search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.78k stars 3.01k forks source link

Bad LEA disassembled opcodes #9126

Closed kartone closed 6 years ago

kartone commented 6 years ago

Work environment

Questions Answers
OS/arch/bits Linux kali 4.14.0-kali1-amd64
File format of the file you reverse ELF
Architecture/bits of the file. x86/64
r2 -v full output radare2 2.3.0-git 16905 @ linux-x86-64 git.2.2.0-96-ge854df5c0

Expected behavior

8d 45 fc                lea    eax,[ebp-0x4]

Actual behavior

8d 45 fc              lea eax, ebp - 4

Steps to reproduce the behavior

https://asciinema.org/a/X2XKN4pvQjZub0ys9uzhJ2pLY

Compiled binaries

Bin: crackme0x02 from IOLI crackmes serie

radare commented 6 years ago

Thats expected. It has been discussed recently to make the syntax more readable, we can bring back the old syntax for lea, but as long as lea is not accessing memory the [] is confusing. We should probably relay this for an asm filter or asm.syntax.

On 3 Jan 2018, at 23:55, Kartone notifications@github.com wrote:

Work environment

Questions Answers OS/arch/bits Linux kali 4.14.0-kali1-amd64 File format of the file you reverse ELF Architecture/bits of the file. x86/64 r2 -v full output radare2 2.3.0-git 16905 @ linux-x86-64 git.2.2.0-96-ge854df5c0 Expected behavior

8d 45 fc lea eax,[ebp-0x4] Actual behavior

8d 45 fc lea eax, ebp - 4 Steps to reproduce the behavior

https://asciinema.org/a/X2XKN4pvQjZub0ys9uzhJ2pLY

Compiled binaries

Bin: crackme0x02 from IOLI crackmes serie

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

neeocf commented 6 years ago

I agree that [] would be confusing, but the "[r|e]bp - X" is not replaced by "local_Xh" for lea as it used to be (and it was very helpful).

radare commented 6 years ago

Oh! Thats a bug then

On 6 Jan 2018, at 21:46, neeo notifications@github.com wrote:

I agree that [] would be confusing, but the "[r|e]bp - X" is not replaced by "local_Xh" for lea as it used to be (and it was very helpful).

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

kartone commented 6 years ago

@neeocf That is exactly what I meant! Completely agree with you.

radare commented 6 years ago

FIxed by rollbacking the [] change. also it was inconsistent with the assembler and syntax of [] is memory reference which is base+delta, so other syntax would be wrong for a generic assembler