NAME=ELF: dynamic p_offset
FILE=bins/elf/analysis/dynamic-poffset
CMDS=ir
EXPECT=<<EOF
vaddr      paddr      type   name              
-----------------------------------------------
0x00600988 0x00000988 SET_64 __gmon_start__
0x006009a8 0x000009a8 SET_64 write
0x006009b0 0x000009b0 SET_64 close
0x006009b8 0x000009b8 SET_64 __libc_start_main
0x006009c0 0x000009c0 SET_64 open
EOF
RUN

NAME=ELF: Spurious relocations
FILE=bins/elf/analysis/spurious-relocs
CMDS=ir~vaddr=0x0000003a
EXPECT=<<EOF
EOF
RUN

NAME=ELF: .plt/.plt.sec sections
FILE=bins/elf/ls-cet
CMDS=<<EOF
e asm.bytes=true
pdq 10 @ main+0x28
EOF
EXPECT=<<EOF
0x00004e98                 31c0  xor eax, eax
0x00004e9a           e8a1e60000  call 0x13540
0x00004e9f       488d351e4a0100  lea rsi, [rip + 0x14a1e]
0x00004ea6           bf06000000  mov edi, 6
0x00004eab           e8b0fdffff  call sym.imp.setlocale
0x00004eb0       488d35584b0100  lea rsi, [rip + 0x14b58]
0x00004eb7       488d3d374b0100  lea rdi, [rip + 0x14b37]
0x00004ebe           e81dfaffff  call sym.imp.bindtextdomain
0x00004ec3       488d3d2b4b0100  lea rdi, [rip + 0x14b2b]
0x00004eca           e8d1f9ffff  call sym.imp.textdomain
EOF
RUN

NAME=ELF: use reloc table in dyn entry
FILE=bins/elf/simple-hello-world-with-wrong-rela-section-name
CMDS=<<EOF
e asm.bytes=true
e asm.comments=false
e asm.lines=false
pd 15 @ entry0~call
EOF
EXPECT=<<EOF
0x00001068      ff15722f0000   call  qword [reloc.__libc_start_main]
EOF
RUN

NAME=ELF: RZ_X86_64_PLT32 patch reloc
FILE=bins/elf/radare2.c.obj
CMDS=<<EOF
e asm.bytes=true
e asm.comments=false
e asm.lines=false
pd 1 @ 0x0800005e
EOF
EXPECT=<<EOF
0x0800005e      e8a55e0600     call  reloc.target.r_spaces_set
EOF
RUN

NAME=ELF: RZ_X86_64_PLT32 patch reloc 2
FILE=bins/elf/test.ko
CMDS=<<EOF
e asm.bytes=true
e asm.comments=false
e asm.lines=false
e asm.flags=false
e asm.flags.real=false
pd 1 @ 0x0800007c
pd 1 @ 0x0800008c
pd 1 @ 0x0800009f
echo --
e asm.flags.real=true
pd 1 @ 0x0800007c
pd 1 @ 0x0800008c
pd 1 @ 0x0800009f
EOF
EXPECT=<<EOF
0x0800007c      e8970a0000     call  reloc.target.__fentry
0x0800008c      e88f0a0000     call  reloc.target.printk
0x0800009f      e87c0a0000     call  reloc.target.printk
--
0x0800007c      e8970a0000     call  __fentry__
0x0800008c      e88f0a0000     call  printk
0x0800009f      e87c0a0000     call  printk
EOF
RUN

NAME=ELF: no patching when bin.relocs=0
FILE=bins/elf/analysis/filetime.c-clang-x64-O0.o
ARGS=-e bin.relocs=false
CMDS=<<EOF
oml
echo --
e asm.flags.real=false
e asm.bytes=true
fl @F:relocs
pd 1 @ 0x08000079
pd 1 @ 0x080000a2
pd 1 @ reloc.target.strcmp
EOF
EXPECT=<<EOF
 1 fd: 3 +0x00000e00 0x08000e00 - 0x08000ef2 --- fmap..strtab
 2 fd: 3 +0x00000040 0x08000040 * 0x08000635 r-x fmap..text
 3 fd: 3 +0x00000b00 0x08000b00 - 0x08000d6f --x fmap..rela.text
 4 fd: 3 +0x00000636 0x08000636 - 0x08000824 r-- fmap..rodata.str1.1
 5 fd: 3 +0x00000825 0x08000825 - 0x0800085b --- fmap..comment
 6 fd: 3 +0x00000860 0x08000860 - 0x0800091f r-- fmap..eh_frame
 7 fd: 3 +0x00000d70 0x08000d70 - 0x08000dff --- fmap..rela.eh_frame
 8 fd: 3 +0x00000920 0x08000920 - 0x08000aff --- fmap..symtab
 9 fd: 3 +0x00000000 0x08000000 - 0x0800003f r-- fmap.ehdr
--
            0x08000079      e800000000     call  strcmp
            0x080000a2      e800000000     call  strcmp
EOF
RUN

NAME=ELF: reloc flags
FILE=bins/elf/analysis/filetime.c-clang-x64-O0.o
CMDS=<<EOF
oml
echo --
e asm.flags.real=false
fl @F:relocs
pd 1 @ 0x08000079
pd 1 @ 0x080000a2
pd 1 @ reloc.target.strcmp
echo --
e asm.flags.real=true
fl @F:relocs
pd 1 @ 0x08000079
pd 1 @ 0x080000a2
pd 1 @ reloc.target.strcmp
EOF
EXPECT=<<EOF
 1 fd: 4 +0x00000000 0x08000f00 - 0x08000fff r-- vmap.reloc-targets
 2 fd: 3 +0x00000e00 0x08000e00 - 0x08000ef2 --- fmap..strtab
 3 fd: 5 +0x00000040 0x08000040 * 0x08000635 r-x vmap..text
 4 fd: 3 +0x00000b00 0x08000b00 - 0x08000d6f --x fmap..rela.text
 5 fd: 3 +0x00000636 0x08000636 - 0x08000824 r-- fmap..rodata.str1.1
 6 fd: 3 +0x00000825 0x08000825 - 0x0800085b --- fmap..comment
 7 fd: 5 +0x00000860 0x08000860 - 0x0800091f r-- vmap..eh_frame
 8 fd: 3 +0x00000d70 0x08000d70 - 0x08000dff --- fmap..rela.eh_frame
 9 fd: 3 +0x00000920 0x08000920 - 0x08000aff --- fmap..symtab
10 fd: 3 +0x00000000 0x08000000 - 0x0800003f r-- fmap.ehdr
--
0x08000040 4 reloc.target..text
0x08000073 4 reloc..rodata.str1.1
0x0800007a 4 reloc.strcmp
0x0800009c 4 reloc..rodata.str1.1.800009c
0x080000a3 4 reloc.strcmp.80000a3
0x080000be 4 reloc..rodata.str1.1.80000be
0x080000c5 4 reloc.strcmp.80000c5
0x080000f8 8 reloc..rodata.str1.1.80000f8
0x08000125 4 reloc.stat
0x08000144 4 reloc.strlen
0x08000199 4 reloc.memcpy
0x080001be 8 reloc..rodata.str1.1.80001be
0x080001e0 4 reloc.strlen.80001e0
0x08000231 4 reloc.memcpy.8000231
0x08000267 4 reloc.memcpy.8000267
0x080002a2 4 reloc.perror
0x080002c9 4 reloc.time
0x080003a9 4 reloc..rodata.str1.1.80003a9
0x080003b8 4 reloc..L.str.5
0x0800050f 8 reloc..rodata.str1.1.800050f
0x0800053e 8 reloc..rodata.str1.1.800053e
0x08000555 4 reloc.exit
0x0800057f 4 reloc.write
0x080005be 4 reloc.utilvserver_fmt_ulong_base
0x080005f5 4 reloc.strlen.80005f5
0x0800061b 8 reloc..rodata.str1.1.800061b
0x08000632 4 reloc.exit.8000632
0x08000636 4 reloc.target..rodata.str1.1
0x08000689 4 reloc.target..L.str.5
0x08000880 4 reloc..text
0x0800089c 4 reloc..text.800089c
0x080008b8 4 reloc..text.80008b8
0x080008d4 4 reloc..text.80008d4
0x080008f0 4 reloc..text.80008f0
0x0800090c 4 reloc..text.800090c
0x08000f00 4 reloc.target.strcmp
0x08000f08 4 reloc.target.stat
0x08000f10 4 reloc.target.strlen
0x08000f18 4 reloc.target.memcpy
0x08000f20 4 reloc.target.perror
0x08000f28 4 reloc.target.time
0x08000f30 4 reloc.target.exit
0x08000f38 4 reloc.target.write
0x08000f40 4 reloc.target.utilvserver_fmt_ulong_base
            0x08000079      call  reloc.target.strcmp                  ; RELOC 32 strcmp
            0x080000a2      call  reloc.target.strcmp                  ; RELOC 32 strcmp
            ;-- strcmp:
            0x08000f00      .qword 0x0000000000000000                  ; RELOC TARGET 32 strcmp
--
0x08000040 4 .text
0x08000073 4 .rodata.str1.1
0x0800007a 4 strcmp
0x0800009c 4 .rodata.str1.1
0x080000a3 4 strcmp
0x080000be 4 .rodata.str1.1
0x080000c5 4 strcmp
0x080000f8 8 .rodata.str1.1
0x08000125 4 stat
0x08000144 4 strlen
0x08000199 4 memcpy
0x080001be 8 .rodata.str1.1
0x080001e0 4 strlen
0x08000231 4 memcpy
0x08000267 4 memcpy
0x080002a2 4 perror
0x080002c9 4 time
0x080003a9 4 .rodata.str1.1
0x080003b8 4 .L.str.5
0x0800050f 8 .rodata.str1.1
0x0800053e 8 .rodata.str1.1
0x08000555 4 exit
0x0800057f 4 write
0x080005be 4 utilvserver_fmt_ulong_base
0x080005f5 4 strlen
0x0800061b 8 .rodata.str1.1
0x08000632 4 exit
0x08000636 4 .rodata.str1.1
0x08000689 4 .L.str.5
0x08000880 4 .text
0x0800089c 4 .text
0x080008b8 4 .text
0x080008d4 4 .text
0x080008f0 4 .text
0x0800090c 4 .text
0x08000f00 4 strcmp
0x08000f08 4 stat
0x08000f10 4 strlen
0x08000f18 4 memcpy
0x08000f20 4 perror
0x08000f28 4 time
0x08000f30 4 exit
0x08000f38 4 write
0x08000f40 4 utilvserver_fmt_ulong_base
            0x08000079      call  strcmp                               ; RELOC 32 strcmp
            0x080000a2      call  strcmp                               ; RELOC 32 strcmp
            ;-- strcmp:
            0x08000f00      .qword 0x0000000000000000                  ; RELOC TARGET 32 strcmp
EOF
RUN

NAME=ELF: write with relocs patched
FILE=--
CMDS=<<EOF
mkdir .tmp
cp bins/elf/analysis/filetime.c-clang-x64-O0.o .tmp/elf-reloc-patchee
o+ .tmp/elf-reloc-patchee
oml~vmap
echo -- original
px 0x10 @ 0x0800006a
px 0x10 @ 0x0800064d
echo -- overwritten
wx 424242424242424242424242424242 @ 0x0800006a
w ulu-mulu @ 0x0800064d
px 0x10 @ 0x0800006a
px 0x10 @ 0x0800064a
echo -- unloaded
o--
px 0x10 @ 0x0800006a
px 0x10 @ 0x0800064a
echo -- reloaded
o+ .tmp/elf-reloc-patchee
px 0x10 @ 0x0800006a
px 0x10 @ 0x0800064a
rm .tmp/elf-reloc-patchee
EOF
EXPECT=<<EOF
 1 fd: 4 +0x00000000 0x08000f00 - 0x08000fff rwx vmap.reloc-targets
 3 fd: 5 +0x00000040 0x08000040 - 0x08000635 rwx vmap..text
 7 fd: 5 +0x00000860 0x08000860 - 0x0800091f rwx vmap..eh_frame
-- original
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x0800006a  488b 45f0 488b 7808 b936 0600 0889 cee8  H.E.H.x..6......
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x0800064d  6669 6c65 6e61 6d65 2073 7065 6369 6669  filename specifi
-- overwritten
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x0800006a  4242 4242 4242 4242 4236 0600 0842 42e8  BBBBBBBBB6...BB.
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x0800064a  4e6f 2075 6c75 2d6d 756c 7520 7370 6563  No ulu-mulu spec
-- unloaded
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x0800006a  ffff ffff ffff ffff ffff ffff ffff ffff  ................
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x0800064a  ffff ffff ffff ffff ffff ffff ffff ffff  ................
-- reloaded
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x0800006a  4242 4242 4242 4242 4236 0600 0842 42e8  BBBBBBBBB6...BB.
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x0800064a  4e6f 2075 6c75 2d6d 756c 7520 7370 6563  No ulu-mulu spec
EOF
RUN

NAME=ELF: jumptable from relocs
FILE=bins/elf/analysis/rawmem.c-gcc-x64-O3.o
CMDS=<<EOF
s 0x08000040
af
pdf
EOF
EXPECT=<<EOF
            ;-- section..text:
            ;-- .text:
/ sym.owGetPageLength.constprop.0(int64_t arg1);
|           ; arg int64_t arg1 @ rdi
|           0x08000040      movzx eax, byte [rdi]                      ; RELOC TARGET 32 .text @ 0x08000040 - 0x8004d08 ; arg1 ; [01] -r-x section size 6641 named .text
|           0x08000043      and   eax, 0x7f                            ; 127
|           0x08000046      sub   eax, 4
|           0x08000049      cmp   al, 0x73                             ; 115
|       ,=< 0x0800004b      ja    case.0x800005e.5
|       |   0x0800004d      lea   rdx, reloc.target..rodata            ; 0x8001a34 ; "4\xe6\xff\xff,\xe6\xff\xff4\xe6\xff\xff,\xe6\xff\xff4\xe6\xff\xffD\xe6\xff\xff4\xe6\xff\xffD\xe6\xff\xff4\xe6\xff\xff,\xe6\xff\x"; RELOC 32 .rodata @ 0x08001a34 - 0x8000054
|       |   0x08000054      movzx eax, al
|       |   0x08000057      movsxd rax, dword [rdx + rax*4]
|       |   0x0800005b      add   rax, rdx
|       |   ;-- switch
|       |   0x0800005e      jmp   rax                                  ; switch table (116 cases) at 0x8001a34
|       |   ; CODE XREF from sym.owGetPageLength.constprop.0 @ 0x800005e
|       |   ;-- case 5:                                                ; from 0x800005e
|       |   ;-- case 13...14:                                          ; from 0x800005e
|       |   ;-- case 16:                                               ; from 0x800005e
|       |   ;-- case 17:                                               ; from 0x800005e
|       |   ;-- case 22...23:                                          ; from 0x800005e
|       |   ;-- case 25:                                               ; from 0x800005e
|       |   ;-- case 27...28:                                          ; from 0x800005e
|       |   ;-- case 30:                                               ; from 0x800005e
|       |   ;-- case 31...32:                                          ; from 0x800005e
|       |   ;-- case 34:                                               ; from 0x800005e
|       |   ;-- case 36...50:                                          ; from 0x800005e
|       |   ;-- case 52:                                               ; from 0x800005e
|       |   ;-- case 53...54:                                          ; from 0x800005e
|       |   ;-- case 56:                                               ; from 0x800005e
|       |   ;-- default:                                               ; from 0x800005e
|       `-> 0x08000060      xor   eax, eax
|           0x08000062      ret
..
|           ; CODE XREF from sym.owGetPageLength.constprop.0 @ 0x800005e
|           ;-- case 4:                                                ; from 0x800005e
|           ;-- case 8:                                                ; from 0x800005e
|           ;-- case 12:                                               ; from 0x800005e
|           ;-- case 26:                                               ; from 0x800005e
|           ;-- case 33:                                               ; from 0x800005e
|           0x08000068      mov   rsi, rdi                             ; arg1
|           0x0800006b      mov   edi, 1
|       ,=< 0x08000070      jmp   reloc.target.getPageLengthNV         ; RELOC 32 getPageLengthNV
..
|       |   ; CODE XREF from sym.owGetPageLength.constprop.0 @ 0x800005e
|       |   ;-- case 9:                                                ; from 0x800005e
|       |   ;-- case 15:                                               ; from 0x800005e
|       |   ;-- case 19:                                               ; from 0x800005e
|       |   0x08000078      mov   rsi, rdi                             ; arg1
|       |   0x0800007b      mov   edi, 1
|      ,==< 0x08000080      jmp   reloc.target.getPageLengthEPROM      ; RELOC 32 getPageLengthEPROM
..
|      ||   ; CODE XREF from sym.owGetPageLength.constprop.0 @ 0x800005e
|      ||   ;-- case 51:                                               ; from 0x800005e
|      ||   0x08000088      mov   rsi, rdi                             ; arg1
|      ||   0x0800008b      mov   edi, 1
|     ,===< 0x08000090      jmp   reloc.target.getPageLengthSHAEE      ; RELOC 32 getPageLengthSHAEE
..
|     |||   ; CODE XREF from sym.owGetPageLength.constprop.0 @ 0x800005e
|     |||   ;-- case 55:                                               ; from 0x800005e
|     |||   0x08000098      mov   rsi, rdi                             ; arg1
|     |||   0x0800009b      mov   edi, 1
|    ,====< 0x080000a0      jmp   reloc.target.getPageLengthEE77       ; RELOC 32 getPageLengthEE77
..
|    ||||   ; CODE XREF from sym.owGetPageLength.constprop.0 @ 0x800005e
|    ||||   ;-- case 20:                                               ; from 0x800005e
|    ||||   0x080000a8      mov   rsi, rdi                             ; arg1
|    ||||   0x080000ab      mov   edi, 1
\   ,=====< 0x080000b0      jmp   reloc.target.getPageLengthEE         ; RELOC 32 getPageLengthEE
EOF
RUN

NAME=x86 32bit relocs in kernel module
FILE=bins/elf/linux-example-x86-32.ko
CMDS=<<EOF
s 0x0800007c
pi 15
px 0x26
EOF
EXPECT=<<EOF
call reloc.target.__fentry
push ebp
mov ebp, esp
push reloc.target..rodata.str1.1
call reloc.target.printk
xor eax, eax
leave
ret
push ebp
mov ebp, esp
push str.Ulu_mulu
call reloc.target.printk
pop eax
leave
ret
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x0800007c  e8d7 c802 0055 89e5 68a2 0000 08e8 cec8  .....U..h.......
0x0800008c  0200 31c0 c9c3 5589 e568 b100 0008 e8bd  ..1...U..h......
0x0800009c  c802 0058 c9c3                           ...X..
EOF
RUN

NAME=PPC big endian R_PPC_RELATIVE and R_PPC_JMP_SLOT
FILE=bins/abi_bins/elf/platforms/macppc-openbsd-echo
BROKEN=1
CMDS=<<EOF
# 584 relocs + 2 header lines
ir~?
# R_PPC_RELATIVE
s 0x398f8
pf bbbb
pd 1
# R_PPC_JMP_SLOT
s 0x39ca4
pf bbbb
pd 1
EOF
EXPECT=<<EOF
586
0x000398f8 = 0x00
0x000398f9 = 0x01
0x000398fa = 0x40
0x000398fb = 0xf4
            ;-- section..preinit_array:
            0x000398f8      .dword 0x000140f4                          ; RELOC 32  ; [19] -rw- section size 4 named .preinit_array
0x00039ca4 = 0x00
0x00039ca5 = 0x05
0x00039ca6 = 0x06
0x00039ca7 = 0x7c
            ;-- section..plt:
            ;-- _Jv_RegisterClasses:
            0x00039ca4      .dword 0x0005067c ; section..glink         ; RELOC 32 _Jv_RegisterClasses ; [23] -rw- section size 4 named .plt
EOF
RUN