-m option in r2 does not detect the right bin plugin and hence things are missed

[alvarofe]

While working on arm analysis I noticed that files which are loadded by mapping it into another direction with -m was not setting the bits hints correctly.

ryzen:new alvaro$ r2 -a arm -b 16 -m 0x8000 ../bins/elf/libmagic.so 
WARNING: using oba to load the syminfo from different mapaddress.
TODO: Must use the API instead of running commands to speedup loading times.
 -- Execute a command on the visual prompt with cmd.vprompt
[0x0000dfa8]> ah
[0x0000dfa8]> 

However, if loaded normally

ryzen:new alvaro$ r2 -a arm -b 16 ../bins/elf/libmagic.so 
 -- Do you want to print 333.5K chars? (y/N)
[0x00005fa8]> ah
 0x00000000 - 0x00000000 => bits=32
 0x00006060 - 0x00006060 => bits=16
 0x00007edc - 0x00007edc => bits=32
 0x000080fc - 0x000080fc => bits=16
 0x000083f0 - 0x000083f0 => bits=32
 0x00017024 - 0x00017024 => bits=16

This is gonna affect the analysis enormously on arm due to missing anal hints. Furthermore, there are some WARNINGS and TODO.

The issue is here in r_bin_open_io

    if (!buf_bytes) {                                                                                                                                                                                                                                                                                                     
                if ((int)opt->sz < 0) {                                                                                                                                                                                                                                                                                       
                        eprintf ("Cannot allocate %d bytes\n", (int)(opt->sz));                                                                                                                                                                                                                                               
                        return false;                                                                                                                                                                                                                                                                                         
                }                                                                                                                                                                                                                                                                                                             
                const int asz = opt->sz? (int)opt->sz: 1;                                                                                                                                                                                                                                                                     
                buf_bytes = calloc (1, asz);                                                                                                                                                                                                                                                                                  
                if (!buf_bytes) {                                                                                                                                                                                                                                                                                             
                        eprintf ("Cannot allocate %d bytes.\n", asz);                                                                                                                                                                                                                                                         
                        return false;                                                                                                                                                                                                                                                                                         
                }                                                                                                                                                                                                                                                                                                             
                ut64 seekaddr = is_debugger? opt->baseaddr: opt->loadaddr;                                                                                                                                                                                                                                                    
                if (!iob->fd_read_at (io, opt->fd, seekaddr, buf_bytes, asz)) {                                                                                                                                                                                                                                               
                        opt->sz = 0LL;                                                                                                                                                                                                                                                                                        
                }                                                                                                                                                                                                                                                                                                             
        }                  

seekaddr will be what is was passed to -m and this should be 0 since the file is paddr so later on check_bytes can detect correctly the bin plugin.

I believe @ret2libc is working on refactoring this - dunno if a regression.

Due to this issue my PR https://github.com/radare/radare2/pull/12068 will have some [XX].

Example

ryzen:new alvaro$ r2 -a arm -b 16 ../bins/elf/libmagic.so 
 -- I endians swap.
[0x00005fa8]> aac
[0x00005fa8]> afl~?
202
[0x00005fa8]> q
ryzen:new alvaro$ r2 -a arm -b 16 -m 0x80000000 ../bins/elf/libmagic.so 
WARNING: Plugin any should implement load_buffer method instead of load.
WARNING: using oba to load the syminfo from different mapaddress.
TODO: Must use the API instead of running commands to speedup loading times.
 -- nothing personal, just bitness
[0x80005fa8]> aac
[0x80005fa8]> afl~?
96

The functions should be the same independently where the binary was loaded.

[ret2libc]

I don’t think it’s a regression. We can easily test on 2 releases ago anyway... however it happened to me too and I have some doubts about the whole base/laddr concept.

For your particular case, why don’t you use -B?

[ret2libc]

I can confirm it was happening in radare2-2.9.0 too.

[alvarofe]

-B it is what I use, I was trying to understand why there were tests failing in my PR and I noticed this behaviour.

[radare]

-B is what you should use if the bin have headers. Use only -m when messing with raw dumps

On 14 Nov 2018, at 09:19, Álvaro Felipe Melchor notifications@github.com wrote:

-B it is what I use, I was trying to understand why there were tests failing in my PR and I noticed this behaviour.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[alvarofe]

https://github.com/radare/radare2-regressions/blob/master/new/db/anal/others#L67

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. Considering a lot has changed since its creation, we kindly ask you to check again if the issue you reported is still relevant in the current version of radare2. If it is, update this issue with a comment, otherwise it will be automatically closed if no further activity occurs. Thank you for your contributions.