radare2 使用记录

2023-11-05

radare2 使用记录

编译
调试分析
libarch

编译

radare2: UNIX-like reverse engineering framework and command-line toolset

# 参考 https://github.com/radareorg/radare2/issues/18828
git clone https://github.com/radareorg/radare2

$ ./configure --prefix=$HOME/.local --with-rpath
$ make -j4

-Wl,-rpath,/home/ostest/.local/lib 

$ make install
# libraries
 /home/ostest/.local/lib/libr_anal.so.5.8.9 -> libr_anal.so.5.8 -> anal/libr_anal.so

$ r2
r2: error while loading shared libraries: libr_util.so: cannot open shared object file: No such file or directory

$ ldd ~/.local/bin/r2
        linux-vdso.so.1 (0x00007fff000fc000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f204a251000)
        libr_util.so => not found
        libr_main.so => not found
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f204a05f000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f204a296000)

$ strace r2
execve("/home/ostest/.local/bin/r2", ["r2"], 0x7ffc234cb940 /* 31 vars */) = 0
brk(NULL)                               = 0x55b628952000
arch_prctl(0x3001 /* ARCH_??? */, 0x7ffcbb61bed0) = -1 EINVAL (无效的参数)
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=110580, ...}) = 0
mmap(NULL, 110580, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f92fb864000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220q\0\0\0\0\0\0"..., 832) = 832
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0{E6\364\34\332\245\210\204\10\350-\0106\343="..., 68, 824) = 68
fstat(3, {st_mode=S_IFREG|0755, st_size=157224, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f92fb862000
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0{E6\364\34\332\245\210\204\10\350-\0106\343="..., 68, 824) = 68
mmap(NULL, 140408, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f92fb83f000
mmap(0x7f92fb845000, 69632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f92fb845000
mmap(0x7f92fb856000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f92fb856000
mmap(0x7f92fb85c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7f92fb85c000
mmap(0x7f92fb85e000, 13432, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f92fb85e000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/tls/x86_64/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/x86_64-linux-gnu/tls/x86_64/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/tls/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/x86_64-linux-gnu/tls/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/tls/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/x86_64-linux-gnu/tls/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/tls/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/x86_64-linux-gnu/tls", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/x86_64/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/x86_64-linux-gnu/x86_64/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/x86_64-linux-gnu/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/x86_64-linux-gnu/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/x86_64-linux-gnu", {st_mode=S_IFDIR|0755, st_size=106496, ...}) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/tls/x86_64/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/x86_64-linux-gnu/tls/x86_64/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/tls/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/x86_64-linux-gnu/tls/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/tls/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/x86_64-linux-gnu/tls/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/tls/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/x86_64-linux-gnu/tls", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/x86_64/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/x86_64-linux-gnu/x86_64/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/x86_64-linux-gnu/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/x86_64-linux-gnu/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/x86_64-linux-gnu", {st_mode=S_IFDIR|0755, st_size=106496, ...}) = 0
openat(AT_FDCWD, "/lib/tls/x86_64/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/tls/x86_64/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/tls/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/tls/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/tls/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/tls/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/tls/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/tls", 0x7ffcbb61b100)        = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/x86_64/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/x86_64/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/x86_64", 0x7ffcbb61b100)     = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib/x86_64", 0x7ffcbb61b100)     = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/lib/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
openat(AT_FDCWD, "/usr/lib/tls/x86_64/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/tls/x86_64/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/tls/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/tls/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/tls/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/tls/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/tls/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/tls", 0x7ffcbb61b100)    = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/x86_64/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/x86_64/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/x86_64/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib/x86_64", 0x7ffcbb61b100) = -1 ENOENT (没有那个文件或目录)
openat(AT_FDCWD, "/usr/lib/libr_util.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (没有那个文件或目录)
stat("/usr/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
writev(2, [{iov_base="r2", iov_len=2}, {iov_base=": ", iov_len=2}, {iov_base="error while loading shared libra"..., iov_len=36}, {iov_base=": ", iov_len=2}, {iov_base="libr_util.so", iov_len=12}, {iov_base=": ", iov_len=2}, {iov_base="cannot open shared object file", iov_len=30}, {iov_base=": ", iov_len=2}, {iov_base="No such file or directory", iov_len=25}, {iov_base="\n", iov_len=1}], 10r2: error while loading shared libraries: libr_util.so: cannot open shared object file: No such file or directory
) = 114
exit_group(127)                         = ?

# 添加LDD 链接库位置
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:${HOME}/.local/lib

调试分析

数据结构

typedef struct {
	RLib *l;
	RAsm *a;
	RAnal *anal;
	bool oneliner;
	bool coutput;
	bool json;
	bool quiet;
} RAsmState;
typedef struct r_asm_t {
	RArch *arch;
	RArchConfig *config;
	ut64 pc;
	void *user;
	RArchSession *ecur; // encode current
	RArchSession *dcur; // decode current
	RList *plugins;
	RAnalBind analb; // Should be RArchBind instead, but first we need to move all the anal plugins.. well not really we can kill it imho
	RParse *ifilter;
	RParse *ofilter;
	Sdb *pair;
	RSyscall *syscall;
	RNum *num;
	int dataalign;
	int codealign;
	HtPP *flags;
	bool pseudo; // should be implicit by RParse
	RParse *parse;
} RAsm;
typedef struct r_anal_t {
	RArchConfig *config;
	int lineswidth; // asm.lines.width
	int sleep;      // anal.sleep, sleep some usecs before analyzing more (avoid 100% cpu usages)
	RAnalCPPABI cxxabi; // anal.cpp.abi
	void *user;
	ut64 gp;        // anal.gp, global pointer. used for mips. but can be used by other arches too in the future
	RBTree bb_tree; // all basic blocks by address. They can overlap each other, but must never start at the same address.
	RList *fcns;
	HtUP *ht_addr_fun; // address => function
	HtPP *ht_name_fun; // name => function
	RReg *reg;
	ut8 *last_disasm_reg;
	int last_disasm_reg_size;
	RSyscall *syscall;
	int diff_ops;
	double diff_thbb;
	double diff_thfcn;
	RIOBind iob;
	RFlagBind flb;
	RFlagSet flg_class_set;
	RFlagGet flg_class_get;
	RFlagSet flg_fcn_set;
	RBinBind binb; // Set only from core when an analysis plugin is called.
	RCoreBind coreb;
	int maxreflines; // asm.lines.maxref
	int esil_goto_limit; // esil.gotolimit
	struct r_esil_t *esil; // R2_590 remove
	struct r_anal_plugin_t *cur;
	struct r_esil_plugin_t *esil_cur; // ???
	RArch *arch;
	RAnalRange *limit; // anal.from, anal.to
	RList *plugins; // anal plugins
	Sdb *sdb_types;
	Sdb *sdb_fmts;
	Sdb *sdb_zigns;
	RefManager *rm;
	RSpaces zign_spaces;
	char *zign_path; // dir.zigns
	PrintfCallback cb_printf;
	RPrint *print;
	//moved from RAnalFcn
	Sdb *sdb; // root
	Sdb *sdb_pins;
	HtUP/*<RVector<RAnalAddrHintRecord>>*/ *addr_hints; // all hints that correspond to a single address
	RBTree/*<RAnalArchHintRecord>*/ arch_hints;
	RBTree/*<RAnalArchBitsRecord>*/ bits_hints;
	RHintCb hint_cbs;
	RIntervalTree meta;
	RSpaces meta_spaces;
	Sdb *sdb_cc; // calling conventions
	Sdb *sdb_classes;
	Sdb *sdb_classes_attrs;
	RAnalCallbacks cb;
	RAnalOptions opt;
	RList *reflines;
	RListComparator columnSort;
	int stackptr;
	bool (*log)(struct r_anal_t *anal, const char *msg);
	bool (*read_at)(struct r_anal_t *anal, ut64 addr, ut8 *buf, int len);
	bool verbose;
	RFlagGetAtAddr flag_get;
	REvent *ev;
	RList/*<char *>*/ *imports; // global imports
	SetU *visited;
	RStrConstPool constpool;
	RList *leaddrs;
	char *pincmd;
	/* private */
	RThreadLock *lock;
	ut64 cmpval;
	ut64 lea_jmptbl_ip;
	int cs_obits;
	int cs_omode;
	size_t cs_handle;
	bool uses; // false = nothing, true = arch plugin
	int thread; // see apt command
	RList *threads;
	RColor tracetagcolors[64]; // each trace color for each bit
	/* end private */
	R_DIRTY_VAR;
} RAnal;
typedef struct r_lib_t {
	/* linked list with all the plugin handler */
	/* only one handler per handler-id allowed */
	/* this is checked in add_handler function */
	char *symname;
	char *symnamefunc;
	RList /*RLibPlugin*/ *plugins;
	RList /*RLibHandler*/ *handlers;
	RLibHandler *handlers_bytype[R_LIB_TYPE_LAST];
	bool ignore_version;
	// hashtable plugname = &plugin
	HtPP *plugins_ht;
} RLib;

gdb --args rasm2 -a arm -b 64 -d -A FD7BB9A9
b main
(gdb) s
r_main_rasm2 (argc=32767, argv=0x7fffffffdd50) at rasm2.c:712
712     R_API int r_main_rasm2(int argc, const char *argv[]) {
(gdb) n
908                     bool canbebig = r_asm_set_big_endian (as->a, isbig);
(gdb) p *as->a->syscall 
$10 = {fd = 0x0, arch = 0x555555583650 "arm", os = 0x55555559ef60 "linux", bits = 64, cpu = 0x555555583590 "arm", sysptr = 0x0, 
  sysport = 0x7ffff6149160 <sysport_x86>, db = 0x5555555d40e0, srdb = 0x5555555d13a0, refs = 0}
1013            } else if (opt.argv[opt.ind]) {
(gdb) p opt.argv[opt.ind]
$11 = 0x7fffffffe62f "FD7BB9A9"
(gdb) n
1075                            ret = rasm_disasm (as, offset, (char *)usrstr, len,

rasm_disasm

// https://github.com/radareorg/radare2/blob/master/libr/main/rasm2.c#L441
rasm_disasm (as=0x5555555592a0, addr=0, buf=0x5555555a0ec0 "FD7BB9A9", len=8, bits=64, bin=0, hex=0) at rasm2.c:443
(gdb) n
450             int blen = is_binary (buf); // 0
// 进行反汇编
#0  r_asm_mdisassemble (a=0x5555555594e0, buf=0x5555555a0ea0 "\375{\271\251UU", len=4) at asm.c:561
(gdb) p /x *buf@4
$18 = {0xfd, 0x7b, 0xb9, 0xa9}
#0  r_asm_disassemble (a=0x5555555594e0, op=0x7fffffffd790, buf=0x5555555a0ea0 "\375{\271\251UU", len=4) at asm.c:373

394                     ret = a->analb.decode (a->analb.anal, op, a->pc, buf, len, R_ARCH_OP_MASK_ESIL | R_ARCH_OP_MASK_DISASM);
#0  r_anal_op (anal=0x5555555599b0, op=0x7fffffffd790, addr=0, data=0x5555555a0ea0 "\375{\271\251UU", len=4, mask=17) at op.c:142

#0  decode (as=0x55555559ef10, op=0x7fffffffd790, mask=17) at p/arm/plugin_cs.c:4632
#1  0x00007ffff69098a2 in r_arch_decode (a=0x55555555a390, op=0x7fffffffd790, mask=17) at arch.c:287

(gdb) n
r_anal_op (anal=0x5555555599b0, op=0x7fffffffd790, addr=0, data=0x5555555a0ea0 "\375{\271\251UU", len=4, mask=17) at op.c:174
174                     if (!r_arch_decode (anal->arch, op, mask) || op->size <= 0) {
(gdb) n
182                             ret = op->size;
(gdb) n
195                     op->addr = addr;
(gdb) n
197                     if (op->nopcode < 1) {
(gdb) n
198                             op->nopcode = 1;
(gdb) n
197                     if (op->nopcode < 1) {
(gdb) n
224             if (!op->mnemonic && (mask & R_ARCH_OP_MASK_DISASM)) {
(gdb) n
229             if (mask & R_ARCH_OP_MASK_HINT) {
(gdb) n
236             if (ret == -1) {
(gdb) n
246             return ret;

执行结束
#0  r_asm_disassemble (a=0x5555555594e0, op=0x7fffffffd790, buf=0x5555555a0ea0 "\375{\271\251UU", len=4) at asm.c:433
(gdb) p *op
$32 = {mnemonic = 0x5555555a0fb0 "stp x29, x30, [sp, -0x70]!", addr = 0, t

analop 反汇编

// https://github.com/radareorg/radare2/blob/c28f2ba029492b46b7f567570402e61e6405d8cd/libr/arch/p/arm/plugin_cs.c#L4542
// 默认使用 capstone 解析
#0  AArch64_getInstruction (ud=93824992426848, code=0x5555555817d0 "\375{\271\251UU", code_len=4, instr=0x7fffffffd190, size=0x7fffffffcf16, 
    address=0, info=0x5555555982f0) at arch/AArch64/AArch64Disassembler.c:362
#1  0x00007ffff6c57689 in cs_disasm (ud=93824992426848, buffer=0x5555555817d0 "\375{\271\251UU", size=4, offset=0, count=1, insn=0x7fffffffd5a8)
    at cs.c:933


op->mnemonic = r_str_newf ("%s%s%s",
				insn->mnemonic,
				insn->op_str[0]? " ": "",
				insn->op_str);
(gdb) p *insn
$38 = {id = 1035, address = 0, size = 4, bytes = "\375{\271\251", '\000' <repeats 19 times>, mnemonic = "stp", '\000' <repeats 28 times>, 
  op_str = "x29, x30, [sp, #-0x70]!", '\000' <repeats 136 times>, detail = 0x5555555ae900}

cs_disasm

// https://github.com/capstone-engine/capstone/blob/next/cs.c#L862
b cs.c:933
r = handle->disasm(ud, buffer, size, &mci, &insn_size, offset, handle->getinsn_info);
#0  AArch64_getInstruction (ud=93824992426848, code=0x5555555817d0 "\375{\271\251UU", code_len=4, instr=0x7fffffffd190, size=0x7fffffffcf16, 
    address=0, info=0x5555555982f0) at arch/AArch64/AArch64Disassembler.c:362
	if (r) {
		SStream ss;
		SStream_Init(&ss);

		mci.flat_insn->size = insn_size;

		// map internal instruction opcode to public insn ID

		handle->insn_id(handle, insn_cache, mci.Opcode);

		handle->printer(&mci, &ss, handle->printer_info);
		fill_insn(handle, insn_cache, ss.buffer, &mci, handle->post_printer, buffer);

		// adjust for pseudo opcode (X86)
		if (handle->arch == CS_ARCH_X86)
			insn_cache->id += mci.popcode_adjust;

		next_offset = insn_size;
	}

libarch

Small and Lightweight ARM64/AArch64 Disassembly Framework.

rm -rf build && mkdir build && cd build
cmake .. -DCMAKE_BUILD_TYPE
make -j

./tools/libarch-debug FD7BB9A9

本文内容由网友自发贡献，版权归原作者所有，本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容，请联系:hwhale#tublm.com(使用前将#替换为@)

Debug

radare2 使用记录的相关文章

VSCode-Python传参数进行Debug

新建demo py import argparse def parse args description debug example parser argparse ArgumentParser description descriptio
radare2 使用记录

radare2 使用记录编译调试分析数据结构 rasm disasm analop 反汇编 cs disasm libarch 编译 radare2 UNIX like reverse engineering framework an
WebStorm Debug 配置

WebStorm 调试配置所需工具 Chrome 浏览器 Chrome 浏览器插件 JetBrains IDE Support WebStorm 配置过程首先下载 Chrome 浏览器以及 JetBrains IDE Support
linux下eclipse C++ 多线程调试

初学linux编程想要用linux下eclipse C 多线程调试发现相关资料很少所以想写一篇这样的文章在这个页面看到这里 If you use eclipse CDT you probably understand that e
Centos7 firewall-cmd 命令报错 ModuleNotFoundError: No module named ‘gi‘

安装了python3的解释器并设置新默认路径后 python是指向python3的而原来的系统firewall cmd 是命令脚本是使用python2的而python3没有对应包需要修改firewall cmd命令脚本让它依旧使用p
【汇编语言05】第4章第一个程序

目录 0 前言 1 源程序从编写到执行 1 1 第1步编写汇编源程序 1 2 第2步对源程序进行编译连接 1 3 第3步执行可执行文件中的程序 2 简单源程序示例及其组成 2 1 简单源程序示例 2 2 伪指令 2 3 源程序与程序
Using a debugger

Java IDE 中最有用的特性之一就是它们的 debuggers 它可以接入到运行着你的应用的JVM中允许你在任何位置暂停代码的执行以便检查应用的状态要调试 Play 应用需要将其以 debug 模式启动然后把你的 debugg
Android 读取系统属性详解

一背景介绍 Android 系统属性主要有两种 SettingsProvider 和 SystemProperties 二 SettingsProvider详解 2 1 关于Android 设置里的一些属性可以直接通过settings命
成功解决：ModuleNotFoundError: No module named ‘amp_C‘

在使用transformers时在调用Trainer的时候遇到了这个问题原因是apex包有问题这里有解决apex安装包的多一些教程 https blog csdn net Xidian185 article details 12274
Database returned an invalid datetime value. Are time zone definitions for your database installed?

Django gt python manage py runserver时报错 Database returned an invalid datetime value Are time zone definitions for your d
springboot框架在页面和postman访问可以debug进入方法，但是接收方接收到是404的问题

重要性在使用注解开发的过程中如果遇到接口能够debug进去但是接收方接到的是404 导致这种结果的原因是 restController 和 Conroller 这两个注解的导致的 RestController注解相当于 Respons
解决Clipping input data to the valid range for imshow with RGB data ([0..1] for floats or [0..255] for

解决Clipping input data to the valid range for imshow with RGB data 0 1 for floats or 0 255 for integers 报错描述 img plt imre
解决Visual Studio设置C++标准但是_cplusplus始终为199711

目录场景复现 Visual Studio官方说明 C 标准对应表解决方案方法一恢复 cplusplus宏方法二使用 MSVC LANG宏场景复现我在VS2022偶然的一次测试C 标准开发环境发现无论我怎么修改C 语言标准
【KEIL】发生硬件错误卡在HardFault_Handler()的解决办法

1 调试时点击stop按钮 2 调出View gt Register窗口查看R14 LR 的值如果是0xFFFFFFE9 则查看MSP的值若为0xFFFFFFED 则查看PSP的值此处为第一种情况所以查看MSP 3 调出View
【vue】Failed to resolve component: van-cell If this is a native custom element, make sure to exclude

问题描述写vue引入vant组件遇到的问题 Failed to resolve component van cell If this is a native custom element make sure to exclude it f
【debug】error: subprocess-exited-with-error

在安装Python的某个三方包时出现了下面的报错方式 error subprocess exited with error 解决办法解决方案重新安装importlib metadata pip install importlib met
解决Win11休眠一段时间后自动关机的问题

1 Win11系统有以下工作状态 S0 工作状态系统完全可用 S0 睡眠现代待机低功耗空闲网络可用 S1 睡眠 CPU停止工作 S2 睡眠 CPU关闭 S3 睡眠仅保留内存工作 S1 S3 S4 混合睡眠睡眠和休眠状态的组合 S
Python报错：ImportError: cannot import name XXX

Python报错 ImportError cannot import name XXX 起因在使用sklearn部分包库时出现该问题尝试多种方法无果解释及解决方法语句中涉及的包库和已安装的包库出现了版本不一致的问题比如你导入的包库
IDEA如何进行debug调试

IDEA如何进行debug调试第一步设断点打开debug 第二步使用Debug调试的功能键程序调试相信是所有程序员必经之路因为程序写出来是不可能没有错误的当然除了非常简单的一些程序之外相信大家肯定使用过不同的编译软件都有
【日常踩坑】Debug 从入门到入土

文章目录分类事后 addr2line objdump 反汇编计算偏移量优化

随机推荐

Error in nextTick “TypeError Cannot read property ‘xxx‘ of undefined“

报这个错主要是因为子组件还没加载完成就对子组件进行赋值推荐使用第一个 this nextTick gt 修改子组件的内容或 setTimeout gt 修改子组件的内容 50 父组件传值给子组件子组件不能直接修改会报错子组件修改父
JavaScript中的endsWith

如何在JavaScript中检查字符串是否以特定字符结尾示例我有一个字符串 var str mystring 我想知道该字符串是否以结尾我该如何检查 JavaScript中是否有endsWith 方法我有一个解决方案是获取字符串的
嘴说手画一文搞懂Spark的Join

Spark Sql的Join和关系型数据库Sql的Join有很多相同点比如inner join left join right join full join 这是二者都有的概念并且含义相同但是 Spark Sql是分布式执行面对的是
ADB命令开启和关闭飞行模式，两段式操作方式！！！！

开启飞行模式必须要先执行1 再执行2 执行1 adb shell settings put global airplane mode on 1 执行2 adb shell am broadcast a android intent act
Docker部署Elasticsearch集群

编写docker compose yml version 3 7 services es01 image elasticsearch 7 10 1 container name es01 ports 9200 9200 9300 9300
dc-1 靶机渗透学习

环境 Vmware 虚拟机软件 dc 1 靶机ip地址 192 168 202 130 kali攻击机ip地址 192 168 202 129 本次渗透过程kali攻击机和dc靶机都采取NAT模式信息收集首先用ipconfig查看当前k
初始化k8s踩过的坑

问题一 error execution phase preflight couldn t validate the identity of the API Server abort connecting 这个问题网上有很多的解决方法大致有
【OpenCV】分离多通道图像RGB的值

原文地址 http blog csdn net xiaowei cqu article details 7558657 1 计算图像ROI区域RGB的平均值 cvAvg函数 2 通道分离合并的时候要特别的注意分离之后的图像时单通道的灰度
RabbitMQ：使用Java进行操作

使用Java操作消息队列现在我们来看看如何通过Java连接到RabbitMQ服务器并使用消息队列进行消息发送这里一起讲解包括Java基础版本和SpringBoot版本首先我们使用最基本的Java客户端连接方式
shell脚本的发送消息

我们可以利用 Linux 自带的 mesg 和 write 工具向其它用户发送消息需求实现一个向某个用户快速发送消息的脚本输入用户名作为第一个参数后面直接跟要发送的消息脚本需要检测用户是否登录在系统中是否打开消息功能以及当
基于 LLM 的知识图谱另类实践

本文整理自社区用户陈卓见在夜谈 LLM 主题分享上的演讲主要包括以下内容利用大模型构建知识图谱利用大模型操作结构化数据利用大模型使用工具利用大模型构建知识图谱上图是之前我基于大语言模型构建知识图谱的成品图主要是将金融相关的
Go交叉编译

交叉编译是指在一个硬件平台生成另一个硬件平台的可执行文件而Go提供了非常方便的交叉编译方式如何编译 Go交叉编译涉及到几个环境变量的设置 GOARCH GOOS和CGO ENABLED GOARCH 编译目标平台的硬件体系架构 amd
单元测试框架-Junit

JUnit作为Java单元测试中的首选框架在Java开发中使用最为广泛 JUnit 在测试驱动的开发方面有很重要的发展教程 jUnit 教程 w3cschool BeforeAll修饰的可以作为整个Class的初始化操作前置操作 J
IDEA的run maven方式启动

安装jetty插件 1 找到Plugins 查找jetty插件安装 IDEA Jetty Runner 安装好后重启IDEA 安装插件 Maven Helper 方法同Jetty pom xml添加
cocos笔记——如何读取json表

创建json表 1 将所需数据录入excel表格或其他可转换为json表的文档 2 复制表中需要的文字用在线json表转换工具如在线json校验格式化工具中的Excel转json功能将表格转化为json表的格式 3 复制转化好的
Chrome/Edge/Firefox浏览器离线安装包下载地址总汇

Google Chrome谷歌浏览器离完整离线安装包下载地址整理总汇每次重装系统都要为安装 Chrome 而烦恼虽然现在可以直接从谷歌浏览器官网下载在线安装包进行安装但是在线安装包安装的版本不可控大概率是 x86 版本而且在断网
maven切换镜像源

今天像往常一样准备构建项目时报错原因是中央仓库暂停更新导致很多jar包都没有 1 打开settings xml文件 settings xml文件一般在maven的安装目录conf文件夹下 2 切换镜像源定位到
Lecture 9

绪论这一章节介绍的是divide and conquer multiplication divide的意思是分开 conquer的意思是占据控制 divide and conquer直译下来就是分开后控制其实就是分而治之的意思 mul
手动可视化裁剪点云（附open3d python代码）

有时候我们想要在一个比较刁钻的角度截取点云或者想要截取一个多边形区域的点云用代码可能不是那么方便的截取这个时候还是可视化的裁剪比较方便简单代码如下 coding utf 8 import numpy as np import c
radare2 使用记录

radare2 使用记录编译调试分析数据结构 rasm disasm analop 反汇编 cs disasm libarch 编译 radare2 UNIX like reverse engineering framework an

radare2 使用记录

radare2 使用记录

编译

调试分析

数据结构

rasm_disasm

analop 反汇编

cs_disasm

libarch

radare2 使用记录 的相关文章

随机推荐

热门标签

radare2 使用记录的相关文章