Relative lea xrefs are wrong

[tyilo]

Test executable: https://a.pomf.se/fuhuxs

Example:

> pd 9 @0x100002ab3
           0x100002ab3    488d1586b80. lea rdx, qword [rip + 0x1b886]  ; [0x1b886:8]=0x46206e69206c6165  ; "eal in Finder" @ 0x1b886
           0x100002aba    31ff         xor edi, edi
           0x100002abc    be61000000   mov esi, 0x61 ; 'a'
           0x100002ac1    31c0         xor eax, eax
           0x100002ac3    e84a320100   call sym.imp.OSKextLogCFString
              0x100015d12() ; sym.imp.OSKextLogCFString
           0x100002ac8    4c89f7       mov rdi, r14
           0x100002acb    e84e320100   call sym.imp.OSKextRemoveKextPersonalitiesFromKernel
              0x100015d1e() ; sym.imp.OSKextRemoveKextPersonalitiesFromKernel
       ,=< 0x100002ad0    eb18         jmp 0x100002aea
       |   0x100002ad2    488d15a5590. lea rdx, qword [rip + 0x159a5]  ; [0x159a5:8]=0x17158d48ffffcafb

As you can see the location of both of the two lea rdx, qword [rip + ...] are wrong.

[radare]

Try with e anal.arch=x86.udis , but i'll fix it in few mins. Thanks

On 28 Jan 2015, at 21:17, Asger Hautop Drewsen notifications@github.com wrote:

Test executable: https://a.pomf.se/fuhuxs

Example:

pd 9 @0x100002ab3 0x100002ab3 488d1586b80. lea rdx, qword [rip + 0x1b886] ; [0x1b886:8]=0x46206e69206c6165 ; "eal in Finder" @ 0x1b886 0x100002aba 31ff xor edi, edi 0x100002abc be61000000 mov esi, 0x61 ; 'a' 0x100002ac1 31c0 xor eax, eax 0x100002ac3 e84a320100 call sym.imp.OSKextLogCFString 0x100015d12() ; sym.imp.OSKextLogCFString 0x100002ac8 4c89f7 mov rdi, r14 0x100002acb e84e320100 call sym.imp.OSKextRemoveKextPersonalitiesFromKernel 0x100015d1e() ; sym.imp.OSKextRemoveKextPersonalitiesFromKernel ,=< 0x100002ad0 eb18 jmp 0x100002aea | 0x100002ad2 488d15a5590. lea rdx, qword [rip + 0x159a5] ; [0x159a5:8]=0x17158d48ffffcafb As you can see the location of both of the two lea rdx, qword [rip + ...] are wrong.

— Reply to this email directly or view it on GitHub.