search

wargio / r2dec-js

radare2 plugin - converts asm to pseudo-C code.
514 stars 50 forks source link

support asm.syntax=att #184

Closed imyxh closed 5 years ago

imyxh commented 5 years ago

I've been using radare2 with GAS/AT&T syntax for a long time, and I just realized that r2dec is much more effective at decompiling when asm.syntax=intel.

asm.syntax=intel:

/* r2dec pseudo code output */
/* be-quick-or-be-dead-1 @ 0x400706 */
#include <stdint.h>

int32_t calculate_key (void) {
    uint32_t var_4h;
    var_4h = 0x75c3328b;
    do {
        var_4h++;
    } while (var_4h != 0xeb866516);
    eax = var_4h;
    return eax;
}

asm.syntax=att:

/* r2dec pseudo code output */
/* be-quick-or-be-dead-1 @ 0x400706 */
#include <stdint.h>

void calculate_key (void) {
    uint32_t var_4h;
    __asm ("pushq %rbp");
    %rsp = %rbp;
    __asm ("movl $0x75c3328b, var_4h");
    do {
        __asm ("addl $1, var_4h");
        __asm ("cmpl $0xeb866516, var_4h");
    } while (? != ?);
    __asm ("movl var_4h, %eax");
    __asm ("popq %rbp");
    __asm ("retq");
}

This is pretty much a duplicate of #4 except that was closed a long time ago with fixes for everything but AT&T syntax.

I think the easiest solution I can think of is to check if asm.syntax is set to something other than Intel, and if so, quickly switch it right before the disassembly is done, then switch it back when pdd returns. I can start looking into the r2dec source code to see how manageable this would be.

radare commented 5 years ago

R2dec should force intel syntax and implement the missing instructions if any

On 30 Jul 2019, at 19:39, Ian Huang notifications@github.com wrote:

I've been using radare2 with GAS/AT&T syntax for a long time, and I just realized that r2dec is much more effective at decompiling when asm.syntax=intel.

asm.syntax=intel:

/ r2dec pseudo code output / / be-quick-or-be-dead-1 @ 0x400706 /

include

int32_t calculate_key (void) { uint32_t var_4h; var_4h = 0x75c3328b; do { var_4h++; } while (var_4h != 0xeb866516); eax = var_4h; return eax; } asm.syntax=att:

/ r2dec pseudo code output / / be-quick-or-be-dead-1 @ 0x400706 /

include

void calculate_key (void) { uint32_t var_4h; asm ("pushq %rbp"); %rsp = %rbp; asm ("movl $0x75c3328b, var_4h"); do { asm ("addl $1, var_4h"); __asm ("cmpl $0xeb866516, var_4h"); } while (? != ?); asm ("movl var_4h, %eax"); asm ("popq %rbp"); asm ("retq"); } This is pretty much a duplicate of #4 except that was closed a long time ago with fixes for everything but AT&T syntax.

I think the easiest solution I can think of is to check if asm.syntax is set to something other than Intel, and if so, quickly switch it right before the disassembly is done, then switch it back when pdd returns. I can start looking into the r2dec source code to see how manageable this would be.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

wargio commented 5 years ago

yes, i do, i just do not handle those instructions.

Edit: probably i removed it for some reasons... i'll add that again.

wargio commented 5 years ago

fixed with https://github.com/wargio/r2dec-js/commit/200782686a4d78d71015871c5ec93ad73e951833

imyxh commented 5 years ago

Oof, now I have to set my radare2 back to att syntax every time I run pdd....

wargio commented 5 years ago

wait, maybe i did something stupid. let me check.

wargio commented 5 years ago

i've fixed it. i did something retarded and used the value as boolean instead of a string. now it should work as expected.