radareorg / radare2 Goto Github PK
View Code? Open in Web Editor NEWUNIX-like reverse engineering framework and command-line toolset
Home Page: https://www.radare.org/
License: GNU Lesser General Public License v3.0
UNIX-like reverse engineering framework and command-line toolset
Home Page: https://www.radare.org/
License: GNU Lesser General Public License v3.0
15:19 < vext01> p/debug_native.c: In function 'r_debug_native_continue':
15:19 < vext01> p/debug_native.c:303: warning: cast from pointer to integer of different size
15:19 < vext01> p/debug_native.c:796:2: warning: #warning NO DEBUGGER REGISTERS PROFILE DEFINED
15:19 < vext01> p/debug_native.c: In function 'r_debug_native_reg_read':
Reply 1: I have no access to any sparc64 box, i should think that you are testing in OpenBSD. Ping me by irc if you need some help to cook this patch.
I did the following:
(assume that 1234 is the pid of the process)
% r2 -d 1234
io /proc/1234/exe
.ia*
is
I also tried: > .!rabin2 -rsiI /proc/1234/exe
Need more testing and ease to use.
$ r2 -a arm -D gdb gdb://host:port
(maybe we should just handle this with -d when gdb:// is used)
$ rabin2 -v
rabin2 v0.9.3git
$ echo 00000034001c000201020000000d0efb01010101010000000001000073612e61 | xxd -r -p > /tmp/bin
$ rabin2 -z /tmp/bin
Segmentation fault (core dumped)
$ gdb rabin2
GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
http://bugs.launchpad.net/gdb-linaro/...
Reading symbols from /usr/bin/rabin2...done.
(gdb) r -z /tmp/bin
Starting program: /usr/bin/rabin2 -z /tmp/bin
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6b1f61a in r_config_node_get (cfg=0x0, name=0x7ffff79cea58 "bin.strings") at config.c:56
56 return r_hashtable_lookup (cfg->ht, r_str_hash (name));
(gdb) p name
$1 = 0x7ffff79cea58 "bin.strings"
(gdb) p cfg->ht
Cannot access memory at address 0x30
if the last character is of the replacement is b it always gets put at the beginning of the string regardless of where you told it to go.
root@protostar:# ragg2 -p A200 -d 50:0xccccccb# ragg2 -p A200 -d 50:0xcb
cbcccc0c41414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141
root@protostar:
cb00000041414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141
root@protostar:# ragg2 -p A10 -d 50:0xcb# ragg2 -p A20 -w 10:cb
cb000000414141414141
root@protostar:
cb41414141414141414141414141414141414141
reproduce it with:
% r2 /usr/bin/ls
press 'V'
press 'v'
press again 'v'
after this i can't do anything, even 'q' does nothing.
objdump -d automatically resolves the target of such calls. It would be great if radare2 could display this information as comment as well when using pd.
Reply 1: some work has been done, but needs some rethinking and proper integration with x86im library
P.S. Moved from http://rada.re/y/bugs.php?bugs&s=view&id=62
it would be better if the arrows in 'pd' would have colors. it will be more readable (or viewable ;p).
Sample: http://pastebin.com/DWeqcs4V
Binary used: http://www.reversing.be/easyfile/file.php?show=20080713151812213
On irc pancake suggested
e asm.bits=32
.!rabin2 -risv yourfile
which seemed to work at first glance but when you try to step:
[0x080485d4]> ds
trace_pc: cannot get opcode size at 0x0
and rip of 0x0
For some reason core ptr is NULL.
You can reproduce it with:
PS: this bug exist only if you use dbg://
$ radare2 -v
radare2 0.9 @ linux-little-x86
$ cat /etc/_-release | grep -i _name
PRETTY_NAME="Ubuntu precise (12.04.1 LTS)"
$ python -c 'print "f"_40000' > /tmp/zzzz
$ rasm2 -a armthumb -b 32 -f /tmp/zzzz
WARNING: cannot set asm backend to 32 bits
*** buffer overflow detected ***: rasm2 terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x45)[0x45f045]
/lib/i386-linux-gnu/libc.so.6(+0x102e1a)[0x45de1a]
/lib/i386-linux-gnu/libc.so.6(+0x10214d)[0x45d14d]
...
Having build time and commit info is important. Also, we should display all this information in one line
$ r2 -v
radare2 0.9.5git @ darwin-little-x86-64 build 2013-04-03
commit: 240ff7da71c37010d3f2a4b5a080ef33bad00e7f
$ rasm2 -v
rasm2 v0.9.5git
$ rabin2 -v
rabin2 v0.9.5git
[0x00000100]> e asm.bits
16
[0x00000100]> pd 1
0x00000100 e9010f jmp word 0x1004
[0x00000100]> ao 5
addr: 0x00000100
size: 5
type: 1 (jmp)
eob: 1
jump: 0xffffffffc9341006
fail: 0xffffffffffffffff
stack: 0
cond: 0
family: 0
So, "pd 1" reports that the opcode length is 3 (which is correct), but "ao 5" says "size: 5". Maybe it interprets it in 32-bit mode instead of 16-bit.
I'm testing on:
./bin/r2 -v
radare2 0.9.1git @ darwin-little-x86-64 build 2012-09-24
commit: 757d692e19d6ebb7a31d301e8f5405e5120e6b83
Under latest cygwin on Windows 7x64 box
$ make
make libr
make[1]: Entering directory `/cygdrive/d/Work/radare2'
cd libr && make all
make[2]: Entering directory `/cygdrive/d/Work/radare2/libr'
Makefile:23: warning: overriding recipe for target `all'
config.mk:149: warning: ignoring old recipe for target `all'
make util hash socket
make[3]: Entering directory `/cygdrive/d/Work/radare2/libr'
Makefile:23: warning: overriding recipe for target `all'
config.mk:149: warning: ignoring old recipe for target `all'
DIR util
cd util ; make
make[4]: Entering directory `/cygdrive/d/Work/radare2/libr/util'
../rules.mk:36: warning: overriding recipe for target `all'
../config.mk:149: warning: ignoring old recipe for target `all'
../rules.mk:63: warning: overriding recipe for target `libr_util.'
../rules.mk:41: warning: ignoring old recipe for target `libr_util.'
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o mem.o mem.c
mem.c:1:0: warning: -fPIC ignored for target (all code is position independent)
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o pool.o pool.c
pool.c:1:0: warning: -fPIC ignored for target (all code is position independent)
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o num.o num.c
num.c:1:0: warning: -fPIC ignored for target (all code is position independent)
num.c: In function 'r_num_get':
num.c:95:3: warning: 'I' flag used with '%x' gnu_scanf format
num.c:95:3: warning: format '%I64x' expects type 'unsigned int *', but argument 3 has type 'long long unsigned int *'
num.c:95:3: warning: 'I' flag used with '%x' gnu_scanf format
num.c:95:3: warning: format '%I64x' expects type 'unsigned int *', but argument 3 has type 'long long unsigned int *'
num.c:102:4: warning: 'I' flag used with '%x' gnu_scanf format
num.c:102:4: warning: format '%I64x' expects type 'unsigned int *', but argument 3 has type 'long long unsigned int *'
num.c:102:4: warning: 'I' flag used with '%x' gnu_scanf format
num.c:102:4: warning: format '%I64x' expects type 'unsigned int *', but argument 3 has type 'long long unsigned int *'
num.c:105:4: warning: 'I' flag used with '%o' gnu_scanf format
num.c:105:4: warning: format '%I64o' expects type 'unsigned int *', but argument 3 has type 'long long unsigned int *'
num.c:105:4: warning: 'I' flag used with '%o' gnu_scanf format
num.c:105:4: warning: format '%I64o' expects type 'unsigned int *', but argument 3 has type 'long long unsigned int *'
num.c:115:4: warning: format '%I64d' expects type 'int *', but argument 3 has type 'long long unsigned int *'
num.c:115:4: warning: format '%I64d' expects type 'int *', but argument 3 has type 'long long unsigned int *'
num.c:119:4: warning: format '%I64d' expects type 'int *', but argument 3 has type 'long long unsigned int *'
num.c:119:4: warning: format '%I64d' expects type 'int *', but argument 3 has type 'long long unsigned int *'
num.c:123:4: warning: format '%I64d' expects type 'int *', but argument 3 has type 'long long unsigned int *'
num.c:123:4: warning: format '%I64d' expects type 'int *', but argument 3 has type 'long long unsigned int *'
num.c:127:4: warning: format '%I64d' expects type 'int *', but argument 3 has type 'long long unsigned int *'
num.c:127:4: warning: format '%I64d' expects type 'int *', but argument 3 has type 'long long unsigned int *'
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o str.o str.c
str.c:1:0: warning: -fPIC ignored for target (all code is position independent)
str.c: In function 'r_str_bits':
str.c:80:5: warning: array subscript has type 'char'
str.c: In function 'r_str_case':
str.c:161:4: warning: array subscript has type 'char'
str.c:164:4: warning: array subscript has type 'char'
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o hex.o hex.c
hex.c:1:0: warning: -fPIC ignored for target (all code is position independent)
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o file.o file.c
file.c:1:0: warning: -fPIC ignored for target (all code is position independent)
file.c: In function 'r_file_temp':
file.c:320:2: warning: 'I' flag used with '%x' gnu_printf format
file.c:320:2: warning: format '%I64x' expects type 'unsigned int', but argument 6 has type 'long long unsigned int'
file.c:320:2: warning: 'I' flag used with '%x' gnu_printf format
file.c:320:2: warning: format '%I64x' expects type 'unsigned int', but argument 6 has type 'long long unsigned int'
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o alloca.o alloca.c
alloca.c:1:0: warning: -fPIC ignored for target (all code is position independent)
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o range.o range.c
range.c:1:0: warning: -fPIC ignored for target (all code is position independent)
range.c: In function 'r_range_percent':
range.c:288:2: warning: unknown conversion type character 'I' in format
range.c:288:2: warning: too many arguments for format
range.c:288:2: warning: unknown conversion type character 'I' in format
range.c:288:2: warning: too many arguments for format
range.c:295:2: warning: unknown conversion type character 'I' in format
range.c:295:2: warning: too many arguments for format
range.c:295:2: warning: unknown conversion type character 'I' in format
range.c:295:2: warning: too many arguments for format
range.c: In function 'r_range_list':
range.c:305:3: warning: unknown conversion type character 'I' in format
range.c:305:3: warning: unknown conversion type character 'I' in format
range.c:305:3: warning: too many arguments for format
range.c:305:3: warning: unknown conversion type character 'I' in format
range.c:305:3: warning: unknown conversion type character 'I' in format
range.c:305:3: warning: too many arguments for format
range.c:306:3: warning: unknown conversion type character 'I' in format
range.c:306:3: warning: unknown conversion type character 'I' in format
range.c:306:3: warning: format '%I64d' expects type 'int', but argument 2 has type 'long long unsigned int'
range.c:306:3: warning: too many arguments for format
range.c:306:3: warning: unknown conversion type character 'I' in format
range.c:306:3: warning: unknown conversion type character 'I' in format
range.c:306:3: warning: format '%I64d' expects type 'int', but argument 2 has type 'long long unsigned int'
range.c:306:3: warning: too many arguments for format
range.c:309:2: warning: format '%I64d' expects type 'int', but argument 3 has type 'long long unsigned int'
range.c:309:2: warning: format '%I64d' expects type 'int', but argument 3 has type 'long long unsigned int'
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o log.o log.c
log.c:1:0: warning: -fPIC ignored for target (all code is position independent)
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o prof.o prof.c
prof.c:1:0: warning: -fPIC ignored for target (all code is position independent)
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o cache.o cache.c
cache.c:1:0: warning: -fPIC ignored for target (all code is position independent)
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o sys.o sys.c
sys.c:1:0: warning: -fPIC ignored for target (all code is position independent)
In file included from /usr/lib/gcc/i686-pc-cygwin/4.5.3/../../../../include/w32api/winsock.h:36:0,
from /cygdrive/d/Work/radare2/libr/include/r_types.h:28,
from sys.c:5:
/usr/lib/gcc/i686-pc-cygwin/4.5.3/../../../../include/w32api/psdk_inc/_fd_types.h:100:2: warning: #warning "fd_set and associated macros have been defined in sys/types. This can cause runtime problems with W32 sockets"
sys.c: In function 'r_sys_truncate':
sys.c:34:2: error: too few arguments to function 'r_sandbox_open'
/cygdrive/d/Work/radare2/libr/include/r_util.h:578:11: note: declared here
sys.c: In function 'r_sys_backtrace':
sys.c:100:2: warning: #warning TODO: r_sys_bt : unimplemented
sys.c: In function 'r_sys_getdir':
sys.c:210:2: warning: implicit declaration of function '_getcwd'
sys.c:210:14: warning: initialization makes pointer from integer without a cast
sys.c: At top level:
sys.c:140:13: warning: 'signal_handler' defined but not used
sys.c:152:12: warning: 'checkcmd' defined but not used
/cygdrive/d/Work/radare2/libr/../global.mk:43: recipe for target `sys.o' failed
make[4]: *** [sys.o] Error 1
make[4]: Leaving directory `/cygdrive/d/Work/radare2/libr/util'
Makefile:33: recipe for target `util' failed
make[3]: *** [util] Error 2
make[3]: Leaving directory `/cygdrive/d/Work/radare2/libr'
Makefile:23: recipe for target `all' failed
make[2]: *** [all] Error 2
make[2]: Leaving directory `/cygdrive/d/Work/radare2/libr'
Makefile:26: recipe for target `libr' failed
make[1]: *** [libr] Error 2
make[1]: Leaving directory `/cygdrive/d/Work/radare2'
Makefile:17: recipe for target `all' failed
On openbsd/i386, when stepping (s) in the regsiter/disasm display, r2 highlights in white any register which has changed since the last state, including, always, eip.
On amd64, the only flag ever highlighted is rflags.
-- vext01
Reply 1: its broken in all systems. i will fix this as soon as I get some spare time :)
Reply 2: FYI: this is still busted as of 20120201. Cheers
P.S. Moved from http://rada.re/y/bugs.php?bugs&s=view&id=52
r2 -d gdb://localhost:9999
instead of saying "cannot connect" it's looping at 100% cpu
Used to run radiff2 -C hello1 hello2 (two hello words) and have output with broken formatting, because of long symbols name. Please add autoresize option for such cases:
fcn.0000034 0x806 | MATCH ...
some_very_long_symbol_name | NEW
I am getting the following from sys/python.sh:
PYTHON_VERSION=2.7
PYTHON=python${PYTHON_VERSION}
Using PYTHON_VERSION 2.7
Using PYTHON_CONFIG python2.7-config
==> Using valabind valabind 0.6.4 - [email protected]
==> Using swig 2.0.4
Checking valabind languages support...
Final report:
/opt/analrepo/build/radare2/r2-bindings' [ -e python/_r_core.so ] && true make[1]: *** [install-python] Error 1 make[1]: Leaving directory
/opt/analrepo/build/radare2/r2-bindings'Radare2 itself installs and works fine. Please let me know if I can provide more info :-)
Here is assembler source - http://xvilka.me/hello.asm
Here is produced binary - http://xvilka.me/hello
Also it recognize data as code - compare assembler sources and 'pd' produced output
Assembler sources - http://xvilka.me/hello2.s
Produced (as hello2.s -o hello2.o) object file - http://xvilka.me/hello2.o
Resulting binary (ld --strip-all hello2.o -o hello2; sstrip hello2) - http://xvilka.me/hello2
I've got a segfault when I'm launching radare2 on tiny-crackme (http://crackmes.de/users/yanisto/tiny_crackme/) :
jvoisin@nyoghta ~/dev/reverse/tiny% r2 tiny-crackme
Error: read (shdr)
Warning: Cannot initialize section headers
zsh: segmentation fault (core dumped) r2 tiny-crackme
Maybe this is because the headers are corrupted.
See output of radare2 (especially wrong last string at text.0x576 which is obviously wrong) - http://sprunge.us/QVcP
This is result of disassemling this file http://xvilka.me/t1 ( C source is http://xvilka.me/t1.c )
Here is IDA Pro result for comparison - http://xvilka.me/t1.asm and http://xvilka.me/t1.lst
i cannot set breakpoints, nor get symbols (with 'is') and generally a lot of things are broken with dbg:// but with -d everything is ok.
this is how i run it: r2 dbg:///usr/bin/ls
In [r_magic.h:22] the use of the conditional operator does not typecheck:
The function magic_close has return type void, but x is of a pointer type. Yet the C standard requires that the second and third argument of the
conditional operator ?: are both void or compatible pointer types (there are
several other cases, see 6.5.15 of the C Standard). Failing this, the compiler
may produce arbitrary code.
The best way to fix this is likely changing the definition to { if(x) {magic_close(x)} }.
Best,
Michael
[r_magic.h:22] https://github.com/radare/radare2/blob/master/libr/include/r_magic.h#L22
Currently radare2 is using ascii subset only, may be extend it for ansi e.g., if terminal support this? To use nice glyphs for program flow arrows, etc.
We need an code in util/num.c to convert ut64 into string with formatted aproximated human readable form.
char *r_num_to_human_string() ?
Still using same file - http://xvilka.me/ami_bios.bin
When loading it with:
r2 -e asm.bits=16 -e io.va=true ami_bios.bin
Then do:
S $s-0x10000 0xf000:0x0000 0x10000 0x10000 bootblk rwx
Then go to:
s f000:ffaa
Then run Visual mode - it show only 'ff'-s
while here must be jump opcode!
See this code
struct r_bin_pe_section_t* PE_(r_bin_pe_get_sections)(struct PE_(r_bin_pe_obj_t)* bin) {
struct r_bin_pe_section_t *sections = NULL;
PE_(image_section_header) *shdr = bin->section_header;
int i, sections_count = bin->nt_headers->file_header.NumberOfSections;
if ((sections = malloc((sections_count + 1) * sizeof(struct r_bin_pe_section_t))) == NULL) {
perror ("malloc (sections)");
return NULL;
}
for (i = 0; i < sections_count; i++) {
memcpy (sections[i].name, shdr[i].Name, PE_IMAGE_SIZEOF_SHORT_NAME);
sections[i].name[PE_IMAGE_SIZEOF_SHORT_NAME-1] = '\0';
sections[i].rva = shdr[i].VirtualAddress;
sections[i].size = shdr[i].SizeOfRawData;
sections[i].vsize = shdr[i].Misc.VirtualSize;
sections[i].offset = shdr[i].PointerToRawData;
sections[i].flags = shdr[i].Characteristics;
sections[i].last = 0;
}
sections[i].last = 1;
return sections;
}
where you have sections[i].name[PE_IMAGE_SIZEOF_SHORT_NAME-1] = '\0'; but for 8-chars section name it produce wrong result, e.g. for '_TEXT_RE'
Syscalls are missing from the linux maps. This tasks is tedious and hard to automate: http://stackoverflow.com/questions/6604007/how-can-i-get-a-list-of-linux-system-calls-and-number-of-args-they-take-automatic
Reply 1: We need to resolve the syscall arg types.. Maybe parsing strace sources?
Reply 2: This has been delayed until 0.9
Reply 3: The current version of hg uses sdb with RPair to get the syscall information. This fixes all bugs like speed and memory usage. We need to implement all those syscall information tables NOW!
Once again:
If do open file with:
r2 -e asm.bits=16 -e io.va=true bios.bin
Then add segment with
S $s-0x10000 0xf0000 0x10000 0x10000 bootblk rwx
Then enable segment addressing
e scr.offseg=true
Then we need go 0xF000:0xFFF0 so run
s f000:fff0
we got:
[0f00:fff0]>
which is obviously wrong, while if do pd 1 - data is ok, so real address is valid - just wrong representation.
One more, if go to 0xF000:0xFFAA
we will see such jump:
0x000fffaa e99300 jmp word 0x100040
which is obviously wrong, it must be
jmp word 0x40
and point to 0xF000:0x0040
used binary file is http://xvilka.me/ami_bios.bin
$ git clone https://github.com/radare/radare2.git
....
....
$ cd radare2
$ sys/install.sh
...
...
...
- python: No python-config foundno
- perl: no
- ruby: no
- lua: no
- go: no
- java: no
- guile: no
- php5: /usr/bin/valabind-cc: 1: /usr/bin/valabind-cc: php-config: not found
Package libpng was not found in the pkg-config search path.
Perhaps you should add the directory containing `libpng.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libpng' found
/usr/bin/valabind-cc: 1: /usr/bin/valabind-cc: php-config: not found
no
- node-ffi: no
- ctypes: no
- cxx: yes (g++)
- valac: yes
Supported langs:
- cxx
- valac
...
...
...
/usr/bin/ld: warning: libr_flags.so.0.9.3git, needed by /home/nop/data/dev/radare2/libr/parse/libr_parse.so, not found (try using -rpath or -rpath-link)
/home/nop/data/dev/radare2/libr/parse/libr_parse.so: undefined reference to `r_flag_get_i'
collect2: ld returned 1 exit status
make[3]: *** [rasm2] Error 1
make[2]: *** [all] Error 1
make[1]: *** [binr] Error 2
make: *** [all] Error 2
from 'clean' clone of repo:
DIR r_print
make libr_print.so libr_print.a
make[4]: Entering directory /home/xvilka/radare2/libr/print' cc -c -MD -fPIC -g -Wall -DHAVE_LIB_GMP=1 -D__UNIX__=1 -I/home/xvilka/radare2/libr/include -o print.o print.c cc -c -MD -fPIC -g -Wall -DHAVE_LIB_GMP=1 -D__UNIX__=1 -I/home/xvilka/radare2/libr/include -o format.o format.c cc -c -MD -fPIC -g -Wall -DHAVE_LIB_GMP=1 -D__UNIX__=1 -I/home/xvilka/radare2/libr/include -o date.o date.c cc -c -MD -fPIC -g -Wall -DHAVE_LIB_GMP=1 -D__UNIX__=1 -I/home/xvilka/radare2/libr/include -o disasm.o disasm.c cc -c -MD -fPIC -g -Wall -DHAVE_LIB_GMP=1 -D__UNIX__=1 -I/home/xvilka/radare2/libr/include -o seven.o seven.c cc -shared -o libr_print.so -Wl,-soname=libr_print.so.0.9.1git print.o format.o date.o disasm.o seven.o -lr_cons -lr_util -lr_asm -lr_anal -L/home/xvilka/radare2/libr/cons -L/home/xvilka/radare2/libr/util -L/home/xvilka/radare2/libr/asm -L/home/xvilka/radare2/libr/anal -fPIC STRIP libr_print.so make[4]: Leaving directory
/home/xvilka/radare2/libr/print'
make[4]: Entering directory /home/xvilka/radare2/libr/print/t' cc -c -MD -fPIC -g -Wall -DHAVE_LIB_GMP=1 -D__UNIX__=1 -I/home/xvilka/radare2/libr/include -DVERSION=\"0.9.1git\" -o hex.o hex.c cc hex.o -L.. -o hex -lr_cons -lr_print -lr_util -L/home/xvilka/radare2/libr/cons -L/home/xvilka/radare2/libr/print -L/home/xvilka/radare2/libr/util -fPIC -L/home/xvilka/radare2/libr/..//libr/cons -L/home/xvilka/radare2/libr/..//libr/print -L/home/xvilka/radare2/libr/..//libr/util -lr_cons -lr_print -lr_util /usr/lib/libr_asm.so.0.9.1git: undefined reference to
r_str_subchr'
collect2: ld returned 1 exit status
make[4]: *** [hex] Error 1
make[4]: Leaving directory /home/xvilka/radare2/libr/print/t' make[3]: *** [all] Error 2 make[3]: Leaving directory
/home/xvilka/radare2/libr/print'
make[2]: *** [libs] Error 1
make[2]: Leaving directory /home/xvilka/radare2/libr' make[1]: *** [libr] Error 2 make[1]: Leaving directory
/home/xvilka/radare2'
make: *** [all] Error 2
GCC constructs monster nops to reduce cpu cache used and speedup code caching. But looks like some of them are wrongly analyzed.
[0x00404a88]> e asm.size=true
[0x00404a88]> e asm.nbytes=12
[0x00404a88]> pd 1 @ 0x00404ab4
0x00404ab4 0 662e0f1f840000000000 o16 nop [cs:rax+rax+0x0]
[0x00404a88]> ao 1 @ 0x00404ab4
Oops at 0x00404ab4 (66 2e 0f ...)
Load this TE example file in r2 http://xvilka.me/example.te.
Firstly code doesn't make _TEXT_RE segment 16bit automatically. Then, if you do 'Sa x86 16' for _TEXT_RE segment, others should be 32bit, but if i do 'pd' at _TEXT_PR segment, it show me 16bit code.
On some instructions involving reading a value somewhere, radare2 conveniently displays the value next to the pointer, like this:
0xc0008714 98009fe5 ldr r0, [pc, #152] ; 0xffffffffc00087b4; => 0xc06b4308
It however doesn't do this for all instructions:
0xc0008700 a4a09f15 ldrne sl, [pc, #164] ; 0xffffffffc00087ac
Also, on arm, some other instructions involving pc might get some helpfulness from having the result shown, like in:
0xc00081b8 68008fe2 add r0, pc, #104 ; 0x68
It would already be interesting to have pc + 0x68 already displayed, but since on arm, reading pc returns actual instruction address + 8 (4 in thumb), it's even more interesting and avoids stupid mistakes. Here, the result is 0xc00081b8 + 0x68 + 8.
P.S. Moved from http://rada.re/y/bugs.php?bugs&s=view&id=72
[0x0b700000]> e io.va=0
[0x080483d0]> /a pop eax; ret;
[# ]^C0x0cb7e190 < 0xffffffffffffffff hits = 0
hits: 0
hit1_0
hit1_1
hit1_2
hit1_3
hit1_4
is this what is supposed to happen? I would expect hits to increase...
For example, see this code:
f000:0540 6633c0 xor eax, eax
f000:0543 0fa2 cpuid
f000:0545 6681fb47656e75 cmp ebx, 0x756e6547
f000:054c 7404 jz 0xf0552
f000:054e fa cli
f000:054f f4 hlt
f000:0550 ebfc jmp 0xf054e
f000:0552 0f08 invd
f000:0554 0f6eff movd mm7, edi
f000:0557 668bc4 mov eax, esp
f000:055a e9c806 jmp word 0xc25
Here radare2 can recognize deadloop:
-> f000:054f f4 hlt
.=< f000:0550 ebfc jmp 0xf054e
but not this normal jump:
f000:054c jz 0xf0552
...
f000:0552 invd
not sure if it's a bug or my fault. I tried radare2 0.9.1hg @ darwin-little-x86 build 2012-02-13 and radare2 0.9 @ darwin-little-x86
Here's the results...
bash-3.2$ r2 -d test
Process with PID 31299 started...
PID = 31299
io_redirect: mach://31299
pid: 31299
task: 4867
NOTE: Fat binary found. Selected sub-bin is: -a x86 -b 64
NOTE: Use -a and -b to select sub binary in fat binary
$ r2 -a x86 -b 64 /bin/test # 0x00001000
$ r2 -a x86 -b 32 /bin/test # 0x00006000
$ r2 -a ppc -b 32 /bin/test # 0x0000b000
pid = 31299 tid = 31299
r_debug_select: 31299 31299
-- If you want to open the file in read-write mode use -w flag or -e cfg.write=true
[0x7fff5fc01028]> dc
r_debug_reg: error reading registers pid=31299
trace_pc: cannot get opcode size at 0x7fff5fc01028
r_debug_reg: error reading registers pid=31299
[R2] Breakpoint recoil at 0x7fff5fc01028 = 0
r_debug_select: 31299 0
r_debug_reg: error reading registers pid=31299
r_debug_reg: error reading registers pid=31299
r_debug_reg: error reading registers pid=31299
[0x7fff5fc01028]>
Reply 1: are you using the version from hg? this works fine here on 10.6.8
P.S. Moved from http://rada.re/y/bugs.php?bugs&s=view&id=66
Hi,
Anyone can you explain why rarc2 is dismissed?
There is any way to do the command: echo 'main@global(,64){printf("hello world\n");}' | rarc2 -s > hello.S in the radare2?
Thanks in advance,
Simon
rasm2 "mov al, cl" gives
89ff
rasm2 "pop al" gives
ff
root@protostar:~# rasm2 "mov al, cl"
89ff
yet for some reason it seems to be able to disassemble the opcode fine
root@protostar:~# rasm2 -d "88 c8"
mov al, cl
Cygwin, Windows 7 x64 box
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o sys.o sys.c
sys.c:1:0: warning: -fPIC ignored for target (all code is position independent)
In file included from /usr/lib/gcc/i686-pc-cygwin/4.5.3/../../../../include/w32api/winsock.h:36:0,
from /cygdrive/d/Work/radare2/libr/include/r_types.h:28,
from sys.c:5:
/usr/lib/gcc/i686-pc-cygwin/4.5.3/../../../../include/w32api/psdk_inc/_fd_types.h:100:2: warning: #warning "fd_set and associated macros have been defined in sys/types. This can cause runtime problems with W32 sockets"
sys.c: In function 'r_sys_backtrace':
sys.c:100:2: warning: #warning TODO: r_sys_bt : unimplemented
sys.c: In function 'r_sys_getdir':
sys.c:210:2: warning: implicit declaration of function '_getcwd'
sys.c:210:14: warning: initialization makes pointer from integer without a cast
sys.c: At top level:
sys.c:140:13: warning: 'signal_handler' defined but not used
sys.c:152:12: warning: 'checkcmd' defined but not used
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o buf.o buf.c
buf.c:1:0: warning: -fPIC ignored for target (all code is position independent)
cc -c -MD -fPIC -g -Wall -DWWWROOT=\"/usr/local/lib/radare2/0.9.3git/www\" -I/cygdrive/d/Work/radare2/libr/include -o w32-sys.o w32-sys.c
w32-sys.c:1:0: warning: -fPIC ignored for target (all code is position independent)
w32-sys.c:6:19: fatal error: tchar.h: No such file or directory
compilation terminated.
/cygdrive/d/Work/radare2/libr/../global.mk:43: recipe for target `w32-sys.o' failed
make[4]: *** [w32-sys.o] Error 1
make[4]: Leaving directory `/cygdrive/d/Work/radare2/libr/util'
Makefile:33: recipe for target `util' failed
make[3]: *** [util] Error 2
make[3]: Leaving directory `/cygdrive/d/Work/radare2/libr'
Makefile:23: recipe for target `all' failed
make[2]: *** [all] Error 2
make[2]: Leaving directory `/cygdrive/d/Work/radare2/libr'
Makefile:26: recipe for target `libr' failed
make[1]: *** [libr] Error 2
make[1]: Leaving directory `/cygdrive/d/Work/radare2'
Makefile:17: recipe for target `all' failed
make: *** [all] Error 2
Do this for image http://xvilka.me/ami_bios.bin
when browsing the history in upwards direction and then changing the direction downwards the last item on which the direction is changed takes two down arrows. it should take only one.
example of actual behavior:
[TIME:KEY:HISTORY_ITEM]
1:U:Z
2:U:Y
3:U:X
4:D:X
5:D:Y
expected behavior:
[TIME:KEY:HISTORY_ITEM]
1:U:Z
2:U:Y
3:U:X
4:D:Y
Next the visual mode doesn't remember the commands in history.
And the history it's self shouldn't contain duplicate commands that immediately follows each other.
P.S. Moved from http://rada.re/y/bugs.php?bugs&s=view&id=78
Cannot use 'sparc' anal plugin.
asm.arch: cannot find (sparc)
Cannot use 'sparc' anal plugin.
r_syscall_setup: Unknown os/arch 'openbsd'/'sparc'
asm.arch: Cannot setup syscall os/arch for 'sparc'
e asm.bits: Cannot set value, no plugins defined yet
r_syscall_setup: Unknown os/arch 'openbsd'/'sparc'
asm.os: Cannot setup syscall os/arch for 'openbsd'
e asm.bits: Cannot set value, no plugins defined yet
asm.arch: cannot find (sparc)
Cannot use 'sparc' anal plugin.
r_syscall_setup: Unknown os/arch 'openbsd'/'sparc'
asm.arch: Cannot setup syscall os/arch for 'sparc'
Cannot open file.
Can't we just say "this version of radare2 was not built with the debugger". And exit.
P.S. Moved from http://rada.re/y/bugs.php?bugs&s=view&id=40
Idea is to use such syntax:
f name 12 @ 33 "comment" ; set flag 'name' with length 12 at offset 13 and 'comment'
f name 12 33 "comment" ; same as above
f+name 12 33 "comment" ; like above but creates new one if doesnt exist
And show these comments in analysis output then.
And change for bindings api too, to support comments.
E.g. use scr.color value when show output on screen, but disable color symbols when use pipes, e.g.
pd | curl -F 'sprunge.us=<-' http://sprunge.us/
See example of output messed by color codes: http://sprunge.us/AEZW
I used sys/python.sh but I'm getting the following error, also 'python/_r_core.so' is not created.
cd .. ; make install-python
make[1]: Entering directory/home/oblique/pkg/radare2/r2-bindings' [ -e python/_r_core.so ] && true make[1]: *** [install-python] Error 1 make[1]: Leaving directory
/home/oblique/pkg/radare2/r2-bindings'
make: *** [install] Error 2
See example here http://xvilka.me/phx_uefi.bin
Open bios file with radare2 using this command:
r2 -e asm.bits=32 -e io.va=true phx_uefi.bin
You should choose valid asm.bits value due to arch of image.
Do bootblock segment relocation:
[0x00000000]> S $s-0x10000 0xf000:0x0000 0x10000 0x10000 bootblk rwx
where '$s' - variable, file size (see output of '???' command)
Then set this as 16bit segment
[0x00000000]> Sa x86 16
You can check result by typing just 'S' command.
You can also set DOS-like addressing notation:
[0x00000000]> e asm.segoff=true
[0000:0000]>
'[0000:0000]> s 0xf000:0xfff0'
Disassembly
[f000:fff0]> pd 1
f000:fff0 e908ff0000 jmp dword 0x10fefd
While here opcode is 'e908ff' and all, so this is jmp f000:fefb.
Same for f000:fefb
[f000:fefb]> pd 1
f000:fefb e913fd662e jmp dword 0x2e76fc13
Which should be
f000:fefb e913fd jmp f000:fc11
Please, add support for syntax highlight of produced disassembly, with colorschemes support and 256 colors.
Optional - do the same for WebUI.
r_core_print_disasm() is a 499 line long function with >50 local variables. I am sure this can be refactored and cleaned.
Reply 1: This is in TODO since radare1 0.1.. we always made fun about how dirty this code is, but we never did nothing as long as it's not a priority and it will take lot of time to refactorize it in an extensible way. We are open to patches and proposals ;)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.