Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

axff didnt work as expected #23096

Open
ucgJhe opened this issue Jul 6, 2024 · 7 comments
Open

axff didnt work as expected #23096

ucgJhe opened this issue Jul 6, 2024 · 7 comments
Milestone

Comments

@ucgJhe
Copy link

ucgJhe commented Jul 6, 2024

Environment

Sun Jul  7 02:59:40 CST 2024

radare2 5.9.3 32339 @ linux-x86-64
birth: git.5.7.8-3398-g3382a3e231 2024-07-07__02:43:10
commit: 3382a3e231f6a5bbf21facd8fdb2d5377354bdc1
options: gpl -O? cs:5 cl:2 make

Linux x86_64

Description

I want to list all call refs from a function with axff, but it seems not work as expected.

First, open attached file with r2 -A -e bin.cache=true ncc, and thats said I want to list call refs from the function sym.doEventInternal, so I use axff @ sym.doEventInternal~CALL.

But I found that there is no sym.readInfo_log on the list, althought it actually existed in the code.

we can make sure by using aae @ sym.doEventInternal ;axl~sym.readInfo_log~sym.doEventInternal~CALL

This will take some time but will give the result as the picture below:

image

Test

axff @ sym.doEventInternal~sym.readInfo_log

ncc.zip

@ucgJhe
Copy link
Author

ucgJhe commented Jul 6, 2024

@radare hi, i couldn't repro this with any random bin from testbin, so I just attached the file here.

@trufae
Copy link
Collaborator

trufae commented Jul 7, 2024

The bin is now in the testbins and i checking for the best way to fix that bug now. thanks for reporting

@trufae trufae added this to the 5.9.4 - icecore milestone Jul 7, 2024
@trufae
Copy link
Collaborator

trufae commented Jul 8, 2024

Some comments here:

  • the @ modifier does nothing on aa subcommands
  • the reason why aae find those xrefs and aaa does not is because of function boundaries not handled properly
  • the boundaries in this function are wrong because jump tables are not implemented for mips (working on it rn) so the coverage is incorrect, and therefor the reference emulation fails

@trufae
Copy link
Collaborator

trufae commented Jul 8, 2024

partial fix of the problem is here #23099

@trufae
Copy link
Collaborator

trufae commented Jul 9, 2024

Can you try again with latest r2 from git?

@ucgJhe
Copy link
Author

ucgJhe commented Jul 12, 2024

@trufae Thx for your quick response, after test it again i think the issue still exist.

The command axff @ sym.doEventInternal~CALL now shows function sym.readInfo_log but i found there are more missing functions that should be in the list like sym.runProbe, sym.imp.strcpy, sym.unlockInfo_log etc.

Also aae @ sym.doEventInternal ;axl~sym.readInfo_log~sym.doEventInternal~CALL counldn't found refs about sym.readInfo_log in the lastest version.

And I have one more question here, why the result in the in the picture below show exact same functoin twice ?

image

again thx for your help on this, i really appreciated

@trufae
Copy link
Collaborator

trufae commented Aug 2, 2024

Sorry for the delay, crazy days here and i was busy with several other important bugs in my side . ill try to find some time to dig a little on this issue. im not sure why results are dupped. but could be related to a bug in anal/xrefs.c that permits to register the same ref twice for a reason i ignore. if anyone can dig on this i would appreciate any insights too

thanks for testing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants