Add r2 -A and -k, implement stackptr for udis86, update manpage

binr/radare2/radare2.c

@@ -22,6 +22,7 @@ static int main_help(int line) {
 			"          [-s addr] [-B blocksize] [-c cmd] [-e k=v] file|-\n");
 	if (line != 1) printf (
 		" -a [arch]    set asm.arch\n"
+		" -A           run 'aa' command to analyze all referenced code\n"
 		" -b [bits]    set asm.bits\n"
 		" -B [size]    initial block size\n"
 		" -c 'cmd..'   execute radare command\n"
@@ -31,6 +32,7 @@ static int main_help(int line) {
 		" -e k=v       evaluate config var\n"
 		" -f           block size = file size\n"
 		" -i [file]    run script file\n"
+		" -k [kernel]  set asm.os variable for asm and anal\n"
 		" -l [lib]     load plugin file\n"
 		" -L           list supported IO plugins\n"
 		" -n           disable analysis\n"
@@ -113,6 +115,7 @@ int main(int argc, char **argv) {
 	int has_project = R_FALSE;
  	int ret, i, c, perms = R_IO_READ;
 	int do_connect = 0;
+	int do_analysis = 0;
 	int run_anal = 1;
 	int run_rc = 1;
 	int help = 0;
@@ -124,6 +127,7 @@ int main(int argc, char **argv) {
 	char *cmdfile[32];
 	const char *debugbackend = "native";
 	const char *asmarch = NULL;
+	const char *asmos = NULL;
 	const char *asmbits = NULL;
 	ut64 mapaddr = 0LL;
 	int quiet = R_FALSE;
@@ -157,12 +161,15 @@ int main(int argc, char **argv) {
 		return 0;
 	}
 	r_core_init (&r);
-	while ((c = getopt (argc, argv, "Cwfhm:e:nNdqvs:p:b:B:a:Lui:l:P:c:D:"
+	while ((c = getopt (argc, argv, "ACwfhm:e:nk:Ndqvs:p:b:B:a:Lui:l:P:c:D:"
 #if USE_THREADS
 "t"
 #endif
 			))!=-1) {
 		switch (c) {
+		case 'A':
+			do_analysis = R_TRUE;
+			break;
 		case 'C':
 			do_connect = R_TRUE;
 			break;
@@ -218,6 +225,7 @@ int main(int argc, char **argv) {
 		case 'v': return blob_version ("radare2");
 		case 'w': perms = R_IO_READ | R_IO_WRITE; break;
 		case 'a': asmarch = optarg; break;
+		case 'k': asmos = optarg; break;
 		case 'b': asmbits = optarg; break;
 		case 'B': bsize = (ut32) r_num_math (r.num, optarg); break;
 		case 's': seek = r_num_math (r.num, optarg); break;
@@ -239,6 +247,7 @@ int main(int argc, char **argv) {
 	// DUP
 	if (asmarch) r_config_set (r.config, "asm.arch", asmarch);
 	if (asmbits) r_config_set (r.config, "asm.bits", asmbits);
+	if (asmos) r_config_set (r.config, "asm.bits", asmos);
 
 	if (debug) {
 		int filelen = 0;
@@ -371,6 +380,7 @@ int main(int argc, char **argv) {
 	}
 	if (asmarch) r_config_set (r.config, "asm.arch", asmarch);
 	if (asmbits) r_config_set (r.config, "asm.bits", asmbits);
+	if (asmos) r_config_set (r.config, "asm.os", asmos);
 
 	debug = r.file && r.file->fd && r.file->fd->plugin && \
 		r.file->fd->plugin->debug != NULL;
@@ -474,6 +484,10 @@ int main(int argc, char **argv) {
 		r_core_cmd (&r, "fo", 0);
 		r_cons_flush ();
 	}
+	if (do_analysis) {
+		r_core_cmd0 (&r, "aa");
+		r_cons_flush ();
+	}
 
 	if (patchfile) {
 		r_core_patch (&r, patchfile);

libr/anal/fcn.c

@@ -113,7 +113,7 @@ R_API int r_anal_fcn(RAnal *anal, RAnalFunction *fcn, ut64 addr, ut8 *buf, ut64
 		fcn->size += oplen;
 		/* TODO: Parse fastargs (R_ANAL_VAR_ARGREG) */
 		switch (op.stackop) {
-		case R_ANAL_STACK_INCSTACK:
+		case R_ANAL_STACK_INC:
 			fcn->stack += op.value;
 			break;
 		// TODO: use fcn->stack to know our stackframe

libr/anal/p/anal_arm.c

@@ -232,25 +232,25 @@ static int arm_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int len)
 	if (b[3]==0xe2 && b[2]==0x8d && b[1]==0xd0) {
 		// ADD SP, SP, ...
 		op->type = R_ANAL_OP_TYPE_ADD;
-		op->stackop = R_ANAL_STACK_INCSTACK;
+		op->stackop = R_ANAL_STACK_INC;
 		op->value = -b[0];
 	} else
 	if (b[3]==0xe2 && b[2]==0x4d && b[1]==0xd0) {
 		// SUB SP, SP, ..
 		op->type = R_ANAL_OP_TYPE_SUB;
-		op->stackop = R_ANAL_STACK_INCSTACK;
+		op->stackop = R_ANAL_STACK_INC;
 		op->value = b[0];
 	} else
 	if (b[3]==0xe2 && b[2]==0x4c && b[1]==0xb0) {
 		// SUB SP, FP, ..
 		op->type = R_ANAL_OP_TYPE_SUB;
-		op->stackop = R_ANAL_STACK_INCSTACK;
+		op->stackop = R_ANAL_STACK_INC;
 		op->value = -b[0];
 	} else
 	if (b[3]==0xe2 && b[2]==0x4b && b[1]==0xd0) {
 		// SUB SP, IP, ..
 		op->type = R_ANAL_OP_TYPE_SUB;
-		op->stackop = R_ANAL_STACK_INCSTACK;
+		op->stackop = R_ANAL_STACK_INC;
 		op->value = -b[0];
 	} else
 	if ( (code[i] == 0x1eff2fe1) ||(code[i] == 0xe12fff1e)) { // bx lr

libr/anal/p/anal_x86_im.c

@@ -545,7 +545,7 @@ static void anal_add(RAnal *anal, RAnalOp *op, x86im_instr_object io) {
 		op->src[0] = anal_fill_im (anal, io);
 		/* TODO: Deprecate */
 		if (X86IM_IO_ROP_GET_ID (io.rop[0]) == X86IM_IO_ROP_ID_ESP) { /* add esp, 0x1 */
-			op->stackop = R_ANAL_STACK_INCSTACK;
+			op->stackop = R_ANAL_STACK_INC;
 			op->value = imm;
 			op->stackptr = -imm;
 		}
@@ -595,7 +595,7 @@ static void anal_sub(RAnal *anal, RAnalOp *op, x86im_instr_object io) {
 		op->src[0] = anal_fill_im (anal, io);
 		/* TODO: Deprecate */
 		if (X86IM_IO_ROP_GET_ID (io.rop[0]) == X86IM_IO_ROP_ID_ESP) { /* sub esp, 0x1*/
-			op->stackop = R_ANAL_STACK_INCSTACK;
+			op->stackop = R_ANAL_STACK_INC;
 			op->value = imm;
 			op->stackptr = imm;
 		}

libr/anal/p/anal_x86_simple.c

@@ -339,7 +339,7 @@ static int myop(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *buf, int len) {
 			/* sub $0x????????, $esp*/
   			// 81ece00d0000    sub esp, 0xde0 ; 
 			op->value = buf[2]+(buf[3]<<8)+(buf[4]<<16)+(buf[5]<<24);
-			op->stackop = R_ANAL_STACK_INCSTACK;
+			op->stackop = R_ANAL_STACK_INC;
 			op->stackptr = op->value;
 			break;
 		} else
@@ -358,7 +358,7 @@ static int myop(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *buf, int len) {
 		case 0xc4:
 			/* inc $0x????????, $esp*/
 			op->value = -(ut64)(unsigned char)buf[2];
-			op->stackop = R_ANAL_STACK_INCSTACK;
+			op->stackop = R_ANAL_STACK_INC;
 			op->stackptr = op->value;
 			break;
 		case 0xf8:
@@ -378,7 +378,7 @@ static int myop(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *buf, int len) {
 		case 0xec:
 			/* sub $0x????????, $esp*/
 			op->value = (ut64)(unsigned char)buf[2];
-			op->stackop = R_ANAL_STACK_INCSTACK;
+			op->stackop = R_ANAL_STACK_INC;
 			op->stackptr = op->value;
 			break;
 		case 0xbd: /* 837dfc02        cmp dword [ebp-0x4], 0x2 */

libr/anal/p/anal_x86_udis.c

@@ -1,4 +1,4 @@
-/* radare - LGPL - Copyright 2009-2012 - nibble */
+/* radare - LGPL - Copyright 2009-2013 - nibble, pancake */
 
 #include <r_lib.h>
 #include <r_types.h>
@@ -34,6 +34,50 @@ int x86_udis86_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int len)
 	op->ref = op->value = -1;
 	oplen = op->length = ud_insn_len (&u);
 	switch (u.mnemonic) {
+	case UD_Ipush:
+		switch (u.operand[0].type) {
+		case UD_OP_CONST:
+		case UD_OP_JIMM:
+		case UD_OP_IMM:
+			op->type = R_ANAL_OP_TYPE_PUSH;
+			op->ref = getval (&u.operand[0]);
+			break;
+		case UD_OP_REG:
+		case UD_OP_PTR:
+		case UD_OP_MEM:
+		default:
+			op->type = R_ANAL_OP_TYPE_UPUSH;
+			op->ref = 0;
+			break;
+		}
+		op->stackop = R_ANAL_STACK_INC;
+		op->stackptr = 4;
+		break;
+	case UD_Ipop:
+		op->type = R_ANAL_OP_TYPE_POP;
+		op->stackop = R_ANAL_STACK_INC;
+		op->stackptr = -4;
+		break;
+	case UD_Ileave:
+		op->type = R_ANAL_OP_TYPE_MOV;
+		op->stackop = R_ANAL_STACK_INC;
+		op->stackptr = -4;
+		break;
+	case UD_Iadd:
+	case UD_Isub:
+		op->type = (u.mnemonic==UD_Iadd)? R_ANAL_OP_TYPE_ADD: R_ANAL_OP_TYPE_SUB;
+		op->ref = 0;
+		if (u.operand[0].type == UD_OP_REG) {
+			if (u.operand[0].base == UD_R_RSP) {
+				op->stackop = R_ANAL_STACK_INC;
+				if (u.mnemonic ==UD_Iadd) {
+					op->stackptr = -getval (&u.operand[1]);
+				} else {
+					op->stackptr = getval (&u.operand[1]);
+				}
+			}
+		}
+		break;
 	case UD_Ijmp:
 		if (u.operand[0].type == UD_OP_REG) {
 			op->type = R_ANAL_OP_TYPE_UJMP;
@@ -71,6 +115,8 @@ int x86_udis86_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int len)
 	case UD_Iretf:
 	case UD_Isysret:
 		op->type = R_ANAL_OP_TYPE_RET;
+		op->stackop = R_ANAL_STACK_INC;
+		op->stackptr = -4;
 		break;
 	case UD_Isyscall:
 		op->type = R_ANAL_OP_TYPE_SWI;

libr/anal/ref.c

@@ -61,6 +61,7 @@ R_API int r_anal_ref_del(RAnal *anal, ut64 at) {
 	return R_TRUE;
 }
 
+R_API RList *r_anal_xrefs_get (RAnal *anal, ut64 addr);
 // XXX: MAJOR SLOWDOWN PLZ FIX
 R_API RList *r_anal_xref_get(RAnal *anal, ut64 addr) {
 	RAnalFunction *fcni;

libr/core/bin.c

@@ -513,7 +513,7 @@ static int bin_symbols (RCore *r, int mode, ut64 baddr, int va, ut64 at, const c
 		r_list_foreach (symbols, iter, symbol) {
 			char *name = strdup (symbol->name);
 			r_name_filter (name, 80);
-			r_cons_printf ("0x%"PFMT64x" %"PFMT64d" %s\n",
+			r_cons_printf ("0x%08"PFMT64x" %"PFMT64d" %s\n",
 				baddr+symbol->rva, symbol->size, name);
 			free (name);
 		}

libr/include/r_anal.h

@@ -227,7 +227,6 @@ typedef struct r_anal_cc_type_t {
 	//const char **reglist; //
 } RAnalCCType;
 
-
 enum {
 	R_ANAL_FCN_TYPE_NULL = 0,
 	R_ANAL_FCN_TYPE_FCN = 1,
@@ -457,7 +456,7 @@ typedef enum {
 enum {
 	R_ANAL_STACK_NULL = 0,
 	R_ANAL_STACK_NOP,
-	R_ANAL_STACK_INCSTACK,
+	R_ANAL_STACK_INC,
 	R_ANAL_STACK_GET,
 	R_ANAL_STACK_SET,
 };

man/radare2.1

@@ -12,10 +12,11 @@ radare2 \- Advanced commandline hexadecimal editor, disassembler and debugger
 .Op Fl c Ar cmd
 .Op Fl e Ar k=v
 .Op Fl i Ar file
+.Op Fl k Ar kernel
 .Op Fl p Ar project
 .Op Fl P Ar patch
 .Op Fl s Ar addr
-.Op Fl dDwntLqv
+.Op Fl AdDwntLqv
 .Ar file
 .Sh DESCRIPTION
 radare2 is a commandline hexadecimal editor.
@@ -28,6 +29,8 @@ The options are:
 .Bl -tag -width Fl
 .It Fl a Ar arch
 force asm.arch (x86, ppc, arm, mips, bf, java, ...)
+.It Fl A
+run 'aa' command before prompt or patch to analyze all referenced code
 .It Fl b Ar bits
 force asm.bits (16, 32, 64)
 .It Fl B Ar bsize
@@ -44,6 +47,8 @@ Set configuration eval variable key=value. For example \-e scr.color=false
 Blocksize = file size
 .It Fl i Ar file
 Run script file
+.It Fl k Ar kernel
+Select kernel (asm.os) for syscall resolution
 .It Fl l Ar plugfile
 Load given plugin file
 .It Fl L