Python: Using r2pipe for analysing memory dump of an android process

[saneeha-amir]

hello,

I want to disassemble a process dump obtained from an android device. The dump is obtained using volatility 'linux_procdump' command. The redare2 interface is working fine on the dump and I can see the disassembled instructions. But r2pipe script gives the following error:

"Warning: run r2 with -e bin.cache=true to fix relocations in disassembly"

The script i have written is as under:

import r2pipe r= r2pipe.open('./dump',flags=['-e']) r.cmd('aaa') print r.cmd('afl')

Kindly guide. Ill be really grateful

[trufae]

The -e flag requires an argument

the warning you see is not an error and it will happen on notmal r2 unless you do what it says

[saneeha-amir]

Many thanks for your response. Please guide what should i do as the screen is stuck with this warning.

Can you please correct the command i m using. r= r2pipe.open('./dump',flags=['-e'])

Ill be really grateful

[saneeha-amir]

dear all, I have figured out that 'e' represents all the configuration variables. I think i need to set the configuration variable of bin.cache to true. It is currently false. I should run r2pipe after resetting. Please guide which file contains the configuration settings of radare2 as i m unable to find the configuration file. Ill be grateful

[saneeha-amir]

Dear all,

I have finally been able to run r2pipe. It was a problem with python. I was using python2. r2pipe is working perfectly fine with python3.

Warning is there but output is obtained.

[trufae]

Sorry for the delay, ivebeen busy irl during the last 6 days.

the line should be:

r= r2pipe.open('./dump',flags=['-ebin.cache=true'])

[trufae]

uhm, in theory r2pipe should run fine in python2, but its better to get rid of it as its deprecated and unmaintained.

[saneeha-amir]

Many thanks for your reply. I have changed the command as you have suggested and the warning is gone.

I have again verified running with python2 , but it is not working on my system. Python3 is working fine.