2015-02-23 01:13:35 +03:00
# QIRA
2015-08-10 22:54:33 +03:00
## QIRA trunk is currently low quality. We recommend you install the release version from [qira.me](http://qira.me/)
2015-08-13 12:08:15 +03:00
[](https://gitter.im/BinaryAnalysisPlatform/qira?utm_source=badge& utm_medium=badge& utm_campaign=pr-badge& utm_content=badge) [](https://travis-ci.org/BinaryAnalysisPlatform/qira)
2015-02-23 01:13:35 +03:00
2015-02-23 01:32:26 +03:00
* QIRA is a competitor to strace and gdb
* See http://qira.me/ for high level usage information
* All QIRA code is released under GPLv2 or BSD
* Other code in this repo released under it's respective license
2015-02-16 23:16:42 +03:00
2015-02-23 01:32:26 +03:00
## Installing release
2015-02-16 23:16:42 +03:00
2015-02-23 01:32:26 +03:00
See instructions on [qira.me ](http://qira.me/ ) to install 1.0, the most stable version of QIRA
2015-02-16 23:16:42 +03:00
2015-02-23 01:32:26 +03:00
## Installing trunk
2014-07-23 23:55:20 +04:00
2015-02-23 01:32:26 +03:00
< pre >
2015-02-16 22:56:52 +03:00
cd ~/
git clone https://github.com/BinaryAnalysisPlatform/qira.git
cd qira/
./install.sh
2015-02-23 01:32:26 +03:00
< / pre >
2014-08-21 20:54:14 +04:00
2015-02-23 01:32:26 +03:00
## Installation Extras
2014-08-21 20:54:14 +04:00
2015-08-21 05:18:41 +03:00
* ./fetchlibs.sh will fetch the libraries for i386, armhf, armel, aarch64, mips, mipsel, and ppc
2015-02-23 01:32:26 +03:00
* ./pin_build.sh will install the QIRA PIN plugin, allowing --pin to work
2014-07-23 23:55:20 +04:00
2014-09-13 19:15:57 +04:00
2015-02-23 01:32:26 +03:00
## Releases
2014-09-11 18:33:38 +04:00
2015-02-23 01:32:26 +03:00
* v1.1 -- Support for names and comments. Static stuff added. Register colors.
* v1.0 -- Perf is good! Tons of bugfixes. Quality software. http://qira.me/
* v0.9 -- Function indentation. haddrline added(look familiar?). Register highlighting in hexdump.
* v0.8 -- Intel syntax! Shipping CDA(cda a.out) and experimental PIN backend. Bugfixes. Windows support?
* v0.7 -- DWARF support. Builds QEMU if distributed binaries don't work. Windows IDA plugin.
* v0.6 -- Added changes before webforking. Highlight strace addresses. Default on analysis.
* v0.5 -- Fixed regression in C++ database causing wrong values. Added PowerPC support. Added "A" button.
* v0.4 -- Using 50x faster C++ database. strace support. argv and envp are there.
* v0.3 -- Built in socat, multiple traces, forks(experimental). Somewhat working x86-64 and ARM support
* v0.2 -- Removed dependency on mongodb, much faster. IDA plugin fixes, Mac version.
* v0.1 -- Initial release
2014-08-10 23:18:28 +04:00
2014-09-13 19:15:57 +04:00
2015-02-23 01:32:26 +03:00
## UI
2014-08-15 10:34:17 +04:00
2015-02-23 01:32:26 +03:00
< pre >
2014-08-15 10:34:17 +04:00
At the top, you have 4 boxes, called the controls.
Blue = change number, Grey = fork number
Red = instruction address(iaddr), Yellow = data address(daddr)
On the left you have the vtimeline, this is the full trace of the program.
The top is the start of the program, the bottom is the end/current state.
More green = deeper into a function.
The currently selected change is blue, red is every passthrough of the current iaddr
Bright yellow is a write to the daddr, dark yellow is a read from the daddr.
This color scheme is followed everywhere
Below the controls, you have the idump, showing instructions near the current change
Under that is the regviewer, datachanges, hexeditor, and strace, all self explanatory.
2015-02-23 01:32:26 +03:00
< / pre >
2014-08-15 10:34:17 +04:00
2015-02-23 01:32:26 +03:00
## Mouse Actions
Click on vtimeline to navigate around. Right click forks to delete them. Click on data(or doubleclick if highlightable) to follow in data. Right click on instruction address to follow in instruction.
2014-07-23 23:55:20 +04:00
2015-02-23 01:32:26 +03:00
## Keyboard Shortcuts in web/client/controls.js
< pre >
2014-07-31 23:27:16 +04:00
j -- next invocation of instruction
k -- prev invocation of instruction
2014-11-23 03:43:40 +03:00
shift-j -- next toucher of data
shift-k -- prev toucher of data
2014-07-31 23:27:16 +04:00
2014-08-18 23:45:27 +04:00
m -- go to return from current function
, -- go to start of current function
2014-07-31 23:27:16 +04:00
z -- zoom out max on vtimeline
2014-08-04 18:39:13 +04:00
l -- set iaddr to instruction at current clnum
2014-07-31 23:27:16 +04:00
left -- -1 fork
right -- +1 fork
up -- -1 clnum
down -- +1 clnum
esc -- back
2014-07-19 01:49:35 +04:00
2014-08-10 19:32:35 +04:00
shift-c -- clear all forks
2014-09-09 18:50:37 +04:00
n -- rename instruction
shift-n -- rename data
; -- add comment at instruction
shift-; -- add comment at data
2014-09-12 22:01:06 +04:00
g -- go to change, address, or name
2014-11-29 00:11:03 +03:00
space -- toggle flat/function view
2014-09-09 19:36:01 +04:00
2014-12-09 23:04:36 +03:00
p -- analyze function at iaddr
2014-11-23 03:25:48 +03:00
c -- make code at iaddr, one instruction
a -- make ascii at iaddr
d -- make data at iaddr
2014-11-29 00:11:03 +03:00
u -- make undefined at iaddr
2015-02-23 01:32:26 +03:00
< / pre >
2014-08-10 23:18:28 +04:00
2015-02-23 01:32:26 +03:00
## Installation on Windows (experimental)
2015-02-23 01:17:34 +03:00
2015-02-23 01:32:26 +03:00
* Install git and python 2.7.9
* Run install.bat
2014-08-10 23:18:28 +04:00
2014-09-16 18:22:22 +04:00
2015-02-23 01:32:26 +03:00
## Session state
< pre >
2014-09-16 18:22:22 +04:00
clnum -- Selected changelist number
forknum -- Selected fork number
iaddr -- Selected instruction address
daddr -- Selected data address
cview -- Viewed changelists in the vtimeline
dview -- Viewed window into data in the hexeditor
2014-09-17 18:28:55 +04:00
iview -- Viewed address in the static view
2014-09-16 18:22:22 +04:00
max_clnum -- Max changelist number for each fork
dirtyiaddr -- Whether we should update the clnum based on the iaddr or not
flat -- if we are in flat view
2015-02-23 01:13:35 +03:00
< / pre >
2014-09-16 18:22:22 +04:00
