aflj doesn't seem to properly show the CALL references from the function visible by axff #21340
Assignees
Milestone
Comments
|
I cooked a simpler testcase. sorry for the delay :) here's the output: and then |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Environment
Description
It seems that for whatever reason "aflj" command doesn't return all the information there is available.
Specifically it misses most of the function calls, i.e. CODE references.
For example:
$ r2 main
-- radare2 contributes to the One Byte Per Child foundation.
[0x00400440]> aaaa
INFO: Analyze all flags starting with sym. and entry0 (aa)
INFO: Analyze all functions arguments/locals (afva@@@f)
INFO: Analyze function calls (aac)
INFO: Analyze len bytes of instructions for references (aar)
INFO: Finding and parsing C++ vtables (avrr)
INFO: Type matching analysis for all functions (aaft)
INFO: Propagate noreturn information (aanr)
INFO: Integrate dwarf function information
INFO: Scanning for strings constructed in code (/azs)
INFO: Finding function preludes (aap)
INFO: Enable anal.types.constraint for experimental type propagation
[0x00400440]> s @dbg.trampoline
0x400542
[0x00400542]> axff
DATA 0x00400546 0x0040063b str.Inline_function_call...
CALL 0x0040054d 0x00400410 sym.imp.puts
DATA 0x00400552 0x00400653 str.Inline_function_call_2...
CALL 0x00400559 0x00400410 sym.imp.puts
CALL 0x00400563 0x0040052d dbg.test_func
CALL 0x0040056d 0x0040052d dbg.test_func
Note how axff properly returns 4 calls, but checking the information we get from aflj command we see that all of these are missing:
[0x00400542]> aflj
[{"offset":4195392,"name":"entry0","size":41,"is-pure":"false","realsz":41,"noreturn":false,"stackframe":8,"calltype":"amd64","cost":13,"cc":1,"bits":64,"type":"fcn","nbbs":1,"is-lineal":true,"ninstrs":11,"edges":0,"ebbs":1,"signature":"entry0 (func rtld_fini, void *stack_end);","minbound":4195392,"maxbound":4195433,"callrefs":[{"addr":4195856,"type":"DATA","at":4195407},{"addr":4195744,"type":"DATA","at":4195414},{"addr":4195703,"type":"DATA","at":4195421}],"datarefs":[4195856,4195744,4195703],"indegree":0,"outdegree":1,"nlocals":0,"nargs":2,"bpvars":[],"spvars":[],"regvars":[{"name":"rtld_fini","kind":"reg","type":"func","ref":"rdx"},{"name":"stack_end","kind":"reg","type":"void *","ref":"xmm0"}],"difftype":"new"},{"offset":4195360,"name":"sym.imp.__libc_start_main","size":6,"is-pure":"true","realsz":6,"noreturn":false,"stackframe":0,"calltype":"amd64","cost":3,"cc":1,"bits":64,"type":"sym","nbbs":1,"is-lineal":true,"ninstrs":1,"edges":0,"ebbs":1,"signature":"int sym.imp.__libc_start_main (func main, int argc, char **ubp_av, func init, func fini, func rtld_fini, void *stack_end);","minbound":4195360,"maxbound":4195366,"callrefs":[{"addr":6295584,"type":"CODE","at":4195360}],"datarefs":[],"codexrefs":[{"addr":4195428,"type":"CALL","at":4195360}],"dataxrefs":[],"indegree":1,"outdegree":0,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"},{"offset":4195440,"name":"sym.deregister_tm_clones","size":41,"is-pure":"true","realsz":41,"noreturn":false,"stackframe":8,"calltype":"amd64","cost":19,"cc":4,"bits":64,"type":"sym","nbbs":4,"is-lineal":true,"ninstrs":14,"edges":4,"ebbs":2,"signature":"sym.deregister_tm_clones ();","minbound":4195440,"maxbound":4195481,"callrefs":[{"addr":4195463,"type":"CODE","at":4195459},{"addr":4195461,"type":"CODE","at":4195471}],"datarefs":[],"codexrefs":[{"addr":4195565,"type":"CALL","at":4195440},{"addr":4195471,"type":"CODE","at":4195461},{"addr":4195459,"type":"CODE","at":4195463}],"dataxrefs":[],"indegree":3,"outdegree":0,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"},{"offset":4195488,"name":"sym.register_tm_clones","size":57,"is-pure":"true","realsz":57,"noreturn":false,"stackframe":8,"calltype":"amd64","cost":24,"cc":4,"bits":64,"type":"sym","nbbs":4,"is-lineal":true,"ninstrs":19,"edges":4,"ebbs":2,"signature":"sym.register_tm_clones ();","minbound":4195488,"maxbound":4195545,"callrefs":[{"addr":4195524,"type":"CODE","at":4195520},{"addr":4195522,"type":"CODE","at":4195532}],"datarefs":[],"codexrefs":[{"addr":4195616,"type":"CODE","at":4195488},{"addr":4195624,"type":"CODE","at":4195488},{"addr":4195532,"type":"CODE","at":4195522},{"addr":4195520,"type":"CODE","at":4195524}],"dataxrefs":[],"indegree":4,"outdegree":0,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"},{"offset":4195552,"name":"sym.__do_global_dtors_aux","size":28,"is-pure":"false","realsz":28,"noreturn":false,"stackframe":8,"calltype":"amd64","cost":13,"cc":2,"bits":64,"type":"sym","nbbs":3,"is-lineal":true,"ninstrs":8,"edges":3,"ebbs":1,"signature":"sym.__do_global_dtors_aux ();","minbound":4195552,"maxbound":4195580,"callrefs":[{"addr":6295604,"type":"DATA","at":4195552},{"addr":4195578,"type":"CODE","at":4195559},{"addr":6295604,"type":"DATA","at":4195571}],"datarefs":[6295604,6295604],"codexrefs":[{"addr":4195559,"type":"CODE","at":4195578}],"dataxrefs":[],"indegree":1,"outdegree":1,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"},{"offset":4195584,"name":"sym.frame_dummy","size":45,"is-pure":"false","realsz":42,"noreturn":false,"stackframe":8,"calltype":"amd64","cost":18,"cc":2,"bits":64,"type":"sym","nbbs":4,"is-lineal":false,"ninstrs":12,"edges":6,"ebbs":0,"signature":"sym.frame_dummy ();","minbound":4195584,"maxbound":4195629,"callrefs":[{"addr":6295072,"type":"DATA","at":4195584},{"addr":4195624,"type":"CODE","at":4195592},{"addr":4195624,"type":"CODE","at":4195602},{"addr":6295072,"type":"DATA","at":4195605},{"addr":4195488,"type":"CODE","at":4195616},{"addr":4195488,"type":"CODE","at":4195624}],"datarefs":[6295072,6295072],"codexrefs":[{"addr":4195592,"type":"CODE","at":4195624},{"addr":4195602,"type":"CODE","at":4195624}],"dataxrefs":[],"indegree":2,"outdegree":0,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"},{"offset":4195856,"name":"sym.__libc_csu_fini","size":2,"is-pure":"true","realsz":2,"noreturn":false,"stackframe":0,"calltype":"amd64","cost":3,"cc":1,"bits":64,"type":"sym","nbbs":1,"is-lineal":true,"ninstrs":1,"edges":0,"ebbs":1,"signature":"sym.__libc_csu_fini ();","minbound":4195856,"maxbound":4195858,"codexrefs":[],"dataxrefs":[4195407],"indegree":0,"outdegree":0,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"},{"offset":4195860,"name":"sym._fini","size":9,"is-pure":"true","realsz":9,"noreturn":false,"stackframe":8,"calltype":"amd64","cost":5,"cc":1,"bits":64,"type":"sym","nbbs":1,"is-lineal":true,"ninstrs":3,"edges":0,"ebbs":1,"signature":"sym._fini ();","minbound":4195860,"maxbound":4195869,"indegree":0,"outdegree":0,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"},{"offset":4195629,"name":"dbg.test_func","size":21,"is-pure":"false","realsz":21,"noreturn":false,"stackframe":8,"calltype":"amd64","cost":9,"cc":1,"bits":64,"type":"sym","nbbs":1,"is-lineal":true,"ninstrs":5,"edges":0,"ebbs":1,"signature":"dbg.test_func ();","minbound":4195629,"maxbound":4195650,"callrefs":[{"addr":4195888,"type":"DATA","at":4195633}],"datarefs":[4195888],"codexrefs":[{"addr":4195683,"type":"CALL","at":4195629},{"addr":4195693,"type":"CALL","at":4195629}],"dataxrefs":[],"indegree":2,"outdegree":1,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"},{"offset":4195344,"name":"sym.imp.puts","size":6,"is-pure":"true","realsz":6,"noreturn":false,"stackframe":0,"calltype":"amd64","cost":3,"cc":1,"bits":64,"type":"sym","nbbs":1,"is-lineal":true,"ninstrs":1,"edges":0,"ebbs":1,"signature":"int sym.imp.puts (const char *s);","minbound":4195344,"maxbound":4195350,"callrefs":[{"addr":6295576,"type":"CODE","at":4195344}],"datarefs":[],"codexrefs":[{"addr":4195640,"type":"CALL","at":4195344},{"addr":4195661,"type":"CALL","at":4195344},{"addr":4195673,"type":"CALL","at":4195344},{"addr":4195714,"type":"CALL","at":4195344}],"dataxrefs":[],"indegree":4,"outdegree":0,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"},{"offset":4195744,"name":"sym.__libc_csu_init","size":101,"is-pure":"false","realsz":101,"noreturn":false,"stackframe":56,"calltype":"amd64","cost":43,"cc":3,"bits":64,"type":"sym","nbbs":4,"is-lineal":true,"ninstrs":34,"edges":5,"ebbs":1,"signature":"sym.__libc_csu_init (int64_t arg1, int64_t arg2, int64_t arg3);","minbound":4195744,"maxbound":4195845,"callrefs":[{"addr":6295056,"type":"DATA","at":4195761},{"addr":6295064,"type":"DATA","at":4195769},{"addr":4195830,"type":"CODE","at":4195798},{"addr":4195808,"type":"CODE","at":4195828}],"datarefs":[6295056,6295064],"codexrefs":[{"addr":4195828,"type":"CODE","at":4195808},{"addr":4195798,"type":"CODE","at":4195830}],"dataxrefs":[4195414],"indegree":2,"outdegree":1,"nlocals":0,"nargs":3,"bpvars":[],"spvars":[],"regvars":[{"name":"arg1","kind":"reg","type":"int64_t","ref":"rdi"},{"name":"arg2","kind":"reg","type":"int64_t","ref":"rsi"},{"name":"arg3","kind":"reg","type":"int64_t","ref":"rdx"}],"difftype":"new"},{"offset":4195703,"name":"dbg.main","size":36,"is-pure":"false","realsz":36,"noreturn":false,"stackframe":8,"calltype":"amd64","cost":14,"cc":1,"bits":64,"type":"sym","nbbs":1,"is-lineal":true,"ninstrs":8,"edges":0,"ebbs":1,"signature":"int dbg.main (int argc, char **argv, char **envp);","minbound":4195703,"maxbound":4195739,"callrefs":[{"addr":4195949,"type":"DATA","at":4195707}],"datarefs":[4195949],"codexrefs":[],"dataxrefs":[4195421],"indegree":0,"outdegree":2,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"},{"offset":4195650,"name":"dbg.trampoline","size":53,"is-pure":"false","realsz":53,"noreturn":false,"stackframe":8,"calltype":"amd64","cost":21,"cc":1,"bits":64,"type":"sym","nbbs":1,"is-lineal":true,"ninstrs":11,"edges":0,"ebbs":1,"signature":"dbg.trampoline ();","minbound":4195650,"maxbound":4195703,"callrefs":[{"addr":4195899,"type":"DATA","at":4195654},{"addr":4195923,"type":"DATA","at":4195666}],"datarefs":[4195899,4195923],"codexrefs":[{"addr":4195724,"type":"CALL","at":4195650}],"dataxrefs":[],"indegree":1,"outdegree":4,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"},{"offset":4195296,"name":"sym._init","size":26,"is-pure":"false","realsz":26,"noreturn":false,"stackframe":8,"calltype":"amd64","cost":12,"cc":2,"bits":64,"type":"sym","nbbs":3,"is-lineal":true,"ninstrs":7,"edges":3,"ebbs":1,"signature":"sym._init ();","minbound":4195296,"maxbound":4195322,"callrefs":[{"addr":6295544,"type":"DATA","at":4195300},{"addr":4195317,"type":"CODE","at":4195310}],"datarefs":[6295544],"codexrefs":[{"addr":4195790,"type":"CALL","at":4195296},{"addr":4195310,"type":"CODE","at":4195317}],"dataxrefs":[],"indegree":2,"outdegree":1,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"},{"offset":4195376,"name":"loc.imp.gmon_start","size":6,"is-pure":"true","realsz":6,"noreturn":false,"stackframe":0,"calltype":"amd64","cost":3,"cc":1,"bits":64,"type":"fcn","nbbs":1,"is-lineal":true,"ninstrs":1,"edges":0,"ebbs":1,"signature":"loc.imp.gmon_start ();","minbound":4195376,"maxbound":4195382,"callrefs":[{"addr":6295592,"type":"CODE","at":4195376}],"datarefs":[],"codexrefs":[{"addr":4195312,"type":"CALL","at":4195376}],"dataxrefs":[],"indegree":1,"outdegree":0,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"}]
Note that the section for dbg.trampoline is:
{"offset":4195650,"name":"dbg.trampoline","size":53,"is-pure":"false","realsz":53,"noreturn":false,"stackframe":8,"calltype":"amd64","cost":21,"cc":1,"bits":64,"type":"sym","nbbs":1,"is-lineal":true,"ninstrs":11,"edges":0,"ebbs":1,"signature":"dbg.trampoline ();","minbound":4195650,"maxbound":4195703,
"callrefs":[
{"addr":4195899,"type":"DATA","at":4195654},
{"addr":4195923,"type":"DATA","at":4195666}
],
"datarefs":[4195899,4195923],
"codexrefs":[{"addr":4195724,"type":"CALL","at":4195650}],
"dataxrefs":[],
"indegree":1,"outdegree":4,"nlocals":0,"nargs":0,"bpvars":[],"spvars":[],"regvars":[],"difftype":"new"}
so the callrefs is basically missing all the function calls.
The text was updated successfully, but these errors were encountered: