Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-12-04 19:47:31 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
727fe97c82
radare2/test/db/anal/mips
pancake 9968329d49 Use asm.var.summary=4 by default ##disasm
2024-09-30 23:51:45 +02:00

790 lines
20 KiB
Plaintext
Raw Blame History

NAME=mips hello ref anal
FILE=bins/elf/analysis/mips-hello
CMDS=<<EOF
s sym.main
aac
afl~?
EOF
EXPECT=<<EOF
1
EOF
RUN
NAME=mozi aae functions
FILE=bins/elf/mips-mozi
CMDS=<<EOF
aae
aflc
EOF
EXPECT=<<EOF
427
EOF
RUN
NAME=mips hello ref anal
FILE=bins/elf/analysis/mips.elf
ARGS=-e bin.strings=false -e anal.strings=true
CMDS=<<EOF
s entry0
aae
s 0x0041ed50
pd 5~IGNORE
EOF
EXPECT=<<EOF
0x0041ed58 24a54268 addiu a1, a1, 0x4268 ; 0x474268 ; "IGNORE" ; str.IGNORE
EOF
RUN
NAME=mips hello ref anal subtract
FILE=bins/elf/analysis/busybox-mips
ARGS=-e bin.strings=false -e anal.strings=true
CMDS=<<EOF
aae @entry0
pd 1 @0x00406228
fs strings
axt str.busybox
EOF
EXPECT=<<EOF
0x00406228 fcc38424 addiu a0, a0, -0x3c04 ; 0x44c3fc ; "busybox" ; str.busybox
(nofunc); str.busybox 0x406228 [DATA:r--] addiu a0, a0, -str.busybox
EOF
RUN
NAME=Calculate GP
FILE=bins/elf/analysis/mips64r2-ld-2.28.so
CMDS=<<EOF
s 0x000023f0
pd 1
s 0x00002494
pd 1
EOF
EXPECT=<<EOF
0x000023f0 208084df ld a0, -0x7fe0(gp) ; [0x37020:8]=0x10a0 segment.DYNAMIC
0x00002494 488099df ld t9, -0x7fb8(gp) ; [0x37048:8]=0x134f0
EOF
RUN
NAME=mips ld(load doubleword) instruction
FILE=bins/elf/analysis/mips64r2-busybox-loongson
CMDS=<<EOF
s 0x120004460
f--
pd 1
EOF
EXPECT=<<EOF
0x120004460 208084df ld a0, -0x7fe0(gp) ; [0x1200ee290:8]=0x120005074
EOF
RUN
NAME=gp-based ref
FILE=bins/elf/analysis/mips-hello
CMDS=<<EOF
aae @entry0
axt str.Hello_World
EOF
EXPECT=<<EOF
(nofunc); str.Hello_World 0x805c4 [DATA:r--] addiu a0, v0, str.Hello_World
EOF
RUN
NAME=assembler
FILE=-
CMDS=<<EOF
e asm.arch=mips
e asm.bits=32
e cfg.bigendian=0
pa lui t9, 0x41
e cfg.bigendian=1
pa lui t9, 0x41
e cfg.bigendian=0
pad 4100193c
e cfg.bigendian=1
pad 3c190041
EOF
EXPECT=<<EOF
4100193c
3c190041
lui t9, 0x41
lui t9, 0x41
EOF
RUN
NAME=with-spaces
FILE=-
CMDS=<<EOF
e asm.arch=mips
e asm.bits=32
e cfg.bigendian=0
pa addiu v0, v1, 33
pa addiu v0 v1 33
e cfg.bigendian=1
pa addiu v0, v1, 33
pa addiu v0 v1 33
EOF
EXPECT=<<EOF
21006224
21006224
24620021
24620021
EOF
RUN
NAME=mips hello pseudo move instruction
FILE=bins/elf/analysis/mips-hello
ARGS=-e bin.strings=false -e anal.strings=false
CMDS=<<EOF
pd 1 @main+0x18
e asm.pseudo=true
pd 1 @main+0x18
EOF
EXPECT=<<EOF
0x000805b8 21f0a003 move fp, sp
0x000805b8 21f0a003 fp = sp
EOF
RUN
NAME=mips pseudo sw + 0
FILE=malloc://32
ARGS=-a mips -m 0x80100000
CMDS=<<EOF
e io.va=true
wx 0000beaf
pd 1
e asm.pseudo=true
pd 1
EOF
EXPECT=<<EOF
0x80100000 0000beaf sw fp, (sp)
0x80100000 0000beaf [sp + 0] = fp
EOF
RUN
NAME=mips LE anal
FILE=malloc://32
CMDS=<<EOF
wx 01001104
e asm.arch=mips
e asm.bits=32
e asm.nbytes=4
ao 1~type:[1]
EOF
EXPECT=<<EOF
call
EOF
RUN
NAME=mips LE back reference
FILE=malloc://32
ARGS=-m 0x80100000
CMDS=<<EOF
e io.va=true
wx 0000000000000000010000100000000000000000
e asm.bits=32
e asm.arch=mips
e asm.nbytes=4
af+ 0x80100000 fcn.test
afb+ 0x80100000 0x80100000 20
pif
EOF
EXPECT=<<EOF
nop
nop
b 0x80100010
nop
nop
EOF
RUN
NAME=mips LE correct relative jump reference if not mapped from command line.
FILE=malloc://40
CMDS=<<EOF
e asm.cmt.calls=false
e asm.bits=32
e asm.arch=mips
e anal.nopskip=false
e asm.cmtcol=0
e asm.comments=false
e asm.lines.bb=false
e asm.lines.jmp=false
e asm.lines.fcn=false
e asm.nbytes=4
wx 0800040c000000000000000000000000000000000000000040040408000000000800e00300000000
aa 2> /dev/null
pdf
EOF
EXPECT=<<EOF
(fcn) fcn.00000000 32
0x00000000 0800040c jal 0x100020
0x00000004 00000000 nop
0x00000008 00000000 nop
0x0000000c 00000000 nop
0x00000010 00000000 nop
0x00000014 00000000 nop
0x00000018 40040408 j 0x101100
0x0000001c 00000000 nop
EOF
RUN
NAME=mips LE correct relative jump reference if mapped from command line.
FILE=malloc://40
ARGS=-m 0x80100000
CMDS=<<EOF
e io.va=true
e asm.cmt.calls=false
e asm.bits=32
e asm.arch=mips
e asm.lines.bb=false
e asm.lines.jmp=false
e asm.lines.fcn=false
e asm.nbytes=4
wx 0800040c000000000000000000000000000000000000000040040408000000000800e00300000000
af 2> /dev/null
pd 10
afl
EOF
EXPECT=<<EOF
(fcn) fcn.80100000 32
0x80100000 0800040c jal fcn.80100020
0x80100004 00000000 nop
0x80100008 00000000 nop
0x8010000c 00000000 nop
0x80100010 00000000 nop
0x80100014 00000000 nop
0x80100018 40040408 j 0x80101100
0x8010001c 00000000 nop
; CALL XREF from fcn.80100000 @ 0x80100000(x)
(fcn) fcn.80100020 8
0x80100020 0800e003 jr ra
0x80100024 00000000 nop
0x80100000 1 32 fcn.80100000
0x80100020 1 8 fcn.80100020
EOF
RUN
NAME=mips branch delay function sizing.
FILE=malloc://20
ARGS=-m 0x80100000
CMDS=<<EOF
e io.va=true
e asm.cmt.calls=false
e asm.bits=32
e asm.arch=mips
e asm.nbytes=4
e asm.lines.bb=false
e asm.lines.jmp=0
e asm.lines.fcn=false
s 0x80100000
wx 0800e0030a184400000000000000000000000
af 2>/dev/null
pdf
EOF
EXPECT=<<EOF
(fcn) fcn.80100000 8
0x80100000 0800e003 jr ra
0x80100004 0a184400 movz v1, v0, a0
EOF
RUN
NAME=mips branch delay function sizing.
FILE=malloc://20
CMDS=<<EOF
e asm.cmt.calls=false
e asm.bits=32
e asm.arch=mips
e asm.nbytes=4
e asm.lines.fcn=false
wx 0800e0030a184400000000000000000000000
af 2> /dev/null
pdf
EOF
EXPECT=<<EOF
(fcn) fcn.00000000 8
0x00000000 0800e003 jr ra
0x00000004 0a184400 movz v1, v0, a0
EOF
RUN
NAME=mips branch delay function sizing with conditional jump loop.
FILE=malloc://40
ARGS=-m 0x80100000
CMDS=<<EOF
e io.va=true
e asm.cmt.calls=false
e asm.bits=32
e asm.arch=mips
e asm.comments=false
e asm.nbytes=4
e asm.lines.bb=false
e asm.lines.jmp=0
e asm.lines.fcn=false
s 0x80100000
wx e0ffbd27000000000100001000000000fdff09150a1844000800e0032000bd27000000000000000000000
af 2> /dev/null
pdf
EOF
EXPECT=<<EOF
(fcn) fcn.80100000 32
0x80100000 e0ffbd27 addiu sp, sp, -0x20
0x80100004 00000000 nop
0x80100008 01000010 b 0x80100010
0x8010000c 00000000 nop
0x80100010 fdff0915 bne t0, t1, 0x80100008
0x80100014 0a184400 movz v1, v0, a0
0x80100018 0800e003 jr ra
0x8010001c 2000bd27 addiu sp, sp, 0x20
EOF
RUN
NAME=mips branch delay function sizing with conditional jump forward.
FILE=malloc://40
ARGS=-m 0x80100000
CMDS=<<EOF
e io.va=true
e asm.cmt.calls=false
e asm.bits=32
e asm.arch=mips
e asm.comments=false
e anal.nopskip=false
e asm.nbytes=4
e asm.lines.bb=false
e asm.lines.jmp=0
e asm.lines.fcn=false
s 0x80100000
wx e0ffbd27000000000100001000000000000000000a1844000800e003 2000bd27000000000000000000000
af 2> /dev/null
pdf
EOF
EXPECT=<<EOF
(fcn) fcn.80100000 32
0x80100000 e0ffbd27 addiu sp, sp, -0x20
0x80100004 00000000 nop
0x80100008 01000010 b 0x80100010
0x8010000c 00000000 nop
0x80100010 00000000 nop
0x80100014 0a184400 movz v1, v0, a0
0x80100018 0800e003 jr ra
0x8010001c 2000bd27 addiu sp, sp, 0x20
EOF
RUN
NAME=mips branch delay function sizing with conditional jump back.
FILE=malloc://40
ARGS=-m 0x80100000
CMDS=<<EOF
e io.va=true
e asm.cmt.calls=false
e asm.arch=mips
e asm.bits=32
e asm.comments=false
e anal.nopskip=false
e asm.nbytes=4
e asm.lines.bb=false
e asm.lines.jmp=false
e asm.lines.fcn=false
wx e0ffbd27000000000000000000000000fdff09150a1844000800e0032000bd27000000000000000000000
af 2> /dev/null
pdf
EOF
EXPECT=<<EOF
(fcn) fcn.80100000 32
0x80100000 e0ffbd27 addiu sp, sp, -0x20
0x80100004 00000000 nop
0x80100008 00000000 nop
0x8010000c 00000000 nop
0x80100010 fdff0915 bne t0, t1, 0x80100008
0x80100014 0a184400 movz v1, v0, a0
0x80100018 0800e003 jr ra
0x8010001c 2000bd27 addiu sp, sp, 0x20
EOF
RUN
NAME=mips branch delay function sizing with conditional jump back then forward.
FILE=malloc://56
ARGS=-m 0x80100000
CMDS=<<EOF
e io.va=true
e asm.cmt.calls=false
e asm.arch=mips
e asm.bits=32
e asm.comments=false
e anal.nopskip=false
e asm.nbytes=4
e asm.lines.bb=false
e asm.lines.jmp=false
e asm.lines.fcn=false
wx e0ffbd27000000000000000000000000fdff09150000000001000010000000000a1844000800e0032000bd27000000000000000000000
af 2> /dev/null
pdf
EOF
EXPECT=<<EOF
(fcn) fcn.80100000 44
0x80100000 e0ffbd27 addiu sp, sp, -0x20
0x80100004 00000000 nop
0x80100008 00000000 nop
0x8010000c 00000000 nop
0x80100010 fdff0915 bne t0, t1, 0x80100008
0x80100014 00000000 nop
0x80100018 01000010 b 0x80100020
0x8010001c 00000000 nop
0x80100020 0a184400 movz v1, v0, a0
0x80100024 0800e003 jr ra
0x80100028 2000bd27 addiu sp, sp, 0x20
EOF
RUN
NAME=mips branch delay function detection #1.
FILE=malloc://160
ARGS=-m 0x8060b4f8
CMDS=<<EOF
e io.va=true
e asm.cmt.calls=false
e asm.bits=32
e asm.arch=mips
e asm.comments=0
e anal.hasnext=1
e anal.nopskip=1
e asm.nbytes=4
e asm.lines.bb=false
e asm.lines.jmp=false
e asm.lines.fcn=false
s 0x8060b4f8
wx 0000000000000000002e0500032e05000f00801021100000492d1808000082900800e003211080000000829007004010000000000016020003160200f8ff451000000000482d180801008424211000000800e003000000000000a290050040100100a524000082a00000a290552d1808010084240800e003000080a000000000e0ffbd27542d180c000000000800e0032000bd270000000000000000
aa 2> /dev/null
pd 38
EOF
EXPECT=<<EOF
0x8060b4f8 00000000 nop
0x8060b4fc 00000000 nop
(fcn) fcn.8060b500 80
`- args(a0, a1)
0x8060b500 002e0500 sll a1, a1, 0x18
0x8060b504 032e0500 sra a1, a1, 0x18
0x8060b508 0f008010 beqz a0, 0x8060b548
0x8060b50c 21100000 move v0, zero
0x8060b510 492d1808 j 0x8060b524
0x8060b514 00008290 lbu v0, (a0)
0x8060b518 0800e003 jr ra
0x8060b51c 21108000 move v0, a0
0x8060b520 00008290 lbu v0, (a0)
0x8060b524 07004010 beqz v0, 0x8060b544
0x8060b528 00000000 nop
0x8060b52c 00160200 sll v0, v0, 0x18
0x8060b530 03160200 sra v0, v0, 0x18
0x8060b534 f8ff4510 beq v0, a1, 0x8060b518
0x8060b538 00000000 nop
0x8060b53c 482d1808 j 0x8060b520
0x8060b540 01008424 addiu a0, a0, 1
0x8060b544 21100000 move v0, zero
0x8060b548 0800e003 jr ra
0x8060b54c 00000000 nop
(fcn) fcn.8060b550 36
`- args(a0, a1)
0x8060b550 0000a290 lbu v0, (a1)
0x8060b554 05004010 beqz v0, 0x8060b56c
0x8060b558 0100a524 addiu a1, a1, 1
0x8060b55c 000082a0 sb v0, (a0)
0x8060b560 0000a290 lbu v0, (a1)
0x8060b564 552d1808 j 0x8060b554
0x8060b568 01008424 addiu a0, a0, 1
0x8060b56c 0800e003 jr ra
0x8060b570 000080a0 sb zero, (a0)
0x8060b574 00000000 nop
(fcn) fcn.8060b578 20
`- args(a0, a1)
0x8060b578 e0ffbd27 addiu sp, sp, -0x20
0x8060b57c 542d180c jal fcn.8060b550
0x8060b580 00000000 nop
0x8060b584 0800e003 jr ra
0x8060b588 2000bd27 addiu sp, sp, 0x20
0x8060b58c 00000000 nop
EOF
RUN
NAME=GNU mips branch delay function detection #1.
FILE=malloc://160
ARGS=-m 0x8060b4f8
BROKEN=1
CMDS=<<EOF
e io.va=true
e asm.bits=32
e asm.arch=mips.gnu
e asm.comments=0
e anal.hasnext=1
e anal.nopskip=1
e asm.nbytes=4
e asm.lines.bb=false
e asm.lines.jmp=false
e asm.lines.fcn=false
s 0x8060b4f8
wx 0000000000000000002e0500032e05000f00801021100000492d1808000082900800e003211080000000829007004010000000000016020003160200f8ff451000000000482d180801008424211000000800e003000000000000a290050040100100a524000082a00000a290552d1808010084240800e003000080a000000000e0ffbd27542d180c000000000800e0032000bd270000000000000000
aa 2> /dev/null
pd 38
EOF
EXPECT=<<EOF
0x8060b4f8 00000000 nop
0x8060b4fc 00000000 nop
(fcn) fcn.8060b500 80
0x8060b500 002e0500 sll a1, a1, 0x18
0x8060b504 032e0500 sra a1, a1, 0x18
0x8060b508 0f008010 beqz a0, 0x8060b548
0x8060b50c 21100000 move v0, zero
0x8060b510 492d1808 j 0x8060b524
0x8060b514 00008290 lbu v0, 0(a0)
0x8060b518 0800e003 jr ra
0x8060b51c 21108000 move v0, a0
0x8060b520 00008290 lbu v0, 0(a0)
0x8060b524 07004010 beqz v0, 0x8060b544
0x8060b528 00000000 nop
0x8060b52c 00160200 sll v0, v0, 0x18
0x8060b530 03160200 sra v0, v0, 0x18
0x8060b534 f8ff4510 beq v0, a1, 0x8060b518
0x8060b538 00000000 nop
0x8060b53c 482d1808 j 0x8060b520
0x8060b540 01008424 addiu a0, a0, 1
0x8060b544 21100000 move v0, zero
0x8060b548 0800e003 jr ra
0x8060b54c 00000000 nop
(fcn) fcn.8060b550 36
0x8060b550 0000a290 lbu v0, 0(a1)
0x8060b554 05004010 beqz v0, 0x8060b56c
0x8060b558 0100a524 addiu a1, a1, 1
0x8060b55c 000082a0 sb v0, 0(a0)
0x8060b560 0000a290 lbu v0, 0(a1)
0x8060b564 552d1808 j 0x8060b554
0x8060b568 01008424 addiu a0, a0, 1
0x8060b56c 0800e003 jr ra
0x8060b570 000080a0 sb zero, (a0)
0x8060b574 00000000 nop
(fcn) fcn.8060b578 20
0x8060b578 e0ffbd27 addiu sp, sp, -32
0x8060b57c 542d180c jal fcn.8060b550
0x8060b580 00000000 nop
0x8060b584 0800e003 jr ra
0x8060b588 2000bd27 addiu sp, sp, 32
0x8060b58c 00000000 nop
EOF
RUN
NAME=capstone: mips branch delay function detection #1.
FILE=malloc://160
ARGS=-m 0x8060b4f8
CMDS=<<EOF
e io.va=true
e asm.cmt.calls=false
e anal.in=io.maps
e asm.bits=32
e asm.arch=mips
e asm.comments=0
e anal.hasnext=1
e anal.nopskip=1
e asm.nbytes=4
e asm.lines.bb=false
e asm.lines.jmp=false
e asm.lines.fcn=false
s 0x8060b4f8
wx 0000000000000000002e0500032e05000f00801021100000492d1808000082900800e003211080000000829007004010000000000016020003160200f8ff451000000000482d180801008424211000000800e003000000000000a290050040100100a524000082a00000a290552d1808010084240800e003000080a000000000e0ffbd27542d180c000000000800e0032000bd270000000000000000
aa 2> /dev/null
pd 38
EOF
EXPECT=<<EOF
0x8060b4f8 00000000 nop
0x8060b4fc 00000000 nop
(fcn) fcn.8060b500 80
`- args(a0, a1)
0x8060b500 002e0500 sll a1, a1, 0x18
0x8060b504 032e0500 sra a1, a1, 0x18
0x8060b508 0f008010 beqz a0, 0x8060b548
0x8060b50c 21100000 move v0, zero
0x8060b510 492d1808 j 0x8060b524
0x8060b514 00008290 lbu v0, (a0)
0x8060b518 0800e003 jr ra
0x8060b51c 21108000 move v0, a0
0x8060b520 00008290 lbu v0, (a0)
0x8060b524 07004010 beqz v0, 0x8060b544
0x8060b528 00000000 nop
0x8060b52c 00160200 sll v0, v0, 0x18
0x8060b530 03160200 sra v0, v0, 0x18
0x8060b534 f8ff4510 beq v0, a1, 0x8060b518
0x8060b538 00000000 nop
0x8060b53c 482d1808 j 0x8060b520
0x8060b540 01008424 addiu a0, a0, 1
0x8060b544 21100000 move v0, zero
0x8060b548 0800e003 jr ra
0x8060b54c 00000000 nop
(fcn) fcn.8060b550 36
`- args(a0, a1)
0x8060b550 0000a290 lbu v0, (a1)
0x8060b554 05004010 beqz v0, 0x8060b56c
0x8060b558 0100a524 addiu a1, a1, 1
0x8060b55c 000082a0 sb v0, (a0)
0x8060b560 0000a290 lbu v0, (a1)
0x8060b564 552d1808 j 0x8060b554
0x8060b568 01008424 addiu a0, a0, 1
0x8060b56c 0800e003 jr ra
0x8060b570 000080a0 sb zero, (a0)
0x8060b574 00000000 nop
(fcn) fcn.8060b578 20
`- args(a0, a1)
0x8060b578 e0ffbd27 addiu sp, sp, -0x20
0x8060b57c 542d180c jal fcn.8060b550
0x8060b580 00000000 nop
0x8060b584 0800e003 jr ra
0x8060b588 2000bd27 addiu sp, sp, 0x20
0x8060b58c 00000000 nop
EOF
RUN
NAME=capstone: mips branch delay function detection #2.
FILE=malloc://160
ARGS=-m 0x8060b4f8
CMDS=<<EOF
e io.va=true
e asm.cmt.calls=false
e asm.bits=32
e anal.in=io.maps
e asm.arch=mips
e asm.comments=0
e anal.hasnext=1
e anal.nopskip=1
e asm.nbytes=4
e asm.lines.bb=false
e asm.lines.jmp=false
e asm.lines.fcn=true
s 0x8060b4f8
wx 0000000000000000002e0500032e05000f00801021100000492d1808000082900800e003211080000000829007004010000000000016020003160200f8ff451000000000482d180801008424211000000800e003000000000000a290050040100100a524000082a00000a290552d1808010084240800e003000080a000000000e0ffbd27542d180c000000000800e0032000bd270000000000000000
aa 2> /dev/null
pd 38
EOF
EXPECT=<<EOF
0x8060b4f8 00000000 nop
0x8060b4fc 00000000 nop
/ (fcn) fcn.8060b500 80
| `- args(a0, a1)
| 0x8060b500 002e0500 sll a1, a1, 0x18
| 0x8060b504 032e0500 sra a1, a1, 0x18
| 0x8060b508 0f008010 beqz a0, 0x8060b548
| 0x8060b50c 21100000 move v0, zero
| 0x8060b510 492d1808 j 0x8060b524
| 0x8060b514 00008290 lbu v0, (a0)
| 0x8060b518 0800e003 jr ra
| 0x8060b51c 21108000 move v0, a0
| 0x8060b520 00008290 lbu v0, (a0)
| 0x8060b524 07004010 beqz v0, 0x8060b544
| 0x8060b528 00000000 nop
| 0x8060b52c 00160200 sll v0, v0, 0x18
| 0x8060b530 03160200 sra v0, v0, 0x18
| 0x8060b534 f8ff4510 beq v0, a1, 0x8060b518
| 0x8060b538 00000000 nop
| 0x8060b53c 482d1808 j 0x8060b520
| 0x8060b540 01008424 addiu a0, a0, 1
| 0x8060b544 21100000 move v0, zero
| 0x8060b548 0800e003 jr ra
\ 0x8060b54c 00000000 nop
/ (fcn) fcn.8060b550 36
| `- args(a0, a1)
| 0x8060b550 0000a290 lbu v0, (a1)
| 0x8060b554 05004010 beqz v0, 0x8060b56c
| 0x8060b558 0100a524 addiu a1, a1, 1
| 0x8060b55c 000082a0 sb v0, (a0)
| 0x8060b560 0000a290 lbu v0, (a1)
| 0x8060b564 552d1808 j 0x8060b554
| 0x8060b568 01008424 addiu a0, a0, 1
| 0x8060b56c 0800e003 jr ra
\ 0x8060b570 000080a0 sb zero, (a0)
0x8060b574 00000000 nop
/ (fcn) fcn.8060b578 20
| `- args(a0, a1)
| 0x8060b578 e0ffbd27 addiu sp, sp, -0x20
| 0x8060b57c 542d180c jal fcn.8060b550
| 0x8060b580 00000000 nop
| 0x8060b584 0800e003 jr ra
\ 0x8060b588 2000bd27 addiu sp, sp, 0x20
0x8060b58c 00000000 nop
EOF
RUN
NAME=mips big endian strings, calls, etc. analysis
FILE=bins/elf/analysis/mipsbe-ip
CMDS=<<EOF
s 0x00402088
pd 10
EOF
EXPECT=<<EOF
0x00402088 8f84814c lw a0, -main(gp) ; [0x43522c:4]=0x402558 sym.main
0x0040208c 8fa50000 lw a1, (sp)
0x00402090 27a60004 addiu a2, sp, 4
0x00402094 2401fff8 addiu at, zero, -8
0x00402098 03a1e824 and sp, sp, at
0x0040209c 27bdffe0 addiu sp, sp, -0x20
0x004020a0 8f878230 lw a3, -sym._init(gp) ; [0x435310:4]=0x401ff4 sym._init
0x004020a4 8f888114 lw t0, -sym._fini(gp) ; [0x4351f4:4]=0x41eca0 sym._fini
0x004020a8 afa80010 sw t0, 0x10(sp)
0x004020ac afa20014 sw v0, 0x14(sp)
EOF
RUN
NAME=aac on mips be
FILE=bins/elf/analysis/mipsbe-busybox
CMDS=<<EOF
aac
afl~?
EOF
EXPECT=<<EOF
1268
EOF
RUN
NAME=raw aac with maps (less because of wrong map address)
FILE=bins/elf/analysis/mipsbe-busybox
ARGS=-n -m 0x80000 -a mips -b32 -e cfg.bigendian=true
CMDS=<<EOF
aac
afl~?
EOF
EXPECT=<<EOF
4
EOF
RUN
NAME=aav without vinfun
FILE=bins/elf/analysis/mipsbe-busybox
CMDS=<<EOF
af @ 0x0040dea4
e anal.vinfun=false
aav
pd 1 @ 0x0040decc~?andi
EOF
EXPECT=<<EOF
1
EOF
RUN
NAME=aav with vinfun
FILE=bins/elf/analysis/mipsbe-busybox
CMDS=<<EOF
af @ 0x0040ddb0
e anal.vinfun=true
aav
pd 1 @ 0x00463508~?dword
EOF
EXPECT=<<EOF
1
EOF
RUN
NAME=jmptbl
FILE=bins/elf/mips-ncc
CMDS=<<EOF
s 0x004ee1a4
af
s 0x004ee230
pdsf~case
abj~{[0].switch_op.cases}
EOF
EXPECT=<<EOF
0x004ee230 switch table (5 cases) at 0x5a74b4
[{"addr":5238184,"jump":5238184,"value":0},{"addr":5238044,"jump":5238044,"value":1},{"addr":5238184,"jump":5238184,"value":2},{"addr":5239196,"jump":5239196,"value":3},{"addr":5239252,"jump":5239252,"value":4},{"addr":5169720,"jump":5169720,"value":18446744073709551615}]
EOF
RUN
Reference in New Issue View Git Blame Copy Permalink