2016-11-08 19:32 GMT+01:00 Zoran Stojsavljevic <zoran.stojsavlje...@gmail.com>: > Hello to all radare2 experienced people, > > From my VM Fedora 25 x86_64 on the top of VMWorkstation 12.5.1, on WIN10 64 > Pro! > > Here is my take on radare2... And I am not getting through. Transcript > follows: > > [zoran@localhost bios]$ radare2 -e asm.bits=16 -e io.va=true > BIOS_AMI_BIOS.bin > -- attempt to dissasemble Core IVB AMI BIOS > [0000:0000]> S $s-0x10000 0xF000:0x0000 0x10000 0x10000 bootblk rwx > [0000:0000]> e asm.segoff=true > [0000:0000]> e asm.syntax = intel
I think you can skip those three lines, when you built radare from git > [0000:0000]> s 0xf000:0xfff0 > [f000:fff0]> pd 16 Did you find 'Vp' already? And what the left/right arrow keys do in V_isual mode? :) > f000:fff0 ff invalid > f000:fff1 ff invalid > f000:fff2 ff invalid > f000:fff3 ff invalid > f000:fff4 ff invalid > f000:fff5 ff invalid > f000:fff6 ff invalid > f000:fff7 ff invalid > f000:fff8 ff invalid > f000:fff9 ff invalid > f000:fffa ff invalid > f000:fffb ff invalid > f000:fffc ff invalid > f000:fffd ff invalid > f000:fffe ff invalid > f000:ffff ff00 inc word [bx + si] > [f000:fff0]> > > Help needed/comments appreciated. What am I doing wrong? > > Thank you, > Zoran > > On Mon, Nov 7, 2016 at 2:08 AM, Riko Ho <antonius.r...@gmail.com> wrote: >> >> Hi Zoran, >> I reckon that's the right radare, find *.bin or *.rom or *.hex and run >> >> [zoran@localhost ~]$ radare2 *.bin >> and s command and pD command....for example : >> >> [f000:fff0]> s f000:0 >> [f000:0000]> pD 0xffff >> >> >> more info : >> https://radare.gitbooks.io/radare2book/content/disassembling/intro.html >> >> >> On 7/11/2016 5:41 AM, Zoran Stojsavljevic wrote: >> >> Hello Riko, >> >> I recently also became very interested to start using radare2 (Raphael >> Machado's dissasembly attempts got involved me, to set the tool). Since I am >> very lazy person, the first was to ask my Fedora 25 distro does the distro >> have package radare2? >> >> Yes, it does have it, so I have installed it. And for you, here is the >> transcript of my CLI for you. >> >> CLI traces (radare --help) are worth 1000nd words, don't you agree? ;-) >> >> Best Regards, >> Zoran >> _______ >> >> [zoran@localhost ~]$ uname -r >> 4.8.6-300.fc25.x86_64 >> [zoran@localhost ~]$ which radare2 >> /usr/bin/radare2 >> [zoran@localhost ~]$ radare2 --help >> radare2: invalid option -- '-' >> r_config_get: variable 'lp' not found >> -- open radare2 on an empty file >> - equivalent of 'r2 malloc://512' >> = read file from stdin (use -i and -c to run cmds) >> -= perform !=! command to run all commands remotely >> -0 print \x00 after init and every command >> -a [arch] set asm.arch >> -A run 'aaa' command to analyze all referenced code >> -b [bits] set asm.bits >> -B [baddr] set base address for PIE binaries >> -c 'cmd..' execute radare command >> -C file is host:port (alias for -c+=http://%s/cmd/) >> -d debug the executable 'file' or running process 'pid' >> -D [backend] enable debug mode (e cfg.debug=true) >> -e k=v evaluate config var >> -f block size = file size >> -F [binplug] force to use that rbin plugin >> -h, -hh show help message, -hh for long >> -i [file] run script file >> -I [file] run script file before the file is opened >> -k [k=v] perform sdb query into core->sdb >> -l [lib] load plugin file >> -L list supported IO plugins >> -m [addr] map file at given address (loadaddr) >> -M do not demangle symbol names >> -n, -nn do not load RBin info (-nn only load bin structures) >> -N do not load user settings and scripts >> -o [OS/kern] set asm.os (linux, macos, w32, netbsd, ...) >> -q quiet mode (no prompt) and quit after -i >> -p [prj] use project, list if no arg, load if no file >> -P [file] apply rapatch file and quit >> -R [rarun2] specify rarun2 profile to load (same as -e dbg.profile=X) >> -s [addr] initial seek >> -S start r2 in sandbox mode >> -t load rabin2 info in thread >> -u set bin.filter=false to get raw sym/sec/cls names >> -v, -V show radare2 version (-V show lib versions) >> -w open file in write mode >> -z, -zz do not load strings or load them even in raw >> Scripts: >> system /usr/share/radare2/radare2rc >> user ~/.radare2rc ${RHOMEDIR}/radare2/radare2rc (and radare2rc.d/) >> file ${filename}.r2 >> Plugins: >> plugins /usr/lib/radare2/last >> user ~/.config/radare2/plugins >> LIBR_PLUGINS /usr/lib/radare2/0.10.6-git >> Environment: >> RHOMEDIR /home/zoran/.config/radare2 >> RCFILE ~/.radare2rc (user preferences, batch script) >> MAGICPATH /usr/lib64/radare2/0.10.6-git/magic >> R_DEBUG if defined, show error messages and crash signal >> VAPIDIR path to extra vapi directory >> R2_NOPLUGINS do not load r2 shared plugins >> Paths: >> PREFIX /usr >> INCDIR /usr/include/libr >> LIBDIR /usr/lib64 >> LIBEXT so >> [zoran@localhost ~]$ >> >> On Sat, Nov 5, 2016 at 3:55 AM, Riko Ho <antonius.r...@gmail.com> wrote: >>> >>> Hi Rafael, >>> >>> For example I want to see the asm code for the whole 512Kbytes....is that >>> possible ? >>> How ? >>> >>> Thanks >>> >>> On 5/11/2016 3:36 AM, Rafael Machado wrote: >>> >>> Hi >>> >>> You can use the pd command. >>> p = Print >>> d = disassemby >>> >>> You can also add the number of instruction you whant to see. For example: >>> >>> pd 10 >>> >>> Thanks >>> Rafael Machado >>> >>> Em qua, 2 de nov de 2016 às 04:01, Riko Ho <antonius.r...@gmail.com> >>> escreveu: >>>> >>>> Everyone, Idwer, >>>> >>>> I have radare question : >>>> >>>> I played until this point : >>>> c:>radare2 -e asm.bits=16 -e io.va=true i946gz.bin >>>> -- radare2 is WYSIWYF - what you see is what you fix >>>> [f000:fff0]> S $s-0x10000 0xF000:0x0000 0x10000 0x10000 bootblk rwx >>>> [f000:fff0]> e asm.segoff=true >>>> [f000:fff0]> s 0xf000:0xffff0 >>>> [f000:ffff]> >>>> >>>> How can I see the assembler code from there ? It's started from >>>> FFFF0....I'm sure the last byte instruction is jump to 0x00000 >>>> >>>> Cheers >>>> >>>> -- >>>> coreboot mailing list: coreboot@coreboot.org >>>> https://www.coreboot.org/mailman/listinfo/coreboot >>> >>> >>> >>> -- >>> /*===*/ >>> Kind regards, >>> Riko Ho >>> /*===*/ >>> >>> -- >>> coreboot mailing list: coreboot@coreboot.org >>> https://www.coreboot.org/mailman/listinfo/coreboot >> >> >> >> >> -- >> /*===*/ >> Kind regards, >> Riko Ho >> /*===*/ > > -- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot
