rizin icon indicating copy to clipboard operation
rizin copied to clipboard

Published 20 hours ago verified publisher icon rizinorg

There seems to be no way to determine the base of a number when there are no analysis hints defined

Open ret2libc opened this issue 3 years ago • 2 comments

Copied from https://github.com/radareorg/radare2/issues/17727

Description

I'm trying to implement a hotkey to toggle the immediate base in Cutter. For the hotkey to always work correctly, I need to obtain the current immediate base for the selected instruction. However, there seems to be no way to get that information, unless an analysis hint was defined for that particular address earlier. The only alternative I have considered is parsing the opcode, but I'm not sure if that's a good idea (radare supports many different instruction sets, syntaxes, and disassemblers). aoj/ao does not seem to be useful in this case either.

See rizinorg/cutter#2429 (comment) :

@ret2libc

I think there is no way currently to determine what is the base used for a number when no hint is defined yet. I see https://github.com/radareorg/radare2/blob/master/libr/parse/filter.c#L402 , which seems to mean that whatever is returned by the disassembler is shown to the user. Capstone seems to show the number as "decimal" if < 10 (by "decimal" i mean that it doesn't show 0x, but of course numbers < 10 are the same in hex and dec), but you probably can't assume that, as radare2 supports multiple disassemblers.

Expected behavior

[0x00003362]> pd1
│           0x00003362      mov     edx, 5 
[0x00003362]> ahj 0x00003362
[{"addr":13154,"immbase":10}] 
[0x00003362]> pd1 @ 0x00003a94
│           0x00003a94      lea     rax, [0x00007766] 
[0x00003a94]> ahj 0x00003a94
[{"addr":14996,"immbase":16}]

(Or maybe a different command to get the default immediate base or other information that could be useful in this case)

Actual behavior

[0x00003362]> pd1
│           0x00003362      mov     edx, 5 
[0x00003362]> ahj 0x00003362
[] 
[0x00003362]> ahi 10 @ 0x00003362

[0x00003362]> ahj 0x00003362
[{"addr":13154,"immbase":10}] 
(...)

Related to

rizinorg/cutter#2429

ret2libc avatar Mar 02 '21 13:03 ret2libc

@plaets I have copied the issue in Rizin repository as well, just FYI.

ret2libc avatar Mar 02 '21 13:03 ret2libc

This issue has been automatically marked as stale because it has not had recent activity. Considering a lot has probably changed since its creation, we kindly ask you to check again if the issue you reported is still relevant in the current version of rizin. If it is, update this issue with a comment, otherwise it will be automatically closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Sep 16 '22 12:09 stale[bot]