XVilka
commented
6 years ago Please create a pull request to https://github.com/radare/radare2-regressions with a testcase.
Closed felberj closed 6 years ago
XVilka
commented
6 years ago Please create a pull request to https://github.com/radare/radare2-regressions with a testcase.
felberj
commented
6 years ago 
radare
commented
6 years ago aab works fine. This issue appears in just “aa”
On 4 Jun 2018, at 20:42, Jonas notifications@github.com wrote:
Work environment
Questions Answers OS/arch/bits (mandatory) macOS HighSierra arm 64 File format of the file you reverse (mandatory) ELF Architecture/bits of the file (mandatory) x86_64 r2 -v full output, not truncated (mandatory) radare2 2.7.0-git 18339 @ darwin-x86-64 git.2.6.0-130-ga20078d17 commit: a20078d build: 2018-06-04__20:29:14
Expected behaviorthe basic block at 0xf34 jumps to fcn.00001144, as it is the last instruction of it.
Actual behavior
The basic block ends there.
Steps to reproduce the behavior
radare2 ./Echo aaa s main VV find the BB in question, there is only one BB between the entry of main and the one in question. Additional Logs, screenshots, source-code, configuration dump, ...
Echo.zip
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
felberj
commented
6 years ago Are you sure? If I modify the test to do "aab" at the beginning, the output stays the same.
radare
commented
6 years ago Just do aab. Nothing more. Maybe i checked a different issue in the cfg. But aa was producing bad results indeed. Whwres this bin from? It have some strange constructions
On 7 Jun 2018, at 10:51, Jonas notifications@github.com wrote:
Are you sure? If I modify the test to do "aab" at the beginning, the output stays the same.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
felberj
commented
6 years ago The binary is from asictf 2018 and contains a brainfuck interpreter. Just to be sure: You ran the regression test and it passes?
felberj
commented
6 years ago Update: You are right, it works. I must have been fixed in the last few days. I will look at it again!
felberj
commented
6 years ago Update2: If I do
aabit works
if I do
aaa
aabit does not work
felberj
commented
6 years ago Ok, so I found the next problem:
aab
aaa
s 0x00001025It does not handle the jmp rax. Should I update the regression test? If so, how (what is the expected output?)?
radare
commented
6 years ago it should do if you enable anal.jmptbl=true
On 7 Jun 2018, at 11:47, Jonas notifications@github.com wrote:
Ok, so I found the next problem:
aab aaa s 0x00001025 It does not handle the jmp rax. Should I update the regression test? If so, how (what is the expected output?)? https://user-images.githubusercontent.com/6639926/41092113-6b96ba24-6a48-11e8-994e-976d01cf954e.png — You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/10259#issuecomment-395361213, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-luVupI8BxUQ0dYiuIkc1w9SzFVWTks5t6PbNgaJpZM4UZla3.
felberj
commented
6 years ago It does not, I just tried it:
anal.jmptbl=true
aab
aaa
s 0x00001025
afb.
VVwhy did you run aaa after aab? i said to just run aab, nothing more , anyway it’s a bug and must be fixed, also which compiler generated this bin or where it is coming from ? it have some strange constructions
On 8 Jun 2018, at 20:56, Jonas notifications@github.com wrote:
It does not, I just tried it:
anal.jmptbl=true aab aaa s 0x00001025 afb. VV — You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/10259#issuecomment-395856205, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lrz1l2K7shnm6XSZdtULd64DuWx1ks5t6sjIgaJpZM4UZla3.
felberj
commented
6 years ago why did you run aaa after aab?
Because I have never used radare2 and have no clue what I am doing. Currently waiting for a r2 developer that is coming to my place to manually analyze this program.
also which compiler generated this bin or where it is coming from ?
It was a challenge from ASIS CTF Quals 2018: https://ctftime.org/task/6033
felberj
commented
6 years ago I am interested on how I could fix this manually. My idea was to use afu to manually resize the function and run the analysis.
IDA claims that main goes until 0x0001162.
If I try to resize main with afu 0x0001162 the functions between main and 0x0001162 are still there. Any hints how to fix it? Do I need to edit the basic blocks (adding jumps to it?)?
radare
commented
6 years ago The way to debug the analysis loop is by adding printfs here and therr and see the reason why it doesnt reaches forward the stop point. Try to find the easiest way to test it (seek near that place and type af) and see why the anal loop behaves incorrectly. Im afk now so cant help
On 23 Jun 2018, at 16:46, Jonas notifications@github.com wrote:
I am interested on how I could fix this manually. My idea was to use afu to manually resize the function and run the analysis. IDA claims that main goes until 0x0001162. If I try to resize main with afu 0x0001162 the functions between main and 0x0001162 are still there. Any hints how to fix it? Do I need to edit the basic blocks (adding jumps to it?)?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
radare
commented
6 years ago 
@cyanpencil ^ can you have a look at this edge layout glitch? (run aaa and then s 0x1025)
radare
commented
6 years ago I have fixed this analysis bug in this pr https://github.com/radare/radare2/pull/10475
ret2libc
commented
5 years ago | aab aab across bin.sections.rx
The help message is not really helpful to understand what this command does.
Work environment
commit: a20078d17137e3bc9930e47c51c4674da3c39f83 build: 2018-06-04__20:29:14
Expected behavior
the basic block at
0xf34jumps tofcn.00001144, as it is the last instruction of it.Actual behavior
The basic block ends there.
Steps to reproduce the behavior
Additional Logs, screenshots, source-code, configuration dump, ...
Echo.zip