qira/README.md

# QIRA

[![Join the chat at https://gitter.im/BinaryAnalysisPlatform/qira](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/BinaryAnalysisPlatform/qira?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Build Status](https://travis-ci.org/BinaryAnalysisPlatform/qira.svg?branch=master)](https://travis-ci.org/BinaryAnalysisPlatform/qira)

* QIRA is a competitor to strace and gdb
* See http://qira.me/ for high level usage information
* All QIRA code is released under GPLv2 or BSD
* Other code in this repo released under its respective license

## Installing release

See instructions on [qira.me](http://qira.me/) to install 1.2

## Installing trunk

<pre>
cd ~/
git clone https://github.com/BinaryAnalysisPlatform/qira.git
cd qira/
./install.sh
</pre>

## Installation Extras

* ./fetchlibs.sh will fetch the libraries for i386, armhf, armel, aarch64, mips, mipsel, and ppc
* ./pin_build.sh will install the QIRA PIN plugin, allowing --pin to work


## Releases

* v1.2 -- Many many changes. Forced release due to v1.0 not working anymore.
* v1.1 -- Support for names and comments. Static stuff added. Register colors.
* v1.0 -- Perf is good! Tons of bugfixes. Quality software. http://qira.me/
* v0.9 -- Function indentation. haddrline added (look familiar?). Register highlighting in hexdump.
* v0.8 -- Intel syntax! Shipping CDA (cda a.out) and experimental PIN backend. Bugfixes. Windows support?
* v0.7 -- DWARF support. Builds QEMU if distributed binaries don't work. Windows IDA plugin.
* v0.6 -- Added changes before webforking. Highlight strace addresses. Default on analysis.
* v0.5 -- Fixed regression in C++ database causing wrong values. Added PowerPC support. Added "A" button.
* v0.4 -- Using 50x faster C++ database. strace support. argv and envp are there.
* v0.3 -- Built in socat, multiple traces, forks (experimental). Somewhat working x86-64 and ARM support
* v0.2 -- Removed dependency on mongodb, much faster. IDA plugin fixes, Mac version.
* v0.1 -- Initial release


## UI

<pre>
At the top, you have 4 boxes, called the controls.
  Blue = change number, grey = fork number
  red = instruction address (iaddr), yellow = data address (daddr).

On the left you have the vtimeline, this is the full trace of the program.
  The top is the start of the program, the bottom is the end/current state.
  More green = deeper into a function.
  The currently selected change is blue, red is every passthrough of the current iaddr
  Bright yellow is a write to the daddr, dark yellow is a read from the daddr.
  This color scheme is followed everywhere.

Below the controls, you have the idump, showing instructions near the current change
Under that is the regviewer, datachanges, hexeditor, and strace, all self explanatory.
</pre>


## Mouse Actions
Click on vtimeline to navigate around. Right-click forks to delete them. Click on data (or doubleclick if highlightable) to follow in data. Right-click on instruction address to follow in instruction.

## Keyboard Shortcuts in web/client/controls.js
<pre>
j -- next invocation of instruction
k -- prev invocation of instruction

shift-j -- next toucher of data
shift-k -- prev toucher of data

m -- go to return from current function
, -- go to start of current function

z -- zoom out max on vtimeline

l -- set iaddr to instruction at current clnum

left  -- -1 fork
right -- +1 fork
up    -- -1 clnum
down  -- +1 clnum

esc -- back

shift-c -- clear all forks

n -- rename instruction
shift-n -- rename data
; -- add comment at instruction
shift-; -- add comment at data

g -- go to change, address, or name
space -- toggle flat/function view

p -- analyze function at iaddr
c -- make code at iaddr, one instruction
a -- make ascii at iaddr
d -- make data at iaddr
u -- make undefined at iaddr
</pre>

## Installation on Windows (experimental)

* Install git and python 2.7.9
* Run install.bat


## Session state
<pre>
clnum -- selected changelist number
forknum -- selected fork number
iaddr -- selected instruction address
daddr -- selected data address

cview -- viewed changelists in the vtimeline
dview -- viewed window into data in the hexeditor
iview -- viewed address in the static view

max_clnum -- max changelist number for each fork
dirtyiaddr -- whether we should update the clnum based on the iaddr or not
flat -- if we are in flat view
</pre>
add clang to deps and switch readme to markdown 2015-02-23 01:13:35 +03:00			`# QIRA`

move badge 2015-08-13 12:08:15 +03:00			`[![Join the chat at https://gitter.im/BinaryAnalysisPlatform/qira](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/BinaryAnalysisPlatform/qira?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Build Status](https://travis-ci.org/BinaryAnalysisPlatform/qira.svg?branch=master)](https://travis-ci.org/BinaryAnalysisPlatform/qira)`
add clang to deps and switch readme to markdown 2015-02-23 01:13:35 +03:00
better markdown 2015-02-23 01:32:26 +03:00			`* QIRA is a competitor to strace and gdb`
			`* See http://qira.me/ for high level usage information`
			`* All QIRA code is released under GPLv2 or BSD`
Proofread README.md Fix grammar, punctuation, and orthography. Note: In English, unlike C code, parentheses are usually preceded by a space. 2016-01-30 12:16:28 +03:00			`* Other code in this repo released under its respective license`
added missing apt to install, readme, gitignore 2015-02-16 23:16:42 +03:00
better markdown 2015-02-23 01:32:26 +03:00			`## Installing release`
added missing apt to install, readme, gitignore 2015-02-16 23:16:42 +03:00
responded to hackernews complaints 2016-01-31 02:04:09 +03:00			`See instructions on [qira.me](http://qira.me/) to install 1.2`
added missing apt to install, readme, gitignore 2015-02-16 23:16:42 +03:00
better markdown 2015-02-23 01:32:26 +03:00			`## Installing trunk`
README updated 2014-07-23 23:55:20 +04:00
better markdown 2015-02-23 01:32:26 +03:00			`<pre>`
update readme 2015-02-16 22:56:52 +03:00			`cd ~/`
			`git clone https://github.com/BinaryAnalysisPlatform/qira.git`
			`cd qira/`
			`./install.sh`
better markdown 2015-02-23 01:32:26 +03:00			`</pre>`
libs and broken mingw 2014-08-21 20:54:14 +04:00
better markdown 2015-02-23 01:32:26 +03:00			`## Installation Extras`
libs and broken mingw 2014-08-21 20:54:14 +04:00
update readme to reflect more arches in fetchlibs.sh 2015-08-21 05:18:41 +03:00			`* ./fetchlibs.sh will fetch the libraries for i386, armhf, armel, aarch64, mips, mipsel, and ppc`
better markdown 2015-02-23 01:32:26 +03:00			`* ./pin_build.sh will install the QIRA PIN plugin, allowing --pin to work`
README updated 2014-07-23 23:55:20 +04:00
readme update 2014-09-13 19:15:57 +04:00
better markdown 2015-02-23 01:32:26 +03:00			`## Releases`
update readme for new release 2014-09-11 18:33:38 +04:00
notate v1.2 2016-01-31 02:18:38 +03:00			`* v1.2 -- Many many changes. Forced release due to v1.0 not working anymore.`
better markdown 2015-02-23 01:32:26 +03:00			`* v1.1 -- Support for names and comments. Static stuff added. Register colors.`
			`* v1.0 -- Perf is good! Tons of bugfixes. Quality software. http://qira.me/`
Proofread README.md Fix grammar, punctuation, and orthography. Note: In English, unlike C code, parentheses are usually preceded by a space. 2016-01-30 12:16:28 +03:00			`* v0.9 -- Function indentation. haddrline added (look familiar?). Register highlighting in hexdump.`
			`* v0.8 -- Intel syntax! Shipping CDA (cda a.out) and experimental PIN backend. Bugfixes. Windows support?`
better markdown 2015-02-23 01:32:26 +03:00			`* v0.7 -- DWARF support. Builds QEMU if distributed binaries don't work. Windows IDA plugin.`
			`* v0.6 -- Added changes before webforking. Highlight strace addresses. Default on analysis.`
			`* v0.5 -- Fixed regression in C++ database causing wrong values. Added PowerPC support. Added "A" button.`
			`* v0.4 -- Using 50x faster C++ database. strace support. argv and envp are there.`
Proofread README.md Fix grammar, punctuation, and orthography. Note: In English, unlike C code, parentheses are usually preceded by a space. 2016-01-30 12:16:28 +03:00			`* v0.3 -- Built in socat, multiple traces, forks (experimental). Somewhat working x86-64 and ARM support`
better markdown 2015-02-23 01:32:26 +03:00			`* v0.2 -- Removed dependency on mongodb, much faster. IDA plugin fixes, Mac version.`
			`* v0.1 -- Initial release`
updated readme for cda 2014-08-10 23:18:28 +04:00
readme update 2014-09-13 19:15:57 +04:00
better markdown 2015-02-23 01:32:26 +03:00			`## UI`
better readme 2014-08-15 10:34:17 +04:00
better markdown 2015-02-23 01:32:26 +03:00			`<pre>`
better readme 2014-08-15 10:34:17 +04:00			`At the top, you have 4 boxes, called the controls.`
Proofread README.md Fix grammar, punctuation, and orthography. Note: In English, unlike C code, parentheses are usually preceded by a space. 2016-01-30 12:16:28 +03:00			`Blue = change number, grey = fork number`
			`red = instruction address (iaddr), yellow = data address (daddr).`
better readme 2014-08-15 10:34:17 +04:00
			`On the left you have the vtimeline, this is the full trace of the program.`
			`The top is the start of the program, the bottom is the end/current state.`
			`More green = deeper into a function.`
			`The currently selected change is blue, red is every passthrough of the current iaddr`
			`Bright yellow is a write to the daddr, dark yellow is a read from the daddr.`
Proofread README.md Fix grammar, punctuation, and orthography. Note: In English, unlike C code, parentheses are usually preceded by a space. 2016-01-30 12:16:28 +03:00			`This color scheme is followed everywhere.`
better readme 2014-08-15 10:34:17 +04:00
			`Below the controls, you have the idump, showing instructions near the current change`
			`Under that is the regviewer, datachanges, hexeditor, and strace, all self explanatory.`
better markdown 2015-02-23 01:32:26 +03:00			`</pre>`
better readme 2014-08-15 10:34:17 +04:00

better markdown 2015-02-23 01:32:26 +03:00			`## Mouse Actions`
Proofread README.md Fix grammar, punctuation, and orthography. Note: In English, unlike C code, parentheses are usually preceded by a space. 2016-01-30 12:16:28 +03:00			`Click on vtimeline to navigate around. Right-click forks to delete them. Click on data (or doubleclick if highlightable) to follow in data. Right-click on instruction address to follow in instruction.`
README updated 2014-07-23 23:55:20 +04:00
better markdown 2015-02-23 01:32:26 +03:00			`## Keyboard Shortcuts in web/client/controls.js`
			`<pre>`
delete develinstall 2014-07-31 23:27:16 +04:00			`j -- next invocation of instruction`
			`k -- prev invocation of instruction`

undefined works 2014-11-23 03:43:40 +03:00			`shift-j -- next toucher of data`
			`shift-k -- prev toucher of data`
delete develinstall 2014-07-31 23:27:16 +04:00
new navigation method 2014-08-18 23:45:27 +04:00			`m -- go to return from current function`
			`, -- go to start of current function`

delete develinstall 2014-07-31 23:27:16 +04:00			`z -- zoom out max on vtimeline`

add l keyboard shortcut 2014-08-04 18:39:13 +04:00			`l -- set iaddr to instruction at current clnum`

delete develinstall 2014-07-31 23:27:16 +04:00			`left -- -1 fork`
			`right -- +1 fork`
			`up -- -1 clnum`
			`down -- +1 clnum`

			`esc -- back`
adding 64-bit support, slowly 2014-07-19 01:49:35 +04:00
delete all forks 2014-08-10 19:32:35 +04:00			`shift-c -- clear all forks`

names dont mess up layout quite as much 2014-09-09 18:50:37 +04:00			`n -- rename instruction`
			`shift-n -- rename data`
			`; -- add comment at instruction`
			`shift-; -- add comment at data`

hacky disasm 2014-09-12 22:01:06 +04:00			`g -- go to change, address, or name`
fixups 2014-11-29 00:11:03 +03:00			`space -- toggle flat/function view`
names, comments, and gotos 2014-09-09 19:36:01 +04:00
pretty for poster 2014-12-09 23:04:36 +03:00			`p -- analyze function at iaddr`
add strings and data and stufF 2014-11-23 03:25:48 +03:00			`c -- make code at iaddr, one instruction`
			`a -- make ascii at iaddr`
			`d -- make data at iaddr`
fixups 2014-11-29 00:11:03 +03:00			`u -- make undefined at iaddr`
better markdown 2015-02-23 01:32:26 +03:00			`</pre>`
updated readme for cda 2014-08-10 23:18:28 +04:00
better markdown 2015-02-23 01:32:26 +03:00			`## Installation on Windows (experimental)`
rip out broken CDA 2015-02-23 01:17:34 +03:00
better markdown 2015-02-23 01:32:26 +03:00			`* Install git and python 2.7.9`
			`* Run install.bat`
updated readme for cda 2014-08-10 23:18:28 +04:00
describe session state in readme 2014-09-16 18:22:22 +04:00
better markdown 2015-02-23 01:32:26 +03:00			`## Session state`
			`<pre>`
Proofread README.md Fix grammar, punctuation, and orthography. Note: In English, unlike C code, parentheses are usually preceded by a space. 2016-01-30 12:16:28 +03:00			`clnum -- selected changelist number`
			`forknum -- selected fork number`
			`iaddr -- selected instruction address`
			`daddr -- selected data address`
describe session state in readme 2014-09-16 18:22:22 +04:00
Proofread README.md Fix grammar, punctuation, and orthography. Note: In English, unlike C code, parentheses are usually preceded by a space. 2016-01-30 12:16:28 +03:00			`cview -- viewed changelists in the vtimeline`
			`dview -- viewed window into data in the hexeditor`
			`iview -- viewed address in the static view`
describe session state in readme 2014-09-16 18:22:22 +04:00
Proofread README.md Fix grammar, punctuation, and orthography. Note: In English, unlike C code, parentheses are usually preceded by a space. 2016-01-30 12:16:28 +03:00			`max_clnum -- max changelist number for each fork`
			`dirtyiaddr -- whether we should update the clnum based on the iaddr or not`
describe session state in readme 2014-09-16 18:22:22 +04:00			`flat -- if we are in flat view`
add clang to deps and switch readme to markdown 2015-02-23 01:13:35 +03:00			`</pre>`
describe session state in readme 2014-09-16 18:22:22 +04:00