search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.36k stars 2.97k forks source link

Binary structures not mapped by default #10638

Open redmed666 opened 6 years ago

redmed666 commented 6 years ago

Work environment

Questions Answers
OS/arch/bits (mandatory) MacOS
File format of the file you reverse (mandatory) PE
Architecture/bits of the file (mandatory) x86/32
r2 -v full output, not truncated (mandatory) radare2 2.7.0-git 18638 @ darwin-x86-64 git.2.4.0-1100-gb9ce57d68 commit: b9ce57d68d57c9e9689859baae7fae972d2f5351 build: 2018-07-06__09:16:56

Expected behavior

Binary structures (like IMAGE_DOS_HEADER, IMAGE_NT_HEADER, ...) should be mapped by default when analyzing a binary

Actual behavior

Headers are not mapped in memory

Steps to reproduce the behavior

Open an exe with r2, px @ 0x00400000 (if file is mapped at 0x00400000) => not mapped (no MZ magic, ...)

Maijin commented 6 years ago

Some people want it some people don't want it. You can just use e io.va=false for now.

radare commented 6 years ago

Nope this doesnt makes the data structures to appear magically

On 6 Jul 2018, at 18:21, Maijin notifications@github.com wrote:

Some people want it some people don't want it. You can just use e io.va=false for now.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

radare commented 6 years ago

its not about wanting it, its a bug and must be fixed. @Maijin the issue is about the maps not the types

Maijin commented 6 years ago

kk

radare commented 6 years ago

Its about a missing map. Is this issue for ELF only? Or PE is affected too? Should be easy to fix

On 7 Jul 2018, at 16:56, Maijin notifications@github.com wrote:

kk

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

redmed666 commented 6 years ago

I noted this issue when analysing a PE. I have no idea for ELF and other stuffs.

radare commented 6 years ago

I have implemented the omo command that should make this map appear but its not yet depriorized when created. Will fix that later today but will be good to do the fix properly in rbin. Because i saw many inconsistent output in -S and -SS after the last changes from @ret2libc and i think we must review that but after the 2.7 release

On 8 Jul 2018, at 11:15, redmed666 notifications@github.com wrote:

I noted this issue when analysing a PE. I have no idea for ELF and other stuffs.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

radare commented 6 years ago

moving for 2.8 because now we have the omo command that seems to work. tested on a mach0 binary. We will need to import the header parser info and show the header properly. this is where asm.meta joins the game.

ret2libc commented 6 years ago

Because i saw many inconsistent output in -S and -SS after the last changes from @ret2libc and i think we must review that but after the 2.7 release

@radare what are you referring to?

radare commented 6 years ago

i think that r2 -SS should print something and it does nothing, at least for mach0 binaries, didnt tested more. also r2 -rSS should print om commands, not S ones.

On 9 Jul 2018, at 09:08, Riccardo Schirone notifications@github.com wrote:

Because i saw many inconsistent output in -S and -SS after the last changes from @ret2libc https://github.com/ret2libc and i think we must review that but after the 2.7 release

@radare https://github.com/radare what are you referring to?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/10638#issuecomment-403381193, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lg_QWHO7wCzB3iTZdQoJ1iwnzn4Oks5uEwGLgaJpZM4VFIz5.

ret2libc commented 6 years ago

If you have some concrete examples please open an issue and I'll have a look

radare commented 6 years ago

it’s more like random ideas in my head that i have to put in a pad to make real issues and plans for it

On 9 Jul 2018, at 12:16, Riccardo Schirone notifications@github.com wrote:

If you have some concrete examples please open an issue and I'll have a look

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/10638#issuecomment-403430961, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lsosE759Aom7YNVu6YL5HMHAJu6cks5uEy12gaJpZM4VFIz5.

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. Considering a lot has changed since its creation, we kindly ask you to check again if the issue you reported is still relevant in the current version of radare2. If it is, update this issue with a comment, otherwise it will be automatically closed if no further activity occurs. Thank you for your contributions.

ret2libc commented 3 years ago

Since the automation was "interrupted" by recent tags.. Please do provide additional details about the issue, which includes: a specific binary where the problem happens, the exact commands you use, the exact actual output you see and what you expect to see. Make sure to use an updated version of r2 please.