Hi,
Finally I decided to spend some time playing with radare :) This was
on my TODO for a long time.
Anyway, I have a few notes after some short usage time:
1) Building from sources using ACR (i.e. ./configure ... ; make)
always fails on my Ubuntu (Hardy) system while compiling grava (it
cannot find some GTK headers and also some GUI headers, even though I
used --without-gui in configure). I had to fiddle with CFLAGS to make
it build properly.
2) I tried a simple session with /bin/ls. Steps followed:
- set .radarerc to:
eval scr.color = true
eval asm.syntax = intel
eval file.analyze = true
eval file.id = true
eval file.flag = true
- start radare with "radare /bin/ls"
- disassemble with "pd". Here are the first lines of what I get:
; [13] 0x08049a80 size=00066748 align=0x00000010 r-x .text
; framesize = 8
; args = 0
; vars = 0
; drefs = 3
| | _text:0x08049A80, 0 / entrypoint:
| | _text:0x08049A80, 0 | 31ed
xor ebp, ebp
| | _text:0x08049A82 -8_| 5e pop esi
| | _text:0x08049A83 -8 | 89e1
mov ecx, esp
| | _text:0x08049A85 -8 | 83e4f0
and esp, 0xf0 ; 240 ' '
| | _text:0x08049A88, 0_| 50 push eax
| | _text:0x08049A89 8_| 54 push esp
| | _text:0x08049A8A 16_| 52 push edx
| | _text:0x08049A8B 24_| 68609e0508
push dword 0x8059e60 ;
| | _text:0x08049A90, 32_| 68709e0508
push dword 0x8059e70 ;
| | _text:0x08049A95 40_| 51 push ecx
| | _text:0x08049A96 48_| 56 push esi
| | _text:0x08049A97 56_| 6880e80408
push dword 0x804e880 ;
| `=< _text:0x08049A9C, 56 | e88ffbffff
call 0x8049635 ; 1 = imp___libc_start_main
| _text:0x08049AA1 56 | f4 hlt
..........
Note the instruction at 0x08049A85. While on radare it translates to
"and esp, 0xf0", on objdump (and HT) it is "and esp,0xfffffff0".
Also note the instruction at 0x08049A9C. While on radare it is "call
0x8049635", on objdump/HT, it is "call 0x8049630".
I'm using radare 1.0.
Keep up the good work!
Regards,
--
Anderson Lizardo
_______________________________________________
radare mailing list
[email protected]
http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
