radareorg/radare2

In r2land we are happy to celebrate that the artichoke seasson is back with a new release \o/

Binaries: http://radare.mikelloc.com/release/3.9.0

Release Notes

Version: 3.9.0
PreviousVersion: 3.8.0
Commits: 102
Contributors: 31
TimeSinceLastRelease: 2 weeks

Authors

• Кirils Sоlovjоvs git@kirils.org
• Anisse Astier anisse@astier.eu
• Anton Kochkov anton.kochkov@gmail.com
• Chris Moore chris.moore@makerbot.com
• David CARLIER devnexen@gmail.com
• Eduardo Novella ednolo@inf.upv.es
• Florian Märkl info@florianmaerkl.de
• GustavoLCR gugulcr@gmail.com
• Igroeg Okiob georgi@pandasauce.org
• Khairul Azhar Kasmiran kazarmy@gmail.com
• Khairul Kasmiran kazarmy@gmail.com
• Kārlis Seņko karlis3p70l1ij@gmail.com
• Lev Aronsky aronsky@gmail.com
• Lowly Worm cutlassc91@gmail.com
• Maijin maijin21@gmail.com
• Maxime Meignan meignanmaxime@hotmail.fr
• Meador Inge meador.inge@carvesystems.com
• Paul I pelijah@users.noreply.github.com
• Reviakin Evgeny reviakinea@gmail.com
• Roman Valls Guimera brainstorm@users.noreply.github.com
• Sergey Alirzaev zl29ah@gmail.com
• Vane11ope vane11opeschw33tz@gmail.com
• Yanick Fratantonio yanick@fratantonio.me
• dodococo deepakchethan@outlook.com
• jvoisin jvoisin@users.noreply.github.com
• karliss karlis3p70l1ij@gmail.com
• kmartin36 Kevin.Martin@gtri.gatech.edu
• lkempf 2546084+lkempf@users.noreply.github.com
• pancake pancake@nopcode.org
• v45k0 vasil.sarafov@gmail.com
• Óscar Carrasco oxcabe@gmail.com

Changes

anal

• Implement anal.norevisit using SetU instead of Sdb
• Fix #15013 - jump/cjmp analop for m680x
• Fix the infinite aac issue, reduce false positives, speedup a bit (#15015)
• Fix mov.l/jsr ESIL for SuperH4 (#15039)
• Fix nopskip (its not fixed at all. just random typing here and there) (#15024)
• Add anal.nonull to avoid analyzing functions if starting by zeros
• Fixed i4004 arch to be according to spec (#15062)
• Fix zero register set issue (r2wars)
• Implement types field for zignatures

cons

• Fix #14611: Vi-mode indication by prompt color
• Add a way to print an aliased without a trailing new line (#15031)
• Fix clicking on frame borders to resize
• Remove code for no-anal asm.bb.line (#14977)

core

• Make -m do an implicit -s
• Fix #14990 - multiple quoted command parsing issue
• Fix multiple quote cmd issue
• Fix #14019 - Move ta to aht, move other commands around, refactor indentation
• Fix #10851 - Solve slurp messages on http/sandbox/pipe
• Don't run ldconfig when installing into /usr (#15049)

debug

• Fix gdb reg write byte order (#15009)
• Improving slighty the process status check on Darwin
• On Darwin, expose process path
• ASLR check setting fix on FreeBSD

emu

• Hackaround to get esil stepping on delayed execution
• Fix arm32 stmia post-increment (#14983) (r2wars)

io

• Support shm_open in shm:// and some code cleanup
• Fixing perms for Darwin
• Fix #15002 - Propagate write error issues into RCore.patch
• Print error msg if write fails (#14978)
• Fixing self:// perms issue on Darwin

Release Notes

Version: 3.8.0
From: 3.7.1
To: 3.8.0
Commits: 188
Contributors: 30

Authors

• 00rsiere 52822209+00rsiere@users.noreply.github.com
• Adrian Studer github@adrianstuder.com
• Alex Gaines roboman2444@gmail.com
• Alexandre ZANNI 16578570+noraj@users.noreply.github.com
• Anton Kochkov anton.kochkov@gmail.com
• Anton Kochkov xvilka@gmail.com
• Ayman Khamouma (ak42) noreply@ak42.io
• Brenton Morris brenton.smorris@gmail.com
• Carles Pey carles.pey@gmail.com
• Chirag Jariwala cjhackerz443@protonmail.com
• David CARLIER devnexen@gmail.com
• Florian Märkl info@florianmaerkl.de
• Giovanni 561184+wargio@users.noreply.github.com
• GustavoLCR gugulcr@gmail.com
• Khairul Azhar Kasmiran kazarmy@gmail.com
• Maijin maijin21@gmail.com
• Maijin maijin@reverseshade.com
• Paul I pelijah@users.noreply.github.com
• Reviakin Evgeny reviakinea@gmail.com
• Roman Valls Guimera brainstorm@users.noreply.github.com
• Rot127 45763064+Rot127@users.noreply.github.com
• Srimanta Barua srimanta.barua1@gmail.com
• Sylvain Pelissier sylvain.pelissier@gmail.com
• Vane11ope vane11opeschw33tz@gmail.com
• bagginslin 51952061+bagginslin@users.noreply.github.com
• dodococo deepakchethan@outlook.com
• elouet erwan.louet@sylou.fr
• fandauchytil fandauchytil@users.noreply.github.com
• pancake pancake@nopcode.org
• tantei3 54449449+tantei3@users.noreply.github.com

Changes

analysis

• Improve the aab (blaze) analysis by honoring data meta
• Speedup and reduce false positives in aae by honoring code/string/format
• Do not analyze functions in strings/data by honoring the meta
• Fix infinite (or expensive) loop when fcnsize=0
• Honor anal.strings in aav
• Define argument and ret pseudo registers in the SuperH4's reg profile (#14920)
• Introduce anal.in=code (2x faster aar in some big binaries)
• Introduce afisaj and fix table contents for afisao and such
• Implement afis[aof] - to show instruction type, family and mnemonic tables
• Fix as command to resolve syscall by name, number and SN reg
• Fixing ESIL for ARM architecture pre-indexed addressing mode with LDRB (issue #14850) (#14901)
• Add more info in aflt and add afltj
• Initial implementation of aflt (using the new RTable API)
• Hide the shift overflow warnings under esil.verbose
• Fix ownership issues related to cc
• Add calling conventions for ARM32 and Thumb
• Unify the use of R_ANAL_CC_MAXARG
• Propagate noreturn information (#14793)

bin

• Fix code injection issues i* commands (rabin2 -r)
• Fix #14930 - handle LC_DATA_IN_CODE in macho
• Fix strings on ELF bins for SH-4 with the Renesas SDK
• Support deep JSON format for binary headers in iHj
• Fix Cf with named formats when .iH* is used
• Fix #14898 - Show warning when -B used on unknown binaries

build

• Shrink the Cydia package from 512mb to only 64

core

• Add single quote as alias for =! and \
• Support 0X as an alias for 0x in numbers

debug

• Fix crash in gdb client (#14897)
• Notify user on hardware breakpoint hit

diff

• AGraph integration with radiff2

disasm

• Fix #14716 - Honor local flags in RParse
• Implement asm.hint.emu and improve Vr reftype selection
• Do not try to resolve strings pointed by adrp instructions on arm64
• Honor asm.instr in pdi
• Hide brackets for LEA even if operand is section flag
• Add support for the amd29k architecture
• pix and pdx are now aliases for pad

doc

• Remove help for hud in ??

graph

• Fix #14859: Enter used to update seek in visual call/ref graphs (#14906)

io

• Fix a couple of bugs in wo* and implment wo8
• Add support for io-plugin initialization via null system command =! (#14915)
• Simplification of the io_self plugin for macOS/iOS
• Consider endiannes when performing block write operations

panel

• Few memory leaks fixes
• Fix #14891 - Seek in panels after coming back from console
• Fix #14883 - use[] to realign comments in disasm
• O in visual is supported in panels with the "i" key
• Added some asm settings and classified it

panels

• Fix #14891 - Seek in panels after coming back from console
• Fix #14883 - use[] to realign comments in disasm
• O in visual is supported in panels with the "i" key
• Added some asm settings and classified it

print

• Implement pv* to completely fix #14165
• Fix #14165 - Implement pVj and fix pvj with argument
• Fix #14936 - Add po[..] set of commands
• Implement 'cols' RTable.query to filter by column names
• Use block character for p= and p== graphs (#14941)

r2pipe

• Initial support for r2pipe.html

rop

• Add ROP chain execution support in ragg2

search

• Let search.align override arch.align if set, improves aav in SH
• Bring back /ai and fix regression for SUB.val
• Skip gadgets starting with a nop in /R
• Fix #14755 - read-only raw search
• Fix #14202 - Add support to '\d', '\w', etc. in regex

util

• Initial implementation of the RTable API with filter, sorting and query APIs

visual

• Fixes #14914: Mouse wheel for hud (#14940)
• Improve mouse in visual (hud instead of goto and ignore cursor toggle

windows

• Fix #14816 - Properly get lib path

Other Changes

• add nf flag in ESIL generated for ARM thumb (#14954)
• Fix regression in wo2/4/8
• Fix divbyzero and garbage variable found by clang-analyzer
• Fix memleak in r_strbuf_prepend
• Fix logic in 2-byte endian swap used by "wo2" (#14951)
• Display operand of EBC push/pop instructions (#14949)
• ARM: fix order of registers in push/pop with reglist
• fixing esil =[*] (poke multiple regs/values)
• Fix out-of-loop issue in aae
• macOs/Notes 6.8s -> 6.4s
• macOS/r_core 4.3s -> 3.8s
• Still wip. only works as a hint when using -e bin.verbose=true
• Improve r_core_anal_hasrefs_to_depth (#14863)
• Fix Win32 build patch from @sanguinawer (#14945)
• Fix uninitialized variable issue related to the mouse state
• Fix regressions
• Fix #14380 - Fix demangling symbols containing the '?' char with iD
• Fix #14889 - Implement ! and c keys in visual help
• Improve vq and v!!! workflows
• Break early in Cf format name failure
• Fix #14939: Replace assertions about missing RReg profile registers with warnings (#14943)
• fix help message of ? (#14944)
• Fix #14935 - Kill harmless warning
• Fix assert in aea for r2wars
• Show backtrace when assert happens
• Fix crash in aea* when code is ffff
• Fix #14771 - Modified pdx/pix to disassemble hexpairs (blocksize-independent) (#14892)
• Add frame pointer to AVR register profile (#14938)
• Enable mouse only if it was prev enabled and based on scr.wheel (#14925)
• Fixes #14911: Use theme colors for p= and p== (#14934)
• Add fortune
• 1 != 0
• Massage two more assertions
• Fix early assert for IO
• Disable Travis IRC notifications
• Too much noise at IRC.
• Blindfix more null derefs in reg.value
• Fix another null arena deref
• Assertify io.fd api
• Fix aea for instructions referencing PC
• Boolify the reg api a bit more
• Fix null deref in reg arena
• Blindfix for empty reg arenas
• Add Predicate for Task Dispatch
• Fix assertion when emulating invalid instructions and revert pcalign4 for sh
• Update help message for Vd
• Fix #14928 - vr to be in sync with Vr
• Fix assert regression before it triggers
• Minor cleanup and visitor cache proposal test for RAnal.fcn()
• Fix #14821 - crash in td
• r_str_split_list() rewritten to support nth limit
• r2 -qq -c 'aac;aflt size/gt/200,addr/cols/name/nbbs,nbbs/sort/inc' /bin/ls
• Fix off-by-one in RCore.lines.initCache();
• Set asm.hint.emu=false by default
• Fix build
• Add r2con2019 svg logo
• $ r2 -i doc/r2pipe.html /bin/ls
• Syncing with r2hexagon (#14918)
• the reference of emulation are displayed one instruction after. which is bad
• Fix build
• Fix Windows build (#14916)
• afisa uses rtable, as well as afist@@@f
• Useful for r2frida to automatically run .=!i*
• This makes reading iOS apps much simpler by removing lot of false positive strings
• Fixes #14900: Disable color for dot mode (#14908)
• Better directory structure for the panels config file (#14903)
• Fixes #14896: Enable and disable mouse based on requirement in visual/panels (#14909)
• v!! = V!! - use ! to toggle between visual and panels
• Fix hexdump height issue in panels
• Reset mouse settings after leaving the hud
• Fixes #14900: xdot type commands functional now (#14902)
• Fixes #14900: xdot type commands functional now
• Remove recursive handle_stop_reason call
• Revert "Fixed the bug that I had fixed before (#14788)"
• This reverts commit 9e27142.
• This change was breaking panels in Mac
• Fix MSVC build
• Add afltj and some more fixes and improvements related to RTable
• Accepts a query as argument
• Fix a segfault in RStrBuf.prepend
• Add lsls and ldrh thumb asm.describes
• Add missing include install for meson
• Improve disasm char hints
• Fix some warnings from gcc
• Make cmd_depth task-local (#14888)
• Add neg pseudo instruction to arm assembler (#14890)
• Freed some vars (#14885)
• Fixes #14845: Use unicode settings in radiff2 (#14884)
• Fixes #14845: Use unicode settings in radiff2
• Fixed indent
• Tame vayour
• Fixes #14534: Ignore non-printable and non json chars (#14876)
• Fix #14878 - Fix unaligned field access
• Add afos command and minor cleanup for afo
• Fix null derefs in afv subcommands when no function is found
• Fix afvn outside of Function (#14882)
• Fixes #14856: Changing visual seek behaviour in Vv (#14877)
• Fix #12438 - Fixes for PDB (#14874)
• Fix use after free when autoloading pdb
• Use heap on td command
• Fix #12438 - Fix wrong 2 byte read for char value
• Fix crash on r_line_readchar_win (#14875)
• Merge pull request #14868 from kazarmy/x86-cmp-disp-for-disp
• Use op->disp instead of op->ptr for disp of x86 CMP (and ACMP)
• Drop not needed wrapper
• Fix non-unicode Windows build virtual keys not working
• Fix arrows in vi mode on Windows
• Merge Windows and Unix dietline implementation
• Simulate escape sequences in r_line_readchar_win
• Fix some bugs on Windows
• Some refactoring
• Fix #14854 - Fix glitch in asm.hint.pos=0
• Use LTO for the Cydia build
• Fix segfault in r_main_free
• Add the syscall number regname for hexagon arch
• Fix #14870 - Fix crash in type propagation when no cc defined
• Instead, recursively going through the regions while focusing
• on main addresses and grabbing pages states informations.
• Fixes for the cydia static build of r2, needed for iOS12
• add missing =SN for the SH analysis plugin
• Fix for meson
• Fix hexagon jumps second try (#14867)
• Synchronized files with radareorg/r2hexagon
• Fix warning, assertions and regressions in arg type handling
• Add missing cc-x86-16
• Fix anal.depth and remove arm16 dim
• Code cleanup
• Update capstone again (#14862)
• Fix #14861 - Reset cursor after leaving panel's prompt ':'
• Fixed the bug that I had fixed before (#14788)
• Use op->disp instead of op->ptr for disp of x86 MOV (and others) (#14829)
• Use op->disp instead of op->ptr for disp of x86 MOV (and others)
• Fix for jumptable MOV
• Fix for [] operands
• Fix another Appveyor hang (#14844)
• Fix coredump PC not being considered (again) (#14836)
• Use r_sandbox_fopen instead of fopen (#14832)
• Revert multiple layout saving regression in panels (#14792)
• Some little refactoring in panels (#14798)
• Fix #14522: Added g support for Vv mode (#14823)
• Add a small menu tick for visibility when scr.color is 0 in panels (#14801)
• Avoid disassembling the same instruction twice on rop search (#14815)
• Avoid disasm the same instr. twice on rop search
• Fixes for comments
• fix double free
• Fixes #14267: Does not print the function name for agft (#14819)
• Fixes #14672: f= gives output from current flagspace (#14820)
• Add @sghctoma pf definition for BIOS and NTFS
• Add *BSD SourceHut builds (#14824)
• Fix r_print_color_op_type param type mismatch (#14825)
• Specify graph.diff colors for sepia (#14817)
• Implement agd* based commands (#14809)
• ag* commands fully functional
• Indent and r_return usage
• All agd* commands functional now
• Graphs are pretty now
• Refactoring the code
• Fixed assertion error
• Fixed broken agf
• Always bracket indirect addr operand (except LEA) (#14802)
• Always bracket indirect addr operand (except LEA)
• Don't use RAnalOp
• Add clang-cl support (#14814)
• Fixes for path autocompletion on Windows (#14813)
• Fix register writing on Windows (#14805)
• Fix register writing on Windows
• Drop unecessary use of heap
• Fix stack-use-after-scope (#14811)
• Fix #14804 - Make sure anon structs have unique names (#14806)
• Also skip "union" to get type
• Fix Appveyor hang on master (#14803)
• Propagate noreturn information
• Avoid infinite loop when propagating noreturn information
• Avoid all recursive cases
• Avoid warnings
• use r_anal_bb_opaddr_i

Version: 3.7.0
Previous: 3.6.0
Commits: 320
Contributors: 42

Authors

• Alexander Yukhanov 29782957+AlexanderYukhanov@users.noreply.github.com
• Anton Kochkov anton.kochkov@gmail.com
• Ayman Khamouma (ak42) noreply@ak42.io
• Cyrill Leutwiler bigcyrill@hotmail.com
• David CARLIER devnexen@gmail.com
• Deepak Chethan deepakchethan@outlook.com
• Florian Märkl info@florianmaerkl.de
• Francesco Tamagni mrmacete@protonmail.ch
• Guillaume Valadon guillaume.valadon@netatmo.com
• GustavoLCR gugulcr@gmail.com
• Ian Huang imyxhuang@gmail.com
• Khairul Azhar Kasmiran kazarmy@gmail.com
• Lily Chung lkdc@mit.edu
• Martin Brunner m.br@disroot.org
• Max blenkmax@gmail.com
• Michael Scherer misc@redhat.com
• Paul I pelijah@users.noreply.github.com
• Riccardo Schirone ret2libc@users.noreply.github.com
• Vanellope vane11opeschw33tz@gmail.com
• blenk92 30472652+blenk92@users.noreply.github.com
• dav1901 44604348+dav1901@users.noreply.github.com
• deepakchethan deepakchethan@outlook.com
• dodococo deepakchethan@outlook.com
• eShuttleworth eShuttleworth@users.noreply.github.com
• karliss karlis3p70l1ij@gmail.com
• lzutao taolzu@gmail.com
• mai128n 5632394+mai128n@users.noreply.github.com
• pancake pancake@nopcode.org
• ps ps1337@mailbox.org
• ps1337 ps1337@mailbox.org
• rfc2119 heima@protonmail.com
• ricardoapl ricardoapl@protonmail.com
• sanguinawer skuater@amn3s1a.com
• vane11ope vane11opeschw33tz@gmail.com
• xarkes antide.petit@gmail.com
• ycarmon yuval.carmon.dunedin@gmail.com
• Óscar Carrasco oxcabe@gmail.com

Changes

anal

• Fix #13766 - Sum the meta_data_code as covered code
• Add more function definitions for posix and macOS binaries
• Add argument to 'afll' to select column to sort by
• Print MSVC RTTI Warnings only on anal.verbose=1
• Add afj command to analyze jmptbl from the shell
• Honor RAnalBlock->switch_op in afb. and afbi
• Improve ARM64 PAC instructions support
• Fix #14530 - Implementation of i.~{} aka RCoreItem
• Added val op hints to let the user define jmptbl sizes
• Fix #14501 - Jumptables are made of signed values
• Reduce xrefs sorting for aflj perf
• Initial implementation of anal.trycatch blocks

asm

• Implement PAC instructions in the ARM64 assembler

bin

• Add icqj command
• Fixes for msvc demangling (#14695)
• Add jni.h in bin/d for pfo
• Update Mach-O hardcoded format definitions
• Improve Mach-O header fields
• Improve RConsBind and use it from RBin via iz^C
• Use libswiftCore library if available to demangle Swift5 symbols
• Fix oba on frida://
• Add more e_machine values for ELF
• Fix support for Swift5 demangling via bin.demanglecmd
• Fix ordinal name on Linux for NE (invalid sdb path location)
• Fix function detection on coff file
• Add icqq to print unknow classnames
• Add icc support for Java/Dalvik
• Improve ObjC classes boundary checks and slightly improve demangling
• Parse macho's LC_ENCRYPTION_INFO command in rabin2 -H
• Fix undefined behaviour bugs in malformed macho bins
• Handle “stub and resolver” exports and fix export trie for dyldcache
• Handle the export flags to avoid de-syncing
• Support ObjC categories on mangled classes
• Avoid loops in Mach-O export trie walking
• Parse Mach-O exports trie structure
• Fix #14499: Detect ascii substrings
• Show Class visibility information in icj for DEX
• Fix symbols in wasm and add custom sections
• Parse Rich header in PE
• Initial implementation of the bin.libs imports linking
• List multidex as dependency libs
• Initial working implementation of bin.libs
• The words of GOT
• Fix new exe header detection for MZ
• Optimize DEX subsystem detection
• Fix #14441 - Invalid codesize in some DEX files
• PoC: Initial implementation of direct bin symbols (20% speedup in loading times
• Remove the check_bytes and more bin-buf refactoring
• Add __const to potential VTable Sections
• Add r2 iw and rabin2 -w to enumerate try/catch blocks
• Parse the try/catch info of methods in DEX files

build

• Fix android-static
• Delete prefix/ and fix static builds (missing libmpc.a)
• Fixes for the android compilations
• Add $onlydebug in sys/ios-cydia.sh
• Towards emscripten build fix (update sdb)
• Enable ASSERTS on all travis builds, to avoid confusion
• mesonbuild: Backport to python 3.5

cons

• Make click and drag work on Windows
• Fix #12921 - Impl. r_cons_arrow_to_hjkl for Windows
• Fix scrolling directions in the hud
• Implement RCons.echo() and use it from r2.cmd("echo64")
• Fix grep in tasks
• Fix #11396: Integrate dietline with the hud
• Fix for RCons.html when no color is used
• Add example file for the pri command
• Add pri command to print raw images in RGB (using stiv code)
• Introduce ?e= and ?ed to print progressbar and 3D donut
• WIP: Initial support for rotozooming strings via ~<zoom
• Initial implementation of the human friendly json indent {:
• Fix #9269 - Initial Implementation of vi mode
• Enable click mouse input on Windows
• Add mouse click support to VTE terminals. Hopefully fix others too
• Click toggles cursor, make panels click mode more consistent
• Add RCons.get_click(), initial integration in visual and panels
• Initial support of mouse wheel+click
• Improve the ayu theme
• Clear also attributes on screen clear under scr.ansicon=0

core

• Handle ^C in repeated commands
• Implemented head and tail commands
• Alphabetically sort more help messages and fix /ac/aa help msg
• Fix i subcmd help grep
• Initial implementation of calling the r*2 commands natively from inside r2
• Expand on FreeBSD>=10 sandbox handling
• Add -qq to force quit. Avoid the -qcq confusion

debug

• Windows native debugger refactoring
• More fixes to WinDbg (#14675)
• Step over rep and repne prefixed instructions with dsui
• Fix breakpoints handling for FreeBSD
• Fix single-step in the iOS-arm64 native debugger
• Fix xnu_thread_get_drx for iOS/arm64
• Honor SWI for step-over

decompiler

• Add support for the native r2ghidra plugin detection in cmd.pdc

disasm

• Don't show function name comment in Visual mode
• Fix #14655 - Improve asm.pseudo for Dalvik
• Demangle xrefs if asm.demangle=true and use '@' for xref locs
• Fix #14622 - Skip reflines on non-executable offsets
• Respace demangled c++ names
• Do not asm.describe metaa .dwords
• Find relocs at instr. location first, then the dest
• Kill MOV/LEA comments
• Implement global imports (aii) and improve disasm-print-instruction code
• Implement 'function imports' concept (afii command)
• Add some SuperH opcode descriptions

fs

• Improve R_FS via IO

graph

• VV<> draw refs/xrefs graphs for visual navigation
• Implement icg to create class graphs
• Honor utf8 in diagonal graph lines
• Fix #14553 - Use HtUP to store canvas attributes instead of a sorted array (#14556)
• Add graph.body and graph.bubble config vars, move sin/cos into r_util
• Initial implementation of RConsCanvas.circle and bubble graphs

io

• Fix timeout issue in http.get
• Better use of perm/mode names in R_IO

mount

• Autocompletion for mount commands

mouse

• Improve mouse support in visual prompt

panels

• Drag and resize the panels with the mouse
• Add aflm and handle : as separator in click
• Handle click on toggle cache, frame title and screen borders
• Add tiny graph in panels and simplify the code a bit
• Show all the decompilers output at once
• W + hjkl just works like Ctrl w + hjkl
• Seek by clicking the offsets on Function Panel
• Right click is supported to open " widget
• Wheel is supported
• Mouse supports the menus which have spaces in their names
• Mouse kind of works on the menu, still lot to work on
• W + h/l moves the current panel to the direction like vim does with Ctrl W + h/l
• Introduce scr.demo to add effects in panels enter/exit
• Fix word highlighting with mouse in panels
• Cache the pdc outcome for each function
• Handle mouse click on panel tabs and select frames
• The 'g' key seek to highlighted address in current panel
• Highlight words onclick in panels
• Fix #14468 - Add pdsf panel for the " widget
• Initial support for saving the layouts with the names feature
• Unsync the base offset of each tab

parse

• Add r_parse_ctype

print

• Fix aho being ignored by asm.tabs

r2pipe

• Enlarge RLang.cmd() to 8KB length commands
• Improve decompiler integration 'pdc?' -> '!*%s -h" ..
• Interpret .c files as #! via -i

search

• Skip PAC instructions in rop searching
• Skip ROP gadgets starting with RET
• Fix #14585 and #14584 - /c->/a* /C->/c /B->/mb /M->/mm - better help msg and autocompletion

types

• add tlj and tllj
• Fix #11404 - Implement "afsr" to change function return type

visual

• Visual Help colorized
• Improve the visual browse classes mode (vbc)
• Initial mouse support for visual tabs
• vda is an alias for vA

wasm

• Few memory leak fixes
• Copy the symbol id instead of reference

write

• Implement wao for dalvik

To Review

• Release 3.7.0 - TopHat
• Use RFlag.list() instead of .get() avoid false positives (#14735)
• Fixx oobread in flag.c (#14728)
• check for null
• Fix #14732 - Fix out-of-bounds read
• Better gameboy theme
• Fix #14696 - Fix p= in utf8 mode recent regression
• Fix edge detection for click and drag
• Fix a bug where a drag event could be initiated outside an edge
• Fix not being able to select the menu anymore
• Fix not being able to click on the X to close a panel
• Fix afsr not performing type checks
• Fix memory leaks part 2 (#14720)
• Fix Incorrect Break Check from de7a488 (#14723)
• Fix win32 compilation (#14722)
• Fix afs not changing function name (#14721)
• Changed the utf8 characters (#14719)
• Fix #14711 - Merge Fun/About/Help in panels
• Fix crash in .i~s .. recursive infinite grep strings issue (#14718)
• Add fcn name in Visual mode if necessary when asm.filter=false and asm.jmpsub=false (#14713)
• Fix WinDbg plugin warning
• Fix #13633 - support nested unions (#14712)
• Handle 'e' in '"'
• Fix crash in canvas
• Fix projects, add of help and improve gb again
• Fix assertion
• Improve the gameboy theme
• Hide a harmless warning when string section size is 0
• Assertify the IO API a bit more
• Fix $? value in im prompt.exec from rc to num.value
• Kill os and ons commands (they werent even documented)
• Fix #12911 - Fix types starting with 'void' not being considered
• Fix abbreviated names being lost
• Hide this 'code slot size' warning under bin.verbose
• Use void in function prototypes (#14700)
• Revert that flagsize fix
• Proper fix of the oob8 bug
• Fix 1 byte oob read issue
• Fix 8byte oob write
• class, method and field names are now shorter and easier to read
• r2pm: handle info and install arguments properly (#14693)
• bin_symbols: Add quoting (#14690)
• Not camel case but snake case (#14687)
• Fix mouse click not opening file menu in panels (#14688)
• Only suspend threads if dbg.threads=true on Windows (#14689)
• Windows native debugger refactoring
• Massive win32 native debugging code refactoring
• and corresponding fixes.
• Fix hang after killing process
• Hide command autocompletion warning message
• • they’re now aligned with libr/bin/d/macho
• • also tweaked r_print_format_struct_size to work with referenced format names
• Fix some leaks found by ASAN
• Break demangled xref comment when in graph (#14678)
• Refactoring (#14681)
• Fix seeking (stepping now works)
• Fix more crashes
• Fix compiler warnings
• Refactoring (#14676)
• • improve macho format definitions
• • allow enums and bitfields with arbitrary size
• • avoid modifying the format string argument inside r_print_
• Fix capstone symbols visibility
• Fixes #14652: Fixes visual hud regressions
• Don't show flag name for internal demangled xref
• Refactoring
• Default scr.breaklines to true
• Fixes #14353: Added utf8 support for agft
• Featur #14351: Added utf8 support for p= based commands
• All emacs dietline keybindings are implemented (#14664)
• Some fixes to windbg (#14666) #debug #windbg
• Fix #10505
• Fix wrong register profile being picked
• Fix use-after free(s) and null derefs
• Fix warnings
• cmd_debug.c: Make addroflib use basenames
• Fix flagspace autocompletion
• Add protobuf magic
• Pull enums out of RParseCTypeType
• Support struct/enum/union before name in ctypes parse
• Add cdecl-thiscall-ms Calling Convention (#14653)
• Add more tokens for the panels clicking thing
• Sort om help messages
• Fix #14640 - /aa
• Add help for /ac (#14638)
• Tested on rabin2 -D and iD command
• Add __stack_chk_fail to types-android.sdb.txt (#14641)
• Fix W command (#14636)
• Fix W command
• Required for r2pipe programs to buffer output to be processed by r2
• Handle 'e' in window panels mode too
• Refactoring (#14630)
• Don’t print non-ObjC methods in classdump_objc
• Improve ObjC classdump icc
• Parse ObjC superclass name
• Aim to fix O_BINARY issue in rahash2 on windows
• Fix ?b64- command
• A bit more cleaner vbtll (struct visual browser)
• Refactoring panels (#14613)
• Use eq[] instead in bin_classes()
• Respace demangled c++ names
• ic*: replace ' ' with '_' in flag name
• Fix avra
• Add guards just in case; use r_str_rchr() instead
• Use upper case for #defines
• $ r2 Payload/Undecimus.app/Undecimus
• [0x10007e3ac]> s 0x1000081d8;af;s 0x1000082b0;afj 0x1000085fc 4
• [rio] fix r_io_cache_commit to commit all lines
• • Support for aap (function preludes with pacibsp)
• • Handle LDURSW properly
• • Define op->type for PAC instructions (not just family)
• • Add more asm descriptions for pac instructions
• Click [X] with mouse and close the panel, plus a bunch of refactoring (#14602)
• Add r_parse_ctype
• Add mpc to acr
• Fix r_parse for acr
• Mouse is supported for " widget (#14599)
• Put demangled name directly in call disasm if asm.demangle=true (#14600)
• Put demangled name directly in call disasm if asm.demangle=true
• Constrain possible flag names for functions
• Fix ds_print_fcn_name() comment alignment when asm.cmt.right=false
• Ignore dalvik since it's treated differently
• Use R_FLAGS_FS_SYMBOLS instead in disasm.c
• Oops
• Fix demangled comment order (#14592)
• Fix c99 construct (#14593)
• Better name for seek autocompletion
• Fix #14543: Renamed function doesnt show in autocompletion list (#14591)
• Fix /ao command
• Fix infinite loop in /o-1
• Update capstone v4 and next
• Added support for esc, pag up, pag dwn
• Added vi mode, changed quit method for hud
• Added ^C for vi mode
• Fix wrong reloc command in panels (#14582)
• Docuemnt Q in q?
• Fix C99 construct
• Initial implementation of NE file format (#14573)
• Fix several bugs of mouse and improved a bit
• Simplify the fork+spawn logic on Apple things (#14574)
• Fix anoying aeim warning when debugging
• Minor function signature fixes
• Clean up #14568 code
• Add comment that demangles calls if asm.demangle=true
• Cache on and off works seamlessly
• Fix null deref in 'r2 -qcia --'
• Use PJ for meta (#14567)
• zero RConsGrep in cons_grep_reset() instead
• fix grep expr in cmd_info help
• Changing pdc settings has got a problem in panels and now it is fixed (#14561)
• This should improve performace as you don't need to shift elements of
• the sorted array when you need to insert a new one.
• • skip reexports and “stub and resolver” exports for now, the semantics are different and need to be treated in a different way
• • but advance the pointer accordingly, to avoid loosing sync while walking the trie (especially in dyld cache)
• Fix #14552 - issue with Csj and scr.html
• Reduce the questionnaire when replace/create a panel, also replace the cmd of the current panel is available from " widget (#14551)
• Fix C99 construct without using -c99 (#14550)
• The image is generated with Gimp, saving as .data (RGB)
• This is 128(W) * 3(RGB) * ?(H) .. the height is computed with the blocksize
• r2 -e hex.cols=128 -qqfcpri doc/cows128.data
• Added arrow info to pdJ (#14422)
• Fix build --without-gpl
• (still far from complete but we need to go forward and kill all the globals \o/)
• PD: the broken test is because initializing RCons twice
• Add several panels to the menu and sort some of them
• Fix invalid JSON in ij output
• Fixes #14524: vi delete command is now 3dw (#14527)
• Fixed dietline warnings
• Changed logic for diw/diW
• Fixes #14524: changed vi delete command format to 3dw from d3w
• Removed unnessary print
• ESC key handled in vi_mode
• Fixes #14521: Add support for ^y when ^w
• Fix #14470: Close popup widget on escape
• Fix #6321: Wrong handling of escape key
• Cursor was missing in the comments panel (#14518)
• Fix wrong assembly of jumps relative to the ESP register (#14511)
• Fix Windows Build (#14512)
• Fix trailing space issue in the GNU sh disassembler
• Fix u/U problem
• The menu properly gets updated as a new layout is saved with a name
• Fix isq. should do the same as is.q
• Fixes #14416: selections in disarm fixed
• Improve spacing around "//" in unum.c
• "+=1" -> " += 1" in unum.c
• "+1" -> " + 1" in unum.c
• Fix wrong realloc in r_asm_massemble
• In line 694 a buffer of size (sizeof(char*)*32) is allocated. Later on,
• this buffer is realloced to 64. This decreases the size of the allocated
• buffer instead of increase. This may lead to memory corruption.
• Click properly works on the tabs (#14491)
• Fix missing title line in Visual mode when under scr.ansicon=0 (#14490)
• Autocompletion for k command (#14488)
• Autocompletion working for ms
• Removed comments
• Autocompletion for k command
• Fix some bugs and add pddo panel to " widget
• Fix an assert in aoj
• Fix focus and bright themes
• Color regression issue in disasm.c
• Fix scr.wheel.speed regression
• Add gameboy theme
• More code cleanup in RBin (#14473)
• Fix r_str_replace - unit tests added
• Fix two lines in doc/hud
• Autocompletion works for md, mg
• Added autocomplete flag map
• Fix behaviour of click in panels (x<20)
• Fix scr.wheel glich
• Disabled by default at compile time. See FEATURE_SYMLIST define
• Fix crash, reduce false positives of RBin.dol
• Use RBuf.slice in /B
• Fix autocompletion of remote files in #ms (#14284)
• Added Segments panel and made cursor available for both Sections and Segments panels (#14461)
• Add help for afs? command
• Quote wa command generated in visual mode (#11138)
• Use a pointer to eprintf instead
• Fix aaa color under scr.ansicon=0
• small fix for console
• Add spaces around operators in r_num_conditional()
• Add spaces around operators in r_num_to_bits()
• Don't update console panel when it's not absolutely necessary
• Add spaces around operators in r_num_op()
• Add a couple of spaces around '==' in unum.c
• Add a couple of spaces around %
• Remove some spaces
• Add a space
• Fix an UB oobread
• Fix RStr.replace()
• Fix long times for pp -1
• Remove some more spaces
• Remove a space
• Set foreground color just in case
• • add r_fs_file_copy_abs_path to get the absolute path of a RFSFile, centralizing edge case handling
• • use that in fs_io_read
• • add missing free (file->path) in RFSFile destructor
• • fix handlePipes for fs shell cat use case
• Fix couple of small bugs in panels with tabs
• Small fix for tab (#14432)
• Python 3.5 (the lowest version that meson supports) has no f-String
• but only old %-formatting and str.format().
• Fix warning when printing level of ">" (#14430)
• Strip trailing whitespaces
• Fix warning -Wstring-plus-int on cont_level
• Remove unused var
• Fix ragg2 *.c on macOS
• Add fortune
• tT segfaults so fixing it (#14426)
• Post release version bump (3.7.0-git)
• Fix a few null dereference issues (#14419)
• Fix ec* wrt attributes (#14421)
• Fix for the debug mode that makes disasm so slow (#14414)
• Notes:
• SH opcodes array, file libr/asm/arch/sh/gnu/sh-dis.c from GNU binutils, defines "bf.s" and "bf/s", same with "bt.s" and "bt/s".
• Both pairs are identical, e.g. bt.s and bt/s mean the same thing.
• As *.s variants come first in the table, radare and binutils-objdump print bf.s and bt.s names.
• Still true for latest binutils (v2.32 2019-02-02).
• Renesas chip hardware manuals and IDA Pro only use bf/s and bt/s.
• Complete R_CONS_ATTR_ series (#14411)

http://radare.mikelloc.com/release/3.6.0

Release Notes

Version: 3.6.0
From: 3.5.1
To: 3.6.0
Commits: 365
Contributors: 30

Authors

• Наташа 44512235+ickromwerk@users.noreply.github.com
• Alex Gaines roboman2444@gmail.com
• Anton Kochkov xvilka@gmail.com
• David Carlier devnexen@gmail.com
• Dorian Wouters perso@elementw.net
• Florian Märkl info@florianmaerkl.de
• Francesco Tamagni mrmacete@protonmail.ch
• Giovanni Dante Grazioli giovanni.dantegrazioli@nbs-system.com
• Grant Douglas hexploitable@gmail.com
• GustavoLCR gugulcr@gmail.com
• Itay Cohen itaycohen23@gmail.com
• Khairul Kasmiran kazarmy@gmail.com
• Lowly Worm cutlassc91@gmail.com
• Maijin maijin@reverseshade.com
• MapleLeaf-X MapleLeaf-X@users.noreply.github.com
• Martin Brunner m.br@disroot.org
• MatejKastak MatejKastak@users.noreply.github.com
• Paul I pelijah@users.noreply.github.com
• Purdea Andrei andrei@purdea.ro
• Riccardo Schirone ret2libc@users.noreply.github.com
• Srimanta Barua srimanta.barua1@gmail.com
• Vanellope vane11opeschw33tz@gmail.com
• Yevgeny Pats yev.pats@gmail.com
• bart1e 39703579+bart1e@users.noreply.github.com
• condret condr3t@protonmail.com
• dodococo deepakchethan@outlook.com
• erfur erfur@itu.edu.tr
• pancake pancake@nopcode.org
• ricardoapl 48807108+ricardoapl@users.noreply.github.com
• vane11ope vane11opeschw33tz@gmail.com

Changes

anal

• Fix syscall resolutions for s110 operating system
• wzr/zr/xzr register on arm64 is wired to ground
• Fix naming of entrypoint symbols in files with class information (DEX/C++)
• Fix #13668 - Implement a* as an alias for afl*;ah*;ax*
• Fix and improve ESIL for arm64
• Fix #10567 - Implement afl. command
• Fix afl* not saving function bits
• Add experimental `axm command
• Implement refs for iget/iput Dalvik instructions
• Implement esil for OR and MUL dalvik instructions
• RAnalOp.Type.CAST.toString() and implicit refptr init
• Improve af performance affected by `aflc
• Honor R_ANAL_OP_MASK_ESIL in anal.dalvik
• Improvements in dalvik analysis
• Add Stackframe Anal Hint
• Add opcode mask field in ao and aoj
• Add opcode description in ao
• Show pseudo in ao and aoj
• Improve anal and parse plugins for Thumb
• Implement ESIL for stxb and stxh THUMB instructions
• Fix issue when analyzing the last DEX method

asm

• Handle LEA operand rip in x86.nz

bin

• Fix code section size in dex files
• Handle mod_init/mod_fini as word sections in mach-o
• Handle the interpos section as words in the disasm
• Fix ObjC detection in macho binaries
• Get rid of the ELF-specific C++ detection
• Add -O a/l/ for macho to add libraries
• Honor more segments vs sections, for jmptbl, fatmacho, zeropage
• Fix iS/iSS in macho and kernelcache
• For #14268: Implement ob= listing bin map coverage
• A couple of fixes for base address support
• Add missing ARM64v8 and ARM64e defines for the mach0 parser
• Kill RBinFile.objs RList
• Implement RBinFile.at and make it work with e bin.at
• Fix some RBin file format crashes
• Speedup loading fuzzed ELF files with huge nrel field
• Faster macho loading by reusing symbol parsing for getMain()
• Remove symbol table size hard limit in macho
• Fix regressions in dyldcache and xnu_kernelcache plugins
• Completely eliminate the bytes apis in RBin
• Fix #14147 - Honor -qq for classes and imports
• Initial extermination of the *_bytes methods in RBin
• Fix #12600 - Implement .ic** command to import bin.class info as anal.class
• Handle DEX files with no entrypoint properly
• Properly handle ELFs with no entrypoint defined
• Little ELF segment labelling change UNKNOWN -> NONE

build

• Continuous Fuzzing Integration with Fuzzit
• Add sys/build-shlib.sh and fix static builds

config

• Improve the list of supported decompilers in e cmd.pdc=?

cons

• Little va_list leaking
• Fix #14046 - Don't use ansi with aaa notifications if no ansicon
• Add bold to eco bright items that were originally bold in default palette
• Fix #14254 - Add eco bright (r2 default palette but with bright colors for all)
• Add bright colors to the colors table
• Fix #14101 - Fix non-ansicon UTF printing
• Fix THE glitch affecting panels box colors
• Default to scr.color=COLOR_MODE_16 for Alacritty on Windows
• Dfferent color for up and down in disasm reflines
• Implement reset command to reset the terminal settings
• Enable color prompt on Windows
• Fix Color_GRAY/BGGRAY
• palloc return checks

core

• Fix #14335 - Add sort, join and uniq
• Simplify RConfig.eval and improve e with e, for csv
• Add r_sys_exit to proper quit
• Honor hashbang and PATH when interpretting extension-less scripts
• Honor ^C in @@@F and @@@s
• Implement $O variable pointing at cursor
• Implement |. (alias for .)

debug

• Improvements to windows heap parsing
• Set cmd.gprompt=.dr* when cfg.debug=true
• Initial implementation GetSingleBlock for Windows heap
• Initial implementation of heap parsing for Windows (#14218)

debugger

• Improvements to windows heap parsing

disasm

• Avoid printing nulls on invalid code or missing bin info for Dalvik
• Add asm.movlea configuration option
• Improve comments alignment in the disassembly
• Fix arm64 parse for BL instructions
• fix, improve and add some sh pseudo
• Support asm.hint.pos=-1 for leftish key hints
• Initial cleanup in RParse, delete mreplace plugin
• Toggle asm.dwarf in V# and pds
• Add support for base64 in CL command
• Faster dtd (trace disassembling) using API instead of RCore.cmd
• Fix #14258: Issue with upgoing refline at XREFS
• Fix CL command and make asm.dwarf work without source files
• Fix asm.varsub in a hacky way to fix the disasm output
• Fix project's asm.cpu behaviour
• Priorize strings in case multiple metas match
• Set the RBinSection.format as dwords for the constpool in DEX
• Initial import of the RISCV capstone plugins for asm and anal

esil

• Skip {urc}{jmp,call,ret} in aesou
• Fix issues with negative esil.timeout values
• Fixes related to ARM64 ESIL emulation
• Make $r{} work without the debugger
• Add cmd.esil.stepout to run r2 commands (before and after emulation)
• Fix recursivity issue when calling aes in cmd.esil.step
• Fix cmd.esil.step handling of return value

graph

• Implement fg command to create a graph of flags (WIP)
• Implement graph.ntitles to toggle graph title nodes

hash

• Initial implementation of pasasword generators under /Cc
• Fixes for fletcher8
• Add support for fletcher8, 16, 32 and 64 hash algorithms

heap

• Implement GetSingleSegmentBlock for LFH and VS Windows heap

json

• Use asserts in pj api to catch this issue earlier

meta

• Fix CC-, CC-* and CCf- commands to work as expected

network

• Handle R2_CURL env var in RSocket.httpGet

panels

• Add more configs for disassembly are supported in the menu
• Emulate menu is added
• Settings menu is added, and decompiler is configurable in there
• Something like Ctrl w + T in vim implemented
• Almighty menu has got debug items too if it is in debug mode
• Search->Cursor->Xref/Ref enabled
• Cursor works better in many panels
• izz~ and iz~ available from both the menu and " modal
• Force cache the result of Decompiler and Graph panels plus better auto updating, and refactoring
• Cut out the widget as a struct and name it Modal
• Enable deleting an item from the list in " widget
• New item can be created and inserted to the '"' widget.
• Centered the '"' widget plus v and h commands are added to it.
• Added l command to the console which works like Ctrl l and Refactoring
• dwm style default layout
• Implement Console frame in visual panels
• Enable creating a panel from the list of all kind of the panels and replace the current panel with it
• Autocompletion is supported for Breakpoints and so is cursor to seek to and del them
• Cursor is available in strings panel
• Cursor is supported in Symbols panel

performance

• More code cleanup in RBin, speedup method resolution

print

• Honor hex.section in prc and pxa
• Implement pV command - like pv but for bytes instead of values
• Fix pv [arg] behaviour
• Added support for pd and px without space
• Honor hex.section in pxW and pxQ
• Honor hex.section in pxb
• Improve pxr for null words and relocs and use hex.section in pxs+pxr
• Fix #14250 - ps[puzwW+]j
• Fix #14263 - Add hex.section option for the hexdump
• Add Objective-C and Rust (pco, pcr)
• Add Kotlin, Java and Swift pc sub-commands

r2pm

• Honor the 2nd arg of R2PM_TGZ with ZIP files

refactor

• Change the signature of r_str_trim to avoid confusions
• Deprecate the RBinObject.id field
• Rewrite the RBuffer API to make it safer and adjust the codebase

refactoring

• Deprecate the RBinObject.id field

remote

• Improve the r2web:// IO plugin and fix a couple of bugs in there
• Speedup r2web://
• Make -C http work like the tcp and rap remotes, expose the shell via ==
• Honor rap.loop in rap server and add examples in =?
• Fix issues with the tcp server .: and =+tcp, use index instead of fd
• Fix some UAF in rap server, handle HTTP over rap and tcp properly

search

• Fix #14403 - Fix search on multiple maps (#14405)
• Add /cc for case insensitive instruction
• Add search.in=bin.segment[.s[rwx]] and fix bin.section[.s[rwx]]
• Fix hexpairs search containing whitespace
• Fix /r for dalvik and enable VA

shell

• Handle e cmd.pdc=<tab> and improve e cmd.pdc=? autocompletion

signatures

• Improve zignatures
• Make zignature comparison fuzzy
• Implement the zc command

trace

• Sort dte output

visual

• Improve the vv mode for editing variables

windows

• Fix command redirection
• Dynamically find radare2 install dir on Windows
• Add mfc100u and a script to generate them
• Set scr.ansicon=1 if running under Windows 10 Creators Update or later
• scr.ansicon=2: Show esc seqs (for debugging) if using non-ConEmu-hosted cmd.exe
• Fix QueryDosDevice returned length check
• Fix ood; ood bug on winxp->win10
• Fix r_sys_pid_to_path (supports winxp -> win10)

To Review

• Release 3.6.0
• Add a cool fortune (#14409)
• Fix 1 byte oob write bug in RBin.Strings coverity
• Breakpoints can be added with the cursor (#14404)
• Simplify ds_begin_nl_comment()
• Use a thread to prevent hang
• Add some checks and fix some bugs
• Fix an unrelated json for the greens
• Fix pdJ for asm.cmt.right=0+asm.cmt.refs
• Fix some color and newline issues
• Fix ds_begin_nl_comment()
• Do not assert when cursor is disabled
• Fix #14286 - Initial implementation of the pp (print-pattern) command
• Some tweaks related to pj/disasm
• Fixes #13628: cmd.hexcursor now works with selections! (#14394)
• Fix asm.lines.right in disasm
• Fix trailing space in MOV disasm comments
• by pancake and kazarmy
• Remove dup ds_align_simple()
• Remove unnecessary ds_align_comment()
• ds_align_simple -> ds_begin_nl_comment
• ds_comment (ds, true, ...) for comment start
• Remove blank line before flag comment when asm.cmt.right=0
• Remove blank line before refaddr comment when asm.cmt.right=0
• Fix comment color when asm.cmt.right=1
• Use ds_pre_xrefs() instead of ds_pre_line()
• Fix null name issue in axtj
• Improve r_sys_setenv on Windows
• (cherry picked from commit fd43d41)
• Upgrade spp from git
• Also put r2.bat under \bin on Windows install
• Fix io/self vm mapping late calculations.
• Calculation must be done before getting the aligned data, most likely missing few
• entries...
• fixed regression on !!!foo
• Fix Warnings
• Handle more dalvik invokes via esil
• Drop precision to double before comparing (#14379)
• Upgrade capstone-next
• Wrong path
• Add mingw to PATH in the Appveyor test script
• Fix esil harder, thx @radare
• Return bool instead of ints in esil-ops
• Fix esil
• add type information to esil-ops
• add meta-information to esil-ops
• Add more registers for Dalvik, despite that should be dynamic (#14375)
• Fix null cmd.esil.stepout issue on som ESIL initializers
• Add path completion for join, uniq, sort (#14373)
• Fix r2pm -H output
• Fix UB ASAN crash in 'pv'
• More spelling fixes in the code

• "e cmd.esil.step=sr PC;aepc ?v $$;q 0"

• if q == 0 { successful replacement, do not emulate }
• } else { emulate the instruction with esil }
• Ignore anal.gpfixed fo non-mips in disasm
• Add anal.gpfixed instead of anal.gp2 and use in aae
• Honor scr.wideoff in $?
• I recommend reading SH operands right-to-left
• tst is checking for zero (!)
• Add a space or two
• autocomplete when there's a space between the eval var and the = char
• !!!$eval and !!! $eval are invalid
• added afn as flags
• Fix UAF in e asm.cpu=
• Fix visual bug on Windows
• Rename r_cons_get_ansicon() since it's confusing (#14347)
• Fix more grammar
• Fix grammar across the code
• Add codespell script
• Fix Appveyor (#14346)
• Add afn. command for consistency
• Fix #14215 - invalid JSON in pdJ with Cf #14342
• Arm64: Handling of XZR registers in assembler (#14343)
• Handle ^C in pz which may be holding on slow IO backends
• Fixed oob in rgb.c (#14339)
• Fix crash when obj && !obj->info is null
• Fix #14334 - Double-free in ms command
• Implement r2p r2pipe commandline tool and !* as an alias for #!pipe (#14336)
• Also voidify and boolify anal, parse, cons, bin, ..
• Fix build
• Rename r_bin_file_set_cur_binfile_obj to r_bin_file_set_obj
• • add ESIL for LDURSW instruction
• • fix ESIL shift for TBZ, TBNZ
• • fix condition computation for LE, LS
• Trim before comparing pseudo asm (#14313)
• The almighty modal is available even when it is in the menu mode, and refactoring (#14318)
• Call r_anal_op_free after acquiring RAnalOp pointer (#14317)
• Add R_DEBUG_ASSERT in DEVELOPERS.md
• Use id16 instead of id256 for color id (#14316)
• Fix color after piping on Windows (#14314)
• Enable r_stdin_slurp on Windows (#14312)
• Restyling (#14311)
• Open disas panel if it is not there when the cursor selects some offset (#14310)
• Reset inverse video first before anything else (#14309)
• Fix #14296 - Segfault in ragg2 (#14308)
• Fix #14303 - oob crash in RParse api usage, needs API redesign (#14307)
• Fix eip inverse under cmd.exe (#14304)
• verify that maps is a list before trying to deref the pointer
• This fixes cases where saving and loading a project of a mixed-mode
• binary (e.g. ARM with Thumb parts) reverted functions back to only one
• of the modes.
• WIP: Really basic implementation of esil.timeout. (#14297)
• Really basic implementation of esil.timeout.
• Fixed style issues
• Converted timing to r_sys_now() to keep consistency with other timing based solutions throughtout src
• Fixed spacing issue and removed use of CLOCKS_PER_SEC const
• Shift right to equate to seconds
• Fix linehl color for Windows ecd (#14301)
• Refactoring (#14298)
• Fixed crash on CL (#14299)
• s/CORELIB/R2_PLUGIN_INCORE/g (#14295)
• Move some R_ANAL_OP_MASK_DISASM outside RCore (#14294)
• Fix linehl color for eco bright and ecd (#14292)
• Fix crash in macho parser with bin with md5=0e32e7e3b8c2895bbdeb986eedda3dd6
• That should fix the MSVC build
• Fix ARM64 MOVK shift boundaries to 48 instead of 47
• Fix small bug fix in trace (#14291)
• Use a less dark color scheme by default on scr.color=3 on non-Windows (#14289)
• Add also bold to default palette items that are bright
• Handle segment sections in dyldcache
• Fix masked check
• • avoid emitting malformed r2 commands in z*, by adding the n type for the realname field
• • use bytes:mask format instead of combining the mask with bytes, to support sub-nibble masks
• • fix and improve anal_mask() for arm64
• Fixed a critical issue of the almighty menu
• Minor tweak for maps changes and aav
• Fix iSS= iS=, iSS* and iS* issues
• Symptom: Search often failes when hexpairs are separated by spaces, e.g. "01 02 03" vs. "010203".
• Affected: radare2 and rafind2 at least
• Description: While parse-function r_hex_str2bin handles whitespace, auto-generated binmask
• (function r_hex_str2binmask, called when no mask is provided) does not, creates oversized mask,
• increases byte count, finally causing search for additional undefined bytes.
• Self documentation in ob= (#14272)
• Added r_listinfo_new and refactored to use it
• ignore ccls cache
• Code cleanup in RCons
• Split types-windows.sdb.txt and add cc info
• Refactoring panels (#14181)
• Little memory usage fixes in esil
• Fix asserts and memleak in RBin.classses
• Upgrade capstone from git
• Fix #14233 - Fix 1byte oobread in wasm analysis
• Bring back the old behaviour but add some warning messages for debugging
• Fix local var clobbering regression
• Fix class initialization and simplify some paths (-10LOC)
• More RBin refactoring and cleanup
• Mark r_bin_class_new/free as internal (#14239)
• Add a parenthesis
• Honor asm.var.submin in disasm.c and use RNum.get instead of .math
• Fix build and add snprintf_chk function signature
• Fix assert in objc demangler and kill r_core_bin_cur
• Fix another UB in flitcher32
• Fix UB issue in fletcher hash
• Fix crash in zo
• Use bright colors instead of bold in default palette (#14232)
• Fix cmd_ah asan crashes
• Fix #14228 - oob-read by one in wasm disasm/analysis
• Fix crash when parsing 1 byte truncated omf files (#14227)
• Add bright color support to scr.ansicon=0 (#14224)
• Fix OOB Write in langFromHashbang (#14222)
• Fix a bug in panels with disasm (#14221)
• Refactoring (#14216)
• Avoid an assert regression that must be checked back at some point
• patch #14211 heap buffer overflow in large ragg2
• inputs. this should be refactored to use an RBuffer to enable dynamic
• resizing, but for now just patching it to bail out if we are about to
• overwrite the allocated statically sized buffer
• Completely kill all the check_bytes (-100LOC)
• Fix grep sorting (#14207)
• Fix warning when using r2frida (#14201)
• Fix the BG glitch ()
• Add usec precission for RSocket.blocTime() and improve r2web:// a bit
• Remove last load/load_bytes methods (#14196)
• Fix r2web block times
• Colors menu should be moved under Edit parent menu (#14194)
• Fix #14186 - aarj was throwing invalid json
• Fix some compiler warnings (#14191)
• Minor fixes for the white themes
• Fix typo (#14192)
• • it will match zignatures which similarity is >= the given threshold
• • different thresholds for bytes and graph
• • by default thresholds are 1.0, which means it matches only if it’s the exact same
• • zign.diff.gthresh and zign.diff.bthresh are the new eval configs to control that
• • the output of zc[n!] now contains the similarity value as well
• Use st64 and ut64 instead of size_t
• Fix mach0 parsing issue
• Fix OOB write in PE parsing
• Fix crash in bin_xbe parser
• Fix crash in bin_java
• Fixes clusterfuzz-testcase-minimized-ia_fuzz-5740477602594816.dms
• Set bin_obj on bios_bin load_buffer method (#14188)
• Fix a few bugs and the speed in the graph (#14187)
• Added python utility to convert from "dumpbin /exports" output file format, to the .sdb.txt formatted files that radare2 uses.
• Usage:
• First run 'dumpbin /exports your_file.dll/.lib > your_file_dumpbin.txt'
• Then run 'python convert_dumpbin_exports_to_sdb_txt.py your_file_dumpbin.txt > your_file.sdb.txt'
• #define ENABLE_VIRTUAL_TERMINAL_PROCESSING if it's not defined (#14185)
• Old behaviour: if you bump asm.arch it resets asm.cpu to default of that arch
• New behaviout: if you bump asm.arch it keeps asm.cpu if it is set and valid for that architecture
• Refactoring (#14181)
• Clean up the part of the code that fixed the glitch in ansi code (#14180)
• Fix r_cons_get_ansicon leak (#14179)
• Add r2preload demo program
• Add missing =SN in the dalvik reg profile
• Update capstone from Git (#14175)
• Fix string ref regression in dalvik
• More refactoring in panels (#14169)
• Fix invoke-virtual method+X dalvik to be UCALL
• Solve xrefs to address 0
• Fix Windows build (#14167)
• Fix ansicon detection with UTF enabled (#14166)
• Huge bytes->buffer on almost all the plugins, break API and ABI \o/
• Changed the way RBinFiles are created
• Changed the structure of the Sdb instance
• Improve ELF and MZ detection mechanisms to reduce false positives
• Change all the free/destroy methods to return void
• Fix "ks" shell
• Simplify and change the way RBinWrite apis work
• Fix #14157 - Fix buf regression in debugger (#14162)
• A few bug fixes and refactoring for panels
• Use shorter esc seqs for fg and bg gray (#14155)
• Fix a few bugs of the widget (#14156)
• Fix a few bugs of the widget
• A hack for the smoother move in the widget
• Implement r_cons_show_cursor for Windows (#14151)
• The current panel can be added to the list in '"' widget (#14145)
• Add #ifdef ENABLE_VIRTUAL_TERMINAL_PROCESSING (#14144)
• scr.ansicon: Set/unset flags that enable ANSI esc seq support in Windows console (#14137)
• Refactor and Complete Anal Hint Printing (#14138)
• Support scr.fps on non-ansicon Windows
• Fix assert in wai trying to write an empty buffer
• Fix null deref in rasm2 -L
• Do not close IO when RBuffer is freed (#14123)
• Given the RBuffer_io does not open the file itself, it does not make
• sense to close it. It's not its responsability to do it.
• Use r_cons_win_printf instead in dietline.c (#14127)
• Fix uninitialized bytes issue in 'ao' command when seeking around
• Minor code cleanup
• Fix UTF r_sys_pid_to_path Windows (#14121)
• Fix selection widget on Windows (#14118)
• Update doc/capstone
• Update capstone5 from git
• Fix is.j and implement Cs.j to please r2dec (#14113)
• Add funny fortune
• Do not double define typedef RBuffer (#14112)
• It should be enough to define struct r_buf_t, since the typedef to
• RBuffer is already specified.
• scr.ansicon updates r_line_singleton as well (#14111)
• Fix inverse video esc handling in r_cons_w32_print (#14110)
• Fix 786af1f
• It apparently was causing strange keyboard behaviour and crashing Windows.
• Removed some spaces and spaces->tabs in output.c
• Use bool instead of int in calls to r_cons_w32_print
• Fix bg esc handling in r_cons_w32_print (#14106)
• Use r_cons_w32_printf instead in dietline.c (#14105)
• Wait ~10s for response to qSupported packet. Send another qSupported (#14104)
• packet on timeout. Do this 5 times, and then bail out.
• A few fix for hexdump and disassembly
• Small typo in =? output
• Initial band-aid fix for a UAF with two seperate desc pointers (#14094)
• Also add zcn, zcn! to compare only signatures with the same name.
• r_socket_connect_unix() is false on non-Unix
• Fixes AppVeyor build.
• Refactoring and fix a bug concerned with the cursor (#14089)
• Deprecate the is_valid_offset() anal callback, that's task for IO!
• WIP: Fix the Dalvik analysis by skipping fields and imports
• Fix #14082 - dte output to RCons, not stderr
• Fix rip-relative lea tests (#14083)
• Fix and reorder bindings languages
• Rephrase the README
• Honor rap.loop on the tcp server when an invalid packet is received
• Fix 2 problematic format strings on 32bit systems for asm.rsp
• Upgrade cs5 to fix the arm64 disasm crash
• Reimplement r_buf_fread/fwrite
• Add slice buffer and introduce readonly field
• Do nothing if size is 0
• Prevents an overflow when 8 is subtracted from size.
• Fix ragg2 when patching outside currently existing buffer
• Implement r_mem_mmap_resize for systems where mremap is not defined
• r_buf_buffer can be called with no size arg as well
• Use size_t instead of ut64
• Fix rpush regression
• Track pushed register (note: immediately after lea/mov) to resolve push-ret (#14034)
• For mov reg, , only track if is immediate value
• Add R_ANAL_OP_TYPE_RPUSH (UPUSH | REG)
• Changed so that "rpush" is printed instead of "upush" in case of register push
• Post release version bump

Binaries: https://radare.mikelloc.com/release/3.5.1

• Fixed hardware breakpoints in the native Windows debugger
• Introduce the new scr.prompt.popup and honor it in all the color themes
• ESIL emulation is now 2x faster
• Fixed a huge performance regression when generating zignatures on big binaries
• Fix iOS, Android (non-arm64) builds with new NDK
• r2frida comes with Frida 12.5.3 (v8 enabled by default and working on iOS + Android)
• Upgrade capstone and capstone5 dependencies
• Improved cursor mode in panels
• Initial ESIL emulation for RISC-V
• Fixed C output for nested structs/enums/unions from pf strings

Release Notes

Version: 3.5.0
From: 3.4.1
To: 3.5.0
Commits: 419
Contributors: 41

Authors

• Alex Kornitzer alex.kornitzer@countercept.com
• Amith Venugopal a.meth.cloud@gmail.com
• Andrew D'Addesio modchipv12@gmail.com
• Anton Kochkov xvilka@gmail.com
• Cyrill Leutwiler bigcyrill@hotmail.com
• David Carlier devnexen@gmail.com
• Deepak Chethan deepakchethan@outlook.com
• Eduardo Novella ednolo@inf.upv.es
• Florian Märkl info@florianmaerkl.de
• Francesco Tamagni mrmacete@protonmail.ch
• GustavoLCR gugulcr@gmail.com
• Itay Cohen itaycohen23@gmail.com
• JC Alvarado jxa2165@rit.edu
• Jonas Stein news@jonasstein.de
• Khairul Kasmiran kazarmy@gmail.com
• KoWu KoWu@users.noreply.github.com
• MK marcin.kopec@windowslive.com
• Maijin maijin@reverseshade.com
• Mert Degirmenci degirmencimert@hotmail.com
• Rene Laemmert rlaemmert@gmail.com
• Riccardo Schirone sirmy15@gmail.com
• Siguza siguza@siguza.net
• Stephane LEVEUGLE stephane.leveugle@gmail.com
• Tilman Sauerbeck tilman@code-monkey.de
• Vanellope vane11opeschw33tz@gmail.com
• andry blackicebox@gmail.com
• bart1e 39703579+bart1e@users.noreply.github.com
• condret condr3t@protonmail.com
• deepakchethan deepakchethan@outlook.com
• dodococo deepakchethan@outlook.com
• kevin phude42@gmail.com
• lzutao taolzu@gmail.com
• pancake pancake@nopcode.org
• rene rlaemmert@gmail.com
• sivaramaaa sivaramaaa@gmail.com
• tick tickelton@gmail.com
• tilman2 githubtilman@code-monkey.de
• vane11ope vane11opeschw33tz@gmail.com
• xarkes antide.petit@gmail.com
• xermicus bigcyrill@hotmail.com
• Óscar Carrasco oxcabe@gmail.com

Changes

anal

• Initial support for src/dst RAnalOps for ARM
• Add anal.ex option, cleanup and improve the Java support
• Add aae in aaaa
• Add disasm field to ao command output
• Fix the arm/thumb switch emulation bug spotted in capstone5
• Stop analyzing call to reloc and fix pifcj to honor asm.jmpsub
• Fix aaft Stack isn't initialized and run aaft after aaaa
• Fix fcn.rip regression
• Fill op->src[0] and op->dst in x86 and improve arg analysis with it
• Include aap in aaaa
• Add the ability to set some registers readonly
• Fix #12867 - Identify BP usage in x86 functions to improve var analysis
• Initialize GP on MIPS when no symbols found with ESIL
• Implement ESIL for CPUID on x86.cs
• Implement /am and add initial support for PAC instructions
• Honor more anal hints in the anal loop
• Add anal.ignhintbits to only obey asm.bits and ignore hints
• Optimize r_anal_try_get_fcn by removing fixed size buffer
• Add an option for anal.loads
• Load instructions now set a data meta
• Fix #13596 - Implement afb= and afl= and do some refactor
• Add more fcn types, new api r_str_fmtargs and af- is af-$$
• Add instruction refs array in pdj and agj, for r2dec
• Make agj work in any offset inside a function, not just the first instruction

asm

• Asm assemble, mem leak fixes
• Fix x86.nz assembler for the rip-relative LEA
• Mips asm mem leak

bin

• Fix isStripped() bit for PE bins
• Seek to the first executable section if there's no entrypoint
• Implement COFF imports and honor no-entry0 case
• Implement mw command and fix segfault on old fs support
• mdmp: fix incorrect data setting in pe sections
• Use HtPP instead of Sdb in r_bin_filter_sym function
• Optimize class_get() to make demangling and objc/dex registration O(1)
• Restore io buffer creation in dyldcache
• Fix rahash2 -B and -b regression not printing partial hashes
• Fix heap overflow in macho parser
• Add 'oba [addr] [baddr]' command handler when m != b
• Fix oba command when called with only one argument
• Improvements for rabin2 -H and pfo in macho
• Fix ELF main detection for ARM binaries
• Add ELF Identification fields to elf64 pfo

build

• Automatically choose wget/curl/git depending on availability
• Fix #13765 - asm/anal cant be build in parallel
• Do not use system-wide capstone when building with sys/install.sh

config

• Code cleanup in RConfig and bring back 'e asm.' for listing

cons

• Fix #13980 - Glitch in panels with bgcolor
• Code refactoring for the theme based colorization to reduce derefs - dmh commands set
• Use RPVector in RLineAutocompletion
• Make p= bars dont use the background color
• Code refactoring the theme based colorization to reduce derefs
• Fix #13738 - Autocomplete $aliases

core

• Few mem leak fixes
• Implement yq,yj,y*,y! and b*
• Fix binary number to ut64 conversion
• Implement @@@Strings iterator
• Fix #13823 - Implement ftj and ft* commands
• Fix 'e cmd.gprompt=dr=' becaues of the strtok approach
• Fix bug when quoting a comment
• Add scr.confirmquit to actually "Confirm on quit"
• Implement fq. fj. and f*. - show flag in current offset commands
• Implement the missing bits in the triple-at
• Add ooc, o., o.q and rename old o. into o:
• Print "Task finished" only if interactive

debug

• Implement aesuo and add help for all those step until subcommands
• Initial implementation of dr. and ar. commands
• Implement drc k=v to set conditional flags by type
• Fix dg in Linux by using r_debug_ptrace instead of ptrace

diff

• Added missing c2 command + theme support for comparison commands
• Initial import of the WIP zdiff algorithm

disasm

• Enable capstone5 at configure time option
• Fix #13975 - aho issue not showing bytes
• Honor asm.pseudo in 'pi'
• Add asm.optype
• Honor ec flag in colorized disasm for names vs numbers
• Do not switch to v8 by default
• Implement 'piu' by deconstructing 'pdp'
• Demangle relocs and add asm.flags.{inline|limit|maxname}
• Fix asm.meta issues when asm.flags.inbytes is set
• Fix another bug in asm.jmpsub
• Fix #13672: Display variables value in the disasm view
• Add asm.xrefs.code option to show/hide code references in
• Add some more x86 instructions for pseudo
• Honor anal.ignhintbits for hintbits
• Honor fcn->bits in disassembly
• Update capstone to use the NEXT branch
• Enable asm.jmpsub by default 
• Add asm.fcnsig instead of making function signature depend on asm.var

esil

• Remove unnecessary RPICK in avr.esil
• Few UAF fixes
• Add esil_weak_eq and make an operation

flags

• Add json output to "fd."
• Call remove_offsetmap only if the flagItem is not new
• Add realname flag command
• More improvements in the current flagtags and ftl->ftw
• Implement ftl and add more flag tags

fs

• Improve the RFS API to support write and unlink operations
• Implement mlj to list files in json
• Implement mj and improve 'm / io' vs 'm io /'

graph

• Fix agfg - GML output format fails with high-ids because of Java
• Improve the graphviz output for traced bbs

io

• oob [arg] sets bin.baddr, then seeks to new entry0

panels

• Naming tabs is supported
• Fix dc and F9
• Status should be shown on top of the screen
• Improvements in panels for usability
• Filter is supported with command f/F
• Decompiler default off for everything especially tabs working better this way
• Better key allocations for tabs
• Initial support for tabs
• n/N should behave like the ones in visual which are for go next nkeys
• Auto update synced with every mode change is supported
• A panel will be allocated for each help msg when it is called
• Help menu is classified better and help panels are implemented
• t key is supported in both window and zoom mode
• n/N commands are supported in window mode
• t key is supported in Function panel
• Better algo for t and it is supported in hexdump too
• t key support for entropy
• t key instead of tab key is supported in Disassembly panel
• Comments work in Disassembly panel
• Interactive message for cursor and insert mode
• ioCache menu works
• Do not ask yesno for decompiler if it is not even available
• Show meaningful messages for invalid operations
• n/N splitting a panel vertically/horizontally with new user input cmd
• Show if the cache is on or not on each panel
• Fix some potential memory leaks
• Toggle cache boolean of a panel by &
• Default positioning was not just right
• instead of [x] to honor the command of deleting a panel
• C in panel should behave like the one in visual too
• Add summary and Entropy fire added in the menu
• • Entropy fire added in the menu
• • add Summary under View menu as well
• Better page scrolling for JK
• Refactoring plus a little tweak for HL and some fixes
• Auto update decompiler
• v!g instead of v!o for consistency
• Refactoring for performance issue part1
• undo/redo seek enabled.
• Opt the decompiler in panels
• Fixed a few bugs
• SAKURA instead of SNOW since it is April:P
• Handle rotateAsmEmu via ')' in Panels

print

• Add p=a, p=A (and p==a, p==A, prc=a and prc=A)
• Fix hex.cols usage in prc and pxA and add pxAv for visual
• Fix #13880: Add dt=
• Implement pfc normalized types and values
• Add scr.bgfill config option
• Honor color theme in p==
• Fix p== in debugger (only processes current map)
• Add scr.square and implement the prc= command ala pz,p=..
• Implement 'less' command and add 'l?' command
• Move pava from core to print and honor it in pxa
• Implement pfc C struct format command
• Fix large disasm issue with invalids and handle @{xfs}
• Hide switch/case refs from pds
• pf z honors scr.strconv and str.escbslash

r2pipe

• Add support for r2pipe shellscripts

search

• Fix #13988 - Add JSON output format to rafind2
• End of archive detection in rafind2 -m
• Avoid scanning the whole -1 address space. Fixes aap in debugger
• Android magic numbers until Android 9.x
• Add io.sky and solve io.maps.x issue happening with aap
• Fix #13321 - Make /ci [from] [to] find immediates in range
• Fix search asm boundaries issue

sign

• Make zignatures database more flexible, add realname, comments and xrefs

sync

• Initial rework towards bringing back remoting commands

traces

• Introduce dtdi and update help message

types

• Add vvs command to edit function signature from visual
• Implement more tx subcommands (type-xrefs)
• Implement afs! to edit current function signature with cfg.editor
• Added a command to edit types using cmd.editor
• tfc->tcc and tcc in sync with t*c
• Fix afs command, parsing, behaviour and help message
• Add more basic types from libc
• Fix null deref in types when invalid db and add more basic libc

visual

• Improve visual mark
• Implement graph neighbourhood navigation with i and I keys
• Move the esil debugger into vbE
• Improve the visual ropchain editor
• Fix cursor jk in disasm and debugger visual modes
• Make scr.gadgets true by default
• Make 'o' do the inverse of 'O'
• Fix #13673: Sort column results in vbg
• Fix #13713 - vr rotates between JMP, CALL and DATA reference hints
• Fixes for flagzones and scr.scrollbar
• Add scr.scrollbar.bottom
• Fix callgraph browsing and node folding glitches
• Handle /* in reg/stack cursor in debugger view
• Handle +- keys to increase/decrease register value
• Honor scr.scrollbar in visual graph

windows

• Convert Windows error message to utf8
• sys/meson.py: Create r2.bat as alias to radare2.exe

Other commits

• Release 3.5.0 - Dismay
• Upgrade to use sdb 1.4.0 (#14045)
• wget/curl downloads use CS_ARCHIVE
• Code cleanup in capstone.sh
• afu: improve usage text and argument handling (#14044)
• Tweak documentation for afu to indicate its argument is mandatory.
• Detect missing argument in afu: Error out if afu is called without its mandatory argument.
• Improve argument parsing in af, afr and afn. (#14042)
• We now skip leading whitespace when looking for the first argument
• to these commands (the function's name). Previously, the following
• command
• af fcn.foo @ 0x000affe
• would try to define a function with an empty name at offset
• "fcn.foo @ 0x000affe".
• Improve error messages used by afn and afr. (#14039)
• When renaming a function fails because no such function exists
• at the given address, don't include the new name in the error message
• as it is unrelated to the cause of the error.
• Couple of mem leak fixes proposals. (#14038)
• Trim spaces in pfo
• Special symbols $a,$d,$t could also have a '.' + a number
• Let's ignore the number for now, it shouldn't cause too much issues.
• Fix PPC regressions
• Update capstone v4 and next branches
• Fix pifcj issue
• Hide esil warning under esil.verbose to please users
• Fixed missing parameter for linux i386 (#14026)
• Honor the entry0 flag and other bug fixes
• Fix crash in -n
• In fs_r2: /seek and /bsize and fix flags and config writes
• fs.shell supports echo and redirections '>'
• Fix some warnings
• Fix LGTM builds
• Add LGTM configuration file
• Ability to download capstone git as zip
• Add ?|? to root help
• Fix ASAN crash (1byte oobread in dex)
• Use SPCL instead of SPECIAL_SYM
• Fix issues related to meta.range management
• Fixes #133660: Dword in the middle
• Current java implementation of the analysis is not working well
• RBin.Java doesnt updates the vsizes because it seems to break things. wip for another PR
• Added anal.ex option to use extensions or not
• Install r_agraph.h with meson (#14005)
• Improve |? (#14003)
• Minor code cleanup in flags and bin (#14000)
• Fix appveyour thing
• Call remove_offsetmap only if the flagItem is not new
• It does not have sense to call that function on new FlagItems, it just
• slows down things for nothing, since item->offset has not been set yet.
• force and is_new must be two separate things
• When setting a flag (which may be even a set of some properties of an
• existing flagitem) we want to force the update of all the RFlag
• properties, but remove_offsetmap should not be called when the flagitem
• is new. So we need to track the two properties separately.
• Fix some warnings in the linux-debugger code
• Revert "Fix crash in r2panels config" (#13995)
• This reverts commit 9a1965f.
• Fix crash in r2panels config
• Fix a bug (#13992)
• #include sdb/ht_uu.h after r_types.h (#13989)
• Fix capstone5 meson build
• Fix crash in swift demangler
• Add --with-capstone5 configure flag
• Add use_capstone5 meson option
• Add prc=a in visual
• So pointers get rebased transparently during buffer reads. This makes objc class parsing work again.
• Fix #11385 - load offset from project
• Refix
• Fixes for ppc analysis with capstone5
• ADD BP and SN for the ppc reg profile. Also fix some null derefs on invalid esil expressions
• Hide warnings
• Fix vvs and make :> work again to create empty files
• Fix bugs of cursor for hexdump in panels (#13978)
• Fixed a few things (#13974)
• Fix tons of bugs of cursor for disassembly in panels
• Improve visual panels interaction
• " to create a new panel without using window mode
• X must always close a window, use xX to access refs
• Implement v!t- to delete last tab
• Implement graph.dummy for toggling the creation of dummy nodes
• include uint32/64 in JSON output
• add uint32 and uint64 to ? output
• Implement search.in=file
• Improve help msg for "." (#13961)
• Refactoring (#13955)
• Fix wtff + argument 0 size issue
• Fix lang_pipe_run hang in Windows (#13960)
• Fix lang pipe hang in Windows
• Fix hang and double-free
• Fix ml/mL/Lm inconsistency
• Fix warnings on Windows (#13954)
• Fix comments in panels (#13953)
• Add macos pkg uninstallaton script instructions
• Fix a small bug
• Fix prc text color
• intro.md: Fix typo
• Typo in "Begin" fixed
• enable ctrl-r to perform backward search
• fix up/down array backward search
• Fix a bug of colors menu
• Show which ascii char is in drr output
• Fix null deref in canal.c
• Fix crash in dmh on Frida
• Fix a bug
• Sign hash, possible mem leak fix. (#13942)
• Avoiding creating an entry if the type is not known (at the moment).
• Fix ms double free crash (#13938)
• Fix missing newline
• Fix #13931 - Do not memref mmxwords in LEA
• Fix wa* command
• Prevent extra blank line from stderr when using @@= with backticked prz (#13935)
• Colors menu improved a lot in panels (#13936)
• Improve the bold theme a bit more after testing on another projector
• Fix a bug in menu and remove unused code (#13933)
• Add help msg for tn-
• Do not psuedo the visual ropchain
• Fix null deref
• Tabs in panels work heaps faster now (#13929)
• Refactoring and fix a stupid regression (#13928)
• Refactoring more (#13926)
• Fixes #12100: wtf! warns when file size is unknown (#13925)
• Restore the seek when doing aggv to fix a random bug
• Fix UB in esil shift
• Use our own instance of RAnalEsil to fix a crash in aeg
• Refactoring tabs (#13924)
• The bit editor is now accessible via the visual browse mode
• Improve visual assembler usability
• Remove dup aae
• Add help msg for om-*
• Fix glitch in 0 width frames in panels (#13912)
• Sample: clusterfuzz-testcase-minimized-ia_fuzz-5651817880354816.dms
• Fix #13907 - pd 1;pdj 100;pd 1 bug
• Merge pull request #13910 from Vane11ope/vane11ope/panels_1
• Refactoring and improving help msg, Fixing a few bugs etc
• Fix null deref in vbg
• Fix help msg for $dis?
• Expose r_core_autocomplete() to the API
• Decouple Autocompletion from RLine
• Fix more bugs and add some missing functionalities to the window mode
• Fix a small bug (#13896)
• Fix pf? <fmt_name> (#13892)
• Initial work on refactoring RParse
• Fix r_vector.h for C++ build (#13890)
• Use RPVector in RLineAutocompletion
• Fix argc+argv init and clear in RLineCompletion
• Minor changes for RLineCompletion
• Check for completion
• Make r_line_completion_set_weak use argc+argv
• Use only RPVector in RLineCompletion
• Reserve in r_line_completion_set
• Add r_pvector_data() and r_pvector_index_ptr()
• Remove r_pvector_set_free()
• Fix pfs handling of {times} (#13884)
• Fix naming of the public RLine autocompletion callbacks
• Fix code injection issue in ir* and is*
• Fixed help text for 'o' and 'G' keys in v! mode (#13875)
• Use more current enum elf_machine (#13874)
• Win PE format, mem leak fix (#13873)
• remove PICK/RPICK from esil
• remove last use of PICK
• remove one use of PICK from sh-esil
• Set overflow flag if pfj z string overflows (#13865)
• Little mem leaks fixes (#13866)
• Make couple of keys toggle-able (#13864)
• Fix 1oobread crash in fire bars
• list all types in current function
• list all types in program
• create a types graph
• list all functions using the given type
• Something gone wrong with t key in the stack panel (#13851)
• pf z, io.unalloc=true: Abort map check loop if the size-0 map is encountered (#13843)
• Fix inappropriate if checks in panels
• Fix a bug when pressing t in decompiler (#13838)
• Changed can_affect_bp a little
• Fixed xor reg, reg issue
• Small fix in rargs detection
• This is more like a workaround
• In graph, = sets cmd.gprompt and | changes layout, step centers graph
• t key is supported for register panel
• Mark pf z strings that overflow into unallocated memory with "ovf" (#13829)
• Mark pf z strings that overflow into unallocated memory with "ovf"
• Use RIOBind instead
• Put cheaper test first
• Check map read permission as well
• $ r2 -c '"w hello # world"' -qcps -
• Add s110 to list of OS in asm.os=?
• Fix b command parsing (show help if subcommand is invalid)
• aa* -> aaS
• Do not run aap twice in aaaa
• Add missing help for aaf?
• Add missing entry in the flag/d/meson
• Minor fixes
• Fixing most likely a typo (#13817)
• A few refactoring in panels
• Fix build
• Do not use defines
• mach0 dylib: addr + 16 was the right address
• Fix r_buf_get_string implementation
• no_null -> overflow
• Improve the lima theme
• This LC_SYMTAB handling is wrong
• Initial import of the esil-graph command by @condret
• Also fix ob command to switch between different objid
• Press Enter on menu is properly fixed
• Fix print_string for Windows (#13800)
• Fix coredump PC not being considered (#13793)
• Fix infinite loop and memleak in dex (#13794)
• obL is an alias for iL
• Rotate between call/jmp/lea in graph and panels with 'r'
• "char* " -> "char *" in format.c
• Add to pfj z TODO comment
• Fix esil test that I broke yesterday (#13777)
• Fix #13674 - Graph nodes doesn't need to be updated if there aren't any
• Added missing help text for 'db*' command (#13774)
• Fixing possible dangling pointer for str empty macro (#13769)
• #if-0 out some not-working-as-expected code
• pfj z honors size (#13761)
• Improve r_buf_buffer and remove r_buf_get_at (#13676)
• Make r_buf_buffer return a ut8 and the associated size of the buffer
• Remove r_buf_get_at uses and make it static
• @b: overrides the anal hints again (#13756)
• "char * " -> "char *" in format.c
• No bgcolor in the sepia calls
• @@@ # foreach offset+size iterator command:
• x @@@= [addr] [size] ([addr] [size] ...)
• x @@@b basic blocks of current function
• x @@@c:cmd Same as @@@=cmd, without the backticks
• x @@@C:cmd comments matching
• x @@@i imports
• x @@@r registers
• x @@@s symbols
• x @@@s sections
• x @@@m io.maps
• x @@@m dbg.maps (See ?$?~size)
• x @@@f flags
• x @@@f:hit* flags matching glob expression
• x @@@f functions (set fcn size which may be incorrect if not linear)
• x @@@f:glob functions matching glob expression
• x @@@t threads
• x @@@r regs
• Fix elf-arm-main regression
• Fixed help text for visual seek ('o' ->'g') (#13748)
• Remove use of RPICK in sh-esil (#13747)
• Fix RAnalOpMask.ALL (#13743)
• Fixing aab (#13741)
• Fixing aab
• Update blaze.c
• Fix pfj z when z is not at struct start (#13740)
• Preventing two little segfaults in zdiff
• Use r_str_escape_utf8_for_json() for pfj z (#13734)
• Remove all remaining uses of RPICK in avr-esil (#13733)
• Fix memleak in aef
• Fixed help text for 'Z' in visual graph mode (#13732)
• Put pfj z string in value field (#13729)
• Fix crash in rasm2 -a 8051 -d
• Add value and label (if available) to pfj enum (#13728)
• Fix pfj enum when label is not available
• Remove some spaces in format.c
• Fix potential DF and irrelevant resource freeing
• Rollback to capstone4 until all bugs get fixed
• /am is like /c but only search for instructions and uses R_ANAL_MASK_DISASM
• Added new op family: R_ANAL_OP_FAMILY_PAC; (see /af)
• Fix meson build of capstone
• added bswap to esil in x86
• more RPICK removal from avr esil (fmuls and fmulsu)
• more RPICK removal from avr esil (mul and fmul)
• Handle comment, prompt and other keys in visual, zoom, cursor modes
• Do not show the anoying 'cannot undo/redo seek' in panels
• Several usability improvements for panels
• More refactorings and bug fixes for panels
• Replace pointer with an array of variable size (#13706)
• The elements are directly after the headers, there is no pointer
• involved.
• Also, use r_buf_read_at instead of r_buf_get_at in mdmp.
• HL for move horizontally by a page (10 chars) in panels
• Zeroize oldslide when leaving top-level pf
• Couple of new fortunes.
• Use NESTEDSTRUCT instead
• Add tsd/tud/ted/tcd subcommands
• Add newlines to tsc/tuc/tec
• Honor asm.jmpsub in pdj output (#13701)
• scr.scrollbar (0=no,1=right,2=top,3=bottom)
• Cleanup avr-esil for inc and dec (also RPICK-removal) (#13693)
• pfj: Remove errorneous ]}, after struct nested to 1 level (#13691)
• Fix random crash on x86.cs on exit when used with r2frida (#13692)
• better leak on exit than crash in capstone/frida
• More RPICK removal in avr esil (#13687)
• Fix #13653 - crash reproduced randomly in graph with white2 theme (#13685)
• arm: Remove redundant op->type assignment (#13683)
• Fix menu focus colors in panel menus
• Rename Pseudo -> Decompiler in panels
• Deprecate esil_write_internal
• $z, $b, $c, $p, $o, $s, $ds, $jt, $js, $r, $$ are now ops
• Remove R_ANAL_ESIL_PARM_INTERNAL
• Fix segfault and trim whitespaces to fix pd @x:9090
• Use maps and io.va=1 to make it work instead of hacky memcpys
• Fix p8f and bring back core->fixedblock to make pd/pD@x:/len work again
• When in cursor mode in the debug visual view select the reg with tab+arroows
• arm: Improve glibc entry point signatures
• Two changes:
• 1. Add signature for old gcc (4.6) that uses ldr/str instead
• of push/pop.
• 2. Mask out the Thumb bit from main's vaddr.
• arm: Cleanup br instruction handling
• The cleaned up code fixes the following issues:
• 1. "bx pc" should always change to ARM mode (bits=32), never
• Thumb mode (bits=16), since PC is always even.
• 2. Use (addr & ~3LL) + pcdelta for all PC-relative arithmetic.
• and removes checks for "b reg"/"bl reg"/"bx imm"/"bxj imm" as
• these instructions don't exist.
• arm: Move brace postfixing to bottom of function
• The analop_esil/analop64_esil functions have to wrap braces around the
• ESIL expression if there's a condition code. Instead of only printing
• the closing brace on certain instructions (which may differ from
• arm_prefix_cond one day), print it regardless of the instruction.
• arm: Move op analysis from anop_esil to anop
• This matches how other archs do it, such as x86.
• Sync elf_machine enum in elf.c with elf_enums pfo
• Increase autocompletion to 4096 (#13662)
• Blindfix #13659 - crash in aao with a fuzzed macho
• Add version information to libr_main
• Add workaround to fix pfj test output
• elf.c: Update -nn header format (#13657)
• Use more r_return and a lot of code cleanup, but still not finished, more PRs to come
• meson: Change completions installation directory (#13647)
• meson: Fix deprecation warning in libcore (#13646)
• cconfig.c: Remove dup line and capitalize for consistency (#13645)
• Hide one more emulation warning under esil.verbose
• Invalid asr shift of 32 at 0xdbb6
• Fix 2 crashes found with asan in the hexdump
• Done some TODO refactorings in panels (#13630)
• Thanks to anal.types.verbose
• Fixed crash when doing aac and bin->cur is NULL (#13621)
• Needed for r2dec
• Add types for android-log apis
• Add function signature for memmem
• Add r2white doc/img
• Improve the gentoo theme
• Add gentoo theme
• After release version bump

• Fix static, ios and android builds

Release Notes

Version: 3.4.0
From: 3.3.0
To: 3.4.0
Commits: 349
Contributors: 47

Authors

• Ahmed Abd El Mawgood ahmedsoliman@oddcoder.com
• Alex Gaines roboman2444@gmail.com
• Amith Venugopal amithcr7007@gmail.com
• Anton Kochkov anton.kochkov@gmail.com
• Anton Kochkov xvilka@gmail.com
• Brenton Morris brenton.smorris@gmail.com
• CrypticalCode0 mmcv1987@yahoo.com
• David CARLIER devnexen@gmail.com
• David Carlier devnexen@gmail.com
• Deepak Chethan deepakchethan@outlook.com
• Fabrice Martinez martinez.fabrice@gmail.com
• Florian Märkl info@florianmaerkl.de
• Francesco Tamagni mrmacete@protonmail.ch
• Giovanni 561184+wargio@users.noreply.github.com
• GustavoLCR gugulcr@gmail.com
• Johannes johannes@jnbr.me
• Jörg Thalheim Mic92@users.noreply.github.com
• Khairul Azhar Kasmiran kazarmy@gmail.com
• Khairul Kasmiran kazarmy@gmail.com
• Lev Aronsky aronsky@gmail.com
• Lowly Worm cutlassc91@gmail.com
• MK marcin.kopec@hotmail.com
• Mahesh Kale kjyotiba@cs.iitr.ac.in
• Maijin maijin21@gmail.com
• Maijin maijin@reverseshade.com
• Mikael Modin regs+github@badsynthesis.com
• Nikolay Edigaryev edigaryev@gmail.com
• Paul I pelijah@users.noreply.github.com
• Riccardo Schirone ret2libc@users.noreply.github.com
• Riccardo Schirone sirmy15@gmail.com
• Rishi Bhatt r201501062@gmail.com
• Romeu Gomes romeu.bizz@gmail.com
• Stefan sj@scrimpycat.io
• Vanellope vane11opeschw33tz@gmail.com
• Vasilij Schneidermann mail@vasilij.de
• Wladimir J. van der Laan laanwj@gmail.com
• a1ext a13x4nd3r.t@gmail.com
• condret condr3t@protonmail.com
• dogtopus dogtopus@users.noreply.github.com
• guy-gal 48994774+guy-gal@users.noreply.github.com
• io12 7348004+io12@users.noreply.github.com
• pancake pancake@nopcode.org
• sivaramaaa sivaramaaa@gmail.com
• t1t0 przemyslaw.duda@gmail.com
• wangcong king6cong@gmail.com
• xarkes antide.petit@gmail.com
• Óscar Carrasco oxcabe@gmail.com

Changes

anal

• Add more function sorting methods and reduce unnecessary resorts
• Fix #13466 - Adjust thumb xrefs on aae
• Fix axf without args
• anal_riscv: Implement get_reg_profile
• Fix #13451 - make afs work
• Show destination in axf
• Analyze symbols of type STATIC
• Add R_ANAL_OP_MASK_DISASM for r_core_anal_op() for now
• Reduce false positives in aav honoring align and skipping code blocks
• Remove CALL_IS_EOB, it was experimental in r1, not useful
• Add warning message when jump table size is invalid
• Fix #13077 - calling convention args to start from 0 instead of 1
• Add avrr and aao in aaa
• • m68k architecture is always 32 bits and big endian
• Implement jmptbl for Thumb TBB and TBH instructions
• Fix m68k analysis issues 
• Add R_ANAL_OP_MASK_OPEX
• Add support for Thumb jmptbl based on TBH
• Fix glitch found in analyzing jmptbl in debug
• Avoid passing fixed size buffers in RAnal.fcn, reducing the use of anal.bb.maxsz
• Fix r_reg asserts issues spotted in the mips emulation
• Remove redundant key in anal/cc
• Simplify function guessing
• Add missing ESIL for ARM64's LDRH instruction
• Fix null string issue in afi and add afcf in afij
• Use ARM special syms as analysis hints (#13249)
• Use fcn->meta.min instead of fcn->addr in fcn rbtree code
• Fill ptrsize for TBH and TBB Thumb/ARM instructions
• Update register profile for m68k
• Update Windows type db
• x86: add ESIL for BSF/BSR instructions
• Implement new aesou and abte commands
• x86 afb+: Update size in fcn rbtree after adding bb
• Support another type of jmptbl for x86-64
• Add fp register as BP in mips analysis
• Improve CHIP-8 analysis
• Add Windows types from synchapi.h
• Add Windows Crypto API types
• Update Registry API types

asm

• New command: 'wai' write assembly inside the current instruction
• Initial implementation of the .offset RAsm directive
• Updated ppc's libvle with latest fixes
• Add asm.refptr eval variable
• Implement rasm2 -x to output in hex dwords
• Add CHIP-8 asm descriptions
• Fix #13208 - Initial import of the asm.null plugin

bin

• Add dex.h and cdex.h for header structs
• Parse segment name in -H, deprecate 2 old load methods
• Adding symbols for 32bit version of mfc140u.dll
• Fail kernelcache check for non-arm64 kernels
• Use entrypoint from LC_UNIXTHREAD for the Kernelcache
• Fix integer overflow that leads to a crash in the DEX parser
• ELF: returning the full compilation toolchain info
• Added load_buffer and check_buffer for qnx (#13446)
• Rebase strings when necessary
• Rbin remove old load_bytes callbacks
• bin_art: avoid double free
• Compute file hashes on request via it and compare if has changed
• Add bin_qnx.c in Meson.build
• Add Homewbrew detection
• Import the XNU kernelcache RBin plugin
• Add initial support for QNX executables
• Adding OpenBSD elf sections
• Fix #13157 - Invalid read in r_bin_demangle_swift
• Parse objc categories
• Fix mach0 relocs when no symtab is there

build

• AppVeyor - Update MSVC to 2017, Ninja to 1.9.0
• Fix compilation on Android
• Fix offline build: Remove duplicated curl line

config

• Change anal.maxreflines to asm.lines.maxref
• Fix #13201 - Merge anal.jmp vars fix

cons

• dm= now honors theme (eco) settings + wx sections are highlighted
• Added missing flags & file paths autocompletions
• Add more file paths autocompletions
• Added missing autocompletions for breakpoints related commands
• Add prompt handling in r_cons_gets
• Add missing autocompletions for e and P subcommands
• Add missing keywords for tab completion

core

• Make flag comments base64-compatible
• Support alias files in '.' interpret too ('. $foo')
• Implement $foo=- to use cfg.ediitor to edit the alias
• Initial implementation of alias files
• Fix wcr command
• bin.str{purge,filter} -> bin.str.{purge,filter}
• Rename asm.bbline to asm.bb.line and disable it in graph
• Create libr_main and make all binaries use it
• Introduce anal.verbose and set http.verbose and bin.verbose to false
• Make function to allow grabbing the flags by order of importance in flagspace
• Fix va_arg issue in r_str_newf and r_str_appendf

debug

• Fix #13363 - Remove URI handler before looking for auxillary script
• Some fixes for the debug/emul traces and initial visual mode
• Fix #13391 - issues when using file:// and ood together
• Displaying chunk flags as bits
• Implement dbg.skipover and fix dss for esil
• Documentate and fix 'afa' and 'afal' commands
• Implement V$ to set the program counter
• ASLR settings little refactor, available as util mean
• Initial implementation of the dri command - inverse debug registers
• FreeBSD will be having aslr finally

deprecate

• Fix #13430 - Kill MinGW remnants

diff

• Implement the dif command to compare two files using unified
• Fix #13541 - Automatic radiff2 -p when no bininfo is found

disasm

• Call to same relocs must have same name instead of appending number
• Improve pf visualization via Cf in pd
• Fix #13502 - alignment of .dword things
• Remove reflines2
• Fix bugs on E_MASK_D and BD24 (343eeb9) powerpc/vle
• Fix printing consecutive type links in pd
• Support asm.pseudo=1 in pad command
• Sync with libvle (bugfixing & new instructions)
• Fix #13412 - Improve folded-bb message
• Fix asm.stackptr when disassembling in the middle of a function
• Add support to fold basic blocks in graph, disasm and commandline
• Add chip8 pseudo support
• Implement UJMP/UCALL color and update themes
• Fix #13326 - Implement of asm.regsub to replace register names with their role alias
• Implement visual decompiler and fix the RConfigHold API
• Show function signature on tailcall jumps
• On ARM, labeeling the unwind address segment a bit more accurately

docs

• Updating which assert version to be used

esil

• Add cmd.esil.step

flags

• Add symbols.objects and symbols.sections flag spaces

format

• Fix #12041 - fix truncated pf output
• Add pfo dex|macho and bind structs to offsets with Cf via .iH*

fs

• Rename mg to mc and implement 'mg' properly

graph

• Handle b key in graph, doing the same as in visual
• Improve interactive graph title with function signature
• Implement graph.trace and improve dt+ with dt++ for abt
• Trim decompiler text in graph nodes
• Implement support for decompiler graphs in 'v #'

hexdump

• Support colors in prx (abusing px)

io

• Consider the map sorting when two map_events are the same

nds

• Add Homewbrew detection

optimization

• Add an early-out optimization for r_isprint (2%-30% speedup)
• Optimize r_str_bounds by removing an unnecessary strdup
• Avoid unnecessary RConfig.get('cmd.times') in RCore.cmdSubst

panels

• pP rotate panels
• ROP gadgets work properly when in-n-out
• Fix some crashes
• bunch of menus work which had been broken such as ROP, etc
• Submenu is also highlighted
• Menu should not be highlighted when it's not focused
• Fixed some critical issue in resizing
• Panels move more flexibly with HJKL
• Remove some useless messages on the menu

performance

• Remove redundant section lookup in get_strings_range
• Improve console rendering times
• Make analysis use io instead of fixed size buffer
• Optimize analysis by adding more fine-grained levels

print

• prc honors io.unalloc
• Implement p-e (entropy bar)
• Fix #13323 - Skip nulls in pxr
• Show negative reference in pxr, honoring asm.bits

projects

• Fix #13252 - Fix path with spaces in projects

rbin

• Change printf to println

refactor

• Fix #11133 - Remove buf_hex frield from RAsmOp
• Pass RAnal instead of rbtree to fcn rbtree api

search

• Fix infinite loop in /r, and optimize by not resolving vars when not needed
• Make -x behave like /x unless mask is provided

sync

• Fix #13234 - Allow reopening of webserver
• Fix debug rap reg profile setup

types

• Fix #13585 - Changes to tl
• Load basic types on startup instead of onload
• Add the ability to open .h files with the 'pfo'
• Add txf and txf. commands
• Add a command to list all used types in current function
• Add err* noreturn functions for Linux, iOS and macOS
• Fix #13247 - tn and tn- commands

visual

• asm.var.summary should be on if the screen is too small
• Fix #13333 - Show flag zones in scr.scrollbar
• ^F,B in visual is used to scroll pages not bytes
• Add Vvvt - visual function var types
• Improvements in vbg
• Vpp"c now properly rotates
• Visual 'k' honors asm.flags.middle
• Fix visual mountpointss, move it into Vb
• Save changed bytes after modifying their bits in vd1
• Several improvements in vbg
• Fix #13283 - Swap g<->o in visual and graph
• Improve visual tabs switch with decompilation mode
• Fix graph.layout=1 issue when zoom < 1

windows

• Refresh on resize and fix mouse input on visual foor Windows
• Fixes pipes implementation on windows
• Add support for UTF console input in Windows (#13338)
• Fix #13301 - Fix crash when unicode support is enabled
• Alias /dev/null to NUL in Windows
• Fix dll_ symbols not being analyzed with aa

Other Changes

• Add a call to r_search_kw_reset in r_search_prelude to fix arbitrary heap oob write (#13605)
• Enforce 32bit and jumps for VLE-PPC
• ec* shows bgcolor too for fgbg color (#13602)
• Asan fixes 3.4.0 (#13603)
• Fix OOB writes in bin_qnx
• the formats specified in buf_fread were wrong
• fixed some memory leaks in bin_qnx
• Another tcc crash fixed (#13599)
• Fix wrong chopping issue in Cf (#13584)
• "Cf 1 xxx" <- spaces was not trimmed
• Should be aliased under the c command
• prc: Don't Color_RESET if scr.color=0 (#13594)
• aflsa, aflsb, aflsn, aflss - sort by addr, bbs, name or size
• Fix help message for rabin2 -h | grep str.filter
• Fix uaf in config hold (#13591)
• Fix aflm crash (#13592)
• Fix oobread in aao
• Fix Visual jk - prc interaction (#13578)
• Fix iCj for PE (#13579)
• Fix #13491 - Handle $aliasFiles in 'cat' and 'rm'
• Remove some whitespace from cmd_print.c
• Add get_reg_profile call for RISC-V. In this profile, include the
• integer and floating point registers. Use the ABI register naming
• instead of the architectural one as this was chosen in the disassembler.
• This is straightforward as the user-level ISA only specifies these
• registers. In RV-I there are no flags, and only a few read-only
• counter CSRs are accessible from user mode which (I think) don't need to
• be in this structure. In RV-F/D there is one 32-bit CSR containing a few
• flags.
• This addition is not quite enough to get analysis or debugging working,
• but can be a step towards that, and prevents warnings about being unable
• to import the register profile from isil during launch on RISC-V.
• Also update bits to 32|64 instead of 16|32—there is no 16-bit
• RISC-V.
• Fix arm thumb endianess (#13572)
• Fix assert in format print when trynig to retrieve a null register name (#13569)
• Fix warnings when SN is not defined for a specific arch (#13568)
• Fix #13552 - Crashes in tcc parser (#13566)
• Fix some warnings and remove unused code
• Revert "[WIP] Added jump and fail info to pdJ"
• This reverts commit 20f875b.
• from #13481
• Remove dead r_core_save_parsed_type() declaration (#13564)
• Build arch detection for RISC-V (#13560)
• Make sure that asm.arch and anal.arch is set correctly when starting
• radare on RISC-V.
• Remove unused CMP_END_GT()
• Include aap in aaa (#13543)
• Include aap in aaa
• Added aap only if file.type is unknown
• extracted them to method
• Add ut*/st* type shortcuts (#13550)
• Fix io.unalloc off-by-one (#13535)
• Fix newline after axj output (#13533)
• Add support to multiline assembly patching (#13526)
• For example, this line 'OFFSET : nop;nop;nop' (provided in the example patchfile at binr/rabin2/patch.txt) now actually works
• Fix a minor bug in panels (#13531)
• Fix build
• Fix build
• Fix #13511 - pqz -> pqs and psq as an alias for pqs
• Rewrite kernelcache check_bytes (#13518)
• Parse load commands to extract 3 metrics (kudos to @Siguza for suggesting):
• • use of LC_UNIXTHREAD
• • absence of any library linked against
• • addresses in the upper half of the address space
• If those are met, then it’s a kernelcache. This just needs to parse all load commands types and vmaddr from LC_SEGMENT_64 (but nothing more) from the bytes.
• Run aav after aac in aaa
• When using debugger the file assumed path for the auxillary script
• was dbg://.r2, without debugger it's just .r2.
• This patch cuts out the 'dbg://' prefix if found before looking for the
• auxillary script.
• Make buf field private in RBuffer (#13473)
• Fix pemixed build (and include it in meson build)
• Do not use base_priv in yank, it was wrongly used.
• Fix jump/fail for Java ops
• [WIP] Added jump and fail info to pdJ (#13481)
• Added jump and fail info to pdJ
• tired of waiting
• pxA > pCA
• Fix dt+ command parsing
• Fix build on capstone3
• Fix .travis to build release/prereleases branches too
• Fix regressiono
• Handle more X86 instructions to, at least fill the ->type
• Fix #13367 - last line glitch in r_cons_strcat_at
• Fix #13367 - Fix offbyone alignment in line printing
• Improves graph generation times. But it's still called too many times
• Update capstone-master (#13496)
• Fix #13485 - Crash in anal_tp (null deref) (#13497)
• Do not compute asm.stackptr when not requested, fixes slow disasm issue
• Save aliases in projects
• Fixing aflqj (#13483)
• pd 10 > $foo # save the output of pd 10 into $foo
• $foo # print the contents of $foo (the output)
• $* # values are now printed in base64
• $foo=base64: # is now supported
• Removing debug output from top of vbg screen (#13479)
• af+ sets meta.min (#13484)
• Random fixes and improvements for visual debug traces
• Add "return" and deindent
• Fix mulss pseudo (#13470)
• SP was declared as 'sp' in the register profile which doesn't exist. Stack pointer is a7.
• Most C compilers for m68k (e.g. LatticeC) use a6 as stack frame pointer via LINK and UNLK instructions, declare a6 as BP
• Fix clusterfuzz-testcase-minimized-ia_fuzz-5636199282114560.dms
• Move compiler line to the right place
• Fix build on newer RISC-V compilers (#13459)
• On gcc 9.x, __riscv__ is no longer defined but __riscv is.
• This is documented under C/C++ preprocessor definitions on
• https://github.com/riscv/riscv-toolchain-conventions
• Fix ft command crash on Windows (#13457)
• Change 'sanitiz' from bininfo to be according to alphabetical order (#13456)
• Fix invalid json regression for compilerr
• mach-0 empty value for now
• Optimize slightly r_core_visual_disasm_down() (#13450)
• Clean up of PR #13441 (#13455)
• Chip8 pseudo fixes (#13453)
• Fix #1179 - itj hashes calculation command has fixed (#13441)
• Fixes #1179 - itj command has fixed, small refactoring on hashes storage, removed obsolete file.sha1 usage
• Show all the different hashes on it and itj
• it and itj refactoring.
• PJ optimizations have made, added more arguments checks
• Fixes pipes implementation on windows (pipe data was treated as a string instead of binary data so first \0 truncates it)
• Make other RBuffer fields "private" (#13444)
• Use r_buf_size to get the size of a buffer, not the private field
• Use r_buf_seek instead of adjusting the private cur RBuffer field
• use r_buf_read instead of r_buf_read_at(.., cur, ..)
• other r_buf_read_at/r_buf_read
• Fix RBuffer usage in REgg
• Wrong replace with r_buf_resize
• Other r_buf_resize fixes
• style fixes
• other style fixes
• Introduce r_buf_tell API instead of using seek
• other style fixes
• style
• style 2
• write_at(cur) == write
• fixes
• avoid changing test
• Make most RBuffer fields private
• Add some fixme comments
• still use base_priv in some places
• Simplify WASM code by avoiding duplications (#13443)
• Simplify code by avoiding duplications
• Use r_return in consume_r
• Fix MSVC warning (#13434)
• Fixes crash in the disasm and assert for the folded bb feature (#13440)
• Change order of ? And i output (#13418)
• Completely kill the msvc/ directory and the unix-specific includes workarounds
• RBuffer should not be const (#13432)
• Improve Makefile on macOS (#13431)
• OS can have already be set to other values on user machines, OS= fits better here.
• FreeBSD get thread name support only from 12.x flavor (#13428)
• Fix #13000 (#13083)
• Fix musl compatibility - ARM_VFPREGS_SIZE is defined in asm/ptrace.h (#13427)
• Fix bug in print_flag_json() (#13425)
• Make pid.c use PJ (#13424)
• Fix invalid instruction warning (#13417)
• • store cmpval and cmpreg in every basic block
• • lookup cmpval from predecessors considering TBH’s index register
• • Fill op->jump and op->fail for all branch and jump instructions
• • Handle short and word variants of BSR (BSR.S and BSR.W)
• • DBxx instructions treated as conditional branches
• • Handle PC relative variant of JMP & JSR
• • Bugfix for the decoding of long instructions (code in asm_m68k_cs.c assumed a maximum of 8 bytes, but maximum is 10 bytes)
• Hide the CC=E warning when no anal.verbose is set
• Fix Meson build
• Simplified
• Update sdb from git
• Add support for UTF console input in Windows
• Convert ANSI input to UTF-8
• Convert UTF-8 to acp when calling ANSI version of functions
• Determine if Windows console output is UTF-8 on the fly
• Add afbF and handle Z key in visual disasm and graph to toggle basic blocks
• Correct visual graph help to actual behavior (#13406)
• Fix aclj
• Fix #13357 - vG and v^ work again as an alias for vgg and vgG
• Little warning cleanups (#13398)
• Add C64 Fortune (#13397)
• Remove noisy and useless warning
• Remove many uses of max_bb_size
• Use anal.verbose in more places
• Fix 2 crashes in the graphs and the analysis
• Implement and use experimental read_ahead for anal
• Introduce read_ahead approach for testing io usage and performance in analysis
• More cleanup and expose a new api for RAnalOp
• Kill FCN_SDB and some more code cleanup
• Add bytes_read var, convert some addr + idx -> at and reinstate some len-based checks
• Ensure invalid insn handling doesn't check invalid data
• Move "Truncated instruction" err msg to r_anal_fcn_add_bb()
• Remove gotoBeachRet macro and just use the goto statement
• /by @kazarmy @radare @ret2libc
• Fix anal jmp eob code (#13387)
• Move RAnalOpMask into parameter
• Use r_buf_size to get the size of a buffer, not the private field (#13380)
• Use r_buf_size to get the size of a buffer, not the private field
• Use r_buf_seek instead of adjusting the private cur RBuffer field
• use r_buf_read instead of r_buf_read_at(.., cur, ..)
• Fix RBuffer usage in REgg
• Introduce r_buf_tell API instead of using seek
• write_at(cur) == write
• Fix http webserver regression introduced in 81ad0fe
• UAF/memroy leak fixes proposal.
• esil_sub should manipulate esil->old and esil->cur
• otherwise, tests get broken...
• Drop weird esil_sub implementation, and use the same
• implementation as esil_add (and esil_mul, and esil_div)
• esil_add: fail on invalid dst, as well as src
• Consider the map sorting when two map_events are the same.
• When two maps start at the same address, it's important to consider the
• initial priority of the maps, which is given by the id field.
• Be more explicit in comparison between boolean and integers
• Remove CYGWIN & MINGW remnants (#13377)
• The 'display' routine of the malloc_chunk should display each field of
• flag field as bits.
• So prior to this proposal, dmhc could yield following information:
• struct malloc_chunk @ 0x7f5462ed4000 {
• prev_size = 0x0,
• size = 0x1112000,
• flags: |N:4 |M:2 |P:1,
• The flags should be displayed as: flags: |N:1 |M:1 |P:1
• Update sdb (#13373)
• Show call hints and propagate types for indirect calls to imp symbols (#13350)
• Few code cleanups (#13369)
• Remove dupe api in r_cons
• bin_bootimg: load_buffer/check_buffer
• bin_cgc/bin_elf/bin_elf64: remove load_bytes/load + load_buffer
• Implement check_buffer in bin_cgc
• bin_coff: load_buffer/check_buffer
• bin_dex: load_buffer/check_buffer
• bin_dol: load_buffer/check_buffer
• bin_dyldcache: load_buffer/check_buffer
• ao->kv's ownership is moved to RBin through the get_sdb method of
• RBinPlugin, thus the plugins should not free it themselves.
• Further usage of thread debug (#13359)
• Add r_cons_gets() API
• Fix crash when executing om (#13362)
• Implement load_buffer/check_buffer in RBinPlugins (#13353)
• Fix memleaks in MACH0 bin plugin
• Add check_buffer method to RBinPlugin
• Add r_buf_read8_at API
• bin_any: remove load and fix mem leaks
• bin_art: implement load/check_buffer, remove load_bytes/load
• bin_avr: add load/check_buffer and remove load/load_bytes
• bin_bf: load_buffer/check_buffer
• bin_bflt: load_buffer/check_buffer
• bin_bios: load_buffer/load_bytes
• This improves performance especially when there are thousands of sections.
• Update capstone from git
• Add r_th API to rename threads in r2
• Fix esil assert
• Added missing autocompletions for project management commands (#13340)
• Remove extraneous space for scd instruction for chip8
• Fix msvc build
• Remove parenthesis from class size listing (#13238)
• Cleanup the use of getopt with our wrapper
• Fix relocations in ET_REL ELF (#12694)
• Get the section name for SECTION/LOCAL ELF symbols
• Do not print warning messages if ELF is ET_REL
• In that case, it's a normal thing that dynamic sections and program
• headers are not present.
• Fix the address of the fake PLT table
• Do not use + symbols if there is no name
• To be able to add tests for nintendo DS r_bin plugin
• Add LGTM alerts badge
• Requires -F kernelcache for now
• Fix warnings in bin.qnx
• Add missing noreturn definition for darwin
• Set hints for ARM special symbols $t and $a
• Do not set $d metadata
• Fix #13297 proposal (#13299)
• Fix #13244 - Assembler support for x86 bsf and bsr instructions (#13303)
• Avoid assertion in esil traces, speedup some paths (#13300)
• Fix #13302 - Add .* as an alias for #!pipe but trimming in first space
• Fix microsoft cc (#13298)
• Fix pdJ for cmt.right=1 + pseudo=1
• Changed http.verbose to false (#13292)
• Use fcn->meta.min instead of fcn->addr in fcn rbtree code
• Maintain 2nd rbtree and reinstate _fcn(_addr)_tree_find_addr()
• FCN_ADDR_CONTAINER -> ADDR_FCN_CONTAINER
• Use r_rbtree_insert ⧸ delete as appropriate
• Remove set_meta_min_if_needed from _fcn_tree_probe⧸iter_next
• Fix memory leak in strbuf. (#13273)
• Fix memory leak in strbuf.
• sb->ptr was set to NULL without freeing the underlying data.
• Use R_NEW instead of R_NEW0, as the memory is
• initialized immediately afterwards.
• Call r_*_op_init in r_asm_disassemble/r_anal_op.
• Avoid splitting obj.* flags into their own flagspace (#13286)
• Little code cleanups (#13277)
• Use pj in canal.c
• Fix hang after ctrl-c
• use relsub addr
• kill i2, grab top of list when not in preferred spaces
• Add r_core_flag_get_by_spaces
• Remove r_flag_get_i2 and use r_core_flag_get_by_spaces
• Fix fcn name from flag
• Better consistency: flag_get instead of get_flag
• Quickpath for just one flag
• added annotation to the set_reg_profile for documentation completeness, the FPU registers are really too small and should be 5 words minimal(80bits) TBH. SR is only 16bit but it having 32bits is okay, CCR should be folded in but IDK how this would affect access.
• Update anal_m68k_cs.c (#13274)
• EXG (EXchanGe register) is an valid instruction for R_ANAL_OP_TYPE_MOV because it only moves from RegN to RegN.
• Fix leak in RIO: free iter after removing it from list
• ls_append/ls_prepend will create a new iter, so we need to free the
• iter that was removed from the list.
• Fix some leaks from unit tests
• PoC: Implement aCef to emulate all calls in the function and add comments (#13266)
• This PoC requires more refinement to use the API and clean the code
• Add '$' in v! to set the program counter
• Honor asm.indent and only toggle in disasm
• Remove SLOW_IO from core/anal.c
• Fix crash in canvas, some leaks and random code cleanup (#13254)
• Filter out special symbols in ELF (#13173)
• Filter out special symbols in ELF
• No need to add the special case '\0'
• Keep special symbols, but do not process them
• Refactoring
• Make sure s->type is not NULL
• Do not print special symbols in rad mode
• Avoid double check
• Fix PR's comments
• Warn when invalid use of r_buf_buffer (#13240)
• Update list of supported architectures (#13250)
• Change old references to aC to ac (#13243)
• $ rasm2 -x 'nop;nop;mov eax, 33;push ebx;int 0x80;nop;mov rbx,48484;nop'
• 0x21b89090 0x53000000 0x489080cd 0xbd64c3c7 0x00900000
• As suggested in https://twitter.com/travisgoodspeed/status/1101966927688318978
• BSF: https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf#G5.925704
• BSR: https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf#G5.21931
• MIPS elf renaming proper sections + little typo.
• recurseAt: Also update size in fcn rbtree
• Prerelease travis release (#13189)
• Add additional tests for release/prereleases
• Test different plugins configurations
• Add some libraries to docker image
• Disable SYS_CAPSTONE for now because there is only 3.0.5
• Fix html magic file to respect libmagic's format too
• < can be used with string so it should be escaped if we want to match
• the exact string ""
• Use plugin License when printing rasm2 plugins in JSON format
• Build with system capstone, but do not run tests because they would fail
• Fix tiny plugins file to use xtr_fatmach0 instead of just fatmach0
• Use clang to compile with ASAN
• Use b_lundef=false
• Just test if different plugins configuration build, no r2r
• Use sys openssl as well
• Introduce aess to fix the regression confusing step-over and step-skip
• Properly specify esil step over/or-not in the API to fix regression
• Initial implementation of aCe
• no assert on free, also fixes warning
• Added missing include (#13198)
• Fix few warnings
• After release version bump for 3.4.0-git
• refactored cmd_print.c to use pj.c (#13174)
• Refactored cmd_print.c to us pj.c
• Changed to r_str_trim_ro
• Few code changes, possible errors. (#13192)
• asm.strenc -> bin.str.enc (#13180)
• Added missing incude (#13184)
• • Default to unknown type
• • Detect RET
• • Remove fail from always succeeding jump/call
• • Move keypad commentary to LD Vx, K, add to SKP/SKNP
• • Annotate skips correctly
• • Annotate more instructions
• Refactor p-j using pj.c (#13170)
• Use macros for common flagspaces names instead of hardcoding them (#13175)
• Fix NULL pointer dereference in data references analyzer (#13178)
• Data references analyzer assumes that each function reference maps
• to a certain section, but this is not the case for raw binary files
• like shellcodes/firmware images/etc.
• This bug was introduced in #10117.
• Fix null ptr deref in axg* (#13177)
• Flush before closing pipe
• Change eprintf to rowlog
• If the user already provides a capstone tarball, the buildsystem should not try
• to download it again.
• Use r_str_ncpy instead of strlcpy
• Make Lisp fortune work with Clojure(Script) (#13161)