Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

help~ : the usage of the dts... #22524

Open
b1gcat opened this issue Jan 4, 2024 · 2 comments
Open

help~ : the usage of the dts... #22524

b1gcat opened this issue Jan 4, 2024 · 2 comments

Comments

@b1gcat
Copy link

b1gcat commented Jan 4, 2024
edited

I wanna trace some special address by dta/dts:

I create a script to load while debuging:

└─# cat a.py
import r2pipe
import sys
import json
import re

r2=r2pipe.open()
r2.cmd('aaa')
r2.cmd('e asm.trace=true; e dbg.trace=true')
r2.cmd('dts+')
blocks=[]
bl = r2.cmdj('afbj @ entry0')
for k,b in enumerate(bl):
    blocks.append([k, b['addr'], b['size']])
    r2.cmd('dta '+ hex(b['addr']))

and then load script:

┌──(root㉿c8bd5ecd7a9d)-[/tmp]
└─# r2 -d ob.bin
 -- I nodejs so hard my exams. What a nodejs!
[0x004013d2]> . ./a.py

and then run dcs , I hope to trace something, but nothing:

[0x004013d2]> dcs
INFO: Running child until next syscall
INFO: --> SN 0x00401d44 syscall 0 read (0x0 0x7fffffffe518 0x8)

[0x00401d44]> dt
[0x00401d44]>

Maybe I have some misunderstanding about trace, can someone help?

thanks.

ps:
ob.bin.zip

└─# r2 -v
radare2 5.8.8 31324 @ linux-x86-64
birth: git.5.8.8 2023-11-01__10:26:37
commit: ea7f0356519884715cf1d5fba16042bac72b2df5
options: gpl -O? cs:5 cl:2 make
@b1gcat b1gcat changed the title usage of the dts... help~ : the usage of the dts... Jan 4, 2024
@trufae
Copy link
Collaborator

trufae commented Jan 4, 2024

iirc dts command was introduced by a gsoc student many years ago and it was a bit broken at the time, i found some more bugs and fixed them right now, but the main problem is that dts is probably not the thing you are looking for. because this command is used to trace reg and mem access in order to perform backstepping. and my guess is that you want to just traces when the program hits a specific address, right?

you shuold be able to do that using a tracepoint, aka a breakpoint with the tracebit set.

| dbite <idx>               enable breakpoint Trace by index
| dbitd <idx>               disable breakpoint Trace by index

its also been a while since this was used and the debugger tests has been enabled few weeks ago, so i expect to focus on the debugger this year and get all those issues addressed, but i cant promise you all these commands would work as expected because they have been touched by many people and hasnt been tested at all.

My suggestion is to use r2frida, which i use more frequently and it's heavily tested on many more platforms, r2frida provides breakpoints and tracepoints. The support for syscall tracing is not yet there, but i also hope to find some time this year to implement it.

Let me know how your testing goes and feel free to report anything you find in these commands.

Thank you

@b1gcat
Copy link
Author

b1gcat commented Jan 5, 2024

thank you, I got it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trufae @b1gcat