Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Smart correction of flags usage #15747

Open
ITAYC0HEN opened this issue Jan 2, 2020 · 5 comments
Open

Smart correction of flags usage #15747

ITAYC0HEN opened this issue Jan 2, 2020 · 5 comments
Labels
command New commands requests, behaviour changes, removal enhancement Rflags

Comments

@ITAYC0HEN
Copy link
Contributor

ITAYC0HEN commented Jan 2, 2020
edited
Loading

Is your feature request related to a problem? Please describe.

As a result of #15702, the disassembly will change how flags are displayed:

For example, this:

call  dword   [sym.imp.user32.dll_CreateWindowExA]

To this:

call CreateWindowExA

Thus, users will try to use CreateWindowExA as the name of the flags in their commands.
Things like s CreateWindowExA or pdf @ CreateWindowExA. This will not work for them because this is not the name of the flag.

Describe the solution

Say the user will want to do s LoadLibraryA or pdf @ LoadLibraryA, radare2 will behave like this:

If only one flag contains this substring in its name or in its realname (e.g. only imp.kernel32_dll.LoadLibraryA will contain LoadLibraryA), then the seek will be to this address. There is no doubt that this is what the user expects so it's an easy decision and we can simply apply it for them.

If there are more then one option, then r2 will show something like this:

Multiple flags matched 'LoadLibraryA'. Did you mean to one of the following flags that contain this string:
0x4001234    imp.kernel32_dll.LoadLibraryA
0x7e01133    imp.someOther_dll.LoadLibraryA

This change will help in other cases as well and make the usage more friendly
@ITAYC0HEN ITAYC0HEN added this to the 4.2.0 (Arctic World Archive) milestone Jan 2, 2020
@radare
Copy link
Collaborator

radare commented Jan 17, 2020

this is fixed now in master, or at least pretty improved after asm.flags.real but we need to have realname field in functions to not conflict with the function renamings

@radare
Copy link
Collaborator

radare commented Jan 17, 2020

@ITAYC0HEN can we close this issue?

@ITAYC0HEN
Copy link
Contributor Author

i don't think we touched this issue yet?
This issue will require another hashtable for flag realnames in order to quickly search for the right flag.

The idea is that when a user will use realname and see something like "call VirtualAlloc" they will be able to perform "s VirtualAlloc" without having to specify the whole "sym.imp.kernel32_dll" thing.

A usage of a string (flag) in command will go this way:

  1. string == flag name
  2. string == flag real name
  3. string contained in flag name

so if the user will do

pd 3 @ sym.imp.user32.dll_CreateWindowExA + 5

then it's easy, r2 will behave is it behaves now.
But if it will do

pd 3 @ CreateWindowExA + 5

then we want r2 to understand it as well.

this thoroughly describe in the issue. read carefully.

@radare
Copy link
Collaborator

radare commented Jan 17, 2020 via email

@XVilka XVilka added the command New commands requests, behaviour changes, removal label Mar 2, 2020
@XVilka XVilka modified the milestones: 4.3.0, 4.4.0 Mar 2, 2020
@radare radare modified the milestones: 4.4.0 - pangolin, 4.5.0 Mar 31, 2020
@radare
Copy link
Collaborator

radare commented Mar 31, 2020

Kind of related to #12064

@XVilka XVilka modified the milestones: 4.5.0 - Organized Chaos, 4.6.0 May 21, 2020
@trufae trufae removed this from the 5.3.0 milestone May 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
command New commands requests, behaviour changes, removal enhancement Rflags
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@XVilka @radare @trufae @ITAYC0HEN