search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.67k stars 3k forks source link

radare2 with winedbg #17626

Open COOLMSF opened 4 years ago

COOLMSF commented 4 years ago

Work environment

Questions Answers
OS/arch/bits (mandatory) Linux Thinkpad-T480 5.7.17-2-MANJARO #1 SMP PREEMPT Sat Aug 22 14:58:17 UTC 2020 x86_64 GNU/Linux
File format of the file you reverse (mandatory) PE
Architecture/bits of the file (mandatory) x86/32, x86/64.
r2 -v full output, not truncated (mandatory) radare2 4.6.0-git 25286 @ linux-x86-64 git.4.4.0-672-gf16a5b1ab commit: f16a5b1ab789e358eda5074d1485dcb31fc5a7fb build: 2020-09-10__12:41:20

Command

winedbg --gdb --no-start a.exe
r2 -d -a x86 -e dbg.exe.path=./a.exe dbg://localhost:44327

Expected behavior

I can see disassembly code in main function.

Actual behavior

[0x00001640]> s sym.main
[0x00001640]> x
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x00001640  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x00001650  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x00001660  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x00001670  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x00001680  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x00001690  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x000016a0  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x000016b0  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x000016c0  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x000016d0  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x000016e0  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x000016f0  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x00001700  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x00001710  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x00001720  ffff ffff ffff ffff ffff ffff ffff ffff  ................
0x00001730  ffff ffff ffff ffff ffff ffff ffff ffff  ................

There are nothing in main function, other function as well. But I can still run code by using dc.

XVilka commented 4 years ago

What is Wine version @COOLMSF ?

COOLMSF commented 4 years ago

What is Wine version @COOLMSF ?

wine-5.18

imcrom commented 3 years ago

is this fixed? having the actual behavior in my version radare2 5.1.0 25703 @ linux-x86-64 git.5.1.0

trufae commented 3 years ago

didnt tried, but nobody touched the winedbg code in r2. im aware winedbg had several bugs at the time, so i dont know if those were fixed.