search

rizinorg / rizin

UNIX-like reverse engineering framework and command-line toolset.
https://rizin.re
GNU Lesser General Public License v3.0
2.66k stars 357 forks source link

Rebasing binary breaks analysis #1651

Open iGr33k opened 3 years ago

iGr33k commented 3 years ago

binary.zip I noticed that when you change the base address of the binary using oob, all the addresses of functions and other information obtained as a result of the analysis remains tied to the original addresses that existed before the address change.

Work environment

Questions Answers
OS/arch/bits (mandatory) Ubuntu x86 64
File format of the file you reverse (mandatory) All
Architecture/bits of the file (mandatory) x86_64 and prob. all others
rizin -v full output, not truncated (mandatory) rizin 0.3.0-git @ linux-x86-64 commit: f29272cc0eb81bc0bee8d33c5eb4fe28a4eaf8de, build: 2021-09-10__12:51:40

Expected behavior

After rebasing binary with oob, analysed functions and other information will be moved to the new addresses.

Actual behavior

After using oob, issuing pdf at any function will result in printing invalid.

Steps to reproduce the behavior

  1. rizin ./binary
  2. aaa
  3. oob 0x12345678
  4. pdf @main
iGr33k commented 3 years ago

obr and obR leads to almost the same problem, but now there are zeros at the addresses.

ret2libc commented 3 years ago

Could you provide the binary as well? I think obr or obR should work. As said in chat, this whole reopening thing needs to be redesigned and fixed.

iGr33k commented 3 years ago

Updated issue with the uploaded binary.

ret2libc commented 3 years ago

Confirmed the issue. Although binary info are rebased according to the new baseaddr, the functions are still at the old addresses. Moreover, there's something wrong with flags, which appear to be rebased but they really are not.. Needs investigation.

Rot127 commented 3 years ago

That is more or less the same problem I tried to solve here: https://github.com/rizinorg/rizin/pull/1605

The relocs are not patched because they are only patched once per Elf binary object. After line https://github.com/rizinorg/rizin/blob/f70a4da1d2ecb74dc42ae40aa90600ed396a300c/librz/bin/p/bin_elf.inc#L676 the patching code will not executed again.

Though I think rebasing and reloc patching can be solved separately.

ret2libc commented 3 years ago

It is not exactly the same problem i believe. One is elf specific and it's about bin info, the other is about non-bin info