Add anal.emu to run aaef in aaa and aef in af, for now optional ##ana…

…lysis
radareorg · Jun 19, 2024 · e3d755f · e3d755f
1 parent 563b02e
commit e3d755f
Show file tree

Hide file tree

Showing 6 changed files with 55 additions and 16 deletions.
diff --git a/libr/core/cconfig.c b/libr/core/cconfig.c
@@ -3427,6 +3427,7 @@ R_API int r_core_config_init(RCore *core) {
  SETCB ("anal.limits", "false", (RConfigCallback)&cb_anal_limits, "restrict analysis to address range [anal.from:anal.to]");
  SETCB ("anal.noret.refs", "false", (RConfigCallback)&cb_anal_noret_refs, "recursive no return checks (EXPERIMENTAL)");
  SETCB ("anal.slow", "true", (RConfigCallback)&cb_anal_slow, "uses emulation and deeper analysis for better results");
+ SETPREF ("anal.emu", "false", "run aaef after analysis (EXPERIMENTAL)");
  SETCB ("anal.noret", "true", (RConfigCallback)&cb_anal_noret, "propagate noreturn attributes (EXPERIMENTAL)");
  SETCB ("anal.limits", "false", (RConfigCallback)&cb_anal_limits, "restrict analysis to address range [anal.from:anal.to]");
  SETICB ("anal.from", -1, (RConfigCallback)&cb_anal_from, "lower limit on the address range for analysis");

diff --git a/libr/core/cmd_anal.inc.c b/libr/core/cmd_anal.inc.c
@@ -5315,10 +5315,10 @@ static int cmd_af(RCore *core, const char *input) {
  r_anal_function_cost (fcn), r_anal_function_complexity (fcn));
  r_cons_printf (" attr: ");
  if (r_anal_function_islineal (fcn)) {
- r_cons_printf ("lineal");
+ r_cons_print ("lineal");
  }
  if (fcn->is_noreturn) {
- r_cons_printf ("noreturn");
+ r_cons_print ("noreturn");
  }
  r_cons_newline ();
  }
@@ -5941,6 +5941,9 @@ static int cmd_af(RCore *core, const char *input) {
  }
  break;
  }
+ case 'e': // "afe" used by "anal.emu" - see aef
+ r_core_anal_esil (core, "f", NULL);
+ break;
 #if 0
  /* this is undocumented, broken and probably have no uses. plz discuss */
  case 'e': // "afe"
@@ -13806,23 +13809,33 @@ static int cmd_anal_all(RCore *core, const char *input) {
  r_core_cmd_call (core, "aavq");
  }
  r_core_task_yield (&core->tasks);
+ }
+ const bool run_aaef = r_config_get_b (core->config, "anal.emu");
+ /// if (!r_str_startswith (asm_arch, "x86") && !r_str_startswith (asm_arch, "hex")) {
+ if (run_aaef) { // emulate all functions
+ // if (!r_str_startswith (asm_arch, "hex")) maybe?
  // XXX moving this oustide the x86 guard breaks some tests, missing types
  if (cfg_debug) {
  logline (core, 70, "Skipping function emulation in debugger mode (aaef)");
  // nothing to do
  } else {
- const bool io_cache = r_config_get_i (core->config, "io.pcache");
- r_config_set_b (core->config, "io.pcache", true);
+ bool use_pcache = true; // false;
+ const bool io_cache = r_config_get_b (core->config, "io.pcache");
+ if (use_pcache) {
+ r_config_set_b (core->config, "io.pcache", true);
+ }
  logline (core, 70, "Emulate functions to find computed references (aaef)");
  r_core_cmd_call (core, "aaef");
  r_core_task_yield (&core->tasks);
- r_config_set_b (core->config, "io.pcache", io_cache);
+ if (use_pcache) {
+ r_config_set_b (core->config, "io.pcache", io_cache);
+ }
  }
  }
  if (r_cons_is_breaked ()) {
  goto jacuzzi;
  }
- if (r_config_get_i (core->config, "anal.autoname")) {
+ if (r_config_get_b (core->config, "anal.autoname")) {
  logline (core, 75, "Speculatively constructing a function name for fcn.* and sym.func.* functions (aan)");
  r_core_anal_autoname_all_fcns (core);
  r_core_task_yield (&core->tasks);
@@ -13954,14 +13967,25 @@ static int cmd_anal_all(RCore *core, const char *input) {
  } else {
  r_core_cmd0 (core, "aeim");
  RListIter *it;
- RAnalFunction *fcn;
  ut64 cur_seek = core->offset;
- r_list_foreach (core->anal->fcns, it, fcn) {
- r_core_seek (core, fcn->addr, true);
+ char *offsets = r_core_cmd_str (core, "afla");
+ RList *list = r_str_split_list (offsets, "\n", 0);
+
+ char *of;
+ r_list_foreach (list, it, of) {
+ ut64 addr = r_num_get (NULL, of);
+ r_core_seek (core, addr, true);
  r_core_anal_esil (core, "f", NULL);
  // __anal_esil_function (core, fcn->addr);
  }
+ RAnalFunction *fcn = r_anal_get_function_at (core->anal, cur_seek);
+ if (fcn) {
+ r_core_seek (core, fcn->addr, true);
+ r_core_anal_esil (core, "f", NULL);
+ }
  r_core_seek (core, cur_seek, true);
+ r_list_free (list);
+ free (offsets);
  }
  } else if (input[1] == '?') { // "aae?"
  r_core_cmd_help (core, help_msg_aae);

diff --git a/test/db/anal/avr b/test/db/anal/avr
@@ -646,7 +646,7 @@ NAME=avr stop anal when invalid instruction is found
 FILE=bins/firmware/arduino_avr.bin
 CMDS=<<EOF
 e asm.arch=avr
-aeim
+e anal.emu=true
 aaa
 f
 EOF
@@ -745,7 +745,6 @@ EXPECT=<<EOF
 0x00001bde 46 fcn.00001bde
 0x00001c4e 48 fcn.00001c4e
 0x00001c84 44 fcn.00001c84
-0x00001dfe 30 fcn.00001dfe
 0x00001e78 88 fcn.00001e78
 0x00001efe 38 fcn.00001efe
 0x00001f24 14 fcn.00001f24

diff --git a/test/db/anal/emu b/test/db/anal/emu
@@ -1,3 +1,22 @@
+NAME=emu x86-32 aaef via aaa
+FILE=bins/elf/libtest_32.so
+CMDS=<<EOF
+e anal.emu=true
+aaa
+aaef
+s 0x00000500
+pd 1
+axt
+EOF
+EXPECT=<<EOF
+ ;-- section..rodata:
+ ;-- str.Hello_World__n:
+ ; STRN XREF from sym.test @ 0x4d3(r)
+ 0x00000500 .string "Hello World!\n" ; len=14 ; [13] -r-- section size 14 named .rodata
+sym.test 0x4d3 [STRN:r--] lea ecx, str.Hello_World__n
+EOF
+RUN
+
 NAME=emu ret0
 FILE=bins/mach0/ret0ret1restr
 ARGS=-2

diff --git a/test/db/cmd/r2pipe2 b/test/db/cmd/r2pipe2
@@ -95,11 +95,6 @@ EXPECT=<<EOF
  "origin": "logline",
  "message": "Finding xrefs in noncode sections (e anal.in=io.maps.x; aav)"
  },
- {
- "type": "WARN",
- "origin": "logline",
- "message": "Emulate functions to find computed references (aaef)"
- },
  {
  "type": "WARN",
  "origin": "logline",

diff --git a/test/db/formats/elf/helloworld-gcc-elf b/test/db/formats/elf/helloworld-gcc-elf
@@ -13,6 +13,7 @@ RUN
 NAME=armr - functions bits
 FILE=bins/arm/elf/hello_world
 CMDS=<<EOF
+e anal.emu=true
 aaa
 pid 1@@f
 EOF