Closed foobazjo closed 2 weeks ago
this is because r2 is not detecting that main is a thumb function. as a workaround you can do this: ahb 16 @ main
and then aaa
will work well. but im cooking a fix to make that work
can i use this aewDebug binary in the testsuite? (it is distributable?)
can i use this aewDebug binary in the testsuite? (it is distributable?)
Probably, but I will check for another "open" binary in the firmware, something like busybox. I just grabbed the first one I saw was failing to get the function xrefs. I will also keep an eye if it works for all the binaries I'm using. I have a whole pile of firmware root filesystems of mixed architectures.
thanks! feel free to submit a pr to the testbins repo with that binary (place it in the elf directory) and if you are in the mood, also make a pr in this repo with the test itself, so we ensure it wont break in the future
Environment
Fri 26 Apr 2024 05:36:12 PM EDT radare2 5.9.0 32631 @ linux-x86-64 birth: git.5.9.0 2024-04-25__20:00:37 commit: 4a07098809c71c21515d0f862ac4ca044ae95e95 options: gpl -O? cs:5 cl:2 make Linux x86_64
Description
I have this script I'm making using r2pipe to count the number of time certain imported functions are being called within a binary (e.g. system(), printf(), memcpy() etc.)
After "aaa" I'm using "axt 0x" (often more successful) or "axt sym.imp.func" to list all the xrefs to a given function. Sometimes axt won't return anything for a function while being successful for others in the same binary. I tried using "aae" before "aaa", it wasn't successful.
Test
(Use attached aewDebug binary)
[0x00008b8c]> aaa INFO: Analyze all flags starting with sym. and entry0 (aa) INFO: Analyze imports (af@@@i) INFO: Analyze entrypoint (af@ entry0) INFO: Analyze symbols (af@@@s) INFO: Recovering variables INFO: Analyze all functions arguments/locals (afva@@@F) INFO: Analyze function calls (aac) INFO: Analyze len bytes of instructions for references (aar) INFO: Finding and parsing C++ vtables (avrr) INFO: Analyzing methods INFO: Finding xrefs in noncode section (e anal.in=io.maps.x) INFO: Emulate functions to find computed references (aaef) ERROR: Invalid reftype mask '' (0x01) INFO: Recovering local variables (afva) INFO: Type matching analysis for all functions (aaft) INFO: Propagate noreturn information (aanr) INFO: Use -AA or aaaa to perform additional experimental analysis aewDebug.zip
[0x00008b8c]> axt sym.imp.s sym.imp.strncpy sym.imp.strtol sym.imp.snprintf sym.imp.strcmp
[0x00008b8c]> axt sym.imp.snprintf [0x00008b8c]> axt 0x8824 [0x00008b8c]> axi 0x8824
With Ghidra I see one xref for that snprintf