only 8051? full of checkboxes for todos? wtf

Extract it from the visual mode chapter, extend it and make a new chapter.

With a white background, black logo and "0.1 edition" text.

• /m (search.align, in/from/to/..)
• m to mount filesystems
• Dumping results
• rahash2 -Bb 1M -a md5

There is a concept of literate programming, and running the code from the documentation.
We should make a scripts/change the book to do exactly the same.
So what we need:

• Change the code examples into being reproducible and self contained
• Allow to run the code examples on some external binary files
• Script to "build"/"run" the book like we do for the testcase.
• Ideally provide a way to run also r2pipe scripts the same way.

[0x08048360]> o
 3 * -r-x 0x00001d9c ./crackme0x03
 4 - mrw- 0x00000004 null://4

[0x08048360]> pdf @sym.test
/ (fcn) sym.test 42
|   sym.test (int arg_8h, int arg_ch);
|           ; arg int arg_8h @ ebp+0x8
|           ; arg int arg_ch @ ebp+0xc
|              ; CALL XREF from 0x0804850c (sym.main)
|           0x0804846e      55             push ebp
|           0x0804846f      89e5           mov ebp, esp
|           0x08048471      83ec08         sub esp, 8
|           0x08048474      8b4508         mov eax, dword [arg_8h]     ; [0x8:4]=-1 ; 8
|           0x08048477      3b450c         cmp eax, dword [arg_ch]     ; [0xc:4]=-1 ; 12
|       ,=< 0x0804847a      740e           je 0x804848a
|       |   0x0804847c      c70424ec8504.  mov dword [esp], str.Lqydolg_Sdvvzrug ; [0x80485ec:4]=0x6479714c ; "Lqydolg#Sdvvzrug$"
|       |   0x08048483      e88cffffff     call sym.shift
|      ,==< 0x08048488      eb0c           jmp 0x8048496
|      |`-> 0x0804848a      c70424fe8504.  mov dword [esp], str.Sdvvzrug_RN ; [0x80485fe:4]=0x76766453 ; "Sdvvzrug#RN$$$#=,"
|      |    0x08048491      e87effffff     call sym.shift
|      |       ; JMP XREF from 0x08048488 (sym.test)
|      `--> 0x08048496      c9             leave
\           0x08048497      c3             ret

I'm getting different code then defeating-IOLI-with-radare2.md. File in bin-linux.

All screenshots should be redone with one color theme and resolution.
Preferably it should contain two sets: one for the dark theme (for reading on computer), and one for printing - the light and contrast one.

Including the load from header file, linking it to the address.

See radareorg/radare2#10094 for more information

radareorg/radare2#10960

• adf - mark as dwords all the data references found in the current function
• adfg - find the gaps between basic blocks in a function and mark them as data (useful when the function mixes data and code)

Not only to explain what variable means what, but also the possible or common use cases.

With r2 credits chapter and r2book chapter

Hi,

I'm not sure where to ask questions regarding radare2 usage. So, I'll do it here.
I want to use radare2 for esp8266 RE, so I want it to produce as readable disassembly as possible.
The primary target for disassembly is object files extracted from library archives.

Is there radare2 configuration/settings that allow to have:

1. call function name resolution:

0x40215b31      0176b2         l32r a0,0x4020250c
0x40215b34      c00000         callx0 a0

to display something like:

0x40215b34      c00000         call sym.some_function

2. string literal resolution

0x40215b2c      21f8ff         l32r a2,0x40215b0c

to

0x40215b2c      21f8ff         l32r a2,str.some_string_literal

I noticed that when I load an executable function calls are resolved better. When I load an object file function calls are not resolved at all.

I also do not understand why the instruction l32r a2,0x000001d4 that should load a pointer to a string literal does not point to the string:

px @ 0x000001d4
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x000001d4  1400 0000 404b 4c00 4042 0f00 0006 0060  ....@KL.@B.....

ps @ 0x00000014
\x01

0x000001f4]> fs strings
[0x000001f4]> f
0x000004e8 15 str.arm_new__x__x_n

Thanks

Use ``` for code

to change core->bits

No description, etc...
We can use the text from here: http://radare.today/posts/exploring-the-database/

To be able to reproduce them easily

In the overview section it is mentioned that rasm2 supports MSIL. If it is then this architecture should be renamed to CIL as the MSIL is a deprecated name but running rasm2 -L does not list that architecture.

MSIL is also mentioned in rasm2 intro.

Was MSIL removed and the book is not updated in that part?

https://github.com/radare/radare2ida

Maybe in "Migration from IDA/GDB/etc"
Also it make sense to separate the table and write a small chapter in text with a few examples.

• Talk about cutter
  • how to build
  • how to run
  • current features
• Talk about the webserver r2 -H
  • r2webui repo
• Talk about android/ios
  • cydia repository, playstore app, etc

but it's referenced here: https://github.com/radare/radare2book/blob/master/analysis/code_analysis.md

/introduction/windows_compilation.md

Following the guide will result in runtime dependency on libgcc.

sys/mingw32.bat seems to be up to date, however paths are hardcoded and it won't work out of the box as the book suggests.

MinGW-w64 build by the book fails with error on shlr/zip/zip/zip_close.c:645 complaining about _O_BINARY, so something is missing from that part too.

• Explain every function thoroughly (examples)
• Complex API explanations, e.g. for relocations

this is not explained either. rabin2 -C

r2tgirc, [09 May 2016 05:20]:
pancake: "Configuration" in the book seems entirely incorrect
that is, "-n" and "-v" don't do what is said there...

See radareorg/radare2#11349

• Use -I to load plugins instead of -i
• Line 651 mentions incorrect options

Add info on Syscalls in r2book

@sivaramaaa

• e asm.emu
• search /s
• dcs, dcs*
• all the as?
• e emu.write
• emulation of the syscall
• analysis of syscall
• How to add new syscalls databases

And move it from radare2/doc/calling_conventions.md

https://radare.gitbooks.io/radare2book/content/first_steps/windows_compilation.html
This is outdated. Update with clear and easy information.

When radare2 opens an ELF file, where does it set its starting position to?

when we use seek command to move the current position back and force, does it move in the virtual address space of the ELF file? or does it move in the offset from the beginning of the ELF file?

Please clarify this

this section doenst explains anything useful to do with it

• hash by blocks
• encrypt/decrypt
• encode/decode
• rabin2 -K
• rahash2 -s to hash a string (or process from stdin)
• how to hash multiple files

For partial emulation (or imprecise full emulation) radare2 uses its own ESIL intermediate language and virtual machine.

--Emulation

The hyperlink in "ESIL" is wrong. I believe the intended URL is : https://radare.gitbooks.io/radare2book/content/disassembling/esil.html .

To be consistent across the whole book

With maybe a short overview of most commonly installed external plugins

subj