Skip to content

Instantly share code, notes, and snippets.

@john-peterson

john-peterson/r2.md

Last active August 3, 2023 16:02
Show Gist options
  • Save john-peterson/22af0bf31a017eb3da24ec018ef0e2a2 to your computer and use it in GitHub Desktop.
Save john-peterson/22af0bf31a017eb3da24ec018ef0e2a2 to your computer and use it in GitHub Desktop.
Download ZIP
radare2
Raw
r2.md

Default

e scr.highlight.grep=1
e scr.color.grep=1
e asm.highlight=1
e asm.pseudo=1
e asm.marks=0
e asm.cmt.col=0
e asm.indentspace=0
e asm.bytes=0
e asm.lines.width=0
e asm.describe=1
e asm.xrefs.code=0
e graph.cmtright=1

Only problem is graph. It's still wrong

No word wrap endlessly long lines

No way to get everything on the same line

Regular disassembly has a few minor bugs. The flag doesn't look right is ugly when placed on the side

@john-peterson
Copy link
Author

Diff is a disaster from beginning to end but this is required. For many reasons you also need the stripped bare version

e asm.imm.trim=1
e asm.offset=0
e asm.lines=0
e asm.comments=0
e asm.describe=0

@john-peterson
Copy link
Author

john-peterson commented Aug 2, 2023
edited
Loading

You would not be able to do anything before... Until...

radiff2 -G 'e anal.nopskip=0;e anal.vars=0;e anal.hasnext=1;afr;aac' -COj 0/Metropolis_x64_vk.exe 1/Metropolis_x64_vk.exe 2> >(grep -v threshold >err) >exe.json.all&

THIS MUST BE RUN FROM THE ENTRY FUNCTION entry0 or main

If you are standing in the middle of a blueberry field in the middle of the main loop 6000 lines long and pancakes claim there "is nothing there" and you see blueberries and code everywhere. afr will chop it up and destroy it. YOU HAVE TO SEEK TO ENTRY FIRST and of course there are no locks everywhere so it's just switch to another window while you wait for the anal a umpteenth time. Painfully slow ZERO THREADING. But I guess it's a priority. I would also. I hate threading bugs too. I essentially hate threads so I'm not too far from a 🥞 myself

This is still barely functional.

Make sure you have at least 6 gig

Annoying goolag did not add n1-HIGHMEM-1. So... Nothing is perfect I guess

@john-peterson
Copy link
Author

And flags should ALWAYS look like

fn

Except when you have to use gdb they should look like izz

For some inexplicable reason there is no way to print as

fRAW. Exactly the way they are. The way gdb display them UNCHANGED

IT'S only the useless pseudo c display and the pretty fn

@john-peterson
Copy link
Author

john-peterson commented Aug 3, 2023
edited
Loading 

so next opcode
so- prev opcode

sb block beginning
?? block end

sf. fun beginning
sf fun end

Doesn't make any sense

But that's life isn't it

Always makes you wonder if anyone used this at all

Or what they did with it in that case unless the most basic operation of backtracing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment