Any suggestions on handling short and near jumps in real mode? #20606
TommyJerryMairo
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
First, I appreciate all contributors who helped with this fantastic analysis tool. However, there is still room for improvement, which would make r2 better. One of that rooms might associate with the jump instruction under 16-bit real mode.
There is a coreboot binary customized by Nautilus for DefCon 2022 quals. It is uplifting that r2 could get the entry point and decode the far jump correctly:
Unfortunately, when it comes to short jumps, it seems that r2 is not aware of the current code segment where it wants to jump to
0000:e062and0000:e076instead off000:e062andf000:e076:One another observation is that there is no CS register in the ESIL VM:
While the after-boot real mode environment might be a perfect place where the ESIL emulation shows its power, as there's no syscall but interactions between registers and memory. However, I have to track the register values on a draft paper by hand thanks to the lack of CS register in ESIL VM ¯_(ツ)_/¯
Beta Was this translation helpful? Give feedback.
All reactions