Code and data mixed

[DigiAngel]

Is there a method to determine ASCII in code easily? Example, I have a simple Win32 GUI app that just pops up a message, you click ok, and then the window goes away. I have to manually change the data type. Original below:

After changing data types:

Side question...how do I save these changes for future analysis? Thank you.

[crowell]

looks like entrypoint is improperly detected then?

[Maijin]

Hello,

Ensure you are using radare2 from git, if you're unsure paste output of r2 -v here. To install radare2 from git, first uninstall your version of radare2 and clean your distro. On windows use http://bin.rada.re/radare2-w32-0.10.2-git.zip

[radare]

The anaysis cant determine if a reference contain a string without knowing about the function signature. The support for better automatic data detection is work in progress. Im currently enhancing aav for arm and there's oddcoder which is working on the automatic variable type and function signatures. Also, the support for data mixed in code is also going to have some enhancements before the next release.

But you'll probably need to do this analysis by hand until that support is ready (after summer)

On 22 Apr 2016, at 00:26, DigiAngel notifications@github.com wrote:

Is there a method to determine ASCII in code easily? Example, I have a simple Win32 GUI app that just pops up a message, you click ok, and then the window goes away. I have to manually change the data type. Original below:

After changing data types:

Side question...how do I save these changes for future analysis? Thank you.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub

[radare]

Maijin le bot

On 22 Apr 2016, at 09:02, Maijin notifications@github.com wrote:

Hello,

Ensure you are using radare2 from git, if you're unsure paste output of r2 -v here. To install radare2 from git, first uninstall your version of radare2 and clean your distro. Then use git clone https://github.com/radare/radare2 && cd radare2 && ./sys/install.sh, verify your version and check if there is no error using r2 -v.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub

[DigiAngel]

Thank you...I'm using radare2 from git (0.10.2-56-g0012530 r2) on Linux. I'll wait for the next release. And that's interesting on the entry point...objdump shows 401000, but it also doesn't detect the ASCII. Thank you.

[radare]

objdump doesnt analyzes anything. and this code is not standard so its obviously wrongly handled.

On 22 Apr 2016, at 14:54, Maijin notifications@github.com wrote:

"I'll wait for the next release" wuuuut, no, just Uninstall your current radare2 version then git clone https://github.com/radare/radare2 https://github.com/radare/radare2 && cd radare2 && ./sys/install.sh

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/radare/radare2/issues/4677#issuecomment-213416566

[DigiAngel]

Ok cool....thanks for the responses.

[ret2libc]

Something like this radareorg/radare2#3753 would help I think. Small parts between basic blocks of the same functions that are not identified as code or anything else can be automatically marked as "1byte data" so that at least you won't see weird code in there. What do you think @radare ?

[ret2libc]

This issue has been moved from radareorg/radare2 to radareorg/ideas as we are trying to clean our backlog and this issue has probably been created a long while ago. This is an effort to help contributors understand what are the actionable items they can work on, prioritize issues better and help users find active/duplicated issues more easily. If this is not an enhancement/improvement/general idea but a bug, feel free to ask for re-transfer to main repo. Thanks for your understanding and contribution with this issue.