Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aeim overlapping memory range #23313

Closed
trufae opened this issue Sep 13, 2024 · 1 comment
Closed

aeim overlapping memory range #23313

trufae opened this issue Sep 13, 2024 · 1 comment
Assignees
@condret
Milestone
5.9.6 - corteza

Comments

@trufae
Copy link
Collaborator

trufae commented Sep 13, 2024 

[0x100003a84]> o
 3 - r-x 0x00025af0 /bin/ls
 4 * r-- 0x00002510 null://9488
[0x100003a84]> om 3 0 0x25af0
[0x100003a84]> om
- 6 fd: 3 +0x00000000 0x00000000 - 0x00025aef r-x
* 5 fd: 3 +0x00010000 0x100000000 - 0x100007fff r-x fmap.__TEXT
- 4 fd: 3 +0x00018000 0x100008000 - 0x10000bfff r-- fmap.__DATA_CONST
- 3 fd: 3 +0x0001c000 0x10000c000 - 0x10000ffff r-- fmap.__DATA
- 2 fd: 3 +0x00020000 0x100010000 - 0x100015aef r-- fmap.__LINKEDIT
- 1 fd: 4 +0x00000000 0x100015af0 - 0x100017fff r-- mmap.__LINKEDIT
[0x100003a84]>

then we run aeim to get the stack... buuuut

[0x100003a84]> aeim
[0x100003a84]> om
- 7 fd: 5 +0x00000000 0x00100000 - 0x001effff rw- mem.0x100000_0xf0000
- 6 fd: 3 +0x00000000 0x00000000 - 0x00025aef rwx
* 5 fd: 3 +0x00010000 0x100000000 - 0x100007fff rwx fmap.__TEXT
- 4 fd: 3 +0x00018000 0x100008000 - 0x10000bfff rwx fmap.__DATA_CONST
- 3 fd: 3 +0x0001c000 0x10000c000 - 0x10000ffff rwx fmap.__DATA
- 2 fd: 3 +0x00020000 0x100010000 - 0x100015aef rwx fmap.__LINKEDIT
- 1 fd: 4 +0x00000000 0x100015af0 - 0x100017fff rwx mmap.__LINKEDIT
[0x100003a84]> s 0
[0x00000000]> om.
 6 fd: 3 +0x00000000 0x00000000 - 0x00025aef rwx
[0x00000000]>

the stack is created in the same range as the map 6 which was already in the address 0 so ... this means this code doesnt work:

libr/core/cmd_anal.inc.c line 7290


 7243 static void cmd_esil_mem(RCore *core, const char *input) {
...
 7285         size = r_config_get_i (core->config, "esil.stack.size");
 7286         addr = r_config_get_i (core->config, "esil.stack.addr");
 7287
 7288         if (r_io_map_is_mapped (core->io, addr)) {
 7289                 addr = core->offset;
 7290                 r_io_map_locate (core->io, &addr, size, 0x10000000);
 7291         }
 7292         patt = r_config_get (core->config, "esil.stack.pattern");
 7293         r_str_ncpy (nomalloc, input, 255);
 7294         char *p = nomalloc;
@trufae trufae added this to the 5.9.6 - corteza milestone Sep 13, 2024
trufae pushed a commit that referenced this issue Sep 14, 2024
@radare
Add test for #23313 - io maps and aeim checking for r_io_map_locate
2374bb0
trufae pushed a commit that referenced this issue Sep 14, 2024
@radare
Fix #23313 - overlapped maps
8c00723
trufae pushed a commit that referenced this issue Sep 16, 2024
@radare
Add test for #23313 - io maps and aeim checking for r_io_map_locate
71e3d35
trufae pushed a commit that referenced this issue Sep 16, 2024
@radare
Fix #23313 - overlapped maps
1be1d2c
trufae pushed a commit that referenced this issue Sep 16, 2024
@radare
Fix #23313 - overlapping maps after aeim ##io
53eca3c
@trufae trufae closed this as completed in 808126e Sep 16, 2024
@trufae
Copy link
Collaborator Author

trufae commented Sep 16, 2024

reopening because the fix is handling another issue, but we have another testcase to verify more cases

@trufae trufae reopened this Sep 16, 2024
trufae pushed a commit that referenced this issue Sep 23, 2024
@radare
Fix #23313 - aeim stack locate ##io
cc0bc85
trufae pushed a commit that referenced this issue Sep 27, 2024
@condret
Fix #23313 - aeim stack locate ##io
413f75c
@trufae trufae closed this as completed in 14615fb Sep 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@condret condret

Labels
None yet
Projects
None yet
Milestone
5.9.6 - corteza
Development

No branches or pull requests
2 participants
@condret @trufae