当我跑步时aaa,Radare 告诉我,
[x] Use -AA or aaaa to perform additional experimental analysis.
但是有什么作用aaaa呢?它不记录下aa?也没有aaa?,也没有
[0x000028e0]> aaa?
Usage: See aa? for more help
[0x000028e0]> aaaa?
Usage: See aa? for more help
而man radare不是只说更实用,
-A run 'aaa' command before prompt or patch to analyze all referenced code. Use -AA to run aaaa
radare --help, 说
-A run 'aaa' command to analyze all referenced code
当您执行aaa命令时,radare 会向您显示它需要执行哪些步骤。每个步骤在括号内都有负责它的命令。
[0x00000000]> aaa
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Constructing a function name for fcn.* and sym.func.* functions (aan)
[x] Type matching analysis for all functions (afta)
[x] Use -AA or aaaa to perform additional experimental analysis.
如您所见,aaa是一个正在执行其他命令的命令。它还打印每个命令正在执行的操作的简短描述。可以在 下找到更详细的信息aa?。因此,要将这些信息附加在一起:
af@@ sym.*;af@entry0;afvaaf @@ `pi len~call[1]`)fcn.*或开头的自动命名函数sym.func.*与 类似aaa,aaaa执行时会打印此信息。
[0x00000000]> aaaa
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Constructing a function name for fcn.* and sym.func.* functions (aan)
[x] Enable constraint types analysis for variables
主要变化aaaa是“[x] 启用变量的约束类型分析”。这基本上启用了anal.types.constraint配置变量。
[0x00000000]> e? anal.types.constraint
anal.types.constraint: Enable constraint types analysis for variables
就个人而言,我建议不要使用,aaaa因为它有时会很麻烦,而且可能没有必要。