pancake wrote:
Anderson Lizardo wrote:
Hi,
I'd like to collect sizes of all reachable functions (and data, if
possible) using radare. Using "af" I get this for the first function
(the entrypoint), but how do I do that for all functions recursively?
Thanks in advance,
If you only need the size, you can just use the information in the
metadata
database using the C*~CF command (show all metada+grep 'CF'). What do you
mean about 'data'?
To do the analysis for all the symbols you can do:
.af* @@ sym.
btw to do it recursively you will probably have to write a macro that
gets
all the calls of each function and runs .af* recursively.
1 - configure the output of the disasm:
e asm.profile=simple
2 - disassemble the whole function
pdf
[0x465D8810]> pdf~call
| call 0x465d8a60
| call 0x465d8800
| call 0x465e5a30
3 - get the destination of the calls for the current function:
pdf~call[1]
[0x465D8810]> pdf~call[1]
0x465d8a60
0x465d8800
0x465e5a30
You can now write an iterator in a radare macro that gets the 'call's
of every function
and runs '.af*' on every of them. you can also flag them automatically.
For example, a simple macro that iterates over all the calls in the
current function would
look like:
(for-each-call x,()p...@$0~call[1]#$@)
Sorry, i forgot to scape the pdf command:
(for-each-call x,()`...@$0~call[1]#$@`)
Now it gets some more sense ;)
The explanation would be:
- defines 'for-each-call' macro that gets 1 argument (address)
- disasembles the whole function (pdf) at addres $0 (argument0 of macro)
- greps for 'call' word
- columngrep[1] (get second column)
- greprow $@ - gets the row number $@
- $@ is an internal macro variable that returns the number of times it
has been called.
So then you get call[0], call[1], call[2]... when using it as an iterator.
You can also use the @@= iterator rule that accepts a list of offsets
se '@@?' command for more help.
So then you can write another macro that runs some code on every call:
(for-every-call,!echo analyzing function at `? $$~[0]`...,.af*)
So then you have the iterator and the code you want to run:
.(for-every-call) @@ .(for-each-call sym.main)
you can also do it simpler, because at the end you only need to
run'.af*':
.af* @@ .(for-each-call $$)
Then you just need to run this command for every symbol:
Embed the previous command inside another macro:
(recursive-analysis,.af*@@.(for-each-call $$))
And run it for every symbol:
.(recursive-analysis) @@= `C*~CF[3]`
Yeah i know that all those black magic scripting tricks looks hard to
read, but they are
pretty funny and powerful at the end :)
The other option is by writing a perl/python/ruby script, but then i
have nothing to explain :P
--pancake
_______________________________________________
radare mailing list
[email protected]
http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
_______________________________________________
radare mailing list
[email protected]
http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
