Results 1 to 2 of 2

Thread: How to make radare automatically follow the eip?

  1. #1

    Post How to make radare automatically follow the eip?

    I downloaded the radare source code and installed it,but when I try to follow the tut I get stuck setting asm.follow.Radare returns,
    (config-locked: 'asm.follow' no new keys could be created
    I have tried to modify the ~./radare.rc and add e asm.follow=eip to it,but this method doesn't work.

    I glanced at the config part in source code repository,the code line
    config_set("asm.follow", "")
    is comment out and it seems this problem was caused by file lock.

    I do not know much about the techniques(hash or lock) radare used to do configuration.And learning these right away is overkill for me now.

    So the question is there any solution to make radare automatically follow the eip?

    ps.My enviroment is Debian Linux/i386.The version of radare is 1.4.2b.

    Last edited by jcyang; November 9th, 2009 at 23:59. Reason: correct link
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    As replied in the mailing list:

    in short: asm.follow has been deprecated many releases ago.

    in long:

    It was deprecated because following a register has no relation with 'asm', so we
    moved to, which forces to seek if the resulting number of the given
    expression is far from the current screen seek.

    The problem in this situation is that sometimes you loss the pointer. Because the
    screen can get many different sizes, and the internal block size doesnt needs to
    reflect the screen height (different opcode sizes, etc..) so actually with the current
    implementation of the console handle the disassembly engine has no way to know
    if the given value is far enought to seek.

    If you press '.' in visual mode you will seek to the program counter address.

    If you want to follow the program counter strictly you can use the cmd.vprompt*
    environment variables to execute a seek to the address you like. f.ex:

    > e cmd.vprompt=s eip
    > V

    You can put more complex expressions in this eval field.

    The other problem you face is that you are editing the ~/.radare.rc which is not the
    rc file. You should edit the ~/.radarerc

    About the source code I recommend you to always get it from mercurial. I will
    try to push snapshots after every release, but you should check if the last
    snapshot is newer than the last release or what, snapshots are just for testing
    purposes. This is why you are using 1.4.2b (b is for beta) and the last release was 1.4.2

    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Olly 2.0 does not follow a jump properly
    By deamon32 in forum OllyDbg Support Forums
    Replies: 5
    Last Post: May 18th, 2010, 02:18
  2. Malware creates new thread, how do I follow it?
    By Resource in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: July 18th, 2009, 23:11
  3. Good guidelines to follow?
    By d3k in forum The Newbie Forum
    Replies: 8
    Last Post: July 31st, 2008, 18:42
  4. How to automatically activate a button..
    By zambuka42 in forum The Newbie Forum
    Replies: 2
    Last Post: June 5th, 2008, 02:00

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts