Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent Results when Using Bindings vs Radare2 #102

Closed
malware-kitten opened this issue Jan 4, 2016 · 2 comments
Closed

Inconsistent Results when Using Bindings vs Radare2 #102

malware-kitten opened this issue Jan 4, 2016 · 2 comments

Comments

@malware-kitten
Copy link

I'm not sure if this is the appropriate place for this issue, however I'm getting inconsistent results when using the Ruby r2pipe gem vs Radare2.

For reference, the binary that I'm looking at is MD5: 5896d840a314e8bc86ceadb5a6450cf8

When using Radare2, I'm able to see the full list of functions, below is a snippet

:~> radare2 -A  5896d840a314e8bc86ceadb5a6450cf8
 -- Your project name should contain an uppercase letter, 8 vowels, some numbers, and the first 5 numbers of your private bitcoin key.
[0x0040508e]> afl~?
152
[0x0040508e]> afl
0x0040508e  235  6  entry0
0x00404740  82  4  fcn.00404740
0x00401500  83  1  sub.KERNEL32.dll_GetTempPathA_500
0x00404a86  19  1  fcn.00404a86
0x00404a66  32  3  fcn.00404a66
..... snipped .....

When using the Ruby API, the following information is returned

:~> irb
irb(main):001:0> require 'r2pipe'
=> true
irb(main):002:0> r2p = R2Pipe.new("5896d840a314e8bc86ceadb5a6450cf8")
=> #<R2Pipe:0x00000000e022c0 @file="5896d840a314e8bc86ceadb5a6450cf8", @read=#<File:/dev/pts/2>, @write=#<File:/dev/pts/2>, @pid=6861>
irb(main):003:0> r2p.cmd('aa')
=> ""
irb(main):004:0> r2p.cmd('afl~?')
=> "1\r\n"
irb(main):005:0> r2p.cmd('afl')
=> "0x0040508e  235  6  entry0\r\n"

Is there a reason that r2pipe is only seeing 1 function listed versus the 152 recognized by Radare2?

Thank you for your time.
@radare
Copy link
Collaborator

radare commented Jan 4, 2016

aa != -A

Use aaa

On 04 Jan 2016, at 03:35, Nick Hoffman notifications@github.com wrote:

I'm not sure if this is the appropriate place for this issue, however I'm getting inconsistent results when using the Ruby r2pipe gem vs Radare2

For reference, the binary that I'm looking at is MD5: 5896d840a314e8bc86ceadb5a6450cf8

When using Radare2, I'm able to see the full list of functions, below is a snippet

:> radare2 -A 5896d840a314e8bc86ceadb5a6450cf8
-- Your project name should contain an uppercase letter, 8 vowels, some numbers, and the first 5 numbers of your private bitcoin key
[0x0040508e]> afl?
152
[0x0040508e]> afl
0x0040508e 235 6 entry0
0x00404740 82 4 fcn00404740
0x00401500 83 1 subKERNEL32dll_GetTempPathA_500
0x00404a86 19 1 fcn00404a86
0x00404a66 32 3 fcn00404a66
snipped
When using the Ruby API, the following information is returned

:> irb
irb(main):001:0> require 'r2pipe'
=> true
irb(main):002:0> r2p = R2Pipenew("5896d840a314e8bc86ceadb5a6450cf8")
=> #<R2Pipe:0x00000000e022c0 @file="5896d840a314e8bc86ceadb5a6450cf8", @READ=#File:/dev/pts/2, @Write=#File:/dev/pts/2, @pid=6861>
irb(main):003:0> r2pcmd('aa')
=> ""
irb(main):004:0> r2pcmd('afl?')
=> "1\r\n"
irb(main):005:0> r2pcmd('afl')
=> "0x0040508e 235 6 entry0\r\n"
Is there a reason that r2pipe is only seeing 1 function listed versus the 152 recognized by Radare2?

Thank you for your time


Reply to this email directly or view it on GitHub.

@malware-kitten
Copy link
Author

Ha! Looks like a case of user error! Thanks for the reference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@radare @malware-kitten