search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.64k stars 3k forks source link

Visual Mode debugging is yielding different results than expected #11001

Open afjoseph opened 6 years ago

afjoseph commented 6 years ago

Binary

crackme0x03.zip

Work environment

Questions Answers
OS/arch/bits (mandatory) ArchLinux / ARM 64
File format of the file you reverse (mandatory) ELF
Architecture/bits of the file (mandatory) x86/32.
r2 -v full output, not truncated (mandatory) radare2 2.9.0-git 19018 @ linux-x86-64 git.2.8.0-14-gb8de51270 commit: b8de51270320ee35a281495a41009c89b2d64642 build: 2018-08-09__10:12:00

Hey. I'm trying to debug the attached binary. Running the following steps in normal mode, yields expected and correct values:

$ r2 -Ad crackme0x03
[0x12345678] db 0x0804846e
[0x12345678] dc
IOLI Crackme Level 0x03
Password: 1234
hit breakpoint at: 0804846e
[0x12345678] dr eax
0x000004d2

Running the same binary with the same breakpoints but in Visual Mode or in a rarun2 sequence, yields completely different results:

$ r2 -Ad crackme0x03
[0x12345678] db 0x080484df # Just a bit before
[0x12345678] db 0x0804846e
[0x12345678] dc
IOLI Crackme Level 0x03
Password: 1234
hit breakpoint at: 80484df

[Enter Visual Mode. Either run F9 or step until reaching the sym.test (its only around 6 instructions away)]

[0x0804846e] dr eax 
0xffd5dd58 # Number varies

Am I doing something really funky wrong here?

Steps to reproduce the behavior

I've made a small R2R PR to reproduce the steps: https://github.com/Obaied/radare2-regressions/tree/bug_bin_debugging

radare commented 5 years ago

using -Ad is not recommended and known to be buggy

radare commented 5 years ago

cant reproduce any issue without the -A, and this -A thing is known to introduce problems in many situations. pls @Maijin disable the commands that are breaking the debugger in aaa. there are other issues related to the same bug

Maijin commented 5 years ago

Why disabling, it was working before your NSO fix. I can revert this one, but again, it will break the NSO support (which very few people use).

radare commented 5 years ago

because there's no sense in switching the debugger backend to ESIL when you are debugging with a NATIVE backend. the regstate is transferred and it results in wrong behaviour in the debuggee side. it's simply wrong

On 3 Jan 2019, at 13:17, Maijin notifications@github.com wrote:

Why disabling, it was working before your NSO fix. I can revert this one, but again, it will break the NSO support (which very few people use).

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/11001#issuecomment-451127626, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lmS-fdDHK4zl5rivRjj9l6AgLdyAks5u_fTcgaJpZM4V1de_.