"pdf" truncates the printout of disassembly if function has unreachable instructions

[FrankLorenz]

I analyzed and patched the IOLI crackme's with radare2. When I patched an executable so it jumps over several lines of assembly, making it "unreachable" (dead code), I observed that r2 will no longer print out the whole disassembly of the function with pdf @ sym.function but omit the printout of the lower part.

Because the number of printed lines corresponds to the "realsz" value on afi command, I assume the bug is to use the "realsz" value instead of the "size" value when calculating the range to print out.

[FrankLorenz]

crackme_sample.zip

Added binary -- ZIP password is "crackme"

To reproduce, just do:

> aa
> pdf @ sym.check

You can see that "realsz" differs from "size":

[0x080483d0]> afi @ sym.check
#
offset: 0x080484c8
name: sym.check
size: 106
realsz: 48
stackframe: 44
call-convention: cdecl
cyclomatic-cost : 21
cyclomatic-complexity: 2
bits: 32
type: sym [NEW]
num-bbs: 3
edges: 3
end-bbs: 0
call-refs: 0x08048384 C 0x08048526 J 0x08048484 C 0x080484dc J 
data-refs: 0x00000008 0x00000013 
code-xrefs: 
in-degree: 0
out-degree: 2
data-xrefs: 
locals:2
args: 1
var int local_ch @ ebp-0xc
var int local_8h @ ebp-0x8
arg int arg_8h @ ebp+0x8
diff: type: new

[chairkov]

@radareorg @FrankLorenz just a regression test for different size, Thanks for the hint.

#!/bin/sh
for a in . .. ../.. ../../.. ; do [ -e $a/tests.sh ] && . $a/tests.sh ; done

NAME='ELF: IOLI - crackme0x05'
FILE=../../../bins/elf/ioli/crackme0x05
ARGS=
CMDS="aa ;afi @sym.check|head -5|tail -2| awk '{print $2}'| sort -u| wc -l"
EXPECT='1
'
run_test

[radare]

Wc is not portable use ~?

…

On 13 May 2017, at 14:52, chairkov ***@***.***> wrote: @radareorg @FrankLorenz just a regression test for different size, Thanks for the hint. #!/bin/sh for a in . .. ../.. ../../.. ; do [ -e $a/tests.sh ] && . $a/tests.sh ; done NAME='ELF: IOLI - crackme0x05' FILE=../../../bins/elf/ioli/crackme0x05 ARGS= CMDS="aa ;afi @sym.check|head -5|tail -2| awk '{print $2}'| sort -u| wc -l" EXPECT='1 ' run_test — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[radare]

Use pdr if you want to really print fuctions. Pdf is conceptually wrong for non linear functions

…

On 13 May 2017, at 14:52, chairkov ***@***.***> wrote: @radareorg @FrankLorenz just a regression test for different size, Thanks for the hint. #!/bin/sh for a in . .. ../.. ../../.. ; do [ -e $a/tests.sh ] && . $a/tests.sh ; done NAME='ELF: IOLI - crackme0x05' FILE=../../../bins/elf/ioli/crackme0x05 ARGS= CMDS="aa ;afi @sym.check|head -5|tail -2| awk '{print $2}'| sort -u| wc -l" EXPECT='1 ' run_test — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.