search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.66k stars 3k forks source link

Disassembly in python bindings gives different result than r2 #685

Closed yaps8 closed 10 years ago

yaps8 commented 10 years ago

Hi, I am using the python bindings to disassemble a raw x86 (32 bits) binary file. For the sake of the example, the file only contains those two bytes: 47 90 (an inc followed by a nop).

With r2: r2 -b 32 test.bin 0x0 > ao opcode: inc edi addr: 0x00000000 bytes: 47 size: 1 type: 16 (add) esil: of=(edi^(edi+1))>>31,edi++,zf=edi==0,sf=edi>>31 eob: 0 stack: 0 cond: 0 family: 0

The python I use for disassembly with bindings is: from r2 import r_core rc=r_core.RCore() rc.file_open("test.bin", 0, 0) rc.bin_load("", 0) rc.assembler.set_bits(32) print rc.cmd_str("ao")

It outputs: opcode: inc edi addr: 0x00000000 bytes: 4790 size: 2 type: 0 (null) esil: r8d^=eax,eax^=r8d,r8d^=eax eob: 0 stack: 0 cond: 0 family: 0

The problem is that the size of the instruction given by the binding is wrong and it seems to mix 32 bits (eax) and 64 bits (r8d) registers in the "esil" line.

radare commented 10 years ago

You are setting only 32 bits in the disassembler library. What gives you the size is the analysis one. Dont configure libraries manually when using rcore.

The way to go should be:

core.cmd0('e asm.bits=32')

Or using the api... But im on the phone right now and im lazy to check the vapis :)

On 06 Mar 2014, at 10:05, yaps8 notifications@github.com wrote:

Hi, I am using the python bindings to disassemble a raw x86 (32 bits) binary file. For the sake of the example, the file only contains those two bytes: 47 90 (an inc followed by a nop).

With r2: r2 -b 32 test.bin 0x0 > ao opcode: inc edi addr: 0x00000000 bytes: 47 size: 1 type: 16 (add) esil: of=(edi^(edi+1))>>31,edi++,zf=edi==0,sf=edi>>31 eob: 0 stack: 0 cond: 0 family: 0

The python I use for disassembly with bindings is: from r2 import r_core rc=r_core.RCore() rc.file_open("test.bin", 0, 0) rc.bin_load("", 0) rc.assembler.set_bits(32) print rc.cmd_str("ao")

It outputs: opcode: inc edi addr: 0x00000000 bytes: 4790 size: 2 type: 0 (null) esil: r8d^=eax,eax^=r8d,r8d^=eax eob: 0 stack: 0 cond: 0 family: 0

The problem is that the size of the instruction given by the binding is wrong and it seems to mix 32 bits (eax) and 64 bits (r8d) registers in the "esil" line.

— Reply to this email directly or view it on GitHub.

yaps8 commented 10 years ago

This works, thanks! I found how to configure the analysis disassembly (rc.anal.set_bits(32)) but not how to globally configure.

radare commented 10 years ago

To configure it globally you have to use the rconfig api. Which is instantiated in the core object .. Something like this should work: core.config.set_i('asm.arch',32)

On 06 Mar 2014, at 11:40, yaps8 notifications@github.com wrote:

This works, thanks! I found how to configure the analysis disassembly (rc.anal.set_bits(32)) but not how to globally configure.

— Reply to this email directly or view it on GitHub.

radare commented 10 years ago

Close the bug please :)

On 06 Mar 2014, at 11:40, yaps8 notifications@github.com wrote:

This works, thanks! I found how to configure the analysis disassembly (rc.anal.set_bits(32)) but not how to globally configure.

— Reply to this email directly or view it on GitHub.

yaps8 commented 10 years ago

It works, thank you :-)