search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.67k stars 3k forks source link

Radare2 prints invalid when disassembling instructions after running ood #12914

Open boxybox12 opened 5 years ago

boxybox12 commented 5 years ago

This template is meant for bug reports, if you have a feature request, please be as descriptive as possible and delete the template

Make sure you are testing using the latest git version of radare2 before submitting any issue.

If you would like to report a bug, please fill the template bellow

Work environment

Questions Answers
OS/arch/bits (mandatory) Kubuntu x86 64
File format of the file you reverse (mandatory) .so
Architecture/bits of the file (mandatory) x86/64
r2 -v full output, not truncated (mandatory) radare2 3.3.0-git 20646 @ linux-x86-64 git.3.2.1-172-gea833632f commit: ea833632f1eb47e2dba4c5fa174d1880acec3f93 build: 2019-01-24__18:50:45

Expected behavior

Radare2 properly prints out the instructions after running ood and pdf.

Actual behavior

Radare2 prints invalid instead of the instructions

Steps to reproduce the behavior

radare commented 5 years ago

Probably because of aslr and the code is somewhere else. Expected behaviour

On 25 Jan 2019, at 14:31, awdsklm notifications@github.com wrote:

This template is meant for bug reports, if you have a feature request, please be as descriptive as possible and delete the template

Make sure you are testing using the latest git version of radare2 before submitting any issue.

If you would like to report a bug, please fill the template bellow

Work environment

Questions Answers OS/arch/bits (mandatory) Kubuntu x86 64 File format of the file you reverse (mandatory) .so Architecture/bits of the file (mandatory) x86/64 r2 -v full output, not truncated (mandatory) radare2 3.3.0-git 20646 @ linux-x86-64 git.3.2.1-172-gea833632f commit: ea83363 build: 2019-01-24__18:50:45 Expected behavior

Radare2 properly prints out the instructions after running ood and pdf.

Actual behavior

Radare2 prints invalid instead of the instructions

Steps to reproduce the behavior

Source File: https://github.com/radare/radare2/files/2797735/hello.zip Run r2 hello then aaa and then s sym.main and then pdf. Then run ood, s sym.main and then pdf again. Additional Logs, screenshots, source-code, configuration dump, ...

What it is printing: 0x565c370f ff invalid .. | 0x565c3712 ff invalid .. | 0x565c3715 ff invalid .. | 0x565c3718 ff invalid .. | 0x565c371b ff invalid .. | 0x565c3721 ff invalid | 0x565c3722 ff invalid .. | 0x565c3727 ff invalid .. | 0x565c372a ff invalid .. | 0x565c372f ff invalid .. | 0x565c3732 ff invalid .. | 0x565c3739 ff invalid .. | 0x565c373b ff invalid .. | ; CODE XREF from sym.main (0x565c3739) | 0x565c3740 ff invalid .. | 0x565c3743 ff invalid | 0x565c3744 ff invalid | 0x565c3745 ff invalid | 0x565c3746 ff invalid .. | 0x565c3749 ff invalid

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

xarkes commented 5 years ago

Will probably be fixed when https://github.com/radare/radare2/pull/12801 is merged.

radare commented 5 years ago

Totally not. This fix requires tons of changes and many of them are probably not easy to solve

On 26 Jan 2019, at 09:56, xarkes notifications@github.com wrote:

Will probably be fixed when #12801 is merged.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

xarkes commented 5 years ago

Yes sorry I misunderstood the pending PR, I didn't realize it was for breakpoints only.

SkypLabs commented 5 years ago

Probably because of aslr and the code is somewhere else.

I have the exact same issue and yes, it is because of ASLR, which makes sense.

Expected behaviour

Is there a way to update the actual flags to point to the new addresses? When I execute aaa after ood, the function flags still point to the previous values.