1

In radare2, I can disassemble like:

0x004006f0]> pd 3
...
0x004006f0      ff2532092000   jmp qword [reloc.callme_three] ; [0x601028:8]=0x4006f6
0x004006f6      6802000000     push 2                      ;
0x004006fb      e9c0ffffff     jmp sym..plt

However, I want to see what those constants (reloc.callme_three, sym.plt) really hide. pid does half of this, but still doesn't show me the sym.plt constant:

[0x004006f0]> pid 3
0x004006f0   sym.imp.callme_three:
0x004006f0         ff2532092000  jmp qword [rip + 0x200932]
0x004006f6           6802000000  push 2
0x004006fb           e9c0ffffff  jmp sym..plt

How can I disassemble with all constants opened?
How can I find out what sym..plt is defined as?

Improve this question

2 Answers 2

Reset to default
2 
0x004006f0      ff2532092000   jmp qword [reloc.callme_three] ; [0x601028:8]=0x4006f6

it already shows in the comment what the symbol means it is 0x4006f6
address the next instruction

for example on an arbitrary disassembly as below

0x140012e7f      ff15db110000   call qword [sym.imp.KERNEL32.dll_SetUnhandledExceptionFilter];    
[0x140014060:8]=0x18d4e reloc.KERNEL32.dll_SetUnhandledExceptionFilter ; "N\x8d\x01"

you can dump the qword with px{num} @ symbol syntax

[0x140012e60]> px8 @ sym.imp.KERNEL32.dll_SetUnhandledExceptionFilter
- offset -    0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x140014060  4e8d 0100 0000 0000                      N.......
[0x140012e60]>

there are several ways

use seek

[0x00401120]> s sym..plt
[0x00400f70]>

print using expression

[0x00401120]> ?v sym..plt
0x400f70
[0x00401120]>

search for section named plt (notice the space in pattern)

[0x00401120]> iS~ .plt
13  0x00000f70  0x1b0 0x00400f70  0x1b0 -r-x .plt
[0x00401120]>

infer from the jump Const 0xffffffe0 to the opcode e9 wrt eip

[0x00401120]> pid  3 @ sym.imp.SHA256_Final
0x00400f80   sym.imp.SHA256_Final:
0x00400f80         ff2592102000  jmp qword [rip + 0x201092]
0x00400f86           6800000000  push 0
0x00400f8b           e9e0ffffff  jmp sym..plt
[0x00401120]> ?v 0x400f8b+5+0xffffffe0
0x100400f70
[0x00401120]>
Improve this answer
2
  • Please see the original question "[this still doesn't show me the sym.plt constant", which is what I'd like.
    – SRobertJames
    Commented Dec 31, 2021 at 16:21
  • read the docs and experiment it will get you there faster to get what you like added some ways in answer
    – blabb
    Commented Jan 1, 2022 at 8:42
0

Use e asm:

e?asm

 asm.hint.call: Show call hints [numbers] in disasm
asm.hint.call.indirect: Hints for indirect call intructions go to the call destination
       asm.hint.cdiv: Show CDIV hints optimization hint
        asm.hint.emu: Show asm.emu hints [numbers] in disasm
        asm.hint.imm: Show immediate hints [numbers] in disasm
        asm.hint.jmp: Show jump hints [numbers] in disasm
        asm.hint.lea: Show LEA hints [numbers] in disasm
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.