11039 Commits

Author SHA1 Message Date
Álvaro Felipe Melchor
57b8b025f1 Fix oob read in disasm.c
READ of size 1 at 0x602000541ccf thread T0
    #0 0x101ab9665 in ds_print_calls_hints disasm.c:3252
    #1 0x101aa69c7 in ds_print_comments_right disasm.c:3306
    #2 0x101a7d937 in r_core_print_disasm disasm.c:3647
    #3 0x1018a1de2 in cmd_print .cmd_print.c:3075
    #4 0x101a26665 in r_cmd_call cmd_api.c:213
    #5 0x1018d90f7 in r_core_cmd_subst_i cmd.c:1948
    #6 0x1018662e9 in r_core_cmd_subst cmd.c:1318
2016-11-15 20:34:48 +01:00
pancake
24ac867d90 Speedup DWARF loading by not checking if files exist 2016-11-15 19:52:22 +01:00
Álvaro Felipe Melchor
7749ceea4e Fix #6196 - NULL dereference 2016-11-15 19:38:18 +01:00
Álvaro Felipe Melchor
1dcd1273fb Fix oob write in disasm.c myregwrite
There was a dangling pointer in esil pointing to RDisasmState

WRITE of size 1 at 0x620000000a88 thread T0
    #0 0x103fab3dc in myregwrite disasm.c:2793
    #1 0x1049544b9 in r_anal_esil_reg_write esil.c:545
    #2 0x1049621e4 in esil_subeq esil.c:1418
    #3 0x1049570e0 in runword esil.c:2365
    #4 0x104955bcf in r_anal_esil_parse esil.c:2466
    #5 0x103f417e4 in r_core_anal_esil anal.c:3145
    #6 0x103df14e0 in cmd_anal_all .cmd_anal.c:4600
    #7 0x103d6c610 in cmd_anal .cmd_anal.c:4829
    #8 0x103f1ee25 in r_cmd_call cmd_api.c:213
    #9 0x103dd7afc in r_core_cmd_subst_i cmd.c:1960
    #10 0x103d66007 in r_core_cmd_subst cmd.c:1311
    #11 0x103d5fd0b in r_core_cmd cmd.c:2477
    #12 0x103d3910c in r_core_prompt_exec core.c:1687
    #13 0x103c9b1de in main radare2.c:1021
    #14 0x7fff9339b5ac in start (libdyld.dylib+0x35ac)
2016-11-15 19:35:28 +01:00
pancake
7f6f58d2d9 Enhancements to reduce false positives in aae syscalls 2016-11-15 19:26:55 +01:00
Maijin
ce9551bb29 Add =SN r7
Add =SN r7
2016-11-15 18:05:59 +01:00
Maijin
90323a3037 Add a syscalls flagspace for aae
Add a syscalls flagspace for aae
2016-11-15 16:35:40 +01:00
pancake
904ebf8e48 Fix null deref issue in the disasm loop 2016-11-15 16:26:23 +01:00
pancake
a7e281b524 Enhanced drpi and use gpr as default arena for flags 2016-11-15 16:20:10 +01:00
pancake
7fb8c24be3 Add drpi to show internal representation of drp and check for overflows 2016-11-15 14:40:16 +01:00
Maijin
a7dd7271d0 sti/cli R_ANAL_OP_TYPE_SWI to R_ANAL_OP_TYPE_MOV
sti/cli R_ANAL_OP_TYPE_SWI to R_ANAL_OP_TYPE_MOV
2016-11-15 13:50:20 +01:00
pancake
f28a62f296 recursive sdb_fmt considered harmful 2016-11-15 13:31:53 +01:00
pancake
72b2249110 aae now flag all syscalls found in the binary 2016-11-15 12:55:09 +01:00
pancake
11f2c4fe4f Add more movk/movz/movn for the arm64 assembler 2016-11-15 11:57:48 +01:00
Álvaro Felipe Melchor
4915466256 Fix oob due to reg arena changes 2016-11-15 01:12:37 +01:00
Álvaro Felipe Melchor
0dca8f8050 Fix #6179 - ELF regression 2016-11-15 00:42:28 +01:00
SkUaTeR
20a9bbd14a Rreg fpu changes (#6191)
* test with rreg for values greater than 64
* check for redirected regs in debug reg sync
2016-11-14 23:58:29 +01:00
Álvaro Felipe Melchor
fd7be23ab9 some fix to parse messed up pe's binaries
* Loosen up the constraints with number of sections

* Set value in ImageBase if zero. The ideal solution would be to pick up a
  value from user through bin.baddr but it's needed an API change
2016-11-14 23:19:13 +01:00
pancake
dbd5b85450 Hide divby0 behind esil.verbose 2016-11-14 15:29:26 +01:00
radare
7852d92713 thumb assembly issues fix #3122 (#6189)
* Fix thumb ldr r0, [rN] assembly

* Handle numeric values for ldr rN, [rN, N]

does not handle special cases with values ending in 0, 4, 8

* Fix ldr assembly for 4 bit values

values that can be expressed with 4 bits care outputted with shorter instructions.

* Add support for blx op with register values

* Fix mov instruction with register as first parm
2016-11-14 14:23:38 +01:00
Sven Steinbauer
cd37be0406 Fix mov instruction with register as first parm 2016-11-14 12:14:51 +00:00
Sven Steinbauer
64bea8794c Add support for blx op with register values 2016-11-14 11:48:49 +00:00
pancake
5322cc17d5 Implement aaT to analyze after traps (and nopsleds) 2016-11-14 12:09:29 +01:00
Sven Steinbauer
ef448c64fe Fix ldr assembly for 4 bit values
values that can be expressed with 4 bits care outputted with shorter instructions.
2016-11-14 09:18:37 +00:00
pancake
a8ad157026 Initial support of linux-arm-32 for ragg2-cc 2016-11-14 04:24:50 +01:00
pancake
3bcad010f1 Add more anal/d/types 2016-11-14 02:15:12 +01:00
pancake
cbcdd4de0c Properly deinitialize the anal.trace after afta 2016-11-14 01:46:39 +01:00
pancake
f40209baf8 Hide loop-max warning for afta 2016-11-14 01:30:14 +01:00
pancake
b070e13f75 esil.verbose honored to reduce warns in afta 2016-11-14 01:17:58 +01:00
pancake
41c91f4db6 Add more types getpid, write, .. 2016-11-14 01:17:42 +01:00
pancake
5878c116d4 Do not set anal.bits twice 2016-11-14 00:13:34 +01:00
Marc
c4428f088d Haddr entrypoints for ELF, PE and mach0 (#6167) 2016-11-13 23:34:45 +01:00
pancake
24e08bb23d Aim to fix the asm.emu regression after the memoization 2016-11-13 23:32:24 +01:00
pancake
15ee118550 Fix r_num_is_float() 2016-11-13 22:12:19 +01:00
pancake
e6ce86c7f3 Do not reload anal plugin if is the same 2016-11-13 22:11:37 +01:00
pancake
7fc002dfd9 Remove unnecessary call to impaddr() and some reindents 2016-11-13 01:40:44 +01:00
pancake
0e9efc635b Honor type in drb (thanks @skuater) 2016-11-13 00:07:06 +01:00
pancake
77f1b4fbf5 Add @arena modifier to the 1st column in the reg profile 2016-11-12 23:19:03 +01:00
pancake
5accea8d56 Fix #6174 - Honor scr.html after the html pipe 2016-11-12 23:02:48 +01:00
Duncan Ogilvie
e16b490db5 fixed incorrect jna/jbe (#6185) 2016-11-12 17:58:00 +01:00
Sebastian Reichel
0deb096ea7 Fix magic files (#6178)
* magic: fix 'Printf format is too long' warnings

* magic: fix warning: Current entry does not yet have a description for adding a MIME type

* magic: fix mime type for debian packages

* magic: workaround for libmagic bug

libmagic currently warns about beshort/leshort type being
printed as "%hd" with the following warning:

Printf format is too long for type `leshort' in description `%hd'

As a workaround the short value can be printed using '%d'
without generating a warning.
2016-11-12 11:10:09 +01:00
Sebastian Reichel
e9383b1441 Arch independent data in share (#6183)
* magic data is architecture independent

* fcnsign data is architecture independent

* opcode data is architecture independent

* syscall data is architecture independent

* hud data is architecture independent
2016-11-12 11:08:34 +01:00
oddcoder
6c853210eb FIX #59999 (#6182)
it was shitty typo, but it helped finding another bug where
r_anal_type_get_size never took arrays in concideration, not it should
work well.
2016-11-12 00:08:40 +02:00
Sven Steinbauer
9eb8802a0e Handle numeric values for ldr rN, [rN, N]
does not handle special cases with values ending in 0, 4, 8
2016-11-11 19:09:42 +00:00
Sven Steinbauer
26cdbfdbdc Fix thumb ldr r0, [rN] assembly 2016-11-11 08:37:06 +00:00
Lowly Worm
7444c14a94 fix leaks and null deref
COV
CID 1365729
CID 1365728
CID 1365727
2016-11-10 22:26:15 -08:00
Álvaro Felipe Melchor
d4b91790b0 bp and sp both must be zero 2016-11-10 13:35:38 +01:00
Álvaro Felipe Melchor
bb6daf8d0f Fix regressiong with aeim 2016-11-10 12:41:22 +01:00
pancake
ec15203dc4 Fix aeim- and show warning when reinitializing aeim 2016-11-10 12:32:34 +01:00
pancake
700955a186 Add HTML pipe for #5934 (x H> a.html) 2016-11-10 12:02:27 +01:00