search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.73k stars 3.01k forks source link

Radare2 cannot detect datarefs correctly like IDA on arm32 #20499

Open ghost opened 2 years ago

ghost commented 2 years ago

I'm using radare2 to disassemble an elf on arm32.

one function like this:

0x00010b3c      push    {r4, lr}
0x00010b40      mov     r0, 1
0x00010b44      bl      fcn.0001308c
0x00010b48      ldr     r4, [fcn.00010b78] ; 0x10b78
0x00010b4c      ldr     r3, [0x00010b7c]
0x00010b50      mov     r1, 0
0x00010b54      mov     r0, 1
0x00010b58      str     r3, [r4, 4]
0x00010b5c      bl      fcn.00012fc8
0x00010b60      ldrh    r0, [r0]
0x00010b64      strh    r0, [r4, 2]
0x00010b68      mov     r0, 1
0x00010b6c      bl      fcn.00012fec
0x00010b70      pop     {r4, lr}
0x00010b74      bx      lr
fcn.00010b78 ();
0x00010b78      .dword 0x00026420
0x00010b7c      .dword 0xb6a85f2d

i get datarefs with aflj and find 0x00010b3c datarefs is: "datarefs": [ { "from": 68424, "to": 0x00010b78, "type": "DATA" }, { "from": 68428, "to": 0x00010b7c, "type": "DATA" } ], we know this is incorrect, I want to get datarefs below (IDA can get this result): "datarefs": [ { "from": 68424, "to": 0x00026420, "type": "DATA" }, { "from": 68428, "to": 0xb6a85f2d, "type": "DATA" } ], How can I get this result with any command, or can radare2 improve this problem? Thanks, radare2 project.

arm_sample.zip

trufae commented 1 year ago

Thanks for reporting, i'll take a look when i have some time to focus on that 👍