Maybe Endianess-Mixup when using ARM Debugger

rrrh commented 8 years ago

Hi, i'am trying to get radare with qemu-system-arm to work, but i'm running into some problems.

(Im running qemu 2.4.0.1, radare 0.10.0-git 9634, all on osx 10.8.5)

Starting qemu:

 ./qemu-system-arm -machine versatilepb -nographic -S -serial telnet:127.0.0.1:1235,server,nowait,nodelay -s

Attaching radare:

radare2 -aarm -b32 -D gdb gdb://localhost:1234

Then doing the following in radare:

[0x00000000]> *0=0x230000ea
r_reg_get_value: 32bit oob read 172
r_reg_get_value: 32bit oob read 172
[0x00000000]> pd 1
        ;-- lr:
        ;-- pc:
        ;-- r0:
        ;-- r1:
        ;-- r2:
        ;-- r3:
        ;-- r4:
        ;-- r5:
        ;-- r6:
        ;-- r7:
        ;-- r8:
        ;-- r9:
        ;-- r10:
        ;-- r11:
        ;-- r12:
        ;-- r13:
        ;-- r14:
        ;-- r15:
        ;-- cpsr:
        0x00000000    ea000023       movwhs r0, 0xea
r_reg_get_value: 32bit oob read 172
r_reg_get_value: 32bit oob read 172
[0x00000000]> *0
0x230000ea
r_reg_get_value: 32bit oob read 172 
r_reg_get_value: 32bit oob read 172

I think the disassembly should use the same endianess as the read-memory command?

I would expect the memory location at 0x0 to disassemble to:

[0x00000000]> pd 1
0x00000000    230000ea       b 0x94

Instead it disassembles to:

[0x00000000]> pd 1
0x00000000    ea000023       movwhs r0, 0xea

Any help? i'm stuck.

radare commented 8 years ago

The endianness is taken from the 'e cfg.bigendian' variable

On 07 Nov 2015, at 02:52, rrrh notifications@github.com wrote:

Hi, i'am trying to get radare with qemu-system-arm to work, but i'm running into some problems.

(Im running qemu 2.4.0.1, radare 0.10.0-git 9634, all on osx 10.8.5)

Starting qemu:

./qemu-system-arm -machine versatilepb -nographic -S -serial telnet:127.0.0.1:1235,server,nowait,nodelay -s Attaching radare:

radare2 -aarm -b32 -D gdb gdb://localhost:1234 Then doing the following in radare:

[0x00000000]> 0=0x230000ea r_reg_get_value: 32bit oob read 172 r_reg_get_value: 32bit oob read 172 [0x00000000]> pd 1 ;-- lr: ;-- pc: ;-- r0: ;-- r1: ;-- r2: ;-- r3: ;-- r4: ;-- r5: ;-- r6: ;-- r7: ;-- r8: ;-- r9: ;-- r10: ;-- r11: ;-- r12: ;-- r13: ;-- r14: ;-- r15: ;-- cpsr: 0x00000000 ea000023 movwhs r0, 0xea r_reg_get_value: 32bit oob read 172 r_reg_get_value: 32bit oob read 172 [0x00000000]> 0 0x230000ea r_reg_get_value: 32bit oob read 172 r_reg_get_value: 32bit oob read 172 I think the disassembly should use the same endianess as the read-memory command?

I would expect the memory location at 0x0 to disassemble to:

[0x00000000]> pd 1 0x00000000 230000ea b 0x94 Instead it disassembles to:

[0x00000000]> pd 1 0x00000000 ea000023 movwhs r0, 0xea Any help? i'm stuck.

— Reply to this email directly or view it on GitHub.

radare commented 8 years ago

Also you have written a numeric value which depends on the endianness, so the current output is fine. Use wx to write the raw bytes if you want not to have those problems or configure cfg.bigendian to change this behaviour.

On 07 Nov 2015, at 02:52, rrrh notifications@github.com wrote:

Hi, i'am trying to get radare with qemu-system-arm to work, but i'm running into some problems.

(Im running qemu 2.4.0.1, radare 0.10.0-git 9634, all on osx 10.8.5)

Starting qemu:

./qemu-system-arm -machine versatilepb -nographic -S -serial telnet:127.0.0.1:1235,server,nowait,nodelay -s Attaching radare:

radare2 -aarm -b32 -D gdb gdb://localhost:1234 Then doing the following in radare:

[0x00000000]> 0=0x230000ea r_reg_get_value: 32bit oob read 172 r_reg_get_value: 32bit oob read 172 [0x00000000]> pd 1 ;-- lr: ;-- pc: ;-- r0: ;-- r1: ;-- r2: ;-- r3: ;-- r4: ;-- r5: ;-- r6: ;-- r7: ;-- r8: ;-- r9: ;-- r10: ;-- r11: ;-- r12: ;-- r13: ;-- r14: ;-- r15: ;-- cpsr: 0x00000000 ea000023 movwhs r0, 0xea r_reg_get_value: 32bit oob read 172 r_reg_get_value: 32bit oob read 172 [0x00000000]> 0 0x230000ea r_reg_get_value: 32bit oob read 172 r_reg_get_value: 32bit oob read 172 I think the disassembly should use the same endianess as the read-memory command?

I would expect the memory location at 0x0 to disassemble to:

[0x00000000]> pd 1 0x00000000 230000ea b 0x94 Instead it disassembles to:

[0x00000000]> pd 1 0x00000000 ea000023 movwhs r0, 0xea Any help? i'm stuck.

— Reply to this email directly or view it on GitHub.

rrrh commented 8 years ago

ok.. thanks, please close this issue.(there are still some strange things happening, i need to track these errors and map them to either gdb, qem or radare)

Thanks for your help.

radareorg / radare

Maybe Endianess-Mixup when using ARM Debugger #1