ragweed 0.1.7.3 → 0.2.0.pre1

data/README.rdoc

@@ -1,35 +1,60 @@
-Ragweed
-    by tduehr, struct, and tqbf
-    http://matasano.com/log
+== Ragweed
+    by tduehr, crohlf, and tqbf
+    http://chargen.matasano.com
 
 == DESCRIPTION:
 
 * Ragweed is a set of scriptable debugging tools written mostly in native ruby.
 
 * Where required the Ruby/DL and Win32API libraries are used to interface the machine
-and OS native system calls.
+  and OS native system calls.
+
+== Supported Platforms
+
+Ragweed is supported and has been tested on the following platforms (32bit intel only):
+
+  Windows 7
+  Windows XP
+  Linux Ubuntu 10.4
+  Linux Ubuntu 9.10
+  Mac OS X 10.6
+  Mac OS X 10.5
+
+At this time only Ruby 1.8.x has been tested. We are actively investigating both 64 bit
+support for each platform and support for Ruby 1.9.x. Unfortunately, both of these things
+require significant changes to Ragweed.
+
+* We are currently moving to FFI from ruby/dl. This will likely result in some incompatibilities if you are using the low level functions calls directly. It will also add ffi as a dependency. This move is to facilitate 1.9 and 64bit support.
 
 == FEATURES/PROBLEMS:
 
 * This suite is currently fairly piecemeal. Each OS has it's own set of tools.
-The most complete set is for Win32.
+  The most complete set is for Win32.
 
 * Work is ongoing to complete and unify the OSX and Linux portions.
 
+* The FFI move is mostly complete. There may be a few changes to some structures to come, but everything should mostly match the C APIs.
+
+* The move to FFI should give us free support for jRuby. This is, however, untested at this time.
+
+* Struct's Nerve[http://github.com/struct/Nerve] is an example of the API we are heading toward
+
 == SYNOPSIS:
 
   require 'debuggerosx'
   d = Debuggerosx.new(514) # pid of process to trace
 
+Please see the examples directory for more. There are hit tracers for each platform.
+
 == REQUIREMENTS:
 
-* NONE - no really, this is pure native ruby hooking system libraries. There are no other dependencies, none.
+* FFI - This was required to get around the limitations of Ruby/DL. If you're using Ragweed from jRuby, this should be free.
 
 == INSTALL:
 
-  # we're using gemcutter now. once gemcutter is a source just:
   sudo gem install ragweed
+  # relax with a tasty beverage, you're done
 
 == LICENSE:
 
-Copyright 2009 Matasano Security, LLC All Rights Reserved
+Copyright 2009/2010 Matasano Security, LLC All Rights Reserved

data/Rakefile

@@ -1,28 +1,85 @@
 
+# begin
+#   require 'bones'
+# rescue LoadError
+#   abort '### Please install the "bones" gem ###'
+# end
+# 
+# ensure_in_path 'lib'
+# require 'ragweed'
+# 
+# task :default => 'test:run'
+# task 'gem:release' => 'test:run'
+# 
+# Bones {
+#   name 'ragweed'
+#   ignore_file '.gitignore'
+#   authors 'tduehr, tqbf, struct'
+#   email 'td@matasano.com'
+#   description 'General debugging tool written in Ruby for OSX/Win32/Linux'
+#   summary 'Scriptable debugger'
+#   exclude << %w(old$)
+#   url 'http://github.com/tduehr/ragweed/tree/master'
+#   version Ragweed::VERSION
+#   rdoc.opts << "--inline-source"
+#   rdoc.opts << "--line-numbers"
+#   spec.opts << '--color'
+# }
+# # EOF
+
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "ragweed"
+    gem.summary = %Q{Scriptable debugger}
+    gem.description = %Q{General debugging tool written in Ruby for OSX/Win32/Linux}
+    gem.email = "td@matasano.com"
+    gem.homepage = "http://github.com/tduehr/ragweed"
+    gem.authors = ["tduehr", "struct", "tqbf"]
+    gem.rdoc_options = ["--inline-source", "--line-numbers", "--main", "README.rdoc"]
+    gem.add_dependency "ffi", ">= 0"
+    # gem.exclude = [%w(old)]
+    # gem.add_development_dependency "thoughtbot-shoulda", ">= 0"
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
 begin
-  require 'bones'
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/test_*.rb'
+    test.verbose = true
+  end
 rescue LoadError
-  abort '### Please install the "bones" gem ###'
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
+  end
 end
 
-ensure_in_path 'lib'
-require 'ragweed'
-
-task :default => 'test:run'
-task 'gem:release' => 'test:run'
-
-Bones {
-  name 'ragweed'
-  ignore_file '.gitignore'
-  authors 'tduehr, tqbf, struct'
-  email 'td@matasano.com'
-  description 'General debugging tool written in Ruby for OSX/Win32/Linux'
-  summary 'Scriptable debugger'
-  exclude << %w(old$)
-  url 'http://github.com/tduehr/ragweed/tree/master'
-  version Ragweed::VERSION
-  rdoc.opts << "--inline-source"
-  rdoc.opts << "--line-numbers"
-  spec.opts << '--color'
-}
-# EOF
+task :test => :check_dependencies
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "ragweed #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.2.0.pre1

data/examples/hittracertux.rb

@@ -1,17 +1,14 @@
 #!/usr/bin/env ruby
 
 require 'ragweed'
-require 'debuggertux'
-require 'pp'
-require 'irb'
-#include Ragweed
 
 filename = ARGV[0]
 pid = ARGV[1].to_i
 
 raise "hittracertux.rb FILE PID" if (ARGV.size < 2 or pid <= 0)
 
-d = Debuggertux.new(pid)
+opts = {}
+d = Ragweed::Debuggertux.new(pid, opts)
 d.attach
 
 File.open(filename, "r") do |fd|
@@ -27,7 +24,6 @@ d.install_bps
 d.continue
 catch(:throw) { d.loop }
 
-
 # An IDC script for generating the text file this hit tracer requires
 =begin
 #include <idc.idc>

data/examples/hook_notepad.rb

@@ -1,7 +1,7 @@
 require "ragweed"
 include Ragweed
 
-dbg = Debugger.find_by_regex /notepad/i
+dbg = Debugger32.find_by_regex /notepad/i
 raise "notepad not running" if dbg.nil?
 
 dbg.hook('kernel32!CreateFileW', 7) {|e,c,d,a| puts "#{d} CreateFileW for #{dbg.process.read(a[0],512).from_utf16_buffer}"}

data/examples/tux-example.rb

@@ -2,7 +2,6 @@
 
 ## Simple example of attaching to a process and letting it run
 
-require 'rubygems' # Yah I know its bad
 require 'ragweed'
 
 pid = Ragweed::Debuggertux.find_by_regex(/gcalctool/)
@@ -14,7 +13,9 @@ begin
 	puts "Which thread do you want to attach to?"
 	pid = STDIN.gets.chomp.to_i
 
-	d = Ragweed::Debuggertux.new(pid)
+    opts = {}
+    opts[:fork] = true  ## This flag tells ragweed to trace any forked child processes
+	d = Ragweed::Debuggertux.new(pid, opts)
 	d.attach
 	d.continue
 	catch(:throw) { d.loop }