* r_core

- Add cfg var anal.ptrdepth to define analysis depth for indirect references
  - Add support for indirect references to /a (needs more testing)
* r_io
  - Remove perror msg from r_io_read_i()
* r_anal
  - Minor fixups in arm and x86 plugins

TODO

@@ -26,7 +26,6 @@ TODO nibble
 -----------
 * imports from PE doesnt works with /a because there's an indirect call
 * r_bin->relocs // RList of relocations
-* Support indirect references on /a and similars.. (e search.refptr) .. or /A?
 * big-ssl.c big-gmp.c ...
 * native fat bins support (push uncommited changes)
 * diff code analysis

libr/anal/p/anal_arm.c

@@ -56,6 +56,8 @@ static int aop(RAnal *anal, RAnalOp *aop, ut64 addr, const ut8 *data, int len) {
 	aop->addr = addr;
 	aop->type = R_ANAL_OP_TYPE_UNK;
 	aop->length = (arm_mode==16)?2:4;
+	aop->jump = aop->fail = -1;
+	aop->ref = aop->value = -1;
 
 	if (aop == NULL)
 		return aop->length;

libr/anal/p/anal_x86.c

@@ -43,8 +43,8 @@ static int myaop(RAnal *anal, RAnalOp *aop, ut64 addr, const ut8 *data, int len)
 	memset (aop, 0, sizeof (RAnalOp));
 	aop->type = R_ANAL_OP_TYPE_UNK;
 	aop->addr = addr;
-	aop->jump = -1;
-	aop->fail = -1;
+	aop->jump = aop->fail = -1;
+	aop->ref = aop->value = -1;
 
 	switch (buf[0]) {
 	case 0x8a:

libr/anal/p/anal_x86_x86im.c

@@ -21,6 +21,7 @@ static int aop(RAnal *anal, RAnalOp *aop, ut64 addr, const ut8 *data, int len) {
 	aop->type = R_ANAL_OP_TYPE_UNK;
 	aop->addr = addr;
 	aop->jump = aop->fail = -1;
+	aop->ref = aop->value = -1;
 
 	if ((x86im_dec (&io,
 			anal->bits == 32 ? X86IM_IO_MODE_32BIT : X86IM_IO_MODE_64BIT,

libr/core/anal.c

@@ -426,12 +426,54 @@ R_API int r_core_anal_graph_fcn(RCore *core, char *fname, int opts) {
 	return R_FALSE;
 }
 
-#define OPSZ 32
+static int r_core_anal_followptr(RCore *core, ut64 at, ut64 ptr, ut64 ref, int code, int depth) {
+	RAnalOp op;
+	ut8* buf;
+	ut64 dataptr;
+	int wordsize, endian;
+
+	if (depth < 0)
+		return R_FALSE;
+	if (code) {
+		if (ptr == ref) {
+			r_cons_printf ("Cx 0x%08"PFMT64x" 0x%08"PFMT64x"\n",
+					(ut64)(at), (ut64) ref);
+			return R_TRUE;
+		} else {
+			if ((buf = (ut8 *)malloc (core->blocksize)) == NULL)
+				return R_FALSE;
+			if (r_io_read_at (core->io, ptr, buf, core->blocksize) != core->blocksize ||
+				!r_anal_aop (core->anal, &op, ptr, buf, core->blocksize)) {
+				free (buf);
+				return R_FALSE;
+			}
+			free (buf);
+			return r_core_anal_followptr (core, at, op.jump, ref, R_TRUE, depth-1);
+		}
+	} else {
+		if (ptr == ref) {
+			r_cons_printf ("CX 0x%08"PFMT64x" 0x%08"PFMT64x"\n",
+					(ut64)(at), (ut64)ref);
+			return R_TRUE;
+		}
+		if (core->bin->info->big_endian)
+			endian = LIL_ENDIAN;
+		else endian = !LIL_ENDIAN;
+		wordsize = (int)(core->anal->bits/8);
+		if ((dataptr = r_io_read_i (core->io, ptr, wordsize, endian)) == -1) {
+			return R_FALSE;
+		}
+		return r_core_anal_followptr (core, at, dataptr, ref, R_FALSE, depth-1);
+	}
+}
+
+#define OPSZ 8
 R_API int r_core_anal_search(RCore *core, ut64 from, ut64 to, ut64 ref) {
 	ut8 *buf = (ut8 *)malloc (core->blocksize);
+	int ptrdepth = r_config_get_i (core->config, "anal.ptrdepth");
 	int ret, i, count = 0;
 	RAnalOp op;
-	ut32 at;
+	ut64 at;
 	// TODO: get current section range here or gtfo
 	// ???
 	// XXX must read bytes correctly
@@ -444,28 +486,25 @@ R_API int r_core_anal_search(RCore *core, ut64 from, ut64 to, ut64 ref) {
 	if (core->blocksize<=OPSZ)
 		eprintf ("error: block size too small\n");
 	else
-	for (at = from; at < to; at += core->blocksize) {
-		if (r_cons_singleton ()->breaked)
-			break;
-		ret = r_io_read_at (core->io, at, buf, core->blocksize);
-		if (ret != core->blocksize)
-			break;
-		for (i=0; i<core->blocksize-OPSZ; i++) {
-			r_anal_aop (core->anal, &op, at+i, buf+i, sizeof (buf)-i);
-			if (op.jump == ref) {
-				r_cons_printf ("Cx 0x%08"PFMT64x" 0x%08"PFMT64x"\n",
-					(ut64)(at+i), (ut64) ref);
-				count ++;
-			}
-			if (op.ref == ref) {
-				r_cons_printf ("CX 0x%08"PFMT64x" 0x%08"PFMT64x"\n",
-					//(ut64)(ref), (ut64)at+i);
-					(ut64)(at+i), (ut64)ref);
-				count ++;
+		for (at = from; at < to; at += core->blocksize - OPSZ) {
+			if (r_cons_singleton ()->breaked)
+				break;
+			ret = r_io_read_at (core->io, at, buf, core->blocksize);
+			if (ret != core->blocksize)
+				break;
+			for (i=0; i<core->blocksize-OPSZ; i++) {
+				if (!r_anal_aop (core->anal, &op, at+i, buf+i, core->blocksize-i))
+					continue;
+				if (op.jump != -1 &&
+					r_core_anal_followptr (core, at+i, op.jump, ref, R_TRUE, ptrdepth)) {
+					count ++;
+				}
+				if (op.ref != -1 &&
+					r_core_anal_followptr (core, at+i, op.ref, ref, R_FALSE, ptrdepth)) {
+					count ++;
+				}
 			}
 		}
-		at -= OPSZ;
-	}
 	free (buf);
 	return count;
 }

libr/core/asm.c

@@ -16,7 +16,7 @@ R_API char* r_core_asm_search(RCore *core, const char *input, ut64 from, ut64 to
 	return ret;
 }
 
-#define OPSZ 32
+#define OPSZ 8
 R_API int r_core_asm_strsearch(RCore *core, const char *input, ut64 from, ut64 to) {
 	RAsmAop aop;
 	ut64 at, toff = core->offset;

libr/core/config.c

@@ -170,6 +170,7 @@ R_API int r_core_config_init(RCore *core) {
 	r_config_set (cfg, "dir.plugins", LIBDIR"/radare2/");
 	/* anal */
 	r_config_set_i (cfg, "anal.depth", 10);
+	r_config_set_i (cfg, "anal.ptrdepth", 3);
 	r_config_set (cfg, "anal.split", "false");
 	/* asm */
 	r_config_set_i_cb (cfg, "asm.bits", 32,

libr/io/io.c

@@ -169,7 +169,8 @@ R_API ut64 r_io_read_i(struct r_io_t *io, ut64 addr, int sz, int endian) {
 	if (sz < 0) sz = 1;
 	err = r_io_read_at (io, addr, buf, sz);
 	if (err == sz) r_mem_copyendian ((ut8*)&ret, buf, sz, endian);
-	else perror("Cannot read");
+	else return -1;
+	//else perror("Cannot read");
 	return ret;
 }