Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-01-27 08:12:44 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
radare2/test/db/anal/avr
Khairul Azhar Kasmiran e786676bc4 Reclassify some AVR instructions away from SWI ##anal
2021-02-07 01:12:36 +01:00

793 lines
14 KiB
Plaintext
Raw Blame History

NAME=avr DISasm: [0e940b10 => 0x00002016] (ANAL)
FILE=malloc://4096
CMDS=<<EOF
e asm.arch=avr
wx 0e940b10 @ 0x2d0
s 0x2d0
ao 1~^jump[1]
EOF
EXPECT=<<EOF
0x00002016
EOF
RUN
NAME=avr DISasm: [0e940b10 => call] - jump check
FILE=malloc://4096
CMDS=<<EOF
e asm.arch=avr
s 0x2d0
wx 0e940b10
ao 1~jump
EOF
EXPECT=<<EOF
jump: 0x00002016
EOF
RUN
NAME=avr DISasm: [sts] - jump check
FILE=malloc://4096
CMDS=<<EOF
e asm.arch=avr
s 0x2d0
wx 9093c007
ao 1~jump
EOF
EXPECT=<<EOF
EOF
RUN
NAME=avr DISasm: negative baddr
FILE=bins/elf/analysis/bugurtos-avr.elf
BROKEN=1
CMDS=<<EOF
s 0x506
pd 2~!1
s+2
pd 1
EOF
EXPECT=<<EOF
call 0x18CE
call 0x18CE
EOF
RUN
NAME=avr DISasm: opcode size
FILE=-
CMDS=<<EOF
e asm.arch=avr
wx 0e941122
ao~size[1]
EOF
EXPECT=<<EOF
4
EOF
RUN
NAME=avr DISasm: IO-Ports
FILE=bins/firmware/arduino_avr.bin
CMDS=pd 1 @ 0x00000170~?IO
EXPECT=<<EOF
1
EOF
RUN
NAME=avr br - forward branch
FILE=malloc://1024
CMDS=<<EOF
wx 61f0 @ 0x136
e asm.arch=avr
e asm.cpu=ATmega8
pi 1 @ 0x136
ao 1 @ 0x136 ~^jump[1]
EOF
EXPECT=<<EOF
breq 0x150
0x00000150
EOF
RUN
NAME=avr br - backward branch
FILE=malloc://1024
CMDS=<<EOF
wx e1f7 @ 0x14a
e asm.arch=avr
e asm.cpu=ATmega8
ao 1 @ 0x14a ~^jump[1]
EOF
EXPECT=<<EOF
0x00000144
EOF
RUN
NAME=avr br - backward branch 2
FILE=malloc://1024
CMDS=<<EOF
wx f0cf @ 0x14e
e asm.arch=avr
e asm.cpu=ATmega8
s 0x14e
ao 1 @ 0x14e ~^jump[1]
EOF
EXPECT=<<EOF
0x00000130
EOF
RUN
NAME=avr jmp - absolute jump
FILE=malloc://1024
CMDS=<<EOF
wx 0c941234 @ 0x15e
e asm.arch=avr
e asm.cpu=ATmega8
ao 1 @ 0x15e~^jump[1]
EOF
EXPECT=<<EOF
0x00006824
EOF
RUN
NAME=avr rjmp - simple
FILE=malloc://16384
ARGS=-s 0x3434 -a avr
CMDS=<<EOF
e asm.cpu=ATmega8
wx ffcf
pi 1
ao 1~^jump[1]
EOF
EXPECT=<<EOF
rjmp 0x3434
0x00003434
EOF
RUN
NAME=avr rjmp - relative jump backward at 0x1000
FILE=malloc://8192
ARGS=-s 0x1000 -a avr
CMDS=<<EOF
e asm.cpu=ATmega1280
wx 00c8 01c8 7ec8 7fc8 80c8 81c8
aoe 4
pi 4
EOF
EXPECT=<<EOF
0x1000 2,pc,=
0x1002 6,pc,=
0x1004 258,pc,=
0x1006 262,pc,=
rjmp 0x2
rjmp 0x6
rjmp 0x102
rjmp 0x106
EOF
RUN
NAME=avr rjmp - relative jump backward - at 0
FILE=malloc://8192
ARGS=-a avr
CMDS=<<EOF
e asm.cpu=ATmega1280
wx 00c8 01c8 7ec8 7fc8 80c8 81c8
aoe 4
pi 4
EOF
EXPECT=<<EOF
0x0 -4094,pc,=
0x2 -4090,pc,=
0x4 -3838,pc,=
0x6 -3834,pc,=
rjmp 0xfffff002
rjmp 0xfffff006
rjmp 0xfffff102
rjmp 0xfffff106
EOF
RUN
NAME=avr rjmp - relative jump forward
FILE=malloc://8192
CMDS=<<EOF
wxs 00c0 01c0 02c0 03c0 7ec0 7fc0 80c0 81c0
wxs fec0 ffc0 00c1 01c1 7ec1 7fc1 80c1 81c1
wxs fec1 ffc1 00c2 01c2 7ec2 7fc2 80c2 81c2
wxs fec2 ffc2 00c3 01c3 7ec3 7fc3 80c3 81c3
wxs fec3 ffc3 00c4 01c4 7ec4 7fc4 80c4 81c4
wxs fec4 ffc4 00c5 01c5 7ec5 7fc5 80c5 81c5
wxs fec5 ffc5 00c6 01c6 7ec6 7fc6 80c6 81c6
wxs fec6 ffc6 00c7 01c7 7ec7 7fc7 80c7 81c7
wxs fec7 ffc7
e asm.arch=avr
e asm.cpu=ATmega640
aoe 66 @ 0
EOF
EXPECT=<<EOF
0x0 2,pc,=
0x2 6,pc,=
0x4 10,pc,=
0x6 14,pc,=
0x8 262,pc,=
0xa 266,pc,=
0xc 270,pc,=
0xe 274,pc,=
0x10 526,pc,=
0x12 530,pc,=
0x14 534,pc,=
0x16 538,pc,=
0x18 790,pc,=
0x1a 794,pc,=
0x1c 798,pc,=
0x1e 802,pc,=
0x20 1054,pc,=
0x22 1058,pc,=
0x24 1062,pc,=
0x26 1066,pc,=
0x28 1318,pc,=
0x2a 1322,pc,=
0x2c 1326,pc,=
0x2e 1330,pc,=
0x30 1582,pc,=
0x32 1586,pc,=
0x34 1590,pc,=
0x36 1594,pc,=
0x38 1846,pc,=
0x3a 1850,pc,=
0x3c 1854,pc,=
0x3e 1858,pc,=
0x40 2110,pc,=
0x42 2114,pc,=
0x44 2118,pc,=
0x46 2122,pc,=
0x48 2374,pc,=
0x4a 2378,pc,=
0x4c 2382,pc,=
0x4e 2386,pc,=
0x50 2638,pc,=
0x52 2642,pc,=
0x54 2646,pc,=
0x56 2650,pc,=
0x58 2902,pc,=
0x5a 2906,pc,=
0x5c 2910,pc,=
0x5e 2914,pc,=
0x60 3166,pc,=
0x62 3170,pc,=
0x64 3174,pc,=
0x66 3178,pc,=
0x68 3430,pc,=
0x6a 3434,pc,=
0x6c 3438,pc,=
0x6e 3442,pc,=
0x70 3694,pc,=
0x72 3698,pc,=
0x74 3702,pc,=
0x76 3706,pc,=
0x78 3958,pc,=
0x7a 3962,pc,=
0x7c 3966,pc,=
0x7e 3970,pc,=
0x80 4222,pc,=
0x82 4226,pc,=
EOF
RUN
NAME=avr rjmp - relative jump backward
FILE=malloc://8192
CMDS=<<EOF
wx 00c8 01c8 7ec8 7fc8 80c8 81c8 fec8 ffc8 @ 0x1000
wx 00c9 01c9 7ec9 7fc9 80c9 81c9 fec9 ffc9 @ 0x1010
wx 00ca 01ca 7eca 7fca 80ca 81ca feca ffca @ 0x1020
wx 00cb 01cb 7ecb 7fcb 80cb 81cb fecb ffcb @ 0x1030
wx 00cc 01cc 7ecc 7fcc 80cc 81cc fecc ffcc @ 0x1040
wx 00cd 01cd 7ecd 7fcd 80cd 81cd fecd ffcd @ 0x1050
wx 00ce 01ce 7ece 7fce 80ce 81ce fece ffce @ 0x1060
wx 00cf 01cf 7ecf 7fcf 80cf 81cf fecf ffcf @ 0x1070
e asm.arch=avr
e asm.cpu=ATmega640
aoe 64 @ 0x1000
EOF
EXPECT=<<EOF
0x1000 2,pc,=
0x1002 6,pc,=
0x1004 258,pc,=
0x1006 262,pc,=
0x1008 266,pc,=
0x100a 270,pc,=
0x100c 522,pc,=
0x100e 526,pc,=
0x1010 530,pc,=
0x1012 534,pc,=
0x1014 786,pc,=
0x1016 790,pc,=
0x1018 794,pc,=
0x101a 798,pc,=
0x101c 1050,pc,=
0x101e 1054,pc,=
0x1020 1058,pc,=
0x1022 1062,pc,=
0x1024 1314,pc,=
0x1026 1318,pc,=
0x1028 1322,pc,=
0x102a 1326,pc,=
0x102c 1578,pc,=
0x102e 1582,pc,=
0x1030 1586,pc,=
0x1032 1590,pc,=
0x1034 1842,pc,=
0x1036 1846,pc,=
0x1038 1850,pc,=
0x103a 1854,pc,=
0x103c 2106,pc,=
0x103e 2110,pc,=
0x1040 2114,pc,=
0x1042 2118,pc,=
0x1044 2370,pc,=
0x1046 2374,pc,=
0x1048 2378,pc,=
0x104a 2382,pc,=
0x104c 2634,pc,=
0x104e 2638,pc,=
0x1050 2642,pc,=
0x1052 2646,pc,=
0x1054 2898,pc,=
0x1056 2902,pc,=
0x1058 2906,pc,=
0x105a 2910,pc,=
0x105c 3162,pc,=
0x105e 3166,pc,=
0x1060 3170,pc,=
0x1062 3174,pc,=
0x1064 3426,pc,=
0x1066 3430,pc,=
0x1068 3434,pc,=
0x106a 3438,pc,=
0x106c 3690,pc,=
0x106e 3694,pc,=
0x1070 3698,pc,=
0x1072 3702,pc,=
0x1074 3954,pc,=
0x1076 3958,pc,=
0x1078 3962,pc,=
0x107a 3966,pc,=
0x107c 4218,pc,=
0x107e 4222,pc,=
EOF
RUN
NAME=avr functions 1
FILE=bins/firmware/arduino_avr.bin
CMDS=<<EOF
e asm.arch=avr
aaa
axt 0x28a
EOF
EXPECT=<<EOF
fcn.0000029e 0x328 [CODE] jmp 0x28a
EOF
RUN
NAME=avr functions 2
FILE=-
CMDS=<<EOF
e asm.arch=avr
wx 1895
ao 1~fam[1]
af
afi~type[1]
afi~name[1]
EOF
EXPECT=<<EOF
priv
int
int.00000000
EOF
RUN
NAME=search asm commands with internal grep
FILE=bins/firmware/arduino_avr.bin
ARGS=-a avr
CMDS=/ad ldi~0x6d
EXPECT=<<EOF
0x00000276 # 2: ldi r22, 0x6d
EOF
RUN
NAME=search asm commands with filter
FILE=bins/firmware/arduino_avr.bin
ARGS=-a avr
CMDS=/ad ldi ~ 0x18
EXPECT=<<EOF
0x00001672 # 2: ldi r24, 0x18
0x000019a4 # 2: ldi r18, 0x18
EOF
RUN
NAME=search asm commands with filter and align = 2
FILE=bins/firmware/arduino_avr.bin
ARGS=-a avr
CMDS=<<EOF
e search.align=2
/ad in ~ 0x12
EOF
EXPECT=<<EOF
0x00000282 # 2: in r24, 0x12
EOF
RUN
NAME=Search rop gadgets for in command
FILE=bins/firmware/arduino_avr.bin
ARGS=-a avr
CMDS=<<EOF
e search.align=2
/R in r24
EOF
EXPECT=<<EOF
0x00000280 7304 cpc r7, r3
0x00000282 82b3 in r24, 0x12
0x00000284 8058 subi r24, 0x80
0x00000286 82bb out 0x12, r24
0x00000288 0895 ret
0x00000294 7304 cpc r7, r3
0x00000296 88b3 in r24, 0x18
0x00000298 8058 subi r24, 0x80
0x0000029a 88bb out 0x18, r24
0x0000029c 0895 ret
0x000005c6 8fb5 in r24, 0x2f
0x000005c8 8f77 andi r24, 0x7f
0x000005ca 02c0 rjmp 0x5d0
0x000005cc 8fb5 in r24, 0x2f
0x000005ce 8f7d andi r24, 0xdf
0x000005d0 8fbd out 0x2f, r24
0x000005d2 0895 ret
0x000005d4 85b5 in r24, 0x25
0x000005d6 8f7d andi r24, 0xdf
0x000005d8 85bd out 0x25, r24
0x000005da 0895 ret
EOF
RUN
NAME=Search rop gadgets for IN command with align=2
FILE=bins/firmware/arduino_avr.bin
ARGS=-a avr
CMDS=<<EOF
e search.align=2
/R in r24
EOF
EXPECT=<<EOF
0x00000280 7304 cpc r7, r3
0x00000282 82b3 in r24, 0x12
0x00000284 8058 subi r24, 0x80
0x00000286 82bb out 0x12, r24
0x00000288 0895 ret
0x00000294 7304 cpc r7, r3
0x00000296 88b3 in r24, 0x18
0x00000298 8058 subi r24, 0x80
0x0000029a 88bb out 0x18, r24
0x0000029c 0895 ret
0x000005c6 8fb5 in r24, 0x2f
0x000005c8 8f77 andi r24, 0x7f
0x000005ca 02c0 rjmp 0x5d0
0x000005cc 8fb5 in r24, 0x2f
0x000005ce 8f7d andi r24, 0xdf
0x000005d0 8fbd out 0x2f, r24
0x000005d2 0895 ret
0x000005d4 85b5 in r24, 0x25
0x000005d6 8f7d andi r24, 0xdf
0x000005d8 85bd out 0x25, r24
0x000005da 0895 ret
EOF
RUN
NAME=disasm code after search command IN
FILE=bins/firmware/arduino_avr.bin
ARGS=-a avr
CMDS=<<EOF
s 0
/ad in ~ 0x18
pd 5
EOF
EXPECT=<<EOF
0x00000296 # 2: in r24, 0x18
,=< 0x00000000 0c94ac00 jmp entry0
,==< 0x00000004 0c94db00 jmp 0x1b6
,===< 0x00000008 0c94db00 jmp 0x1b6
,====< 0x0000000c 0c94db00 jmp 0x1b6
,=====< 0x00000010 0c94db00 jmp 0x1b6
EOF
RUN
NAME=entry point and bin format - arduino
FILE=bins/firmware/arduino_avr.bin
CMDS=<<EOF
?v $$
i~arch[1]
EOF
EXPECT=<<EOF
0x158
avr
EOF
RUN
NAME=entry point and bin format - jumpy
FILE=bins/firmware/jumpy.bin
CMDS=<<EOF
?v $$
i~arch[1]
EOF
EXPECT=<<EOF
0x8a
avr
EOF
RUN
NAME=avr search
FILE=bins/firmware/arduino_avr.bin
CMDS=<<EOF
e asm.arch=avr
aaa
/ad call 0x4ec
EOF
EXPECT=<<EOF
0x000003e2 # 4: call fcn.000004ec
EOF
RUN
NAME=avr search - XXX dupped hit
FILE=bins/firmware/arduino_avr.bin
CMDS=<<EOF
e asm.arch=avr
aaa
/ad call 0x4ec
EOF
EXPECT=<<EOF
0x000003e2 # 4: call fcn.000004ec
EOF
RUN
NAME=avr search 2
FILE=bins/firmware/arduino_avr.bin
CMDS=<<EOF
e asm.arch=avr
aac @ 0
axt 0x4ec
EOF
EXPECT=<<EOF
fcn.00000360 0x3e2 [CALL] call fcn.000004ec
EOF
RUN
NAME=avr search 3
FILE=bins/firmware/arduino_avr.bin
CMDS=<<EOF
e asm.arch=avr
aaa
axt 0x4ec
EOF
EXPECT=<<EOF
fcn.00000360 0x3e2 [CALL] call fcn.000004ec
EOF
RUN
NAME=detect false xrefs
FILE=bins/firmware/arduino_avr.bin
CMDS=<<EOF
e asm.arch=avr
e asm.lines=false
aar
pd 4 @ 4
EOF
EXPECT=<<EOF
0x00000004 0c94db00 jmp 0x1b6
0x00000008 0c94db00 jmp 0x1b6
0x0000000c 0c94db00 jmp 0x1b6
0x00000010 0c94db00 jmp 0x1b6
EOF
RUN
NAME=bb generation for SBRx RJMP combo (radare2#12612)
FILE=bins/elf/avr-sbrx-rjmp.elf
CMDS=af@sym.main;afb@sym.main
EXPECT=<<EOF
0x00000000 0x00000016 00:0000 22 j 0x00000018 f 0x00000016
0x00000016 0x00000018 00:0000 2 j 0x0000002e
0x00000018 0x0000001e 00:0000 6 j 0x00000020 f 0x0000001e
0x0000001e 0x00000020 00:0000 2 j 0x0000002a
0x00000020 0x0000002a 00:0000 10 j 0x00000032
0x0000002a 0x0000002e 00:0000 4 j 0x0000002e
0x0000002e 0x00000032 00:0000 4 j 0x00000032
0x00000032 0x00000040 00:0000 14
EOF
RUN
NAME=avr no warnings
FILE=bins/firmware/arduino_avr.bin
CMDS=<<EOF
e asm.arch=avr
s 0x2ee8
af
aae
EOF
EXPECT=<<EOF
EOF
EXPECT_ERR=<<EOF
EOF
RUN
NAME=avr stop anal when invalid instruction is found
FILE=bins/firmware/arduino_avr.bin
CMDS=<<EOF
e asm.arch=avr
aaa
f
EOF
EXPECT=<<EOF
0x00000000 2 r1_r0
0x00000000 2 r17_r16
0x00000000 2 r19_r18
0x00000000 2 r21_r20
0x00000000 2 r23_r22
0x00000000 2 r25_r24
0x00000000 2 r27_r26
0x00000000 2 r31_r30
0x00000000 2 x
0x00000000 2 z
0x00000000 2 pch
0x00000000 1 r0
0x00000000 1 r1
0x00000000 1 r2
0x00000000 1 r3
0x00000000 1 r4
0x00000000 1 r5
0x00000000 1 r6
0x00000000 1 r7
0x00000000 1 r8
0x00000000 1 r9
0x00000000 1 r10
0x00000000 1 r11
0x00000000 1 r12
0x00000000 1 r13
0x00000000 1 r14
0x00000000 1 r15
0x00000000 1 r16
0x00000000 1 r17
0x00000000 1 r18
0x00000000 1 r19
0x00000000 1 r20
0x00000000 1 r21
0x00000000 1 r22
0x00000000 1 r23
0x00000000 1 r24
0x00000000 1 r25
0x00000000 1 r26
0x00000000 1 r27
0x00000000 1 r28
0x00000000 1 r30
0x00000000 1 r31
0x00000000 1 spl
0x00000000 1 sreg
0x00000000 1 rampx
0x00000000 1 rampy
0x00000000 1 rampz
0x00000000 1 rampd
0x00000000 1 eind
0x00000000 1 spmcsr
0x00000066 4 aav.0x00000066
0x00000080 1 r29
0x00000080 1 sph
0x00000158 13478 entry0
0x00000158 2 pcl
0x000001ba 188 fcn.000001ba
0x0000029e 164 fcn.0000029e
0x00000342 5256 fcn.00000342
0x00000360 152 fcn.00000360
0x00000390 4 aav.0x00000390
0x0000048c 24 fcn.0000048c
0x000004a4 72 fcn.000004a4
0x000004ec 76 fcn.000004ec
0x00000504 4 aav.0x00000504
0x0000054e 84 fcn.0000054e
0x000005a2 78 fcn.000005a2
0x000005f0 114 fcn.000005f0
0x00000662 108 fcn.00000662
0x00000770 44 fcn.00000770
0x0000079c 74 fcn.0000079c
0x000007e6 106 fcn.000007e6
0x00000854 14 fcn.00000854
0x00000862 20 fcn.00000862
0x00000876 40 fcn.00000876
0x000008e6 36 fcn.000008e6
0x00000952 178 fcn.00000952
0x00000a04 148 fcn.00000a04
0x00000afc 26 fcn.00000afc
0x00000bae 470 fcn.00000bae
0x00000d78 4 aav.0x00000d78
0x00000dac 92 fcn.00000dac
0x00000e08 92 fcn.00000e08
0x00000e64 56 fcn.00000e64
0x00000e9c 12 fcn.00000e9c
0x00000ea8 198 fcn.00000ea8
0x00000fd0 206 fcn.00000fd0
0x0000120e 106 fcn.0000120e
0x000012fc 26 fcn.000012fc
0x00001316 32 fcn.00001316
0x00001438 2 fcn.00001438
0x0000152c 34 fcn.0000152c
0x00001b0c 36 fcn.00001b0c
0x00001b30 52 fcn.00001b30
0x00001b64 56 fcn.00001b64
0x00001b9c 66 fcn.00001b9c
0x00001bde 46 fcn.00001bde
0x00001c4e 48 fcn.00001c4e
0x00001c84 44 fcn.00001c84
0x00001e78 88 fcn.00001e78
0x00001efe 38 fcn.00001efe
0x00001f24 14 fcn.00001f24
0x00001f32 76 fcn.00001f32
0x00001f7e 100 fcn.00001f7e
0x00001fe2 14 fcn.00001fe2
0x00001ff0 80 fcn.00001ff0
0x00002040 102 fcn.00002040
0x000020a6 102 fcn.000020a6
0x0000220e 96 fcn.0000220e
0x0000246e 34 fcn.0000246e
0x000025dc 156 fcn.000025dc
0x0000268c 138 fcn.0000268c
0x00002818 78 fcn.00002818
0x00002a54 770 fcn.00002a54
0x00002d56 286 fcn.00002d56
0x00002ec8 1682 fcn.00002ec8
0x00002ed8 16 fcn.00002ed8
0x00002ee8 16 fcn.00002ee8
0x00002ef8 18 fcn.00002ef8
0x00002f0a 36 fcn.00002f0a
0x00002f2e 22 fcn.00002f2e
0x00002f44 18 fcn.00002f44
0x00002f56 14 fcn.00002f56
0x00002f64 28 fcn.00002f64
0x00002f80 30 fcn.00002f80
0x00002f9e 22 fcn.00002f9e
0x00002fb4 52 fcn.00002fb4
0x00002fe8 44 fcn.00002fe8
0x00003014 184 fcn.00003014
0x00003048 42 fcn.00003048
0x00003072 24 fcn.00003072
0x000030cc 1198 fcn.000030cc
0x00003116 2 fcn.00003116
0x00003118 8 fcn.00003118
0x0000313a 692 fcn.0000313a
0x000031e0 8 fcn.000031e0
0x000031e8 580 fcn.000031e8
0x00003202 146 fcn.00003202
0x00003294 2 fcn.00003294
0x00003296 34 fcn.00003296
0x000032b8 10 fcn.000032b8
0x000032c2 444 fcn.000032c2
0x0000331a 122 fcn.0000331a
0x0000331e 18 fcn.0000331e
0x00003394 72 fcn.00003394
0x000033ee 14 fcn.000033ee
0x000033fc 14 fcn.000033fc
0x0000342c 48 fcn.0000342c
0x0000343c 52 fcn.0000343c
0x0000347e 8 fcn.0000347e
0x00003486 4 fcn.00003486
0x0000349e 174 fcn.0000349e
0x0000354c 8 fcn.0000354c
0x0000357a 68 fcn.0000357a
0x000035be 22 fcn.000035be
0x000035d4 8 fcn.000035d4
0x000035dc 30 fcn.000035dc
0x00008000 2 r29_r28
0x00008000 2 y
0x00008000 2 sp
EOF
RUN
Reference in New Issue View Git Blame Copy Permalink