radareorg
Pressing enter doesn't continue assembly correctly
Hello, I have made a few issues about this problem. Like GDB, it's very useful to do something like "pd", read the assembly, and press enter again to continue the assembly. Last time I brought up this issue, I was told to use "e cmd.repeat = true". This actually is inaccurate as shown below:
$ r2 /bin/ls
-- It's working! Look at the door!
[0x00005430]> b 32
[0x00005430]> pd
;-- entry0:
;-- rip:
0x00005430 31ed xor ebp, ebp
0x00005432 4989d1 mov r9, rdx
0x00005435 5e pop rsi
0x00005436 4889e2 mov rdx, rsp
0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0
0x0000543d 50 push rax
0x0000543e 54 push rsp
0x0000543f 4c8d05ca0701. lea r8, [0x00015c10]
[0x00005430]> PRESSING ENTER DOES NOTHING
[0x00005430]> e cmd.repeat = true
[0x00005430]> pd
;-- entry0:
;-- rip:
0x00005430 31ed xor ebp, ebp
0x00005432 4989d1 mov r9, rdx
0x00005435 5e pop rsi
0x00005436 4889e2 mov rdx, rsp
0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0
0x0000543d 50 push rax
0x0000543e 54 push rsp
0x0000543f 4c8d05ca0701. lea r8, [0x00015c10]
[0x00005430]> ENTER PRESSED
0x000054ae 55 push rbp <-- wrong address. a lot further up in .text
0x000054af 4829fe sub rsi, rdi
0x000054b2 4889e5 mov rbp, rsp
0x000054b5 48c1fe03 sar rsi, 3
0x000054b9 4889f0 mov rax, rsi
0x000054bc 48c1e83f shr rax, 0x3f
0x000054c0 4801c6 add rsi, rax ; '#'
0x000054c3 48d1fe sar rsi, 1
: 0x00005526 662e0f1f8400. nop word cs:[rax + rax]
: ;-- entry1.init:
: 0x00005530 488d3d618e21. lea rdi, [0x0021e398] ; section..jcr
: 0x00005537 48833f00 cmp qword [rdi], 0
,==< 0x0000553b 750b jne 0x5548
|=< 0x0000553d e95effffff jmp 0x54a0 | 0x00005542 660f1f440000 nop word [rax + rax] --> 0x00005548 488b05899a21. mov rax, qword [reloc._Jv_RegisterClasses_216] ; [0x21efd8:8]=0
0x0000554f 4885c0 test rax, rax
[0x00005526]> b 64 switch to 64 block size just to prove the point
[0x00005526]> s 0x5430
[0x00005430]> pd
;-- entry0:
;-- rip:
0x00005430 31ed xor ebp, ebp
0x00005432 4989d1 mov r9, rdx
0x00005435 5e pop rsi
0x00005436 4889e2 mov rdx, rsp
0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0
0x0000543d 50 push rax
0x0000543e 54 push rsp
0x0000543f 4c8d05ca0701. lea r8, [0x00015c10]
0x00005446 488d0d530701. lea rcx, [0x00015ba0] <-- this part is skipped above
0x0000544d 488d3d5ce7ff. lea rdi, [0x00003bb0] ; section..text ; "AWAVAUATA\x89\xfcUSH\x89\xf5H\x83\xecHH\x8b>dH\x8b\x04%("
0x00005454 ff15669b2100 call qword [reloc.__libc_start_main_192] ; [0x21efc0:8]=0
0x0000545a f4 hlt
0x0000545b 0f1f440000 nop dword [rax + rax]
0x00005460 488d3d81a121. lea rdi, [loc.__bss_start] ; 0x21f5e8
0x00005467 488d0581a121. lea rax, [0x0021f5ef]
0x0000546e 55 push rbp
[0x00005430]>
So to recap, after enabling cmd.repeat, when I press repeat on an assembly it doesn't continue disassembling at the correct location.
This is the latest git commit as of 2/23/2018 9:33 AM EST, but it's been happening for a while now
it goes by block size not instruction size
On 23 Feb 2018, at 15:29, msftsecurityteam [email protected] wrote:
Hello, I have made a few issues about this problem. Like GDB, it's very useful to do something like "pd", read the assembly, and press enter again to continue the assembly. Last time I brought up this issue, I was told to use "e cmd.repeat = true". This actually is inaccurate as shown below:
$ r2 /bin/ls -- It's working! Look at the door! [0x00005430]> b 32 [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] [0x00005430]> *** PRESSING ENTER DOES NOTHING *** [0x00005430]> e cmd.repeat = true [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] [0x00005430]> *** ENTER PRESSED *** 0x000054ae 55 push rbp <-- but, it starts way further up in .text than it should 0x000054af 4829fe sub rsi, rdi 0x000054b2 4889e5 mov rbp, rsp 0x000054b5 48c1fe03 sar rsi, 3 0x000054b9 4889f0 mov rax, rsi 0x000054bc 48c1e83f shr rax, 0x3f 0x000054c0 4801c6 add rsi, rax ; '#' 0x000054c3 48d1fe sar rsi, 1 : 0x00005526 662e0f1f8400. nop word cs:[rax + rax] : ;-- entry1.init: : 0x00005530 488d3d618e21. lea rdi, [0x0021e398] ; section..jcr : 0x00005537 48833f00 cmp qword [rdi], 0 ,==< 0x0000553b 750b jne 0x5548 |=< 0x0000553d e95effffff jmp 0x54a0 | 0x00005542 660f1f440000 nop word [rax + rax]--> 0x00005548 488b05899a21. mov rax, qword [reloc._Jv_RegisterClasses_216] ; [0x21efd8:8]=0 0x0000554f 4885c0 test rax, rax [0x00005526]> b 64 *** switch to 64 block size just to prove the point *** [0x00005526]> s 0x5430 [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] 0x00005446 488d0d530701. lea rcx, [0x00015ba0] **** this part is skipped above **** 0x0000544d 488d3d5ce7ff. lea rdi, [0x00003bb0] ; section..text ; "AWAVAUATA\x89\xfcUSH\x89\xf5H\x83\xecHH\x8b>dH\x8b\x04%(" 0x00005454 ff15669b2100 call qword [reloc.__libc_start_main_192] ; [0x21efc0:8]=0 0x0000545a f4 hlt 0x0000545b 0f1f440000 nop dword [rax + rax] 0x00005460 488d3d81a121. lea rdi, [loc.__bss_start] ; 0x21f5e8 0x00005467 488d0581a121. lea rax, [0x0021f5ef] 0x0000546e 55 push rbp [0x00005430]>
So to recap, after enabling cmd.repeat, when I press repeat on an assembly it doesn't continue disassembling at the correct location.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/9479, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lqMd0AAVdChGW_2EBxeOtZ-rhMEuks5tXss9gaJpZM4SQ9Vo.
So how do I get an enter press to continue disassembling where I left off previously? On Fri, Feb 23, 2018 at 11:07 AM radare [email protected] wrote:
it goes by block size not instruction size
On 23 Feb 2018, at 15:29, msftsecurityteam [email protected] wrote:
Hello, I have made a few issues about this problem. Like GDB, it's very useful to do something like "pd", read the assembly, and press enter again to continue the assembly. Last time I brought up this issue, I was told to use "e cmd.repeat = true". This actually is inaccurate as shown below:
$ r2 /bin/ls -- It's working! Look at the door! [0x00005430]> b 32 [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] [0x00005430]> *** PRESSING ENTER DOES NOTHING *** [0x00005430]> e cmd.repeat = true [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] [0x00005430]> *** ENTER PRESSED *** 0x000054ae 55 push rbp <-- but, it starts way further up in .text than it should 0x000054af 4829fe sub rsi, rdi 0x000054b2 4889e5 mov rbp, rsp 0x000054b5 48c1fe03 sar rsi, 3 0x000054b9 4889f0 mov rax, rsi 0x000054bc 48c1e83f shr rax, 0x3f 0x000054c0 4801c6 add rsi, rax ; '#' 0x000054c3 48d1fe sar rsi, 1 : 0x00005526 662e0f1f8400. nop word cs:[rax + rax] : ;-- entry1.init: : 0x00005530 488d3d618e21. lea rdi, [0x0021e398] ; section..jcr : 0x00005537 48833f00 cmp qword [rdi], 0 ,==< 0x0000553b 750b jne 0x5548 |=< 0x0000553d e95effffff jmp 0x54a0 | 0x00005542 660f1f440000 nop word [rax + rax]--> 0x00005548 488b05899a21. mov rax, qword [reloc._Jv_RegisterClasses_216] ; [0x21efd8:8]=0 0x0000554f 4885c0 test rax, rax [0x00005526]> b 64 *** switch to 64 block size just to prove the point
[0x00005526]> s 0x5430 [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] 0x00005446 488d0d530701. lea rcx, [0x00015ba0] **** this part is skipped above **** 0x0000544d 488d3d5ce7ff. lea rdi, [0x00003bb0] ; section..text ; "AWAVAUATA\x89\xfcUSH\x89\xf5H\x83\xecHH\x8b>dH\x8b\x04%(" 0x00005454 ff15669b2100 call qword [reloc.__libc_start_main_192] ; [0x21efc0:8]=0 0x0000545a f4 hlt 0x0000545b 0f1f440000 nop dword [rax + rax] 0x00005460 488d3d81a121. lea rdi, [loc.__bss_start] ; 0x21f5e8 0x00005467 488d0581a121. lea rax, [0x0021f5ef] 0x0000546e 55 push rbp [0x00005430]>
So to recap, after enabling cmd.repeat, when I press repeat on an assembly it doesn't continue disassembling at the correct location.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub < https://github.com/radare/radare2/issues/9479>, or mute the thread < https://github.com/notifications/unsubscribe-auth/AA3-lqMd0AAVdChGW_2EBxeOtZ-rhMEuks5tXss9gaJpZM4SQ9Vo .
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/9479#issuecomment-368053735, or mute the thread https://github.com/notifications/unsubscribe-auth/AGSvM3Q8GtiZGcL7NPRQY5FFVTDCVzEgks5tXuI9gaJpZM4SQ9Vo .
Maybe I am misunderstanding but block size doesn’t appear to be relevant here at all. I disassemble at 0x5430 with block size 32 (0x20), but pressing enter starts disassembly at 0x54ae, 0x7e bytes away? On Fri, Feb 23, 2018 at 12:46 PM MC [email protected] wrote:
So how do I get an enter press to continue disassembling where I left off previously? On Fri, Feb 23, 2018 at 11:07 AM radare [email protected] wrote:
it goes by block size not instruction size
On 23 Feb 2018, at 15:29, msftsecurityteam [email protected] wrote:
Hello, I have made a few issues about this problem. Like GDB, it's very useful to do something like "pd", read the assembly, and press enter again to continue the assembly. Last time I brought up this issue, I was told to use "e cmd.repeat = true". This actually is inaccurate as shown below:
$ r2 /bin/ls -- It's working! Look at the door! [0x00005430]> b 32 [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] [0x00005430]> *** PRESSING ENTER DOES NOTHING *** [0x00005430]> e cmd.repeat = true [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] [0x00005430]> *** ENTER PRESSED *** 0x000054ae 55 push rbp <-- but, it starts way further up in .text than it should 0x000054af 4829fe sub rsi, rdi 0x000054b2 4889e5 mov rbp, rsp 0x000054b5 48c1fe03 sar rsi, 3 0x000054b9 4889f0 mov rax, rsi 0x000054bc 48c1e83f shr rax, 0x3f 0x000054c0 4801c6 add rsi, rax ; '#' 0x000054c3 48d1fe sar rsi, 1 : 0x00005526 662e0f1f8400. nop word cs:[rax + rax] : ;-- entry1.init: : 0x00005530 488d3d618e21. lea rdi, [0x0021e398] ; section..jcr : 0x00005537 48833f00 cmp qword [rdi], 0 ,==< 0x0000553b 750b jne 0x5548 |=< 0x0000553d e95effffff jmp 0x54a0 | 0x00005542 660f1f440000 nop word [rax + rax]--> 0x00005548 488b05899a21. mov rax, qword [reloc._Jv_RegisterClasses_216] ; [0x21efd8:8]=0 0x0000554f 4885c0 test rax, rax [0x00005526]> b 64 *** switch to 64 block size just to prove the point
[0x00005526]> s 0x5430 [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] 0x00005446 488d0d530701. lea rcx, [0x00015ba0] **** this part is skipped above **** 0x0000544d 488d3d5ce7ff. lea rdi, [0x00003bb0] ; section..text ; "AWAVAUATA\x89\xfcUSH\x89\xf5H\x83\xecHH\x8b>dH\x8b\x04%(" 0x00005454 ff15669b2100 call qword [reloc.__libc_start_main_192] ; [0x21efc0:8]=0 0x0000545a f4 hlt 0x0000545b 0f1f440000 nop dword [rax + rax] 0x00005460 488d3d81a121. lea rdi, [loc.__bss_start] ; 0x21f5e8 0x00005467 488d0581a121. lea rax, [0x0021f5ef] 0x0000546e 55 push rbp [0x00005430]>
So to recap, after enabling cmd.repeat, when I press repeat on an assembly it doesn't continue disassembling at the correct location.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub < https://github.com/radare/radare2/issues/9479>, or mute the thread < https://github.com/notifications/unsubscribe-auth/AA3-lqMd0AAVdChGW_2EBxeOtZ-rhMEuks5tXss9gaJpZM4SQ9Vo .
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/9479#issuecomment-368053735, or mute the thread https://github.com/notifications/unsubscribe-auth/AGSvM3Q8GtiZGcL7NPRQY5FFVTDCVzEgks5tXuI9gaJpZM4SQ9Vo .
by editing the code and sending a PR
or using pD instead of pd, but you will get some invalid instructions
On 23 Feb 2018, at 18:46, msftsecurityteam [email protected] wrote:
So how do I get an enter press to continue disassembling where I left off previously?
pd disassembles N instructions, and pD bytes.
in fact pd N
can you confirm this?
On 23 Feb 2018, at 18:50, msftsecurityteam [email protected] wrote:
Maybe I am misunderstanding but block size doesn’t appear to be relevant here at all. I disassemble at 0x5430 with block size 32 (0x20), but pressing enter starts disassembly at 0x54ae, 0x7e bytes away? On Fri, Feb 23, 2018 at 12:46 PM MC [email protected] wrote:
So how do I get an enter press to continue disassembling where I left off previously? On Fri, Feb 23, 2018 at 11:07 AM radare [email protected] wrote:
it goes by block size not instruction size
On 23 Feb 2018, at 15:29, msftsecurityteam [email protected] wrote:
Hello, I have made a few issues about this problem. Like GDB, it's very useful to do something like "pd", read the assembly, and press enter again to continue the assembly. Last time I brought up this issue, I was told to use "e cmd.repeat = true". This actually is inaccurate as shown below:
$ r2 /bin/ls -- It's working! Look at the door! [0x00005430]> b 32 [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] [0x00005430]> *** PRESSING ENTER DOES NOTHING *** [0x00005430]> e cmd.repeat = true [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] [0x00005430]> *** ENTER PRESSED *** 0x000054ae 55 push rbp <-- but, it starts way further up in .text than it should 0x000054af 4829fe sub rsi, rdi 0x000054b2 4889e5 mov rbp, rsp 0x000054b5 48c1fe03 sar rsi, 3 0x000054b9 4889f0 mov rax, rsi 0x000054bc 48c1e83f shr rax, 0x3f 0x000054c0 4801c6 add rsi, rax ; '#' 0x000054c3 48d1fe sar rsi, 1 : 0x00005526 662e0f1f8400. nop word cs:[rax + rax] : ;-- entry1.init: : 0x00005530 488d3d618e21. lea rdi, [0x0021e398] ; section..jcr : 0x00005537 48833f00 cmp qword [rdi], 0 ,==< 0x0000553b 750b jne 0x5548 |=< 0x0000553d e95effffff jmp 0x54a0 | 0x00005542 660f1f440000 nop word [rax + rax]--> 0x00005548 488b05899a21. mov rax, qword [reloc._Jv_RegisterClasses_216] ; [0x21efd8:8]=0 0x0000554f 4885c0 test rax, rax [0x00005526]> b 64 *** switch to 64 block size just to prove the point
[0x00005526]> s 0x5430 [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] 0x00005446 488d0d530701. lea rcx, [0x00015ba0] **** this part is skipped above **** 0x0000544d 488d3d5ce7ff. lea rdi, [0x00003bb0] ; section..text ; "AWAVAUATA\x89\xfcUSH\x89\xf5H\x83\xecHH\x8b>dH\x8b\x04%(" 0x00005454 ff15669b2100 call qword [reloc.__libc_start_main_192] ; [0x21efc0:8]=0 0x0000545a f4 hlt 0x0000545b 0f1f440000 nop dword [rax + rax] 0x00005460 488d3d81a121. lea rdi, [loc.__bss_start] ; 0x21f5e8 0x00005467 488d0581a121. lea rax, [0x0021f5ef] 0x0000546e 55 push rbp [0x00005430]>
So to recap, after enabling cmd.repeat, when I press repeat on an assembly it doesn't continue disassembling at the correct location.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub < https://github.com/radare/radare2/issues/9479>, or mute the thread < https://github.com/notifications/unsubscribe-auth/AA3-lqMd0AAVdChGW_2EBxeOtZ-rhMEuks5tXss9gaJpZM4SQ9Vo .
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/9479#issuecomment-368053735, or mute the thread https://github.com/notifications/unsubscribe-auth/AGSvM3Q8GtiZGcL7NPRQY5FFVTDCVzEgks5tXuI9gaJpZM4SQ9Vo .
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/9479#issuecomment-368086410, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lrxvUymr9OFTH4nugMYxfI0W1ffJks5tXvphgaJpZM4SQ9Vo.
Ok, so I will close this issue then if this is expected behavior On Fri, Feb 23, 2018 at 12:50 PM radare [email protected] wrote:
by editing the code and sending a PR
or using pD instead of pd, but you will get some invalid instructions
On 23 Feb 2018, at 18:46, msftsecurityteam [email protected] wrote:
So how do I get an enter press to continue disassembling where I left off previously?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/9479#issuecomment-368086509, or mute the thread https://github.com/notifications/unsubscribe-auth/AGSvM6aCSZoyKiLu0obwlQu2Zoc2meI6ks5tXvp6gaJpZM4SQ9Vo .
Ok give me a few minutes I will confirm and get back. Apologies for the out of sync responses I am on mobile On Fri, Feb 23, 2018 at 12:52 PM MC [email protected] wrote:
Ok, so I will close this issue then if this is expected behavior On Fri, Feb 23, 2018 at 12:50 PM radare [email protected] wrote:
by editing the code and sending a PR
or using pD instead of pd, but you will get some invalid instructions
On 23 Feb 2018, at 18:46, msftsecurityteam [email protected] wrote:
So how do I get an enter press to continue disassembling where I left off previously?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/9479#issuecomment-368086509, or mute the thread https://github.com/notifications/unsubscribe-auth/AGSvM6aCSZoyKiLu0obwlQu2Zoc2meI6ks5tXvp6gaJpZM4SQ9Vo .
no its not expected, i want to know if the behavious is correct if you run “pd 5”
On 23 Feb 2018, at 18:52, msftsecurityteam [email protected] wrote:
Ok, so I will close this issue then if this is expected behavior On Fri, Feb 23, 2018 at 12:50 PM radare [email protected] wrote:
by editing the code and sending a PR
or using pD instead of pd, but you will get some invalid instructions
On 23 Feb 2018, at 18:46, msftsecurityteam [email protected] wrote:
So how do I get an enter press to continue disassembling where I left off previously?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/9479#issuecomment-368086509, or mute the thread https://github.com/notifications/unsubscribe-auth/AGSvM6aCSZoyKiLu0obwlQu2Zoc2meI6ks5tXvp6gaJpZM4SQ9Vo .
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/9479#issuecomment-368087147, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-llca0J7lO-UfiZvGbweiTjs2hr01ks5tXvrxgaJpZM4SQ9Vo.
"pd 5"
$ r2 /bin/ls -- Did you know that r2 is 10 years old? [0x00005430]> e cmd.repeat = true [0x00005430]> pd 5 ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 [0x00005430]> ENTER PRESSED 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] 0x00005446 488d0d530701. lea rcx, [0x00015ba0] 0x0000544d 488d3d5ce7ff. lea rdi, [0x00003bb0] ; section..text ; "AWAVAUATA\x89\xfcUSH\x89\xf5H\x83\xecHH\x8b>dH\x8b\x04%(" 0x00005454 ff15669b2100 call qword [reloc.__libc_start_main_192] ; [0x21efc0:8]=0 0x0000545a f4 hlt 0x0000545b 0f1f440000 nop dword [rax + rax] 0x00005460 488d3d81a121. lea rdi, [loc.__bss_start] ; 0x21f5e8 0x00005467 488d0581a121. lea rax, [0x0021f5ef] [0x00005454]> ENTER PRESSED 0x0000546e 55 push rbp 0x0000546f 4829f8 sub rax, rdi 0x00005472 4889e5 mov rbp, rsp 0x00005475 4883f80e cmp rax, 0xe ,=< 0x00005479 7615 jbe 0x5490 0x0000547b 488b052e9b21. mov rax, qword [reloc._ITM_deregisterTMCloneTable_176] ; [0x21efb0:8]=0 0x00005482 4885c0 test rax, rax ,=< 0x00005485 7409 je 0x5490 | 0x00005487 5d pop rbp | 0x00005488 ffe0 jmp rax Then i seek back to the beginning, increase the block size, and verify the disassembly is accurate [0x0000547b]> s 0x5430 [0x00005430]> b 64 [0x00005430]> pd ;-- entry0: ;-- rip: 0x00005430 31ed xor ebp, ebp 0x00005432 4989d1 mov r9, rdx 0x00005435 5e pop rsi 0x00005436 4889e2 mov rdx, rsp 0x00005439 4883e4f0 and rsp, 0xfffffffffffffff0 0x0000543d 50 push rax 0x0000543e 54 push rsp 0x0000543f 4c8d05ca0701. lea r8, [0x00015c10] 0x00005446 488d0d530701. lea rcx, [0x00015ba0] 0x0000544d 488d3d5ce7ff. lea rdi, [0x00003bb0] ; section..text ; "AWAVAUATA\x89\xfcUSH\x89\xf5H\x83\xecHH\x8b>dH\x8b\x04%(" 0x00005454 ff15669b2100 call qword [reloc.__libc_start_main_192] ; [0x21efc0:8]=0 0x0000545a f4 hlt 0x0000545b 0f1f440000 nop dword [rax + rax] 0x00005460 488d3d81a121. lea rdi, [loc.__bss_start] ; 0x21f5e8 0x00005467 488d0581a121. lea rax, [0x0021f5ef] 0x0000546e 55 push rbp [0x00005430]>
Seems to look accurate to me
Came back to this issue. Yes what you said above is correct, if I do "pd 5" and then press enter, it continues disassembling at the correct address. If I just do "pd" with no arguments, that's where it runs into trouble
This issue has been automatically marked as stale because it has not had recent activity. Considering a lot has changed since its creation, we kindly ask you to check again if the issue you reported is still relevant in the current version of radare2. If it is, update this issue with a comment, otherwise it will be automatically closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}