I have implemented an initial support to change the data type of the bytes
represented in the
disaasembly print format (pD). Using the cursor mode in visual mode you can
select some bytes
and press the 'd' key (data type). THen you 'll be prompted for which kind of
data you want
to set for these bytes:
c - code (unsets any data other data type)
d - data bytes (hex pairs)
s - string
This way is possible to align code to skip antidebugging tricks when
disassembling large files.
I will implement the support for the project too to be able to save and restore
the data type
information and be able to comment and analyze a full binary using radare.
The nice thing is that radare will allow to disassemnbly in multiple
architectures or extend
the data analysis with external programs. IDA can't do this because each file
is limited to
only one architecture.
This way we will be able to define range bytes for different architectures (for
disassembling
starlet (arm+ppc), or osx binaries (intel+ppc) or jazzele(arm+java), etc..
I'll also add support to analyze these bytes with an extenral program or radare
command, so
you will be able to parse data structures with spcc programs (plain C) or perl
or whatever
you like :)
Have fun! 0.9.4 will rock ;)
Here's a random sample :
Disassembly:
| 0xB7F678C0 _here_: 89e0 eax = esp
| 0xB7F678C2 e839070000 v call 0xB7F68000 ; [1]
| 0xB7F678C7 .db 89 c7
'=< 0xB7F678C9 e8e2 edi = eax [2]
0xB7F678CB ffffff81c3 ^ call 0xB7F678B0 ;
0xB7F678D0 eea601008b83 ebx += 0x1a6ee
0xB7F678D6 .string "....Z.$.).R..D....t"
0xB7F678E9 94088d4c2404 eax = [ebx-0xf8]
0xB7F678EF 89 pop edx
0xB7F678F0 e583e4 lea esp, [esp+eax*4]
--pancake
_______________________________________________
radare mailing list
[email protected]
https://lists.nopcode.org/mailman/listinfo/radare
