Autoresize blocksize if needed by pf

[ikey4u]

Work environment

Questions	Answers
OS/arch/bits (mandatory)	Ubuntu 16.04.3 LTS
File format of the file you reverse (mandatory)	ELF 64-bit LSB executable
Architecture/bits of the file (mandatory)	x86-64
r2 -v full output, not truncated (mandatory)	radare2 3.1.0-git 19888 @ linux-x86-64 git.3.0.1-99-g03996cb commit: 03996cb build: 2018-10-30__14:05:28

The code I use is

#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
    char str[1024];

    strcpy(str, argv[1]);
    printf("%s\n", str);

    return 0;
}

and compile it using gcc main.c -o main with gcc version 5.4.0.

1. r2 -A main
2. Examine the .dynamic section

[0x004004e0]> iS~.dynamic
22 0x00000e28   464 0x00600e28   464 -rw- .dynamic
[0x004004e0]> ?vi 464 / 16
29
[0x004004e0]> pf 29qq  d_tag d_un @ section..dynamic
0x00600e28 [0] {
   d_tag : 0x00600e28 = (qword)0x0000000000000001
    d_un : 0x00600e30 = (qword)0x0000000000000001
}
0x00600e38 [1] {
   d_tag : 0x00600e38 = (qword)0x000000000000000c
    d_un : 0x00600e40 = (qword)0x0000000000400460
}
0x00600e48 [2] {
   d_tag : 0x00600e48 = (qword)0x000000000000000d
    d_un : 0x00600e50 = (qword)0x00000000004006c4
}
0x00600e58 [3] {
   d_tag : 0x00600e58 = (qword)0x0000000000000019
    d_un : 0x00600e60 = (qword)0x0000000000600e10
}
0x00600e68 [4] {
   d_tag : 0x00600e68 = (qword)0x000000000000001b
    d_un : 0x00600e70 = (qword)0x0000000000000008
}
0x00600e78 [5] {
   d_tag : 0x00600e78 = (qword)0x000000000000001a
    d_un : 0x00600e80 = (qword)0x0000000000600e18
}
0x00600e88 [6] {
   d_tag : 0x00600e88 = (qword)0x000000000000001c
    d_un : 0x00600e90 = (qword)0x0000000000000008
}
0x00600e98 [7] {
   d_tag : 0x00600e98 = (qword)0x000000006ffffef5
    d_un : 0x00600ea0 = (qword)0x0000000000400298
}
0x00600ea8 [8] {
   d_tag : 0x00600ea8 = (qword)0x0000000000000005
    d_un : 0x00600eb0 = (qword)0x0000000000400348
}
0x00600eb8 [9] {
   d_tag : 0x00600eb8 = (qword)0x0000000000000006
    d_un : 0x00600ec0 = (qword)0x00000000004002b8
}
0x00600ec8 [10] {
   d_tag : 0x00600ec8 = (qword)0x000000000000000a
    d_un : 0x00600ed0 = (qword)0x000000000000005f
}
0x00600ed8 [11] {
   d_tag : 0x00600ed8 = (qword)0x000000000000000b
    d_un : 0x00600ee0 = (qword)0x0000000000000018
}
0x00600ee8 [12] {
   d_tag : 0x00600ee8 = (qword)0x0000000000000015
    d_un : 0x00600ef0 = (qword)0x0000000000000000
}
0x00600ef8 [13] {
   d_tag : 0x00600ef8 = (qword)0x0000000000000003
    d_un : 0x00600f00 = (qword)0x0000000000601000
}
0x00600f08 [14] {
   d_tag : 0x00600f08 = (qword)0x0000000000000002
    d_un : 0x00600f10 = (qword)0x0000000000000060
}
0x00600f18 [15] {
   d_tag : 0x00600f18 = (qword)0x0000000000000014
    d_un : 0x00600f20 = (qword)0x0000000000000007
}
0x00600f28 [16] {
}
0x00600f28 [17] {
}
0x00600f28 [18] {
}
0x00600f28 [19] {
}
0x00600f28 [20] {
}
0x00600f28 [21] {
}
0x00600f28 [22] {
}
0x00600f28 [23] {
}
0x00600f28 [24] {
}
0x00600f28 [25] {
}
0x00600f28 [26] {
}
0x00600f28 [27] {
}
0x00600f28 [28] {
}

As you can see from the output, the number of entries in .dynamic is 29, but radare2 just stops at the 16th.

[Maijin]

(as a side note, -A; analysis is not required to perform this operation)

[radare]

try changing the block size with the b command.

[ikey4u]

try changing the block size with the b command.

How to do? I do not know the exact block size.

[radare]

b 32K

…

On 24 Dec 2018, at 02:23, bugnofree ***@***.***> wrote: try changing the block size with the b command. How to do? I do not know the exact block size. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#12041 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA3-lhBnBsj3HzUoSHGw9tVw4XgOCY-Zks5u8CylgaJpZM4YLaPR>.

[ikey4u]

@radare Thank you for your kine reply. I examine it and works! Would you mind teaching me how to get the 32K value?

[radare]

Well thats a bug in pf because it should automatically resize the blocksize I said 32K as a random value

…

On 24 Dec 2018, at 03:22, bugnofree ***@***.***> wrote: @radare Thank you for your kine reply. It works! Would you mind teaching me how to get the 32K value? @radare — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[ikey4u]

Well thats a bug in pf because it should automatically resize the blocksize I said 32K as a random value
…
On 24 Dec 2018, at 03:22, bugnofree @.***> wrote: @radare Thank you for your kine reply. It works! Would you mind teaching me how to get the 32K value? @radare — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

OK, If the bug is solved, I will help do some tests. Thank u

[radare]

cant happen in this release. but this is an important thing to fix

[oxcabe]

I'll pick this one

[radare]

👍all yours!

…

On 23 Mar 2019, at 23:28, Óscar Carrasco ***@***.***> wrote: I'll pick this one — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.