在 Radare2 中使用 -d(调试)CLI 选项时,为什么 -A (aaa) 分析会显示更多信息?
我正在使用最新版本的 Radare2 来分析 Windows 应用程序。
如下所示,将 -d(调试)选项与 -A (aaa) 结合使用会产生有关应用程序的更多信息,例如符号。这是为什么?
没有 -d(调试)CLI 选项:
$ r2 -A WindowsService.exe
Metadata Signature: 0x8bc 0x10001424a5342 12
.NET Version: v4.0.30319
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Constructing a function name for fcn.* and sym.func.* functions (aan)
[x] Type matching analysis for all functions (afta)
[x] Use -AA or aaaa to perform additional experimental analysis.
-- I didn't say that it was working, I said that it's implemented
[0x00403e92]> afll
address size nbbs edges cc cost min bound range max bound calls locals args xref frame name
========== ==== ===== ===== ===== ==== ========== ===== ========== ===== ====== ==== ==== ===== ====
0x00403e92 6 1 0 1 3 0x00403e92 6 0x00403e98 0 0 0 1 0 entry0
使用 -d(调试)CLI 选项:
$ r2 -d -A WindowsService.exe
Process with PID 21499 started...
= attach 21499 21499
bin.baddr 0x561296b89000
Using 0x561296b89000
asm.bits 64
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Constructing a function name for fcn.* and sym.func.* functions (aan)
[TOFIX: afta can't run in debugger mode.ions (afta)
[x] Type matching analysis for all functions (afta)
[x] Use -AA or aaaa to perform additional experimental analysis.
= attach 21499 21499
21499
-- Use zoom.byte=entropy and press 'z' in visual mode to zoom out to see the entropy of the whole file
[0x7fb177974090]> afll
address size nbbs edges cc cost min bound range max bound calls locals args xref frame name
================== ==== ===== ===== ===== ==== ================== ===== ================== ===== ====== ==== ==== ===== ====
0x0000561296b89000 285 3 2 3 134 0x0000561296b89000 292 0x0000561296b89124 0 0 1 0 24 sym.imp.__libc_start_main
0x0000561296b8d290 6 1 0 1 3 0x0000561296b8d290 6 0x0000561296b8d296 0 0 0 0 0 sym.imp.sigprocmask
0x0000561296b8d2a0 6 1 0 1 3 0x0000561296b8d2a0 6 0x0000561296b8d2a6 0 0 0 0 0 sym.imp.raise
0x0000561296b8d2b0 6 1 0 1 3 0x0000561296b8d2b0 6 0x0000561296b8d2b6 0 0 0 0 0 sym.imp.free
0x0000561296b8d2c0 6 1 0 1 3 0x0000561296b8d2c0 6 0x0000561296b8d2c6 0 0 0 0 0 sym.imp.strcasecmp
0x0000561296b8d2d0 6 1 0 1 3 0x0000561296b8d2d0 6 0x0000561296b8d2d6 0 0 0 0 0 sym.imp.abort
0x0000561296b8d2e0 6 1 0 1 3 0x0000561296b8d2e0 6 0x0000561296b8d2e6 0 0 0 1 0 sym.imp.__errno_location
0x0000561296b8d2f0 6 1 0 1 3 0x0000561296b8d2f0 6 0x0000561296b8d2f6 0 0 0 0 0 sym.imp._exit
0x0000561296b8d300 6 1 0 1 3 0x0000561296b8d300 6 0x0000561296b8d306 0 0 0 0 0 sym.imp.strcpy
0x0000561296b8d310 6 1 0 1 3 0x0000561296b8d310 6 0x0000561296b8d316 0 0 0 0 0 sym.imp.qsort
0x0000561296b8d320 6 1 0 1 3 0x0000561296b8d320 6 0x0000561296b8d326 0 0 0 0 0 sym.imp.isatty
0x0000561296b8d330 6 1 0 1 3 0x0000561296b8d330 6 0x0000561296b8d336 0 0 0 0 0 sym.imp.sigaction
0x0000561296b8d340 6 1 0 1 3 0x0000561296b8d340 6 0x0000561296b8d346 0 0 0 0 0 sym.imp.strtod
0x0000561296b8d350 6 1 0 1 3 0x0000561296b8d350 6 0x0000561296b8d356 0 0 0 0 0 sym.imp.strchrnul
0x0000561296b8d360 6 1 0 1 3 0x0000561296b8d360 6 0x0000561296b8d366 0 0 0 0 0 sym.imp.faccessat
0x0000561296b8d370 6 1 0 1 3 0x0000561296b8d370 6 0x0000561296b8d376 0 0 0 0 0 sym.imp.fcntl
0x0000561296b8d380 6 1 0 1 3 0x0000561296b8d380 6 0x0000561296b8d386 0 0 0 0 0 sym.imp.write
0x0000561296b8d390 6 1 0 1 3 0x0000561296b8d390 6 0x0000561296b8d396 0 0 0 1 0 sym.imp.getpid
0x0000561296b8d3a0 6 1 0 1 3 0x0000561296b8d3a0 6 0x0000561296b8d3a6 0 0 0 0 0 sym.imp.__strtol_internal
0x0000561296b8d3b0 6 1 0 1 3 0x0000561296b8d3b0 6 0x0000561296b8d3b6 0 0 0 0 0 sym.imp.__xstat64
0x0000561296b8d3c0 6 1 0 1 3 0x0000561296b8d3c0 6 0x0000561296b8d3c6 0 0 0 0 0 sym.imp.wait3
0x0000561296b8d3d0 6 1 0 1 3 0x0000561296b8d3d0 6 0x0000561296b8d3d6 0 0 0 0 0 sym.imp.opendir
0x0000561296b8d3e0 6 1 0 1 3 0x0000561296b8d3e0 6 0x0000561296b8d3e6 0 0 0 0 0 sym.imp.stpcpy
0x0000561296b8d3f0 6 1 0 1 3 0x0000561296b8d3f0 6 0x0000561296b8d3f6 0 0 0 0 0 sym.imp.strlen
0x0000561296b8d400 6 1 0 1 3 0x0000561296b8d400 6 0x0000561296b8d406 0 0 0 0 0 sym.imp.chdir
0x0000561296b8d410 6 1 0 1 3 0x0000561296b8d410 6 0x0000561296b8d416 0 0 0 0 0 sym.imp.__stack_chk_fail
0x0000561296b8d420 6 1 0 1 3 0x0000561296b8d420 6 0x0000561296b8d426 0 0 0 1 0 sym.imp.getuid
0x0000561296b8d430 6 1 0 1 3 0x0000561296b8d430 6 0x0000561296b8d436 0 0 0 0 0 sym.imp.dup2
0x0000561296b8d440 6 1 0 1 3 0x0000561296b8d440 6 0x0000561296b8d446 0 0 0 0 0 sym.imp.strchr
0x0000561296b8d450 6 1 0 1 3 0x0000561296b8d450 6 0x0000561296b8d456 0 0 0 0 0 sym.imp.warnx
0x0000561296b8d460 6 1 0 1 3 0x0000561296b8d460 6 0x0000561296b8d466 0 0 0 0 0 sym.imp.__strtoul_internal
0x0000561296b8d470 6 1 0 1 3 0x0000561296b8d470 6 0x0000561296b8d476 0 0 0 0 0 sym.imp.fnmatch
0x0000561296b8d480 6 1 0 1 3 0x0000561296b8d480 6 0x0000561296b8d486 0 0 0 0 0 sym.imp.geteuid
0x0000561296b8d490 6 1 0 1 3 0x0000561296b8d490 6 0x0000561296b8d496 0 0 0 0 0 sym.imp.getcwd
0x0000561296b8d4a0 6 1 0 1 3 0x0000561296b8d4a0 6 0x0000561296b8d4a6 0 0 0 0 0 sym.imp.close
0x0000561296b8d4b0 6 1 0 1 3 0x0000561296b8d4b0 6 0x0000561296b8d4b6 0 0 0 0 0 sym.imp.pipe
0x0000561296b8d4c0 6 1 0 1 3 0x0000561296b8d4c0 6 0x0000561296b8d4c6 0 0 0 0 0 sym.imp.strspn
0x0000561296b8d4d0 6 1 0 1 3 0x0000561296b8d4d0 6 0x0000561296b8d4d6 0 0 0 0 0 sym.imp.closedir
0x0000561296b8d4e0 6 1 0 1 3 0x0000561296b8d4e0 6 0x0000561296b8d4e6 0 0 0 0 0 sym.imp.strcspn
0x0000561296b8d4f0 6 1 0 1 3 0x0000561296b8d4f0 6 0x0000561296b8d4f6 0 0 0 0 0 sym.imp.read
0x0000561296b8d500 6 1 0 1 3 0x0000561296b8d500 6 0x0000561296b8d506 0 0 0 1 0 sym.imp._setjmp
0x0000561296b8d510 6 1 0 1 3 0x0000561296b8d510 6 0x0000561296b8d516 0 0 0 0 0 sym.imp.execve
0x0000561296b8d520 6 1 0 1 3 0x0000561296b8d520 6 0x0000561296b8d526 0 0 0 0 0 sym.imp.__fxstat64
0x0000561296b8d530 6 1 0 1 3 0x0000561296b8d530 6 0x0000561296b8d536 0 0 0 0 0 sym.imp.strcmp
0x0000561296b8d540 6 1 0 1 3 0x0000561296b8d540 6 0x0000561296b8d546 0 0 0 0 0 sym.imp.signal
0x0000561296b8d550 6 1 0 1 3 0x0000561296b8d550 6 0x0000561296b8d556 0 0 0 0 0 sym.imp.getpwnam
0x0000561296b8d560 6 1 0 1 3 0x0000561296b8d560 6 0x0000561296b8d566 0 0 0 0 0 sym.imp.umask
0x0000561296b8d570 6 1 0 1 3 0x0000561296b8d570 6 0x0000561296b8d576 0 0 0 0 0 sym.imp.strtol
0x0000561296b8d580 6 1 0 1 3 0x0000561296b8d580 6 0x0000561296b8d586 0 0 0 0 0 sym.imp.sigfillset
0x0000561296b8d590 6 1 0 1 3 0x0000561296b8d590 6 0x0000561296b8d596 0 0 0 0 0 sym.imp.memcpy
0x0000561296b8d5a0 6 1 0 1 3 0x0000561296b8d5a0 6 0x0000561296b8d5a6 0 0 0 0 0 sym.imp.kill
0x0000561296b8d5b0 6 1 0 1 3 0x0000561296b8d5b0 6 0x0000561296b8d5b6 0 0 0 1 0 sym.imp.getgid
0x0000561296b8d5c0 6 1 0 1 3 0x0000561296b8d5c0 6 0x0000561296b8d5c6 0 0 0 0 0 sym.imp.tcgetpgrp
0x0000561296b8d5d0 6 1 0 1 3 0x0000561296b8d5d0 6 0x0000561296b8d5d6 0 0 0 0 0 sym.imp.__xstat
0x0000561296b8d5e0 6 1 0 1 3 0x0000561296b8d5e0 6 0x0000561296b8d5e6 0 0 0 0 0 sym.imp.readdir
0x0000561296b8d5f0 6 1 0 1 3 0x0000561296b8d5f0 6 0x0000561296b8d5f6 0 0 0 0 0 sym.imp.malloc
0x0000561296b8d600 6 1 0 1 3 0x0000561296b8d600 6 0x0000561296b8d606 0 0 0 0 0 sym.imp.killpg
0x0000561296b8d610 6 1 0 1 3 0x0000561296b8d610 6 0x0000561296b8d616 0 0 0 0 0 sym.imp.getegid
0x0000561296b8d620 6 1 0 1 3 0x0000561296b8d620 6 0x0000561296b8d626 0 0 0 0 0 sym.imp.strpbrk
0x0000561296b8d630 6 1 0 1 3 0x0000561296b8d630 6 0x0000561296b8d636 0 0 0 0 0 sym.imp.sigsuspend
0x0000561296b8d640 6 1 0 1 3 0x0000561296b8d640 6 0x0000561296b8d646 0 0 0 0 0 sym.imp.__vsnprintf_chk
0x0000561296b8d650 6 1 0 1 3 0x0000561296b8d650 6 0x0000561296b8d656 0 0 0 0 0 sym.imp.setrlimit
0x0000561296b8d660 6 1 0 1 3 0x0000561296b8d660 6 0x0000561296b8d666 0 0 0 0 0 sym.imp.strsignal
0x0000561296b8d670 6 1 0 1 3 0x0000561296b8d670 6 0x0000561296b8d676 0 0 0 0 0 sym.imp.realloc
0x0000561296b8d680 6 1 0 1 3 0x0000561296b8d680 6 0x0000561296b8d686 0 0 0 0 0 sym.imp.sigsetmask
0x0000561296b8d690 6 1 0 1 3 0x0000561296b8d690 6 0x0000561296b8d696 0 0 0 0 0 sym.imp.__longjmp_chk
0x0000561296b8d6a0 6 1 0 1 3 0x0000561296b8d6a0 6 0x0000561296b8d6a6 0 0 0 0 0 sym.imp.open64
0x0000561296b8d6b0 6 1 0 1 3 0x0000561296b8d6b0 6 0x0000561296b8d6b6 0 0 0 0 0 sym.imp.mempcpy
0x0000561296b8d6c0 6 1 0 1 3 0x0000561296b8d6c0 6 0x0000561296b8d6c6 0 0 0 0 0 sym.imp.memmove
0x0000561296b8d6d0 6 1 0 1 3 0x0000561296b8d6d0 6 0x0000561296b8d6d6 0 0 0 0 0 sym.imp.setgid
0x0000561296b8d6e0 6 1 0 1 3 0x0000561296b8d6e0 6 0x0000561296b8d6e6 0 0 0 0 0 sym.imp.getpgrp
0x0000561296b8d6f0 6 1 0 1 3 0x0000561296b8d6f0 6 0x0000561296b8d6f6 0 0 0 0 0 sym.imp.tcsetpgrp
0x0000561296b8d700 6 1 0 1 3 0x0000561296b8d700 6 0x0000561296b8d706 0 0 0 0 0 sym.imp.open
0x0000561296b8d710 6 1 0 1 3 0x0000561296b8d710 6 0x0000561296b8d716 0 0 0 0 0 sym.imp.times
0x0000561296b8d720 6 1 0 1 3 0x0000561296b8d720 6 0x0000561296b8d726 0 0 0 0 0 sym.imp.strtok
0x0000561296b8d730 6 1 0 1 3 0x0000561296b8d730 6 0x0000561296b8d736 0 0 0 0 0 sym.imp.sysconf
0x0000561296b8d740 6 1 0 1 3 0x0000561296b8d740 6 0x0000561296b8d746 0 0 0 0 0 sym.imp.__lxstat64
0x0000561296b8d750 6 1 0 1 3 0x0000561296b8d750 6 0x0000561296b8d756 0 0 0 0 0 sym.imp.setpgid
0x0000561296b8d760 6 1 0 1 3 0x0000561296b8d760 6 0x0000561296b8d766 0 0 0 0 0 sym.imp.getppid
0x0000561296b8d770 6 1 0 1 3 0x0000561296b8d770 6 0x0000561296b8d776 0 0 0 0 0 sym.imp.getrlimit
0x0000561296b8d780 6 1 0 1 3 0x0000561296b8d780 6 0x0000561296b8d786 0 0 0 0 0 sym.imp.setuid
0x0000561296b8d790 6 1 0 1 3 0x0000561296b8d790 6 0x0000561296b8d796 0 0 0 0 0 sym.imp.strdup
0x0000561296b8d7a0 6 1 0 1 3 0x0000561296b8d7a0 6 0x0000561296b8d7a6 0 0 0 0 0 sym.imp.strerror
0x0000561296b8d7b0 6 1 0 1 3 0x0000561296b8d7b0 6 0x0000561296b8d7b6 0 0 0 0 0 sym.imp.fork
0x0000561296b8d7c0 6 1 0 1 3 0x0000561296b8d7c0 6 0x0000561296b8d7c6 0 0 0 0 0 sym.imp.__ctype_b_loc
0x0000561296b8d7d0 6 1 0 1 3 0x0000561296b8d7d0 6 0x0000561296b8d7d6 0 0 0 1 0 sub.__cxa_finalize_7d0
0x0000561296b8d850 455 25 42 17 155 0x0000561296b8d850 455 0x0000561296b8da17 20 6 2 1 280 main
0x0000561296b8da20 43 1 0 1 17 0x0000561296b8da20 43 0x0000561296b8da4b 1 0 1 0 8 entry0
0x0000561296b8da50 40 4 4 4 19 0x0000561296b8da50 50 0x0000561296b8da82 0 0 0 1 8 sub.__environ_32_a50
0x0000561296b8da90 57 4 4 4 24 0x0000561296b8da90 66 0x0000561296b8dad2 0 0 0 1 8 loc.561296b8da90
0x0000561296b8dae0 51 5 5 4 24 0x0000561296b8dae0 58 0x0000561296b8db1a 2 0 0 0 0 entry2.fini
0x0000561296b8db20 124 5 5 4 30 0x0000561296b8da90 10 0x0000561296b8db2a 0 0 0 0 8 entry1.init
0x0000561296da5fd8 72 1 0 1 33 0x0000561296da5fd8 72 0x0000561296da6020 0 0 0 1 0 reloc.__libc_start_main