnfp9p45+" <<
+"jnX+/qUd7yXajXzT9Ju/Lh3786X7TV+V9s3/U7/pfb5+y73FZFPXxq0yT5e/83lZv7Oh+DsCfK" <<
+"2T+L2FvJ8IyLV/ePkvDyQvEw=="
+
+raw = Zlib::Inflate.inflate(bpf_prog.unpack('m*').first)
+dasm = Shellcode.decode(raw, EBPF.new(:latest, :little)).disassembler
+dasm.backtrace_maxblocks_data = -1
+
+dasm.callback_newinstr = lambda { |di|
+	if di.opcode.name == 'call'
+		case di.instruction.args.first.reduce
+		when 1; di.instruction.args[0] = ExpressionString.new(Expression[1], "bpf_map_lookup_elem")
+		when 2; di.instruction.args[0] = ExpressionString.new(Expression[1], "bpf_map_update_elem")
+		end
+	end
+	di
+}
+# EmuDebugger needs an already disassembled binary
+dasm.disassemble(0)
+
+#Gui::DasmWindow.new.display(dasm)
+
+# EmuDebugger has no memory except what is described in the binary
+# We must manually add sections to the disassembler to 'map' the stack and working heap
+stack = EncodedData.new("\x00" * 0x1000)
+dasm.add_section(stack, 0x8000)
+
+# ebpf works on network packets
+eth = "\x11\x11\x11\x11\x11\x11\x22\x22\x22\x22\x22\x22\x08\x00"
+ip = "\x45\x00\x00\x2c\x00\x00\x11\x11\x22\x11\x33\x33\x44\x44\x44\x44\x55\x55\x55\x55"
+udp = "\x00\x00\x05\x39\x22\x22\x33\x33"
+pld = "LUM{BvWQEdCrMfA}"
+# forge the needed network headers
+ip[2, 2]  = [ip.length + udp.length + pld.length].pack('n')
+udp[4, 2] = [udp.length + pld.length].pack('n')
+pkt = EncodedData.new(eth + ip + udp + pld)
+dasm.add_section(pkt, 0x9000)
+
+# Initialize the emulator
+dbg = Metasm::EmuDebugger.new(dasm)
+# Set the initial state of the registers
+dbg.set_reg_value(:r10, 0x8900)
+# :packet is a special register used internally by some opcodes of the EBPF cpu (packet data store/load)
+dbg.set_reg_value(:packet, 0x9000)
+
+# This section emulates the kernel API for shared bpf maps
+$bpf_map = { 0 => 0 }
+dbg.callback_emulate_di = lambda { |di|
+        case di.opcode.name
+        when 'call'
+                case di.instruction.args.to_s
+                when /map_lookup/
+                        key = dbg.resolve('dword ptr [r2]')
+                        puts "bpf_map_lookup(#{dbg[:r1]}, #{key}) => #{$bpf_map[key].inspect}"
+                        if $bpf_map[key]
+                                dbg[:r0] = dbg[:r2]
+                                dbg.memory_write_int(:r2, $bpf_map[key], 4)
+                        else
+                                dbg[:r0] = 0
+                        end
+                when /map_update/
+                        key = dbg.resolve('dword ptr [r2]')
+                        val = dbg.resolve('dword ptr [r3]')
+                        puts "bpf_map_update(#{dbg[:r1]}, #{key}, #{val})"
+                        $bpf_map[key] = val
+                end
+                dbg.pc += di.bin_length
+                true
+        end
+}
+
+# Start the GUI
+Gui::DbgWindow.new.display(dbg)
+# some pretty settings for the initial view
+dbg.gui.run_command('wd 6')
+dbg.gui.run_command('wp 6')
+dbg.gui.run_command('d :packet')
+dbg.gui.parent.code.toggle_view(:graph)
+
+Gui.main

data/samples/lindebug.rb

@@ -35,7 +35,7 @@ module Ansi
 			end
 		}.compact.join(';') << 'm'
 	end
-	def self.hline(len) "\e(0"<<'q'*len<<"\e(B" end
+	def self.hline(len) "\e(0" << 'q'*len << "\e(B" end
 
 	TIOCGWINSZ = 0x5413
 	TCGETS = 0x5401
@@ -124,10 +124,10 @@ class LinDebug
 		defretval
 	end
 
-	attr_accessor :dataptr, :codeptr, :rs, :promptlog, :command
-	def initialize(rs)
-		@rs = rs
-		@rs.set_log_proc { |l| add_log l }
+	attr_accessor :dataptr, :codeptr, :dbg, :promptlog, :command
+	def initialize(dbg)
+		@dbg = dbg
+		@dbg.set_log_proc { |l| add_log l }
 		@datafmt = 'db'
 
 		@prompthistlen = 20
@@ -148,7 +148,7 @@ class LinDebug
 	end
 
 	def init_rs
-		@codeptr = @dataptr = @rs.pc	# avoid initial faults
+		@codeptr = @dataptr = @dbg.pc	# avoid initial faults
 	end
 
 	def main_loop
@@ -211,14 +211,14 @@ class LinDebug
 
 	def _updateregs
 		pvrsz = 0
-		words = @rs.register_list.map { |r|
+		words = @dbg.register_list.map { |r|
 			rs = r.to_s.rjust(pvrsz)
 			pvrsz = rs.length
-			rv = @rs[r]
-			["#{rs}=%0#{@rs.register_size[r]/4}X " % rv,
+			rv = @dbg[r]
+			["#{rs}=%0#{@dbg.register_size[r]/4}X " % rv,
 				(@oldregs[r] != rv)]
-		} + @rs.flag_list.map { |fl|
-			fv = @rs.get_flag(fl)
+		} + @dbg.flag_list.map { |fl|
+			fv = @dbg.get_flag(fl)
 			[fv ? fl.to_s.upcase : fl.to_s.downcase,
 				(@oldregs[fl] != fv)]
 		}
@@ -253,24 +253,24 @@ class LinDebug
 	def _updatecode
 		if @codeptr
 			addr = @codeptr
-		elsif @oldregs[@rs.register_pc] and @oldregs[@rs.register_pc] < @rs.pc and @oldregs[@rs.register_pc] + 8 >= @rs.pc
-			addr = @oldregs[@rs.register_pc]
+		elsif @oldregs[@dbg.register_pc] and @oldregs[@dbg.register_pc] < @dbg.pc and @oldregs[@dbg.register_pc] + 8 >= @dbg.pc
+			addr = @oldregs[@dbg.register_pc]
 		else
-			addr = @rs.pc
+			addr = @dbg.pc
 		end
 		@codeptr = addr
 
-		addrsz = @rs.register_size[@rs.register_pc]
+		addrsz = @dbg.register_size[@dbg.register_pc]
 		addrfmt = "%0#{addrsz/4}X"
-		if not @rs.addr2module(addr) and @rs.shortname !~ /remote/
+		if not @dbg.addr2module(addr) and @dbg.shortname !~ /remote/
 			base = addr & ((1 << addrsz) - 0x1000)
 			@noelfsig ||= {}	# cache elfmagic notfound
 			if not @noelfsig[base] and base < ((1 << addrsz) - 0x1_0000)
 				self.statusline = " scanning for elf header at #{addrfmt % base}"
 				128.times {
 					@statusline = " scanning for elf header at #{addrfmt % base}"
-					if not @noelfsig[base] and @rs[base, Metasm::ELF::MAGIC.length] == Metasm::ELF::MAGIC
-						@rs.loadsyms(base, base.to_s(16))
+					if not @noelfsig[base] and @dbg[base, Metasm::ELF::MAGIC.length] == Metasm::ELF::MAGIC
+						@dbg.loadsyms(base, base.to_s(16))
 						break
 					else
 						@noelfsig[base] = true	# XXX an elf may be mmaped here later..
@@ -284,35 +284,35 @@ class LinDebug
 
 		text = ''
 		text << Color[:border]
-		title = @rs.addrname(addr)
+		title = @dbg.addrname(addr)
 		pre  = [@console_width-100, 6].max
 		post = @console_width - (pre + title.length + 2)
 		text << Ansi.hline(pre) << ' ' << title << ' ' << Ansi.hline(post) << Color[:normal] << "\n"
 
 		seg = ''
-		seg = ('%04X' % @rs['cs']) << ':' if @rs.cpu.shortname =~ /ia32|x64/
+		seg = ('%04X' % @dbg['cs']) << ':' if @dbg.cpu.shortname =~ /ia32|x64/
 
 		cnt = @win_code_height
 		while (cnt -= 1) > 0
-			if @rs.symbols[addr]
-				text << ('    ' << @rs.symbols[addr] << ?:) << Ansi::ClearLineAfter << "\n"
+			if @dbg.symbols[addr]
+				text << ('    ' << @dbg.symbols[addr] << ?:) << Ansi::ClearLineAfter << "\n"
 				break if (cnt -= 1) <= 0
 			end
-			text << Color[:hilight] if addr == @rs.pc
+			text << Color[:hilight] if addr == @dbg.pc
 			text << seg
-			if @rs.shortname =~ /remote/ and @rs.realmode
-				text << (addrfmt % (addr - 16*@rs['cs']))
+			if @dbg.shortname =~ /remote/ and @dbg.realmode
+				text << (addrfmt % (addr - 16*@dbg['cs']))
 			else
 				text << (addrfmt % addr)
 			end
-			di = @rs.di_at(addr)
-			di = nil if di and addr < @rs.pc and addr+di.bin_length > @rs.pc
+			di = @dbg.di_at(addr)
+			di = nil if di and addr < @dbg.pc and addr+di.bin_length > @dbg.pc
 			len = (di ? di.bin_length : 1)
 			text << '  '
-			text << @rs.memory[addr, [len, 10].min].to_s.unpack('C*').map { |c| '%02X' % c }.join.ljust(22)
+			text << @dbg.memory[addr, [len, 10].min].to_s.unpack('C*').map { |c| '%02X' % c }.join.ljust(22)
 			if di
 				text <<
-				if addr == @rs.pc
+				if addr == @dbg.pc
 					"*#{di.instruction}".ljust([@console_width-(addrsz/4+seg.length+24), 0].max)
 				else
 					" #{di.instruction}" << Ansi::ClearLineAfter
@@ -320,7 +320,7 @@ class LinDebug
 			else
 				text << ' <unk>' << Ansi::ClearLineAfter
 			end
-			text << Color[:normal] if addr == @rs.pc
+			text << Color[:normal] if addr == @dbg.pc
 			addr += len
 			text << "\n"
 		end
@@ -332,7 +332,7 @@ class LinDebug
 	end
 
 	def _updatedata
-		addrsz = @rs.register_size[@rs.register_pc]
+		addrsz = @dbg.register_size[@dbg.register_pc]
 		addrfmt = "%0#{addrsz/4}X"
 
 		@dataptr &= ((1 << addrsz) - 1)
@@ -340,17 +340,17 @@ class LinDebug
 
 		text = ''
 		text << Color[:border]
-		title = @rs.addrname(addr)
+		title = @dbg.addrname(addr)
 		pre  = [@console_width-100, 6].max
 		post = [@console_width - (pre + title.length + 2), 0].max
 		text << Ansi.hline(pre) << ' ' << title << ' ' << Ansi.hline(post) << Color[:normal] << "\n"
 
 		seg = ''
-		seg = ('%04X' % @rs['ds']) << ':' if @rs.cpu.shortname =~ /^ia32/
+		seg = ('%04X' % @dbg['ds']) << ':' if @dbg.cpu.shortname =~ /^ia32/
 
 		cnt = @win_data_height
 		while (cnt -= 1) > 0
-			raw = @rs.memory[addr, 16].to_s
+			raw = @dbg.memory[addr, 16].to_s
 			text << seg << (addrfmt % addr) << '  '
 			case @datafmt
 			when 'db'; text << raw[0,8].unpack('C*').map { |c| '%02x ' % c }.join << ' ' <<
@@ -449,20 +449,21 @@ class LinDebug
 	end
 
 	def preupdate
-		@rs.register_list.each { |r| @oldregs[r] = @rs[r] }
-		@rs.flag_list.each { |fl| @oldregs[fl] = @rs.get_flag(fl) }
+		@dbg.register_list.each { |r| @oldregs[r] = @dbg[r] }
+		@dbg.flag_list.each { |fl| @oldregs[fl] = @dbg.get_flag(fl) }
 	end
 
 	def updatecodeptr
-		@codeptr ||= @rs.pc
-		if @codeptr > @rs.pc or @codeptr < @rs.pc - 6*@win_code_height
-			@codeptr = @rs.pc
-		elsif @codeptr != @rs.pc
+		@codeptr ||= @dbg.pc
+		if @codeptr > @dbg.pc or @codeptr < @dbg.pc - 6*@win_code_height
+			@codeptr = @dbg.pc
+		elsif @codeptr != @dbg.pc
 			addr = @codeptr
 			addrs = []
-			while addr < @rs.pc
+			while addr <= @dbg.pc
 				addrs << addr
-				o = ((di = @rs.di_at(addr)) ? di.bin_length : 0)
+				addrs << addr if @dbg.symbols[addr]
+				o = ((di = @dbg.di_at(addr)) ? di.bin_length : 0)
 				addr += ((o == 0) ? 1 : o)
 			end
 			if addrs.length > @win_code_height-4
@@ -478,35 +479,35 @@ class LinDebug
 	def singlestep
 		self.statusline = ' target singlestepping...'
 		preupdate
-		@rs.singlestep_wait
+		@dbg.singlestep_wait
 		updatecodeptr
 		@statusline = nil
 	end
 	def stepover
 		self.statusline = ' target running...'
 		preupdate
-		@rs.stepover_wait
+		@dbg.stepover_wait
 		updatecodeptr
 		@statusline = nil
 	end
 	def cont(*a)
 		self.statusline = ' target running...'
 		preupdate
-		@rs.continue_wait(*a)
+		@dbg.continue_wait(*a)
 		updatecodeptr
 		@statusline = nil
 	end
 	def stepout
 		self.statusline = ' target running...'
 		preupdate
-		@rs.stepout_wait
+		@dbg.stepout_wait
 		updatecodeptr
 		@statusline = nil
 	end
 	def syscall
 		self.statusline = ' target running to next syscall...'
 		preupdate
-		@rs.syscall_wait
+		@dbg.syscall_wait
 		updatecodeptr
 		@statusline = nil
 	end
@@ -552,9 +553,9 @@ class LinDebug
 				when :data
 					@dataptr -= 16
 				when :code
-					@codeptr ||= @rs.pc
+					@codeptr ||= @dbg.pc
 					@codeptr -= (1..10).find { |off|
-						di = @rs.di_at(@codeptr-off)
+						di = @dbg.di_at(@codeptr-off)
 						di.bin_length == off if di
 					} || 10
 				end
@@ -573,8 +574,8 @@ class LinDebug
 				when :data
 					@dataptr += 16
 				when :code
-					@codeptr ||= @rs.pc
-					di = @rs.di_at(@codeptr)
+					@codeptr ||= @dbg.pc
+					di = @dbg.di_at(@codeptr)
 					@codeptr += (di ? (di.bin_length || 1) : 1)
 				end
 			when :left;  @promptpos -= 1 if @promptpos > 0
@@ -588,10 +589,10 @@ class LinDebug
 				when :prompt; @log_off += @win_prpt_height-3
 				when :data; @dataptr -= 16*(@win_data_height-1)
 				when :code
-					@codeptr ||= @rs.pc
+					@codeptr ||= @dbg.pc
 					(@win_code_height-1).times {
 						@codeptr -= (1..10).find { |off|
-							di = @rs.di_at(@codeptr-off)
+							di = @dbg.di_at(@codeptr-off)
 							di.bin_length == off if di
 						} || 10
 					}
@@ -601,8 +602,8 @@ class LinDebug
 				when :prompt; @log_off -= @win_prpt_height-3
 				when :data; @dataptr += 16*(@win_data_height-1)
 				when :code
-					@codeptr ||= @rs.pc
-					(@win_code_height-1).times { @codeptr += ((o = @rs.di_at(@codeptr)) ? [o.bin_length, 1].max : 1) }
+					@codeptr ||= @dbg.pc
+					(@win_code_height-1).times { @codeptr += ((o = @dbg.di_at(@codeptr)) ? [o.bin_length, 1].max : 1) }
 				end
 			when ?\t
 				if not @promptbuf[0, @promptpos].include? ' '
@@ -631,67 +632,67 @@ class LinDebug
 
 	def load_commands
 		@command['kill'] = lambda { |str|
-			@rs.kill
+			@dbg.kill
 			@running = false
 			log 'killed'
 		}
 		@command['quit'] = @command['detach'] = @command['exit'] = lambda { |str|
-			@rs.detach
+			@dbg.detach
 			@running = false
 		}
 		@command['closeui'] = lambda { |str|
 			@running = false
 		}
 		@command['bpx'] = lambda { |str|
-			@rs.bpx @rs.resolve(str)
+			@dbg.bpx @dbg.resolve(str)
 		}
 		@command['bphw'] = @command['hwbp'] = lambda { |str|
 			type, str = str.split(/\s+/, 2)
-			@rs.hwbp @rs.resolve(str.to_s), type
+			@dbg.hwbp @dbg.resolve(str.to_s), type
 		}
-		@command['bt'] = lambda { |str| @rs.stacktrace { |a,t| add_log "#{'%x' % a} #{t}" } }
-		@command['d'] =  lambda { |str| @dataptr = @rs.resolve(str) if str.length > 0 }
-		@command['db'] = lambda { |str| @datafmt = 'db' ; @dataptr = @rs.resolve(str) if str.length > 0 }
-		@command['dw'] = lambda { |str| @datafmt = 'dw' ; @dataptr = @rs.resolve(str) if str.length > 0 }
-		@command['dd'] = lambda { |str| @datafmt = 'dd' ; @dataptr = @rs.resolve(str) if str.length > 0 }
+		@command['bt'] = lambda { |str| @dbg.stacktrace { |a,t| add_log "#{'%x' % a} #{t}" } }
+		@command['d'] =  lambda { |str| @dataptr = @dbg.resolve(str) if str.length > 0 }
+		@command['db'] = lambda { |str| @datafmt = 'db' ; @dataptr = @dbg.resolve(str) if str.length > 0 }
+		@command['dw'] = lambda { |str| @datafmt = 'dw' ; @dataptr = @dbg.resolve(str) if str.length > 0 }
+		@command['dd'] = lambda { |str| @datafmt = 'dd' ; @dataptr = @dbg.resolve(str) if str.length > 0 }
 		@command['r'] =  lambda { |str|
 			r, str = str.split(/\s+/, 2)
 			if r == 'fl'
-				@rs.toggle_flag(str.to_sym)
-			elsif not @rs[r]
+				@dbg.toggle_flag(str.to_sym)
+			elsif not @dbg[r]
 				log "bad reg #{r}"
 			elsif str and str.length > 0
-				@rs[r] = @rs.resolve(str)
+				@dbg[r] = @dbg.resolve(str)
 			else
-				log "#{r} = #{@rs[r]}"
+				log "#{r} = #{@dbg[r]}"
 			end
 		}
 		@command['g'] = lambda { |str|
-			@rs.go @rs.resolve(str)
+			@dbg.go @dbg.resolve(str)
 		}
-		@command['u'] = lambda { |str| @codeptr = @rs.resolve(str) }
+		@command['u'] = lambda { |str| @codeptr = @dbg.resolve(str) }
 		@command['ruby'] = lambda { |str| instance_eval str }
 		@command['wd'] = lambda { |str|
 			@focus = :data
 			if str.length > 0
-				@win_data_height = @rs.resolve(str)
+				@win_data_height = @dbg.resolve(str)
 				resize
 			end
 		}
 		@command['wc'] = lambda { |str|
 			@focus = :code
 			if str.length > 0
-				@win_code_height = @rs.resolve(str)
+				@win_code_height = @dbg.resolve(str)
 				resize
 			end
 		}
 		@command['wp'] = lambda { |str| @focus = :prompt }
 		@command['?'] = lambda { |str|
-			val = @rs.resolve(str)
+			val = @dbg.resolve(str)
 			log "#{val} 0x#{val.to_s(16)} #{[val].pack('L').inspect}"
 		}
 		@command['syscall'] = lambda { |str|
-			@rs.syscall_wait(str)
+			@dbg.syscall_wait(str)
 		}
 	end
 end
@@ -709,10 +710,10 @@ if $0 == __FILE__
 	when /^(tcp:|udp:)?..+:/, /^ser:/
 		opts[:sc_cpu] = eval(opts[:sc_cpu]) if opts[:sc_cpu] =~ /[.(\s:]/
 		opts[:sc_cpu] = opts[:sc_cpu].new if opts[:sc_cpu].kind_of?(::Class)
-		rs = Metasm::GdbRemoteDebugger.new(ARGV.first, opts[:sc_cpu])
+		dbg = Metasm::GdbRemoteDebugger.new(ARGV.first, opts[:sc_cpu])
 	else
-		rs = Metasm::LinDebugger.new(ARGV.join(' '))
+		dbg = Metasm::LinDebugger.new(ARGV.join(' '))
 	end
-	rs.load_map(opts[:filemap]) if opts[:filemap]
-	LinDebug.new(rs).main_loop
+	dbg.load_map(opts[:filemap]) if opts[:filemap]
+	LinDebug.new(dbg).main_loop
 end