mirror of
https://github.com/radareorg/radare2.git
synced 2025-01-25 07:15:19 +00:00
329 lines
8.6 KiB
Plaintext
329 lines
8.6 KiB
Plaintext
NAME=afvx
|
|
FILE=bins/elf/ls.odd
|
|
CMDS=<<EOF
|
|
af
|
|
afvx
|
|
afv=
|
|
EOF
|
|
EXPECT=<<EOF
|
|
afvR
|
|
arg3 0x5312
|
|
afvW
|
|
arg3
|
|
* arg3
|
|
R 0x5312 mov r9, rdx
|
|
EOF
|
|
RUN
|
|
|
|
NAME=afvx2
|
|
FILE=bins/mach0/mac-ls
|
|
CMDS=<<EOF
|
|
af
|
|
afvx
|
|
afv=
|
|
EOF
|
|
EXPECT=<<EOF
|
|
afvR
|
|
argv 0x10000106c
|
|
argc 0x10000106f
|
|
var_640h 0x100001072
|
|
var_648h 0x100001617,0x100001691
|
|
var_654h 0x100001784
|
|
var_650h 0x10000173c,0x100001807,0x10000181c
|
|
var_64ch 0x100001736,0x1000017dd,0x1000017f2
|
|
var_658h 0x1000017d4
|
|
var_660h 0x1000018f1
|
|
var_664h 0x10000190b
|
|
var_670h 0x100001911
|
|
var_34h 0x10000179e
|
|
var_440h 0x1000015f8
|
|
var_30h 0x1000010d6
|
|
var_2eh 0x1000010f0
|
|
afvW
|
|
argv
|
|
argc
|
|
var_640h
|
|
var_648h 0x100001079
|
|
var_654h 0x100001137,0x100001315
|
|
var_650h 0x10000114c,0x1000014f2
|
|
var_64ch 0x100001156,0x1000012d8
|
|
var_658h 0x100001160,0x1000014ce
|
|
var_660h 0x100001597
|
|
var_664h 0x1000015a3
|
|
var_670h 0x1000015ad
|
|
var_34h
|
|
var_440h
|
|
var_30h
|
|
var_2eh
|
|
* argv
|
|
R 0x10000106c mov rbx, rsi
|
|
* argc
|
|
R 0x10000106f mov r14d, edi
|
|
* var_640h
|
|
R 0x100001072 lea rax, [var_640h]
|
|
* var_648h
|
|
R 0x100001617 lea rbx, [var_648h]
|
|
R 0x100001691 lea rsi, [var_648h]
|
|
W 0x100001079 mov qword [var_648h], rax
|
|
* var_654h
|
|
R 0x100001784 cmp dword [var_654h], 0
|
|
W 0x100001137 mov dword [var_654h], 0
|
|
W 0x100001315 mov dword [var_654h], 1
|
|
* var_650h
|
|
R 0x10000173c or ebx, dword [var_650h]
|
|
R 0x100001807 cmp dword [var_650h], 0
|
|
R 0x10000181c cmp dword [var_650h], 0
|
|
W 0x10000114c mov dword [var_650h], 0
|
|
W 0x1000014f2 mov dword [var_650h], 1
|
|
* var_64ch
|
|
R 0x100001736 mov ebx, dword [var_64ch]
|
|
R 0x1000017dd cmp dword [var_64ch], 0
|
|
R 0x1000017f2 cmp dword [var_64ch], 0
|
|
W 0x100001156 mov dword [var_64ch], 0
|
|
W 0x1000012d8 mov dword [var_64ch], 1
|
|
* var_658h
|
|
R 0x1000017d4 cmp dword [var_658h], 0
|
|
W 0x100001160 mov dword [var_658h], 0
|
|
W 0x1000014ce mov dword [var_658h], 1
|
|
* var_660h
|
|
R 0x1000018f1 mov rax, qword [var_660h]
|
|
W 0x100001597 mov qword [var_660h], rcx
|
|
* var_664h
|
|
R 0x10000190b mov edi, dword [var_664h]
|
|
W 0x1000015a3 mov dword [var_664h], eax
|
|
* var_670h
|
|
R 0x100001911 mov rsi, qword [var_670h]
|
|
W 0x1000015ad mov qword [var_670h], rax
|
|
* var_34h
|
|
R 0x10000179e lea rdi, [var_34h]
|
|
* var_440h
|
|
R 0x1000015f8 lea rdi, [var_440h]
|
|
* var_30h
|
|
R 0x1000010d6 lea rdx, [var_30h]
|
|
* var_2eh
|
|
R 0x1000010f0 movzx eax, word [var_2eh]
|
|
EOF
|
|
RUN
|
|
|
|
NAME=Detect register args used only by callee
|
|
FILE=-
|
|
CMDS=<<EOF
|
|
e asm.arch=x86
|
|
e asm.bits=64
|
|
e anal.cc=ms
|
|
wx 40534883ec20418bd8e80a00000003c34883c4205bc3cccc2bca8bc1c3
|
|
aa
|
|
pd 13
|
|
EOF
|
|
EXPECT=<<EOF
|
|
/ 22: fcn.00000000 (int64_t arg1, int64_t arg2, int64_t arg3);
|
|
| ; arg int64_t arg1 @ rcx
|
|
| ; arg int64_t arg2 @ rdx
|
|
| ; arg int64_t arg3 @ r8
|
|
| 0x00000000 4053 push rbx
|
|
| 0x00000002 4883ec20 sub rsp, 0x20
|
|
| 0x00000006 418bd8 mov ebx, r8d ; arg3
|
|
| 0x00000009 e80a000000 call fcn.00000018
|
|
| 0x0000000e 03c3 add eax, ebx
|
|
| 0x00000010 4883c420 add rsp, 0x20
|
|
| 0x00000014 5b pop rbx
|
|
\ 0x00000015 c3 ret
|
|
0x00000016 cc int3
|
|
0x00000017 cc int3
|
|
; CALL XREF from fcn.00000000 @ 0x9
|
|
/ 5: fcn.00000018 (int64_t arg1, int64_t arg2);
|
|
| ; arg int64_t arg1 @ rcx
|
|
| ; arg int64_t arg2 @ rdx
|
|
| 0x00000018 2bca sub ecx, edx ; arg2
|
|
| 0x0000001a 8bc1 mov eax, ecx ; arg1
|
|
\ 0x0000001c c3 ret
|
|
EOF
|
|
RUN
|
|
|
|
NAME=Detect register args type used only by callees
|
|
FILE=bins/pe/rarg_detection.dll
|
|
CMDS=<<EOF
|
|
s sym.rarg_detection.dll_funcB
|
|
af
|
|
s sym.rarg_detection.dll_funcC
|
|
af
|
|
afv
|
|
EOF
|
|
EXPECT=<<EOF
|
|
arg int64_t arg3 @ r8
|
|
arg const char * s @ rcx
|
|
arg int64_t arg2 @ rdx
|
|
EOF
|
|
RUN
|
|
|
|
NAME=Variables in register save stack area
|
|
FILE=bins/pe/testx64.exe
|
|
CMDS=<<EOF
|
|
s 0x14000184c
|
|
af
|
|
afv
|
|
EOF
|
|
EXPECT=<<EOF
|
|
var int64_t var_20h @ rsp+0x48
|
|
var int64_t var_10h @ rbp+0x10
|
|
var int64_t var_18h @ rbp+0x18
|
|
var int64_t var_bp_20h @ rbp+0x20
|
|
EOF
|
|
RUN
|
|
|
|
NAME=Variable access with misc registers (x86)
|
|
FILE=-
|
|
ARGS=-a x86 -b 64
|
|
CMDS=<<EOF
|
|
e asm.flags=false
|
|
e anal.vars.stackname = true
|
|
e anal.cc=ms
|
|
wx 488bc448895808488970104889781841574881ecb00000008364242000488d48884c8d9c24b0000000498b5b10498b7318498b7b20498be3415fc3
|
|
af
|
|
aaef
|
|
afvx
|
|
pdf
|
|
EOF
|
|
EXPECT=<<EOF
|
|
afvR
|
|
var_c0h 0x18
|
|
var_30h 0x21
|
|
var_28h
|
|
var_20h 0x29
|
|
var_18h 0x2d
|
|
var_10h 0x31
|
|
var_a0h
|
|
afvW
|
|
var_c0h 0x18
|
|
var_30h
|
|
var_28h
|
|
var_20h 0x3
|
|
var_18h 0x7
|
|
var_10h 0xb
|
|
var_a0h
|
|
/ 59: fcn.00000000 ();
|
|
| ; var int64_t var_c0h @ rsp+0x20
|
|
| ; var int64_t var_a0h @ rsp+0x40
|
|
| ; var int64_t var_30h @ rsp+0xb0
|
|
| ; var int64_t var_28h @ rsp+0xb8
|
|
| ; var int64_t var_20h @ rsp+0xc0
|
|
| ; var int64_t var_18h @ rsp+0xc8
|
|
| ; var int64_t var_10h @ rsp+0xd0
|
|
| 0x00000000 488bc4 mov rax, var_28h
|
|
| 0x00000003 48895808 mov qword [var_20h], rbx
|
|
| 0x00000007 48897010 mov qword [var_18h], rsi
|
|
| 0x0000000b 48897818 mov qword [var_10h], rdi
|
|
| 0x0000000f 4157 push r15
|
|
| 0x00000011 4881ecb00000. sub rsp, 0xb0
|
|
| 0x00000018 8364242000 and dword [var_c0h], 0
|
|
| 0x0000001d 488d4888 lea rcx, [var_a0h]
|
|
| 0x00000021 4c8d9c24b000. lea r11, [var_30h]
|
|
| 0x00000029 498b5b10 mov rbx, qword [var_20h]
|
|
| 0x0000002d 498b7318 mov rsi, qword [var_18h]
|
|
| 0x00000031 498b7b20 mov rdi, qword [var_10h]
|
|
| 0x00000035 498be3 mov rsp, var_30h
|
|
| 0x00000038 415f pop r15
|
|
\ 0x0000003a c3 ret
|
|
EOF
|
|
RUN
|
|
|
|
|
|
NAME=Variable access with misc registers (ARM)
|
|
FILE=-
|
|
ARGS=-a arm -b 16
|
|
CMDS=<<EOF
|
|
e asm.flags=false
|
|
e asm.comments=false
|
|
e anal.vars.stackname = true
|
|
wx 80b483b000af78600b467b8013467b707b78002b03d07a887b689a6103e07b881a047b689a6100bf0c37bd465df8047b7047
|
|
af
|
|
aaef
|
|
afvx
|
|
pdf
|
|
EOF
|
|
EXPECT=<<EOF
|
|
afvR
|
|
arg1 0x6
|
|
arg2 0x8
|
|
arg3 0xc
|
|
var_10h 0x4,0x2c
|
|
var_ch 0x18,0x22
|
|
var_eh 0x16,0x1e
|
|
var_fh 0x10
|
|
var_4h 0x2c
|
|
afvW
|
|
arg1
|
|
arg2
|
|
arg3
|
|
var_10h
|
|
var_ch 0x6
|
|
var_eh 0xa
|
|
var_fh 0xe
|
|
var_4h
|
|
/ 50: fcn.00000000 (int16_t arg1, int16_t arg2, int16_t arg3);
|
|
| ; var int16_t var_10h @ sp+0x0
|
|
| ; var int8_t var_fh @ sp+0x1
|
|
| ; var int16_t var_eh @ sp+0x2
|
|
| ; var int32_t var_ch @ sp+0x4
|
|
| ; var int16_t var_4h @ sp+0xc
|
|
| ; arg int16_t arg1 @ r0
|
|
| ; arg int16_t arg2 @ r1
|
|
| ; arg int16_t arg3 @ r2
|
|
| 0x00000000 80b4 push {r7}
|
|
| 0x00000002 83b0 sub sp, 0xc
|
|
| 0x00000004 00af add r7, var_10h
|
|
| 0x00000006 7860 str r0, [var_ch]
|
|
| 0x00000008 0b46 mov r3, r1
|
|
| 0x0000000a 7b80 strh r3, [var_eh]
|
|
| 0x0000000c 1346 mov r3, r2
|
|
| 0x0000000e 7b70 strb r3, [var_fh]
|
|
| 0x00000010 7b78 ldrb r3, [var_fh]
|
|
| 0x00000012 002b cmp r3, 0
|
|
| ,=< 0x00000014 03d0 beq 0x1e
|
|
| | 0x00000016 7a88 ldrh r2, [var_eh]
|
|
| | 0x00000018 7b68 ldr r3, [var_ch]
|
|
| | 0x0000001a 9a61 str r2, [r3, 0x18]
|
|
| ,==< 0x0000001c 03e0 b 0x26
|
|
| |`-> 0x0000001e 7b88 ldrh r3, [var_eh]
|
|
| | 0x00000020 1a04 lsls r2, r3, 0x10
|
|
| | 0x00000022 7b68 ldr r3, [var_ch]
|
|
| | 0x00000024 9a61 str r2, [r3, 0x18]
|
|
| `--> 0x00000026 00bf nop
|
|
| 0x00000028 0c37 adds r7, 0xc
|
|
| 0x0000002a bd46 mov sp, r7
|
|
| 0x0000002c 5df8047b ldr r7, [sp], 4
|
|
\ 0x00000030 7047 bx lr
|
|
EOF
|
|
RUN
|
|
|
|
NAME=Takeover variables
|
|
FILE=-
|
|
ARGS=-a x86 -b 32
|
|
CMDS=<<EOF
|
|
wx e805000000e80600000039d1742577145589e583ec048b5d088b4d0c895dfc83f90174098b45fc8945fc49ebf28b45fc89ec5dc3
|
|
aac
|
|
afv @ 10
|
|
afvx @ 10
|
|
afv @ 16
|
|
afvx @ 16
|
|
EOF
|
|
EXPECT=<<EOF
|
|
afvR
|
|
afvW
|
|
var int32_t var_4h_2 @ ebp-0x4
|
|
var int32_t var_4h @ ebp+0x0
|
|
arg int32_t arg_8h @ ebp+0x8
|
|
arg int32_t arg_ch @ ebp+0xc
|
|
afvR
|
|
arg_8h 0x16
|
|
arg_ch 0x19
|
|
var_4h_2
|
|
var_4h 0x24,0x2d
|
|
afvW
|
|
arg_8h
|
|
arg_ch
|
|
var_4h_2 0x1c
|
|
var_4h 0x27
|
|
EOF
|
|
RUN
|