radare2
radare2 copied to clipboard
radareorg
pf truncates the output
$ r2 -nn ./r2r/bins/elf/main
> pf {8}? (elf_phdr) @ 0x40
:
struct<elf_phdr>
type : 0x00000040 = type (enum) = 0x6 ; PT_PHDR
flags : 0x00000044 = flags (enum) = 0x5 ; PF_Read_Exec
offset : 0x00000048 = (qword)0x0000000000000040
vaddr : 0x00000050 = (qword)0x0000000000400040
paddr : 0x00000058 = (qword)0x0000000000400040
filesz : 0x00000060 = (qword)0x00000000000001c0
memsz : 0x00000068 = (qword)0x00000000000001c0
align : 0x00000070 = (qword)0x0000000000000008
:
struct<elf_phdr>
type : 0x00000078 = type (enum) = 0x3 ; PT_INTERP
flags : 0x0000007c = flags (enum) = 0x4 ; PF_Read
offset : 0x00000080 = (qword)0x0000000000000200
vaddr : 0x00000088 = (qword)0x0000000000400200
paddr : 0x00000090 = (qword)0x0000000000400200
filesz : 0x00000098 = (qword)0x000000000000001c
memsz : 0x000000a0 = (qword)0x000000000000001c
align : 0x000000a8 = (qword)0x0000000000000001
:
struct<elf_phdr>
type : 0x000000b0 = type (enum) = 0x1 ; PT_LOAD
flags : 0x000000b4 = flags (enum) = 0x5 ; PF_Read_Exec
offset : 0x000000b8 = (qword)0x0000000000000000
vaddr : 0x000000c0 = (qword)0x0000000000400000
paddr : 0x000000c8 = (qword)0x0000000000400000
filesz : 0x000000d0 = (qword)0x00000000000006dc
memsz : 0x000000d8 = (qword)0x00000000000006dc
align : 0x000000e0 = (qword)0x0000000000200000
:
struct<elf_phdr>
type : 0x000000e8 = type (enum) = 0x1 ; PT_LOAD
flags : 0x000000ec = flags (enum) = 0x6 ; PF_Read_Write
offset : 0x000000f0 = (qword)0x00000000000006e0
vaddr : 0x000000f8 = (qword)0x00000000006006e0
paddr : 0x00000100 = (qword)0x00000000006006e0
filesz : 0x00000108 = (qword)0x0000000000000230
memsz : 0x00000110 = (qword)0x0000000000000238
align : 0x00000118 = (qword)0x0000000000200000
:
struct<elf_phdr>
type : 0x00000120 = type (enum) = 0x2 ; PT_DYNAMIC
flags : 0x00000124 = flags (enum) = 0x6 ; PF_Read_Write
offset : 0x00000128 = (qword)0x00000000000006f8
vaddr : 0x00000130 = (qword)0x00000000006006f8
paddr : 0x00000138 = (qword)0x00000000006006f8
This is present from far long time (before 0.10.4 release and might be earlier too). The problem is with the way r_print_format_struct_size function returns the size value. For struct with format, {8}? (elf_phdr) it will return the size of elf_phdr and it won't multiply it by 8. There are three possible solution for this:
- Update r_print_format_struct_size to return after multiplication with the
num(can either be from{num}?ornum?). - update the
cmd_print_format(/libr/core/cmd_print.c) to handle such multiplication internally. - Update r_print_format to not care for block size.
I think first one would be better. But the problem might be that in {8}? and 8? here 8 is only used for specifying that the following struct should be printed this amount of time in either simple way or array form. So I am not sure if updating r_print_format_struct_size is a good option or not.
I am spending most of my time on reading about kernel for kernel task. I won't be able to give enough time to this except for my free time.
for anyone else hitting this from google, here's a workaround:
use [n]? (struct) instead of {n}? (struct)
Can you suggest more examples for the pf help pr?
On 16 Feb 2019, at 22:19, William Casarin [email protected] wrote:
for anyone else hitting this from google, here's a workaround:
use [n]? (struct) instead of {n}? (struct)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
This is still a bug. Right now it prints all 8 entries, but at some points it just reads 0.
[0x00000000]> pf [8]? (elf_phdr) @ 0x40
:
[
struct<elf_phdr>
type : 0x00000040 = type (enum elf_p_type) = 0x6 ; PT_PHDR
flags : 0x00000044 = flags (enum elf_p_flags) = 0x5 ; PF_Read_Exec
offset : 0x00000048 = (qword)0x0000000000000040
vaddr : 0x00000050 = (qword)0x0000000000400040
paddr : 0x00000058 = (qword)0x0000000000400040
filesz : 0x00000060 = (qword)0x00000000000001c0
memsz : 0x00000068 = (qword)0x00000000000001c0
align : 0x00000070 = (qword)0x0000000000000008
struct<elf_phdr>
type : 0x00000078 = type (enum elf_p_type) = 0x3 ; PT_INTERP
flags : 0x0000007c = flags (enum elf_p_flags) = 0x4 ; PF_Read
offset : 0x00000080 = (qword)0x0000000000000200
vaddr : 0x00000088 = (qword)0x0000000000400200
paddr : 0x00000090 = (qword)0x0000000000400200
filesz : 0x00000098 = (qword)0x000000000000001c
memsz : 0x000000a0 = (qword)0x000000000000001c
align : 0x000000a8 = (qword)0x0000000000000001
struct<elf_phdr>
type : 0x000000b0 = type (enum elf_p_type) = 0x1 ; PT_LOAD
flags : 0x000000b4 = flags (enum elf_p_flags) = 0x5 ; PF_Read_Exec
offset : 0x000000b8 = (qword)0x0000000000000000
vaddr : 0x000000c0 = (qword)0x0000000000400000
paddr : 0x000000c8 = (qword)0x0000000000400000
filesz : 0x000000d0 = (qword)0x00000000000006dc
memsz : 0x000000d8 = (qword)0x00000000000006dc
align : 0x000000e0 = (qword)0x0000000000200000
struct<elf_phdr>
type : 0x000000e8 = type (enum elf_p_type) = 0x1 ; PT_LOAD
flags : 0x000000ec = flags (enum elf_p_flags) = 0x6 ; PF_Read_Write
offset : 0x000000f0 = (qword)0x00000000000006e0
vaddr : 0x000000f8 = (qword)0x00000000006006e0
paddr : 0x00000100 = (qword)0x00000000006006e0
filesz : 0x00000108 = (qword)0x0000000000000230
memsz : 0x00000110 = (qword)0x0000000000000238
align : 0x00000118 = (qword)0x0000000000200000
struct<elf_phdr>
type : 0x00000120 = type (enum elf_p_type) = 0x2 ; PT_DYNAMIC
flags : 0x00000124 = flags (enum elf_p_flags) = 0x6 ; PF_Read_Write
offset : 0x00000128 = (qword)0x00000000000006f8
vaddr : 0x00000130 = (qword)0x00000000006006f8
paddr : 0x00000138 = (qword)0x00000000006006f8
filesz : 0x00000140 = (qword)0x0000000000000000
memsz : 0x00000148 = (qword)0x0000000000000000
align : 0x00000150 = (qword)0x0000000000000000
struct<elf_phdr>
type : 0x00000158 = type (enum elf_p_type) = 0x0 ; PT_NULL
flags : 0x0000015c = flags (enum elf_p_flags) = 0x0 ; PF_None
offset : 0x00000160 = (qword)0x0000000000000000
vaddr : 0x00000168 = (qword)0x0000000000000000
paddr : 0x00000170 = (qword)0x0000000000000000
filesz : 0x00000178 = (qword)0x0000000000000000
memsz : 0x00000180 = (qword)0x0000000000000000
align : 0x00000188 = (qword)0x0000000000000000
struct<elf_phdr>
type : 0x00000190 = type (enum elf_p_type) = 0x0 ; PT_NULL
flags : 0x00000194 = flags (enum elf_p_flags) = 0x0 ; PF_None
offset : 0x00000198 = (qword)0x0000000000000000
vaddr : 0x000001a0 = (qword)0x0000000000000000
paddr : 0x000001a8 = (qword)0x0000000000000000
filesz : 0x000001b0 = (qword)0x0000000000000000
memsz : 0x000001b8 = (qword)0x0000000000000000
align : 0x000001c0 = (qword)0x0000000000000000
struct<elf_phdr>
type : 0x000001c8 = type (enum elf_p_type) = 0x0 ; PT_NULL
flags : 0x000001cc = flags (enum elf_p_flags) = 0x0 ; PF_None
offset : 0x000001d0 = (qword)0x0000000000000000
vaddr : 0x000001d8 = (qword)0x0000000000000000
paddr : 0x000001e0 = (qword)0x0000000000000000
filesz : 0x000001e8 = (qword)0x0000000000000000
memsz : 0x000001f0 = (qword)0x0000000000000000
align : 0x000001f8 = (qword)0x0000000000000000
]
The last 3 elf_phdr are not all 0 actually.