xref: /dports/devel/radare2/radare2-5.1.1/test/db/anal/x86_64

NAME=got switch cases
FILE=bins/elf/fedora_32_bin_ls
CMDS=<<EOF
aap
aflc
EOF
EXPECT=<<EOF
440
EOF
RUN

NAME=got switch cases
FILE=bins/elf/game_of_thrones
CMDS=<<EOF
s main
aa > /dev/null
pdsf~case
EOF
EXPECT=<<EOF
0x00401125 switch table (7 cases) at 0x4013e4
EOF
RUN

NAME=anal.ijmp missing branch bug
FILE=-
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
wx 564155415453504989ff8b1f8b7f0889de83e61fe851010000418b7f1089dec1ee1083e61fe84001000085db0f8915010000458b77184585f60f84080100004983c71c31db4c8d250a0100004c8d2d07dacd29418b470889c1c1e91880f9040f87d700000049630c8c4c01e1ffe1418b3fc1e8100fb6f0e8ee0000004983c70ce9b700000084c00f84ab000000418b570c4885d2756de99d00000041837f0c000f84920000004d8b2f418b7d00c1e8100fb6f0e8b2000000418b470c83f802722141bc01000000410fb6770a438b7ca500e894000000418b470c49ffc44139c472e585c04c8d256b0000004c8d2d68d9cd297444410fb64f0885c9743b89c248c1e202498b37418b7d00e86d0e0000eb27a8027514418b7d00418b770c498b17e8fefc0000418b4708418b7f0cc1e8100fb6f0e8320000004983c710ffc34439f30f850cffffff4883c4085b415c415d415e415f5dc3
af
afb
EOF
EXPECT=<<EOF
0x00000000 0x00000032 00:0000 50 j 0x00000147 f 0x00000032
0x00000032 0x0000003f 00:0000 13 j 0x00000147 f 0x0000003f
0x0000003f 0x00000053 00:0000 20 j 0x00000053
0x00000053 0x00000065 00:0000 18 j 0x0000013c f 0x00000065
0x00000065 0x0000006e 00:0000 9
0x0000013c 0x00000147 00:0000 11 j 0x00000053 f 0x00000147
0x00000147 0x00000156 00:0000 15
EOF
RUN

NAME=x86_64 getenv this maybe & jmp noret fix
FILE=bins/elf/ls.odd
CMDS=<<EOF
aaa
s 0x4901
afb~4901
?e
e asm.bytes=false
s main+98
pd 3
EOF
EXPECT=<<EOF
0x000048f4 0x00004901 00:0000 13 j 0x000045b1 f 0x00004901
0x00004901 0x0000491a 00:0000 25 j 0x000045ba f 0x0000491a

|           0x000039c2      mov dword [0x0021f558], 2                  ; [0x21f558:4]=1
|           0x000039cc      call fcn.00015960
|           0x000039d1      mov byte [0x00220618], 1                   ; [0x220618:1]=0
EOF
RUN

NAME=x86_64 getenv this maybe
FILE=bins/mach0/ls-osx-x86_64
CMDS=<<EOF
af
aCe 0x10000143e
EOF
EXPECT=<<EOF
char *getenv("COLUMNS")
EOF
RUN

NAME=x86_64 socket syscall
FILE=bins/elf/socket-syscall
CMDS=<<EOF
aa
aae
s main
pd 1 @0x00001140
aei
aeim
aecu 0x00001140
as
EOF
EXPECT=<<EOF
|           ;-- syscall.socket:
|           0x00001140      0f05           syscall
41 = socket (0x00000001, 0x00000002, 0x00000003)
EOF
RUN

NAME=x86_64 jmptbl -O0
FILE=bins/mach0/FMS.uu
CMDS=<<EOF
s sym._checkinput
af
afi*
EOF
EXPECT=<<EOF
"f sym._checkinput 288 0x100000da0"
"af+ 0x100000da0 sym._checkinput f n"
afb+ 0x100000da0 0x100000da0 22 0x100000db6 0xffffffffffffffff
afb+ 0x100000da0 0x100000e99 5 0x100000e9e 0xffffffffffffffff
afb+ 0x100000da0 0x100000e9e 24 0x100000db6 0x100000eb6
afb+ 0x100000da0 0x100000db6 26 0x100000e99 0x100000dd0
afb+ 0x100000da0 0x100000eb6 4 0x100000eba 0xffffffffffffffff
afb+ 0x100000da0 0x100000dd0 20 0xffffffffffffffff 0xffffffffffffffff
afb+ 0x100000da0 0x100000de4 16 0x100000dfb 0x100000df4
afb+ 0x100000da0 0x100000dfb 5 0x100000e99 0xffffffffffffffff
afb+ 0x100000da0 0x100000df4 7 0x100000dfb 0xffffffffffffffff
afb+ 0x100000da0 0x100000e00 16 0x100000e1c 0x100000e10
afb+ 0x100000da0 0x100000e1c 9 0x100000eba 0xffffffffffffffff
afb+ 0x100000da0 0x100000eba 6 0xffffffffffffffff 0xffffffffffffffff
afb+ 0x100000da0 0x100000e10 12 0x100000e25 0xffffffffffffffff
afb+ 0x100000da0 0x100000e25 5 0x100000e99 0xffffffffffffffff
afb+ 0x100000da0 0x100000e2a 16 0x100000e46 0x100000e3a
afb+ 0x100000da0 0x100000e46 9 0x100000eba 0xffffffffffffffff
afb+ 0x100000da0 0x100000e3a 12 0x100000e4f 0xffffffffffffffff
afb+ 0x100000da0 0x100000e4f 5 0x100000e99 0xffffffffffffffff
afb+ 0x100000da0 0x100000e54 16 0x100000e82 0x100000e64
afb+ 0x100000da0 0x100000e82 9 0x100000eba 0xffffffffffffffff
afb+ 0x100000da0 0x100000e64 16 0x100000e82 0x100000e74
afb+ 0x100000da0 0x100000e74 14 0x100000e8b 0xffffffffffffffff
afb+ 0x100000da0 0x100000e8b 5 0x100000e99 0xffffffffffffffff
afb+ 0x100000da0 0x100000e90 9 0x100000eba 0xffffffffffffffff
afB 64 @ 0x100000da0
afc amd64 @ 0x100000da0
afvb -40 var_28h int64_t @ 0x100000da0
afvb -32 var_20h int64_t @ 0x100000da0
afvb -24 var_18h int64_t @ 0x100000da0
afvb -20 var_14h int64_t @ 0x100000da0
afvb -16 var_10h int64_t @ 0x100000da0
afvb -1 var_1h int64_t @ 0x100000da0
afvr rdi arg1 int64_t @ 0x100000da0
axd 0x100000ec0 0x100000dd0
axc 0x100000de4 0x100000de2
axc 0x100000e00 0x100000de2
axc 0x100000e2a 0x100000de2
axc 0x100000e54 0x100000de2
axc 0x100000e90 0x100000de2
axc 0x100000e99 0x100000dfb
axc 0x100000e25 0x100000e17
axc 0x100000eba 0x100000e20
axc 0x100000e99 0x100000e25
axc 0x100000e4f 0x100000e41
axc 0x100000eba 0x100000e4a
axc 0x100000e99 0x100000e4f
axc 0x100000e8b 0x100000e7d
axc 0x100000eba 0x100000e86
axc 0x100000e99 0x100000e8b
axc 0x100000eba 0x100000e94
axc 0x100000e9e 0x100000e99
afS 8 @ 0x100000da0

EOF
RUN

NAME=x86_64 main() jmptbl in bins/elf/ls.odd
FILE=bins/elf/ls.odd
CMDS=<<EOF
e anal.jmp.tbl=true
s main
aF
afb
EOF
EXPECT=<<EOF
0x00003960 0x00003a1f 00:0000 191 j 0x000047a7 f 0x00003a1f
0x00003a1f 0x00003a24 00:0000 5 j 0x00003a32 f 0x00003a24
0x00003a24 0x00003a2d 00:0000 9 j 0x0000431a f 0x00003a2d
0x00003a2d 0x00003a32 00:0000 5
0x00003a32 0x00003a48 00:0000 22 j 0x00003a48
0x00003a48 0x00003ad5 00:0000 141 j 0x00003b0b f 0x00003ad5
0x00003ad5 0x00003af8 00:0000 35 j 0x000047c2 f 0x00003af8
0x00003af8 0x00003b0b 00:0000 19 j 0x00003b0b
0x00003b0b 0x00003b2a 00:0000 31 j 0x00003b33 f 0x00003b2a
0x00003b2a 0x00003b33 00:0000 9 j 0x000047fd f 0x00003b33
0x00003b33 0x00003b51 00:0000 30 j 0x00003b62 f 0x00003b51
0x00003b51 0x00003b5b 00:0000 10 j 0x00003b62 f 0x00003b5b
0x00003b5b 0x00003b62 00:0000 7 j 0x00003b62
0x00003b62 0x00003b81 00:0000 31 j 0x00003ba7 f 0x00003b81
0x00003b81 0x00003b9b 00:0000 26 j 0x00004caf f 0x00003b9b
0x00003b9b 0x00003ba7 00:0000 12 j 0x00003ba7
0x00003ba7 0x00003bc8 00:0000 33 j 0x00003bc8
0x00003bc8 0x00003bf4 00:0000 44 j 0x0000437b f 0x00003bf4
0x00003bf4 0x00003c04 00:0000 16 j 0x00005159 f 0x00003c04
0x00003c04 0x00003c0e 00:0000 10 s 0x00003eae s 0x000050bf s 0x00005159 s 0x00003e92 s 0x00003e83 s 0x00003e32 s 0x00003e23 s 0x00003e17 s 0x00003e08 s 0x00003dfc s 0x00003ded s 0x00003db8 s 0x00003da9 s 0x00003d9b s 0x00003d8a s 0x00003d7e s 0x00003d6a s 0x00003d25 s 0x00003d11 s 0x00003cfd s 0x00003cf1 s 0x00003ce2 s 0x00003cd1 s 0x00003cc2 s 0x00003cb6 s 0x00003c76 s 0x00003c60 s 0x00003c31 s 0x00003c28 s 0x00003c21 s 0x00003c15 s 0x0000427c s 0x00003c0e s 0x00004266 s 0x00004257 s 0x0000424b s 0x0000423f s 0x00004233 s 0x0000421f s 0x000042ff s 0x000042eb s 0x0000429a s 0x0000428b s 0x0000430e s 0x000041de s 0x0000417f s 0x00004170 s 0x00004161 s 0x0000411e s 0x00004108 s 0x000040fc s 0x000040d1 s 0x00004065 s 0x00004022 s 0x00003fde s 0x00003fd2 s 0x00003fa3 s 0x00003f5b s 0x00003f18 s 0x00003f0c
0x00003c0e 0x00003c15 00:0000 7 j 0x00003c15
0x00003c15 0x00003c21 00:0000 12 j 0x00003bc8
0x00003c21 0x00003c28 00:0000 7 j 0x00003bc8
0x00003c28 0x00003c31 00:0000 9 j 0x00003bc8
0x00003c31 0x00003c60 00:0000 47 j 0x00003bc8
0x00003c60 0x00003c76 00:0000 22 j 0x00003bc8
0x00003c76 0x00003c97 00:0000 33 j 0x00004d9d f 0x00003c97
0x00003c97 0x00003cb6 00:0000 31 j 0x00003bc8
0x00003cb6 0x00003cc2 00:0000 12 j 0x00003bc8
0x00003cc2 0x00003cd1 00:0000 15 j 0x00003bc8
0x00003cd1 0x00003ce2 00:0000 17 j 0x00003bc8
0x00003ce2 0x00003cf1 00:0000 15 j 0x00003bc8
0x00003cf1 0x00003cfd 00:0000 12 j 0x00003bc8
0x00003cfd 0x00003d11 00:0000 20 j 0x00003bc8
0x00003d11 0x00003d25 00:0000 20 j 0x00003bc8
0x00003d25 0x00003d6a 00:0000 69 j 0x00003bc8
0x00003d6a 0x00003d7e 00:0000 20 j 0x00003bc8
0x00003d7e 0x00003d8a 00:0000 12 j 0x00003bc8
0x00003d8a 0x00003d9b 00:0000 17 j 0x00003bc8
0x00003d9b 0x00003da9 00:0000 14 j 0x00003bc8
0x00003da9 0x00003db8 00:0000 15 j 0x00003bc8
0x00003db8 0x00003ded 00:0000 53 j 0x00003bc8
0x00003ded 0x00003dfc 00:0000 15 j 0x00003bc8
0x00003dfc 0x00003e08 00:0000 12 j 0x00003bc8
0x00003e08 0x00003e17 00:0000 15 j 0x00003bc8
0x00003e17 0x00003e23 00:0000 12 j 0x00003bc8
0x00003e23 0x00003e32 00:0000 15 j 0x00003bc8
0x00003e32 0x00003e83 00:0000 81 j 0x00003bc8
0x00003e83 0x00003e92 00:0000 15 j 0x00003bc8
0x00003e92 0x00003e9f 00:0000 13 j 0x00003bc8 f 0x00003e9f
0x00003e9f 0x00003eae 00:0000 15 j 0x00003bc8
0x00003eae 0x00003ec7 00:0000 25 j 0x00003edc f 0x00003ec7
0x00003ec7 0x00003edc 00:0000 21 j 0x00003edc
0x00003edc 0x00003f0c 00:0000 48
0x00003f0c 0x00003f18 00:0000 12 j 0x00003bc8
0x00003f18 0x00003f5b 00:0000 67 j 0x00003bc8
0x00003f5b 0x00003fa3 00:0000 72 j 0x00003bc8
0x00003fa3 0x00003fd2 00:0000 47 j 0x00003bc8
0x00003fd2 0x00003fde 00:0000 12 j 0x00003bc8
0x00003fde 0x00004022 00:0000 68 j 0x00003bc8
0x00004022 0x00004065 00:0000 67 j 0x00003bc8
0x00004065 0x00004075 00:0000 16 j 0x00004364 f 0x00004075
0x00004075 0x000040af 00:0000 58 j 0x00004364 f 0x000040af
0x000040af 0x000040ba 00:0000 11 j 0x00004369 f 0x000040ba
0x000040ba 0x000040d1 00:0000 23 j 0x00004369
0x000040d1 0x000040fc 00:0000 43 j 0x00003bc8
0x000040fc 0x00004108 00:0000 12 j 0x00003bc8
0x00004108 0x0000411e 00:0000 22 j 0x00003bc8
0x0000411e 0x00004161 00:0000 67 j 0x00003bc8
0x00004161 0x00004170 00:0000 15 j 0x00003bc8
0x00004170 0x0000417f 00:0000 15 j 0x00003bc8
0x0000417f 0x0000418f 00:0000 16 j 0x0000434d f 0x0000418f
0x0000418f 0x000041c9 00:0000 58 j 0x0000434d f 0x000041c9
0x000041c9 0x000041d2 00:0000 9 j 0x0000433b f 0x000041d2
0x000041d2 0x000041de 00:0000 12 j 0x00003bc8
0x000041de 0x00004200 00:0000 34 j 0x00005289 f 0x00004200
0x00004200 0x0000421f 00:0000 31 j 0x00003bc8
0x0000421f 0x00004233 00:0000 20 j 0x00003bc8
0x00004233 0x0000423f 00:0000 12 j 0x00003bc8
0x0000423f 0x0000424b 00:0000 12 j 0x00003bc8
0x0000424b 0x00004257 00:0000 12 j 0x00003bc8
0x00004257 0x00004266 00:0000 15 j 0x00003bc8
0x00004266 0x0000427c 00:0000 22 j 0x00003bc8
0x0000427c 0x0000428b 00:0000 15 j 0x00003bc8
0x0000428b 0x0000429a 00:0000 15 j 0x00003bc8
0x0000429a 0x000042ae 00:0000 20 j 0x00003bc8 f 0x000042ae
0x000042ae 0x000042eb 00:0000 61 j 0x000042eb
0x000042eb 0x000042ff 00:0000 20 j 0x00003bc8
0x000042ff 0x0000430e 00:0000 15 j 0x00003bc8
0x0000430e 0x0000431a 00:0000 12 j 0x00003bc8
0x0000431a 0x0000432c 00:0000 18 j 0x00004dd1 f 0x0000432c
0x0000432c 0x0000433b 00:0000 15 j 0x00003a48
0x0000433b 0x0000434d 00:0000 18 j 0x000041d2 f 0x0000434d
0x0000434d 0x00004364 00:0000 23 j 0x00003bc8
0x00004364 0x00004369 00:0000 5 j 0x00004369
0x00004369 0x0000437b 00:0000 18 j 0x00003bc8
0x0000437b 0x00004389 00:0000 14 j 0x0000499b f 0x00004389
0x00004389 0x000043c6 00:0000 61 j 0x000047f6 f 0x000043c6
0x000043c6 0x000043cf 00:0000 9 j 0x000047f6 f 0x000043cf
0x000043cf 0x000043d9 00:0000 10 j 0x000043df f 0x000043d9
0x000043d9 0x000043df 00:0000 6 j 0x000043f7 f 0x000043df
0x000043df 0x000043f7 00:0000 24 j 0x000043f7
0x000043f7 0x0000441c 00:0000 37 j 0x00004dba f 0x0000441c
0x0000441c 0x00004427 00:0000 11 j 0x0000445f f 0x00004427
0x00004427 0x0000443e 00:0000 23 j 0x0000445f f 0x0000443e
0x0000443e 0x00004440 00:0000 2 j 0x00004440
0x00004440 0x0000445f 00:0000 31 j 0x00004440 f 0x0000445f
0x0000445f 0x00004488 00:0000 41 j 0x0000449c f 0x00004488
0x00004488 0x00004495 00:0000 13 j 0x00004940 f 0x00004495
0x00004495 0x0000449c 00:0000 7 j 0x0000449c
0x0000449c 0x000044b0 00:0000 20 j 0x000044bb f 0x000044b0
0x000044b0 0x000044bb 00:0000 11 j 0x00004df3 f 0x000044bb
0x000044bb 0x000044bf 00:0000 4 j 0x00004502 f 0x000044bf
0x000044bf 0x000044c8 00:0000 9 j 0x00004e27 f 0x000044c8
0x000044c8 0x000044d1 00:0000 9 j 0x000044dc
0x000044d8 0x000044dc 00:0000 4 j 0x000044dc
0x000044dc 0x000044f4 00:0000 24 j 0x00004d03 f 0x000044f4
0x000044f4 0x00004502 00:0000 14 j 0x000044d8 f 0x00004502
0x00004502 0x00004516 00:0000 20 j 0x00004b81 f 0x00004516
0x00004516 0x00004523 00:0000 13 j 0x0000496a f 0x00004523
0x00004523 0x0000452c 00:0000 9 j 0x0000457b f 0x0000452c
0x0000452c 0x0000455d 00:0000 49 j 0x00005306 f 0x0000455d
0x0000455d 0x0000457b 00:0000 30 j 0x0000457b
0x0000457b 0x000045a4 00:0000 41 j 0x000045b1 f 0x000045a4
0x000045a4 0x000045b1 00:0000 13 j 0x000048e7 f 0x000045b1
0x000045b1 0x000045ba 00:0000 9 j 0x000045ba
0x000045ba 0x000045d4 00:0000 26 j 0x00004a84 f 0x000045d4
0x000045d4 0x000045e1 00:0000 13 j 0x00004a08 f 0x000045e1
0x000045e1 0x00004623 00:0000 66 j 0x00004841 f 0x00004623
0x00004623 0x00004628 00:0000 5 j 0x00004628
0x00004628 0x00004644 00:0000 28 j 0x00004628 f 0x00004644
0x00004644 0x00004652 00:0000 14 j 0x00004ac3 f 0x00004652
0x00004652 0x0000465f 00:0000 13 j 0x0000469c f 0x0000465f
0x0000465f 0x00004664 00:0000 5 j 0x00004ce3
0x00004668 0x00004695 00:0000 45 j 0x00004695
0x00004695 0x0000469c 00:0000 7 j 0x0000469c
0x0000469c 0x000046a5 00:0000 9 j 0x00004736 f 0x000046a5
0x000046a5 0x000046bf 00:0000 26 j 0x00004668 f 0x000046bf
0x000046bf 0x000046c4 00:0000 5 j 0x00004668 f 0x000046c4
0x000046c4 0x000046df 00:0000 27 j 0x000052a4 f 0x000046df
0x000046df 0x00004710 00:0000 49 j 0x000052c3 f 0x00004710
0x00004710 0x00004736 00:0000 38 j 0x00004695
0x00004736 0x0000473f 00:0000 9 j 0x0000474c f 0x0000473f
0x0000473f 0x0000474c 00:0000 13 j 0x0000486c f 0x0000474c
0x0000474c 0x00004759 00:0000 13 j 0x00004b2a f 0x00004759
0x00004759 0x00004765 00:0000 12 j 0x0000477e f 0x00004765
0x00004765 0x00004776 00:0000 17 j 0x000052e2 f 0x00004776
0x00004776 0x0000477e 00:0000 8 j 0x0000477e
0x0000477e 0x00004798 00:0000 26 j 0x00005301 f 0x00004798
0x00004798 0x000047a7 00:0000 15
0x000047a7 0x000047c2 00:0000 27 j 0x00003a48
0x000047c2 0x000047f6 00:0000 52 j 0x00003b0b
0x000047f6 0x000047fd 00:0000 7 j 0x000043f7
0x000047fd 0x0000480d 00:0000 16 j 0x00003b33 f 0x0000480d
0x0000480d 0x00004841 00:0000 52 j 0x00003b33
0x00004841 0x0000484e 00:0000 13 j 0x00004952 f 0x0000484e
0x0000484e 0x0000486c 00:0000 30 j 0x00004644
0x0000486c 0x00004876 00:0000 10 j 0x00004888 f 0x00004876
0x00004876 0x00004888 00:0000 18 j 0x00005015 f 0x00004888
0x00004888 0x000048a0 00:0000 24 j 0x000048a0
0x000048a0 0x000048bd 00:0000 29 j 0x000048cf f 0x000048bd
0x000048bd 0x000048c0 00:0000 3 j 0x000048c0
0x000048c0 0x000048cf 00:0000 15 j 0x000048c0 f 0x000048cf
0x000048cf 0x000048dd 00:0000 14 j 0x0000474c f 0x000048dd
0x000048dd 0x000048e7 00:0000 10 j 0x0000474c
0x000048e7 0x000048f4 00:0000 13 j 0x000045b1 f 0x000048f4
0x000048f4 0x00004901 00:0000 13 j 0x000045b1 f 0x00004901
0x00004901 0x0000491a 00:0000 25 j 0x000045ba f 0x0000491a
0x0000491a 0x00004927 00:0000 13 j 0x000045ba f 0x00004927
0x00004927 0x00004934 00:0000 13 j 0x000045ba f 0x00004934
0x00004934 0x00004940 00:0000 12 j 0x000045ba
0x00004940 0x0000494d 00:0000 13 j 0x000044bf f 0x0000494d
0x0000494d 0x00004952 00:0000 5 j 0x00004495
0x00004952 0x0000496a 00:0000 24 j 0x00004644
0x0000496a 0x00004978 00:0000 14 j 0x00004990 f 0x00004978
0x00004978 0x00004981 00:0000 9 j 0x00004990 f 0x00004981
0x00004981 0x00004990 00:0000 15 j 0x00004990
0x00004990 0x0000499b 00:0000 11 j 0x00004523
0x0000499b 0x000049c9 00:0000 46 j 0x000051d7 f 0x000049c9
0x000049c9 0x000049e3 00:0000 26 j 0x000049e3
0x000049e3 0x000049ee 00:0000 11 j 0x00004389 f 0x000049ee
0x000049ee 0x00004a08 00:0000 26 j 0x00004389
0x00004a08 0x00004a13 00:0000 11 j 0x00004a48
0x00004a18 0x00004a1d 00:0000 5 j 0x00004a55 f 0x00004a1d
0x00004a1d 0x00004a25 00:0000 8 j 0x00004a55 f 0x00004a25
0x00004a25 0x00004a2d 00:0000 8 j 0x00004a55 f 0x00004a2d
0x00004a2d 0x00004a32 00:0000 5 j 0x00004a55 f 0x00004a32
0x00004a32 0x00004a48 00:0000 22 j 0x00004a6a f 0x00004a48
0x00004a48 0x00004a4d 00:0000 5 j 0x00004a18 f 0x00004a4d
0x00004a4d 0x00004a55 00:0000 8 j 0x00004a25 f 0x00004a55
0x00004a55 0x00004a6a 00:0000 21 j 0x00004a48 f 0x00004a6a
0x00004a6a 0x00004a78 00:0000 14 j 0x00004e1b f 0x00004a78
0x00004a78 0x00004a84 00:0000 12 j 0x000045e1
0x00004a84 0x00004ac3 00:0000 63 j 0x000045d4
0x00004ac3 0x00004ad5 00:0000 18 j 0x00004e0a f 0x00004ad5
0x00004ad5 0x00004ae3 00:0000 14 j 0x00004652 f 0x00004ae3
0x00004ae3 0x00004af6 00:0000 19 j 0x00004736 f 0x00004af6
0x00004af6 0x00004b0b 00:0000 21 j 0x0000522c f 0x00004b0b
0x00004b0b 0x00004b16 00:0000 11 j 0x00004b16
0x00004b16 0x00004b2a 00:0000 20 j 0x0000469c
0x00004b2a 0x00004b81 00:0000 87 j 0x00004759
0x00004b81 0x00004b97 00:0000 22 j 0x00004ba0 f 0x00004b97
0x00004b97 0x00004ba0 00:0000 9 j 0x00004e9a f 0x00004ba0
0x00004ba0 0x00004bb1 00:0000 17 j 0x00004bba f 0x00004bb1
0x00004bb1 0x00004bba 00:0000 9 j 0x00004c52 f 0x00004bba
0x00004bba 0x00004bd0 00:0000 22 j 0x00004c4b f 0x00004bd0
0x00004bd0 0x00004bda 00:0000 10 j 0x00004c4b f 0x00004bda
0x00004bda 0x00004bef 00:0000 21 j 0x00004c03
0x00004bef 0x00004c03 00:0000 20 j 0x00004c03
0x00004c03 0x00004c11 00:0000 14 j 0x00004c45 f 0x00004c11
0x00004c11 0x00004c29 00:0000 24 j 0x00004bef f 0x00004c29
0x00004c29 0x00004c3d 00:0000 20 j 0x00004bef f 0x00004c3d
0x00004c3d 0x00004c45 00:0000 8 j 0x00004c52
0x00004c45 0x00004c4b 00:0000 6 j 0x00004c4b
0x00004c4b 0x00004c52 00:0000 7 j 0x00004c52
0x00004c52 0x00004c5f 00:0000 13 j 0x00004516 f 0x00004c5f
0x00004c5f 0x00004c6d 00:0000 14 j 0x00004ca3 f 0x00004c6d
0x00004c6d 0x00004c7b 00:0000 14 j 0x00004c84 f 0x00004c7b
0x00004c7b 0x00004c84 00:0000 9 j 0x00004ca3 f 0x00004c84
0x00004c84 0x00004c96 00:0000 18 j 0x00004516 f 0x00004c96
0x00004c96 0x00004ca3 00:0000 13 j 0x00004516 f 0x00004ca3
0x00004ca3 0x00004caf 00:0000 12 j 0x00004516
0x00004caf 0x00004ce3 00:0000 52 j 0x00003ba7
0x00004ce3 0x00004cec 00:0000 9 j 0x00004736 f 0x00004cec
0x00004cec 0x00004cf7 00:0000 11 j 0x0000469c f 0x00004cf7
0x00004cf7 0x00004d03 00:0000 12 j 0x0000469c
0x00004d03 0x00004d0d 00:0000 10 j 0x00004e4b f 0x00004d0d
0x00004d0d 0x00004d31 00:0000 36 j 0x000050c6 f 0x00004d31
0x00004d31 0x00004d3b 00:0000 10 j 0x000051f1 f 0x00004d3b
0x00004d3b 0x00004d41 00:0000 6 j 0x00005038 f 0x00004d41
0x00004d41 0x00004d4b 00:0000 10 j 0x0000520b f 0x00004d4b
0x00004d4b 0x00004d51 00:0000 6 j 0x00004d93 f 0x00004d51
0x00004d51 0x00004d5f 00:0000 14 j 0x00004d93 f 0x00004d5f
0x00004d5f 0x00004d93 00:0000 52 j 0x00004d93
0x00004d93 0x00004d9d 00:0000 10 j 0x00004502
0x00004d9d 0x00004dba 00:0000 29 j 0x00003c97
0x00004dba 0x00004dd1 00:0000 23 j 0x0000441c
0x00004dd1 0x00004df3 00:0000 34 j 0x00003a48
0x00004df3 0x00004dfb 00:0000 8 j 0x000044bf f 0x00004dfb
0x00004dfb 0x00004e0a 00:0000 15 j 0x00004502
0x00004e0a 0x00004e1b 00:0000 17 j 0x00004ad5
0x00004e1b 0x00004e27 00:0000 12 j 0x00004a78
0x00004e27 0x00004e3f 00:0000 24 j 0x000044c8 f 0x00004e3f
0x00004e3f 0x00004e4b 00:0000 12 j 0x00004d0d
0x00004e4b 0x00004e68 00:0000 29 j 0x0000505b f 0x00004e68
0x00004e68 0x00004e82 00:0000 26 j 0x00005257 f 0x00004e82
0x00004e82 0x00004e87 00:0000 5 j 0x00004e87
0x00004e87 0x00004e9a 00:0000 19 j 0x00004d93
0x00004e9a 0x00004eca 00:0000 48 j 0x00004eca
0x00004eca 0x00004edb 00:0000 17 j 0x00005063 f 0x00004edb
0x00004edb 0x00004ee4 00:0000 9 j 0x0000523b f 0x00004ee4
0x00004ee4 0x00004eec 00:0000 8 j 0x00005249 f 0x00004eec
0x00004eec 0x00004f06 00:0000 26 j 0x000050b1 f 0x00004f06
0x00004f06 0x00004f2a 00:0000 36 j 0x000050b1 f 0x00004f2a
0x00004f2a 0x00004f38 00:0000 14 j 0x00004f38
0x00004f38 0x00004f48 00:0000 16 j 0x000051a1 f 0x00004f48
0x00004f48 0x00004f55 00:0000 13 j 0x00004f38 f 0x00004f55
0x00004f55 0x00004f8d 00:0000 56 j 0x00004f8d
0x00004f8d 0x00004fc3 00:0000 54 j 0x00004fcf
0x00004fc3 0x00004fcf 00:0000 12 j 0x00004fcf
0x00004fcf 0x00004fd4 00:0000 5 j 0x00004fc3 f 0x00004fd4
0x00004fd4 0x00004fdb 00:0000 7 j 0x00004fdb
0x00004fdb 0x00004fe9 00:0000 14 j 0x00004c52 f 0x00004fe9
0x00004fe9 0x00005009 00:0000 32 j 0x00004c52 f 0x00005009
0x00005009 0x00005015 00:0000 12 j 0x00004c52
0x00005015 0x00005023 00:0000 14 j 0x00004888 f 0x00005023
0x00005023 0x00005033 00:0000 16 j 0x00004888 f 0x00005033
0x00005033 0x00005038 00:0000 5 j 0x000048a0
0x00005038 0x00005041 00:0000 9 j 0x00004d93 f 0x00005041
0x00005041 0x0000505b 00:0000 26 j 0x00004d93
0x0000505b 0x00005063 00:0000 8 j 0x00004e87
0x00005063 0x000050b1 00:0000 78 j 0x00005163 f 0x000050b1
0x000050b1 0x000050bf 00:0000 14 j 0x00004f8d
0x000050bf 0x000050c6 00:0000 7 j 0x000050c6
0x000050c6 0x00005112 00:0000 76 j 0x00005112
0x00005112 0x00005134 00:0000 34 j 0x00005112 f 0x00005134
0x00005134 0x00005159 00:0000 37 j 0x00005159
0x00005159 0x00005163 00:0000 10 j 0x00005163
0x00005163 0x0000517a 00:0000 23 j 0x000050b1 f 0x0000517a
0x0000517a 0x0000519c 00:0000 34 j 0x00004eca f 0x0000519c
0x0000519c 0x000051a1 00:0000 5 j 0x000050b1
0x000051a1 0x000051d2 00:0000 49 j 0x00004eca f 0x000051d2
0x000051d2 0x000051d7 00:0000 5 j 0x00004f55
0x000051d7 0x000051ec 00:0000 21 j 0x000049c9 f 0x000051ec
0x000051ec 0x000051f1 00:0000 5 j 0x000049e3
0x000051f1 0x0000520b 00:0000 26 j 0x00004d93
0x0000520b 0x0000522c 00:0000 33 j 0x00004d93
0x0000522c 0x0000523b 00:0000 15 j 0x00004b16
0x0000523b 0x00005249 00:0000 14 j 0x00004eca
0x00005249 0x00005257 00:0000 14 j 0x00004fdb
0x00005257 0x00005289 00:0000 50 j 0x00005289
0x00005289 0x000052a4 00:0000 27 j 0x000052a4
0x000052a4 0x000052c3 00:0000 31
0x000052c3 0x000052e2 00:0000 31
0x000052e2 0x00005301 00:0000 31
0x00005301 0x00005306 00:0000 5
0x00005306 0x0000533a 00:0000 52
EOF
RUN

NAME=x86_64 main() jmptbl in bins/elf/analysis/ls-alxchk
FILE=bins/elf/analysis/ls-alxchk
CMDS=<<EOF
e asm.bytes=false
e anal.jmp.tbl=true
s main
aF
pd 3 @ 0x3ec1
EOF
EXPECT=<<EOF
|           0x00003ec1      add rax, rbx
|           ;-- switch
|           0x00003ec4      jmp rax                                    ; switch table (275 cases) at 0x172d8
|           ; CODE XREF from main @ 0x3ec4
|           ;-- case 241:                                              ; from 0x3ec4
|           0x00003ec6      mov byte [0x00021260], 1                   ; [0x21260:1]=0
EOF
RUN

NAME=aac pe trampoline fcn name 64bit
FILE=bins/pe/testx64.exe
CMDS=<<EOF
e anal.autoname=false
aac
pd 1 @ 0x140001970
EOF
EXPECT=<<EOF
|           0x140001970      e8d1040000     call sub.KERNEL32.dll_IsProcessorFeaturePresent ; BOOL IsProcessorFeaturePresent(DWORD ProcessorFeature)
EOF
RUN

NAME=block takeover
FILE=bins/elf/static-glibc-2.27
CMDS=<<EOF
e asm.comments=false
e asm.var=false
aac
pdr @ 0x00487350
s 0x0040f710
afvx
aei
aeim
dr rsi=0x1111111111111111
11ds
afvd
EOF
EXPECT=<<EOF
/ 114: fcn.00487350 ();
| 0x00487350      8b8710030000   mov eax, dword [rdi + 0x310]
| 0x00487356      48b900000000.  movabs rcx, 0x200000000
| 0x00487360      8d50ff         lea edx, [rax - 1]
| 0x00487363      48b8ffffffff.  movabs rax, 0x3ffffffff
| 0x0048736d      899710030000   mov dword [rdi + 0x310], edx
| 0x00487373      482387100300.  and rax, qword [rdi + 0x310]
| 0x0048737a      4839c8         cmp rax, rcx
| 0x0048737d      7411           je 0x487390
| ----------- true: 0x00487390  false: 0x0048737f
| 0x0048737f      f605d2542300.  test byte [0x006bc858], 0x40
| 0x00487386      7525           jne 0x4873ad
| ----------- true: 0x004873ad  false: 0x00487388
| 0x00487388      f3c3           ret

| 0x00487390      8b05ea4d2300   mov eax, dword [0x006bc180]
| 0x00487396      85c0           test eax, eax
| 0x00487398      7426           je 0x4873c0
| ----------- true: 0x004873c0  false: 0x0048739a
| 0x0048739a      f605b7542300.  test byte [0x006bc858], 0x40
| 0x004873a1      c705d54d2300.  mov dword [0x006bc180], 2
| 0x004873ab      74db           je 0x487388
| ----------- true: 0x00487388  false: 0x004873ad
| 0x004873ad      488b7708       mov rsi, qword [rdi + 8]
| 0x004873b1      488d3dd03502.  lea rdi, str._nclosing_file_s__direct_opencount_u_n
| 0x004873b8      31c0           xor eax, eax
| 0x004873ba      e9b16cffff     jmp fcn.0047e070
| ----------- true: 0x0047e070
| 0x004873c0      400fb6f6       movzx esi, sil
\ 0x004873c4      e937f1ffff     jmp fcn.00486500
| ----------- true: 0x00486500
afvR
var_bp_38h  0x40f790,0x40f839
   var_28h  0x40f7c1
var_bp_30h  0x40f78c,0x40f835
   var_3ch  0x40f86e
var_bp_20h  0x40f7d4
    var_fh  0x40f7a6
afvW
var_bp_38h  0x40f728
   var_28h  0x40f735
var_bp_30h  0x40f79b,0x40f843
   var_3ch  0x40f866
var_bp_20h
    var_fh
var var_bp_38h = 0x00177fc0 = (qword)0x1111111111111111
var var_28h = 0x00177fd0 = (qword)0x0000000000000000
var var_bp_30h = 0x00177fc8 = (qword)0x0000000000000000
var var_3ch = 0x00177fbc = (qword)0x1111111100000000
var var_bp_20h = 0x00177fd8 = (qword)0x0000000000000000
var var_fh = 0x00177fc7 = (qword)0x0000000000000011
EOF
RUN

NAME=a2f jmp after ret
FILE=malloc://512
CMDS=<<EOF
e anal.hasnext=0
e asm.arch=x86
e asm.bits=64
wx b8010000004839ca7f26b8ffffffff4839ca7c1c498b4838498b5138b8010000004839ca7f0ab8ffffffff4839ca7d025dc34883c7684883c6685dc3
a2f
afl~?
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=a2f jmp after ret - _size (symsize)
FILE=malloc://512
CMDS=<<EOF
e anal.hasnext=0
e asm.arch=x86
e asm.bits=64
wx b8010000004839ca7f26b8ffffffff4839ca7c1c498b4838498b5138b8010000004839ca7f0ab8ffffffff4839ca7d025dc34883c7684883c6685dc3
a2f
afl~?
afl~[2]
EOF
EXPECT=<<EOF
1
60
EOF
RUN

NAME=a2f jmp after ret - realsize (bbs_sum)
FILE=malloc://512
CMDS=<<EOF
e anal.hasnext=0
e asm.arch=x86
e asm.bits=64
wx b8010000004839ca7f26b8ffffffff4839ca7c1c498b4838498b5138b8010000004839ca7f0ab8ffffffff4839ca7d025dc34883c7684883c6685dc3
a2f
afl~?
afl~[2]
EOF
EXPECT=<<EOF
1
60
EOF
RUN

NAME=aaa with avra
FILE=bins/elf/class_test
CMDS=<<EOF
aaa
avra
EOF
EXPECT=<<EOF
Type Info at 0x08048f4c:
  Type Info type: __vmi_class_type_info
  Belongs to class vtable: 0x08048edc
  Reference to RTTI's type class: 0x0804b140
  Reference to type's name: 0x08048f6c
  Type Name: Bat
  Name unique: true
  Flags: 0x0
  Count of base classes: 0x2
    Base class type descriptor address: 0x08048f74
    Base class flags: 0x2
    Base class type descriptor address: 0x08048fac
    Base class flags: 0x402

Type Info at 0x08048f4c:
  Type Info type: __vmi_class_type_info
  Belongs to class vtable: 0x08048ef0
  Reference to RTTI's type class: 0x0804b140
  Reference to type's name: 0x08048f6c
  Type Name: Bat
  Name unique: true
  Flags: 0x0
  Count of base classes: 0x2
    Base class type descriptor address: 0x08048f74
    Base class flags: 0x2
    Base class type descriptor address: 0x08048fac
    Base class flags: 0x402

Type Info at 0x08048f74:
  Type Info type: __class_type_info
  Belongs to class vtable: 0x08048f04
  Reference to RTTI's type class: 0x0804b048
  Reference to type's name: 0x08048f7c
  Type Name: Bird
  Name unique: true

Type Info at 0x08048f84:
  Type Info type: __si_class_type_info
  Belongs to class vtable: 0x08048f18
  Reference to RTTI's type class: 0x0804b114
  Reference to type's name: 0x08048f90
  Type Name: Dog
  Name unique: true
  Reference to parent's type info: 0x08048fac

Type Info at 0x08048f98:
  Type Info type: __si_class_type_info
  Belongs to class vtable: 0x08048f2c
  Reference to RTTI's type class: 0x0804b114
  Reference to type's name: 0x08048fa4
  Type Name: Cat
  Name unique: true
  Reference to parent's type info: 0x08048fac

Type Info at 0x08048fac:
  Type Info type: __class_type_info
  Belongs to class vtable: 0x08048f40
  Reference to RTTI's type class: 0x0804b048
  Reference to type's name: 0x08048fb4
  Type Name: Mammal
  Name unique: true

EOF
RUN

NAME=aac on mips be
FILE=bins/elf/analysis/mipsbe-busybox
CMDS=<<EOF
aac
afl~?
EOF
EXPECT=<<EOF
1268
EOF
RUN

NAME=raw aac with maps (less because of wrong map address)
FILE=bins/elf/analysis/mipsbe-busybox
ARGS=-n -m 0x80000 -a mips -b32 -e cfg.bigendian=true
CMDS=<<EOF
aac
afl~?
EOF
EXPECT=<<EOF
4
EOF
RUN

NAME=raw aac (using a PIC bin)
FILE=bins/elf/libmagic.so
CMDS=<<EOF
aac
afl~?
EOF
EXPECT=<<EOF
199
EOF
RUN

NAME=raw aac with maps (using a PIC bin)
FILE=bins/elf/libmagic.so
ARGS=-n -m 0x80000 -a arm -b 16 -e cfg.bigendian=false
CMDS=<<EOF
aac
e search.in=io.maps
afl~?
EOF
EXPECT=<<EOF
94
EOF
RUN

NAME=aav without vinfun
FILE=bins/elf/analysis/mipsbe-busybox
CMDS=<<EOF
af @ 0x0040dea4
e anal.vinfun=false
aav
pd 1 @ 0x0040decc~?andi
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=aav with vinfun
FILE=bins/elf/analysis/mipsbe-busybox
CMDS=<<EOF
af @ 0x0040dea4
e anal.vinfun=true
aav
pd 1 @ 0x0040decc~?dword
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=aav thumb detection
FILE=bins/firmware/armthumb.bin
ARGS=-aarm -b32
CMDS=<<EOF
aav
f
EOF
EXPECT=<<EOF
0x0000000d 4 aav.0x0000000d
EOF
RUN


NAME=sym is not fcn
FILE=bins/mach0/mach0-i386
CMDS=<<EOF
aa > /dev/null
afl~sym.__mh_execute_header[0]
EOF
EXPECT=<<EOF
EOF
RUN


NAME=call-convention
FILE=bins/elf/analysis/x86-simple
CMDS=<<EOF
aa
s entry0
afc stdcall
afi~call-convention
EOF
EXPECT=<<EOF
call-convention: stdcall
EOF
RUN

NAME=function address
FILE=bins/mach0/mach0-i386
CMDS=<<EOF
e anal.hasnext=0
aa
afo sym._foo
afo sym._bar
EOF
EXPECT=<<EOF
0x00001f50
0x00001f00
EOF
RUN

NAME=afr
FILE=bins/mach0/mach0-i386
CMDS=<<EOF
e anal.hasnext=0
afr
afl
EOF
EXPECT=<<EOF
0x00001f80    1 41           main
0x00001f50    1 47           sym._foo
0x00001f00    4 73           sym._bar
EOF
RUN

NAME=aF
FILE=bins/mach0/mach0-i386
CMDS=<<EOF
e anal.hasnext=0
aF
afl
EOF
EXPECT=<<EOF
0x00001f80    1 41           main
EOF
RUN

NAME=function prelude offsets
FILE=bins/mach0/mach0-i386
CMDS=<<EOF
s 0x1000
aap
afl~[0]
EOF
EXPECT=<<EOF
0x00001f00
0x00001f50
0x00001f80
EOF
RUN

NAME=function preludes symbol names
FILE=bins/mach0/mach0-i386
CMDS=<<EOF
s 0x1000
aap
afl
EOF
EXPECT=<<EOF
0x00001f00    4 73           sym._bar
0x00001f50    1 47           sym._foo
0x00001f80    1 41           main
EOF
RUN


NAME=af-*
FILE=bins/elf/analysis/main
CMDS=<<EOF
aa
af-*
afl
EOF
EXPECT=<<EOF
EOF
RUN

NAME=iS. and iSj. implementation
FILE=bins/elf/lab1B
CMDS=<<EOF
s 0x188
iS.
s 0x08058000
iS.
s 0x760
iSj.
EOF
EXPECT=<<EOF
Current section

nth paddr       size vaddr       vsize perm name
------------------------------------------------
0   0x00000188  0x24 0x08048188   0x24 -r-- .note.gnu.build-id

Current section

nth paddr  size vaddr  vsize perm name
--------------------------------------

{"name":".plt","size":240,"vsize":240,"perm":"-r-x","paddr":1888,"vaddr":134514528}
EOF
RUN

NAME=iE and iE. implementation
FILE=bins/elf/lab1B
CMDS=<<EOF
s 0x080489b9
iE.
s 0x080489a6
s+5
isj.
EOF
EXPECT=<<EOF

nth paddr      vaddr      bind   type size lib name
---------------------------------------------------
22  0x000009b7 0x080489b7 GLOBAL FUNC 189      decrypt
{"name":"prog_timeout","flagname":"sym.prog_timeout","realname":"prog_timeout","ordinal":35,"bind":"GLOBAL","size":17,"type":"FUNC","vaddr":134515110,"paddr":2470,"is_imported":false}
EOF
RUN

NAME=address information
FILE=bins/mach0/mach0-i386
CMDS=<<EOF
s entry0
ai
s sym.__mh_execute_header
ai
EOF
EXPECT=<<EOF
exec
read
flag
exec
read
flag
EOF
RUN

NAME=af x86-64
FILE=malloc://16
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
wx 662e0f1f840000000000
ao 1~size[1]
EOF
EXPECT=<<EOF
10
EOF
RUN

NAME=anal/fcn_name
FILE=bins/elf/analysis/main-g
CMDS=<<EOF
s 0x0040042c
af
pd 1~sym.call_gmon_start:0
EOF
EXPECT=<<EOF
/ 23: sym.call_gmon_start ();
EOF
RUN

NAME=anal/fcn_subname
FILE=bins/elf/analysis/main-g
CMDS=<<EOF
s 0x0040042c
af
afi~name
pd 1~sym.call_gmon_start:0
EOF
EXPECT=<<EOF
name: sym.call_gmon_start
/ 23: sym.call_gmon_start ();
EOF
RUN

NAME=anal/name
FILE=bins/mach0/ls-osx-x86_64
CMDS=<<EOF
af
afi~name
EOF
EXPECT=<<EOF
name: main
EOF
RUN

NAME=anal hasnext on main
FILE=bins/elf/true32
CMDS=<<EOF
e anal.hasnext=true
af@main
afi@main~size
EOF
EXPECT=<<EOF
size: 261
EOF
RUN

NAME=anal without hasnext on main
FILE=bins/elf/true32
CMDS=<<EOF
e anal.hasnext=false
af@main
afi@main~size
EOF
EXPECT=<<EOF
size: 261
EOF
RUN

NAME=ahe
FILE=malloc://512
CMDS=<<EOF
e asm.bits=64
e asm.arch = x86
e anal.arch = x86
ao~?
ahe test
ao~esil
EOF
EXPECT=<<EOF
18
esilcost: 0
esil: test
EOF
RUN

NAME=ahe2
FILE=malloc://512
CMDS=<<EOF
ahe test
ao~^esil
EOF
EXPECT=<<EOF
esilcost: 0
esil: test
EOF
RUN

NAME=ahe 33,rax,=
FILE=malloc://512
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
wx 000000
ahe 33,rax,=
aes
dr?rax
EOF
EXPECT=<<EOF
0x00000021
EOF
RUN

NAME=delete memory format with Cf-
FILE=bins/dmg/src/Hello
CMDS=<<EOF
e prj.git=false
e asm.arch=x86
e asm.bits=64
pd 1
Cf 1 x
pd 1
e scr.interactive=false
Ps temp_proj
Cf-
pd 1
e scr.interactive=false
Ps temp_proj
e scr.interactive=false
Po temp_proj
pd 1
EOF
EXPECT=<<EOF
            0x00000000      57             push rdi
            0x00000000 pf x # size=1
0x00000000 = 0x6c726f57
            0x00000000      57             push rdi
            0x00000000      57             push rdi
EOF
RUN




NAME=reflines offset 2 (ascii)
FILE=bins/elf/analysis/ls-alxchk
CMDS=<<EOF
e asm.sub.rel=false
e asm.bytes=false
e asm.leahints=false
e scr.utf8=false
e scr.color=false
s $S
aaa >/dev/null
s 0x000113bd
pd 28
EOF
EXPECT=<<EOF
|       ,=< 0x000113bd      je 0x1144e
|       |   0x000113c3      mov esi, 0x2f                              ; '/' ; int c
|       |   0x000113c8      call sym.imp.strrchr                       ; char *strrchr(const char *s, int c)
|       |   0x000113cd      test rax, rax
|      ,==< 0x000113d0      je 0x11424
|      ||   0x000113d2      lea rdx, [rax + 1]
|      ||   0x000113d6      mov rcx, rdx
|      ||   0x000113d9      sub rcx, rbx
|      ||   0x000113dc      cmp rcx, 6
|     ,===< 0x000113e0      jle 0x11424
|     |||   0x000113e2      lea rsi, [rax - 6]
|     |||   0x000113e6      mov ecx, 7
|     |||   0x000113eb      lea rdi, [rip + 0x7ebb]                    ; str._.libs_
|     |||                                                              ; 0x192ad ; "/.libs/"
|     |||   0x000113f2      repe cmpsb byte [rsi], byte ptr [rdi]
|    ,====< 0x000113f4      jne 0x11424
|    ||||   0x000113f6      mov ecx, 3
|    ||||   0x000113fb      mov rsi, rdx
|    ||||   0x000113fe      mov rbx, rdx
|    ||||   0x00011401      lea rdi, [rip + 0x7ead]                    ; "lt-"
|    ||||                                                              ; 0x192b5
|    ||||   0x00011408      repe cmpsb byte [rsi], byte ptr [rdi]
|    ||||   0x0001140a      seta sil
|    ||||   0x0001140e      setb cl
|    ||||   0x00011411      cmp sil, cl
|   ,=====< 0x00011414      jne 0x11424
|   |||||   0x00011416      lea rbx, [rax + 4]
|   |||||   0x0001141a      mov rax, qword [rip + 0xdeaf]              ; reloc.program_invocation_short_name
|   |||||                                                              ; [0x1f2d0:8]=0
|   |||||   0x00011421      mov qword [rax], rbx
|   |||||   ; CODE XREFS from fcn.00011390 @ 0x113d0, 0x113e0, 0x113f4, 0x11414
|   ````--> 0x00011424      mov rax, qword [rip + 0xde3d]              ; [0x1f268:8]=0x21680
EOF
RUN

NAME=reflines offset 3 (ascii)
FILE=bins/elf/analysis/ls-alxchk
CMDS=<<EOF
e asm.sub.rel=false
e asm.bytes=false
e asm.leahints=false
e scr.utf8=false
e scr.color=false
s $S
aaa >/dev/null
s 0x00003ca6
pd 19
EOF
EXPECT=<<EOF
|           0x00003ca6      cmp eax, 2
|       ,=< 0x00003ca9      je 0x45ec
|       |   0x00003caf      cmp eax, 3
|      ,==< 0x00003cb2      je 0x3ce3
|      ||   0x00003cb4      sub eax, 1
|     ,===< 0x00003cb7      je 0x3cbe
|     |||   ; CODE XREFS from main @ 0x58bc, 0x58d2
|     |||   ;-- case 4:                                                ; from 0x58d2
|     |||   0x00003cb9      call sym.imp.abort                         ; void abort(void)
|     |||   ; CODE XREF from main @ 0x3cb7
|     `---> 0x00003cbe      mov edi, 1                                 ; int fd
|      ||   0x00003cc3      call sym.imp.isatty                        ; int isatty(int fd)
|      ||   0x00003cc8      test eax, eax
|     ,===< 0x00003cca      je 0x4c2e
|     |||   0x00003cd0      mov dword [rip + 0x1d626], 2               ; [0x21300:4]=0
|     |||   0x00003cda      mov byte [rip + 0x1d33f], 1                ; [0x21020:1]=0
|    ,====< 0x00003ce1      jmp 0x3cf9
|    ||||   ; CODE XREF from main @ 0x3cb2
|    ||`--> 0x00003ce3      mov esi, 5                                 ; int64_t arg2
|    || |   0x00003ce8      xor edi, edi                               ; int64_t arg1
|    || |   0x00003cea      mov dword [rip + 0x1d60c], 0               ; [0x21300:4]=0
|    || |   0x00003cf4      call fcn.00012740
|    || |   ; CODE XREFS from main @ 0x3ce1, 0x4602, 0x4c38
|    `----> 0x00003cf9      lea rdi, [rip + 0x14fb4]                   ; str.QUOTING_STYLE
|     | |                                                              ; 0x18cb4 ; "QUOTING_STYLE" ; const char *name
EOF
RUN

NAME=reflines offset 3 (ascii + wide)
FILE=bins/elf/analysis/ls-alxchk
CMDS=<<EOF
e asm.sub.rel=false
e asm.bytes=false
e asm.leahints=false
e scr.utf8=false
e scr.color=false
e asm.lines.wide=true
s $S
aaa >/dev/null
s 0x00003ca6
pd 19
EOF
EXPECT=<<EOF
|           0x00003ca6      cmp eax, 2
|      ,==< 0x00003ca9      je 0x45ec
|      |    0x00003caf      cmp eax, 3
|    ,====< 0x00003cb2      je 0x3ce3
|    | |    0x00003cb4      sub eax, 1
|  ,======< 0x00003cb7      je 0x3cbe
|  | | |    ; CODE XREFS from main @ 0x58bc, 0x58d2
|  | | |    ;-- case 4:                                                ; from 0x58d2
|  | | |    0x00003cb9      call sym.imp.abort                         ; void abort(void)
|  | | |    ; CODE XREF from main @ 0x3cb7
|  `------> 0x00003cbe      mov edi, 1                                 ; int fd
|    | |    0x00003cc3      call sym.imp.isatty                        ; int isatty(int fd)
|    | |    0x00003cc8      test eax, eax
|  ,======< 0x00003cca      je 0x4c2e
|  | | |    0x00003cd0      mov dword [rip + 0x1d626], 2               ; [0x21300:4]=0
|  | | |    0x00003cda      mov byte [rip + 0x1d33f], 1                ; [0x21020:1]=0
| ========< 0x00003ce1      jmp 0x3cf9
|  | | |    ; CODE XREF from main @ 0x3cb2
|  | `----> 0x00003ce3      mov esi, 5                                 ; int64_t arg2
|  |   |    0x00003ce8      xor edi, edi                               ; int64_t arg1
|  |   |    0x00003cea      mov dword [rip + 0x1d60c], 0               ; [0x21300:4]=0
|  |   |    0x00003cf4      call fcn.00012740
|  |   |    ; CODE XREFS from main @ 0x3ce1, 0x4602, 0x4c38
| --------> 0x00003cf9      lea rdi, [rip + 0x14fb4]                   ; str.QUOTING_STYLE
|  |   |                                                               ; 0x18cb4 ; "QUOTING_STYLE" ; const char *name
EOF
RUN

NAME=reflines offset 4 (ascii + wide)
FILE=bins/elf/analysis/ls-alxchk
CMDS=<<EOF
e asm.sub.rel=false
e asm.bytes=false
e asm.leahints=false
e scr.utf8=false
e scr.color=false
e asm.lines.wide=true
aaa >/dev/null
s 0x00003ca6
pd 19
EOF
EXPECT=<<EOF
|           0x00003ca6      cmp eax, 2
|      ,==< 0x00003ca9      je 0x45ec
|      |    0x00003caf      cmp eax, 3
|    ,====< 0x00003cb2      je 0x3ce3
|    | |    0x00003cb4      sub eax, 1
|  ,======< 0x00003cb7      je 0x3cbe
|  | | |    ; CODE XREFS from main @ 0x58bc, 0x58d2
|  | | |    ;-- case 4:                                                ; from 0x58d2
|  | | |    0x00003cb9      call sym.imp.abort                         ; void abort(void)
|  | | |    ; CODE XREF from main @ 0x3cb7
|  `------> 0x00003cbe      mov edi, 1                                 ; int fd
|    | |    0x00003cc3      call sym.imp.isatty                        ; int isatty(int fd)
|    | |    0x00003cc8      test eax, eax
|  ,======< 0x00003cca      je 0x4c2e
|  | | |    0x00003cd0      mov dword [rip + 0x1d626], 2               ; [0x21300:4]=0
|  | | |    0x00003cda      mov byte [rip + 0x1d33f], 1                ; [0x21020:1]=0
| ========< 0x00003ce1      jmp 0x3cf9
|  | | |    ; CODE XREF from main @ 0x3cb2
|  | `----> 0x00003ce3      mov esi, 5                                 ; int64_t arg2
|  |   |    0x00003ce8      xor edi, edi                               ; int64_t arg1
|  |   |    0x00003cea      mov dword [rip + 0x1d60c], 0               ; [0x21300:4]=0
|  |   |    0x00003cf4      call fcn.00012740
|  |   |    ; CODE XREFS from main @ 0x3ce1, 0x4602, 0x4c38
| --------> 0x00003cf9      lea rdi, [rip + 0x14fb4]                   ; str.QUOTING_STYLE
|  |   |                                                               ; 0x18cb4 ; "QUOTING_STYLE" ; const char *name
EOF
RUN

NAME=reflines in noreturn
FILE=bins/elf/analysis/ls-alxchk
CMDS=<<EOF
e asm.sub.rel=false
e asm.bytes=false
e asm.leahints=false
e scr.utf8=false
e scr.color=false
e asm.lines.wide=true
e asm.comments=0
aaa >/dev/null
s 0x00012740
pdf
EOF
EXPECT=<<EOF
/ 76: fcn.00012740 (int64_t arg1, int64_t arg2);
|           ; var int64_t var_8h @ rbp-0x8
|           ; arg int64_t arg1 @ rdi
|           ; arg int64_t arg2 @ rsi
|           0x00012740      push rbp
|           0x00012741      mov rbp, rsp
|           0x00012744      sub rsp, 0x1030
|           0x0001274b      or qword [rsp], 0
|           0x00012750      add rsp, 0x1020
|           0x00012757      mov rax, qword fs:[0x28]
|           0x00012760      mov qword [var_8h], rax
|           0x00012764      xor eax, eax
|           0x00012766      lea rax, [rip + 0xf033]
|           0x0001276d      test rdi, rdi
|           0x00012770      cmovne rax, rdi
|           0x00012774      mov dword [rax], esi
|           0x00012776      mov rax, qword [var_8h]
|           0x0001277a      xor rax, qword fs:[0x28]
|      ,==< 0x00012783      jne 0x12787
|      |    0x00012785      leave
|      |    0x00012786      ret
\      `--> 0x00012787      call sym.imp.__stack_chk_fail
EOF
RUN

NAME=⁝ and XREF cmt
FILE=bins/elf/strenc-ctrlchars
CMDS=<<EOF
e scr.utf8=true
e asm.bytes=false
s main
af
s sym.imp.puts
?e
pd 3
EOF
EXPECT=<<EOF

        ╎   ; CALL XREF from main @ 0x400406
┌ 6: int sym.imp.puts (const char *s);
└       ╎   0x004003f0      jmp qword [reloc.puts]                     ; [0x601018:8]=0x4003f6
        ╎   0x004003f6      push 0
        └─< 0x004003fb      jmp sym..plt
EOF
RUN

NAME=stackptr
FILE=bins/mach0/mac-ls
CMDS=<<EOF
s 0x1000039b6
af
e asm.lines.bb=false
e asm.lines.fcn=false
e asm.stackptr=true
pdr~0x100003b27[1]
pdf~0x100003b27[1]
pdr~0x100003b3d[1]
pdr~0x100003b3e[1]
pdr~0x100003b40[1]
pdr~0x100003b42[1]
pdr~0x100003b44[1]
pdr~0x100003b46[1]
EOF
EXPECT=<<EOF
104
104
48-
40-
32-
24-
16-
8-
EOF
RUN

NAME=auto string memory reference (iopa)
FILE=malloc://8096
CMDS=<<EOF
e asm.sub.rel=false
e asm.arch = x86
e asm.bits=64
e scr.color = false
e io.va=0
e asm.lines.bb=0
e asm.bytes=0
e asm.cmt.right=10
wx 488b3541100000
wv8 0x500 @ 0x1048
w Hello @ 0x500
pd 1
EOF
EXPECT=<<EOF
  ; [0x1048:8]=0x500 "Hello"
  0x00000000      mov rsi, qword [rip + 0x1041]
EOF
RUN

NAME=auto string memory reference (io.va)
FILE=malloc://8096
CMDS=<<EOF
e asm.sub.rel=false
e asm.arch = x86
e asm.bits=64
e scr.color = false
e io.va=1
e asm.lines.bb=0
e asm.bytes=0
e asm.cmt.right=10
wx 488b3541100000
wv8 0x500 @ 0x1048
w Hello @ 0x500
pd 1
EOF
EXPECT=<<EOF
  ; [0x1048:8]=0x500 "Hello"
  0x00000000      mov rsi, qword [rip + 0x1041]
EOF
RUN


NAME=no string on cbz
FILE=malloc://8096
CMDS=<<EOF
e asm.arch=arm
e asm.bits=64
e cfg.bigendian=false
e emu.str=true
wv 0x52800015
wv 0x340000b5 @ 4
w hello @ 0x18
pd 2
EOF
EXPECT=<<EOF
            0x00000000      15008052       movz w21, 0
        ,=< 0x00000004      b5000034       cbz w21, 0x18               ; likely
EOF
RUN

NAME=No function
FILE=malloc://0x50
CMDS=aftm
EXPECT=<<EOF
EOF
RUN

NAME=Basic type Matching
FILE=bins/elf/analysis/x86-helloworld-gcc
CMDS=<<EOF
s sym.main
aa
aei
aeim
td int puts(char *s);
aft
s 0x08048409
pd 1~char *s?
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=Mixed reg/stack callee arguments type matching
FILE=bins/pe/testapp-msvc64.exe
CMDS=<<EOF
s 0x14000b54c
aei
aeim
af
aft
pdf
EOF
EXPECT=<<EOF
            ;-- rip:
/ 59: fcn.14000b54c ();
|           ; var DWORD dwCreationDisposition @ rsp+0x20
|           ; var DWORD dwFlagsAndAttributes @ rsp+0x28
|           ; var HANDLE hTemplateFile @ rsp+0x30
|           0x14000b54c      4883ec48       sub rsp, 0x48
|           0x14000b550      488364243000   and qword [hTemplateFile], 0 ; HANDLE hTemplateFile
|           0x14000b556      488d0da37300.  lea rcx, str.CONOUT_       ; 0x140012900 ; u"CONOUT$" ; LPCWSTR lpFileName
|           0x14000b55d      8364242800     and dword [dwFlagsAndAttributes], 0 ; DWORD dwFlagsAndAttributes
|           0x14000b562      41b803000000   mov r8d, 3                 ; DWORD dwShareMode
|           0x14000b568      4533c9         xor r9d, r9d               ; LPSECURITY_ATTRIBUTES lpSecurityAttributes
|           0x14000b56b      4489442420     mov dword [dwCreationDisposition], r8d ; DWORD dwCreationDisposition
|           0x14000b570      ba00000040     mov edx, 0x40000000        ; DWORD dwDesiredAccess
|           0x14000b575      ff158d1c0000   call qword [sym.imp.KERNEL32.dll_CreateFileW] ; [0x14000d208:8]=0x1579e reloc.KERNEL32.dll_CreateFileW ; HANDLE CreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
|           0x14000b57b      4889057eb400.  mov qword [0x140016a00], rax ; [0x140016a00:8]=-2
|           0x14000b582      4883c448       add rsp, 0x48
\           0x14000b586      c3             ret
EOF
RUN

NAME=call not function
FILE=bins/pe/crackme0x00.exe
CMDS=<<EOF
aa
s sym._main
aei
aeim
td int strcmp(char *s1, char *s2);
tk func.strcmp.cc=stdcall
aft
s 0x00401370
pd 1~char *s1?
s 0x00401368
pd 1~char *s2?
EOF
EXPECT=<<EOF
1
1
EOF
RUN

NAME=Settings global calling convention
FILE=bins/pe/msvcfindmain.exe
CMDS=<<EOF
e anal.cc=pascal
aaa
afi @@@F~?pascal
EOF
EXPECT=<<EOF
65
EOF
RUN

NAME=1: Wrong calling convention
FILE=bins/pe/crackme0x00.exe
CMDS=<<EOF
s entry0
af
tk CRTStartup=func
tk func.CRTStartup.args=1
tk func.CRTStartup.arg0= int,who_cares
tk func.CRTStartup.cc=THE_CC_THAT_NEVER_EXISTED
tk func.CRTStartup.ret=eax
aei
aeim
aftm
EOF
EXPECT=<<EOF
EOF
RUN

NAME=2: Wrong calling convention
FILE=bins/mach0/ls-osx-x86_64
CMDS=<<EOF
s entry0
aaa
afta
Ct. @ 0x100001413
Ct. @ 0x10000145b
Ct. @ 0x100001460
EOF
EXPECT=<<EOF
int category
int fd
unsigned long request
EOF
RUN

NAME=Function definition
FILE=bins/elf/arm1.bin
CMDS=<<EOF
afr @ main
s 0x000082cc
pd 1~?*xmalloc
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=Function definition (autorename)
FILE=bins/pe/hello-mingw32
CMDS=<<EOF
aaa
s 0x00401255
pd 1~?ExitProcess\(UINT
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=Function definition indirect calls
FILE=bins/pe/msvcfindmain.exe
BROKEN=1
CMDS=<<EOF
aaa
pd 1 @ 0x004012c0 ~?DWORD
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=Function definition
FILE=bins/elf/ioli/crackme0x00
CMDS=<<EOF
aaa
s 0x08048469
pd 1~?strcmp\(const
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=afvt
FILE=bins/mach0/arg
CMDS=<<EOF
s sym._call
af
afv
EOF
EXPECT=<<EOF
var int64_t var_14h @ rbp-0x14
var int64_t var_10h @ rbp-0x10
var int64_t var_8h @ rbp-0x8
arg int64_t arg2 @ rsi
arg int64_t arg1 @ rdi
EOF
RUN

NAME=afvt
FILE=bins/mach0/macho
CMDS=<<EOF
s 0x100000b60
af
afv~var_30h
afvt var_30h char
afv~var_30h
EOF
EXPECT=<<EOF
var int64_t var_30h @ rbp-0x30
var char var_30h @ rbp-0x30
EOF
RUN

NAME=afvn
FILE=bins/mach0/macho
CMDS=<<EOF
s 0x100000b60
af
afv~var_30h
afvn mylocal var_30h
afv~mylocal
EOF
EXPECT=<<EOF
var int64_t var_30h @ rbp-0x30
var int64_t mylocal @ rbp-0x30
EOF
RUN

NAME=afvn + afvn
FILE=bins/mach0/macho
CMDS=<<EOF
s 0x100000b60
af
afv~var_30h
afvn mylocal var_30h
afvn var_30h mylocal
afv~var_30h
EOF
EXPECT=<<EOF
var int64_t var_30h @ rbp-0x30
var int64_t var_30h @ rbp-0x30
EOF
RUN

NAME=afvt + afvn
FILE=bins/mach0/macho
CMDS=<<EOF
s 0x100000b60
af
afv~var_30h
afvn mylocal var_30h
afvt mylocal char
afv~mylocal
EOF
EXPECT=<<EOF
var int64_t var_30h @ rbp-0x30
var char mylocal @ rbp-0x30
EOF
RUN

NAME=afvn + afvt
FILE=bins/mach0/macho
CMDS=<<EOF
s 0x100000b60
af
afv~var_30h
afvt var_30h char
afvn mylocal var_30h
afv~mylocal
EOF
EXPECT=<<EOF
var int64_t var_30h @ rbp-0x30
var char mylocal @ rbp-0x30
EOF
RUN

NAME=afvt + afvt
FILE=bins/mach0/macho
CMDS=<<EOF
s 0x100000b60
af
afv~var_30h
afvt var_30h char
afvt var_30h int
afv~var_30h
EOF
EXPECT=<<EOF
var int64_t var_30h @ rbp-0x30
var int var_30h @ rbp-0x30
EOF
RUN


NAME=afva for fastcall with no esp vars
FILE=bins/elf/analysis/fast
CMDS=<<EOF
aa
s sym.fastcaslled
afc fastcall
afc
afva
pdf
EOF
EXPECT=<<EOF
fastcall
            ; CALL XREF from main @ 0x80484c7
/ 59: sym.fastcaslled (int32_t arg1, int32_t arg2, int32_t arg_8h, int32_t arg_ch);
|           ; var int32_t var_20h @ ebp-0x20
|           ; var int32_t var_1ch @ ebp-0x1c
|           ; var int32_t var_10h @ ebp-0x10
|           ; var int32_t var_ch @ ebp-0xc
|           ; arg int32_t arg_8h @ ebp+0x8
|           ; arg int32_t arg_ch @ ebp+0xc
|           ; arg int32_t arg1 @ ecx
|           ; arg int32_t arg2 @ edx
|           0x0804841b      55             push ebp
|           0x0804841c      89e5           mov ebp, esp
|           0x0804841e      83ec28         sub esp, 0x28
|           0x08048421      894de4         mov dword [var_1ch], ecx    ; arg1
|           0x08048424      8955e0         mov dword [var_20h], edx    ; arg2
|           0x08048427      8b55e4         mov edx, dword [var_1ch]
|           0x0804842a      8b45e0         mov eax, dword [var_20h]
|           0x0804842d      01d0           add eax, edx
|           0x0804842f      8945f4         mov dword [var_ch], eax
|           0x08048432      8b45e0         mov eax, dword [var_20h]
|           0x08048435      2b450c         sub eax, dword [arg_ch]
|           0x08048438      8945f0         mov dword [var_10h], eax
|           0x0804843b      ff7508         push dword [arg_8h]
|           0x0804843e      ff75f0         push dword [var_10h]
|           0x08048441      ff75f4         push dword [var_ch]
|           0x08048444      6874850408     push str._i__i__i_n         ; 0x8048574 ; "%i %i %i\n"
|           0x08048449      e8a2feffff     call sym.imp.printf         ; int printf(const char *format)
|           0x0804844e      83c410         add esp, 0x10
|           0x08048451      90             nop
|           0x08048452      c9             leave
\           0x08048453      c20800         ret 8
EOF
RUN

NAME=afva for cdecl/stdcall with no esp vars
FILE=bins/elf/analysis/fast
CMDS=<<EOF
e asm.calls=false
aa
s sym.nonfastcaslled
afc
afva
pdf
EOF
EXPECT=<<EOF
cdecl
            ; CALL XREF from main @ 0x80484db
/ (fcn) sym.nonfastcaslled 51
|           ; var int32_t var_10h @ ebp-0x10
|           ; var int32_t var_ch @ ebp-0xc
|           ; arg int32_t arg_8h @ ebp+0x8
|           ; arg int32_t arg_ch @ ebp+0xc
|           ; arg int32_t arg_10h @ ebp+0x10
|           ; arg int32_t arg_14h @ ebp+0x14
|           0x08048456      55             push ebp
|           0x08048457      89e5           mov ebp, esp
|           0x08048459      83ec18         sub esp, 0x18
|           0x0804845c      8b5508         mov edx, dword [arg_8h]
|           0x0804845f      8b450c         mov eax, dword [arg_ch]
|           0x08048462      01d0           add eax, edx
|           0x08048464      8945f4         mov dword [var_ch], eax
|           0x08048467      8b450c         mov eax, dword [arg_ch]
|           0x0804846a      2b4514         sub eax, dword [arg_14h]
|           0x0804846d      8945f0         mov dword [var_10h], eax
|           0x08048470      ff7510         push dword [arg_10h]
|           0x08048473      ff75f0         push dword [var_10h]
|           0x08048476      ff75f4         push dword [var_ch]
|           0x08048479      6874850408     push str._i__i__i_n         ; 0x8048574 ; "%i %i %i\n"
|           0x0804847e      e86dfeffff     call sym.imp.printf
|           0x08048483      83c410         add esp, 0x10
|           0x08048486      90             nop
|           0x08048487      c9             leave
\           0x08048488      c3             ret
EOF
RUN

NAME=anal vars crash
FILE=-
CMDS=<<EOF
af
afvr-*
afvr-*
EOF
EXPECT=<<EOF
EOF
RUN

NAME=anal vars crash 2
FILE=-
CMDS=<<EOF
e asm.bits=64
e asm.arch = x86
e anal.arch = x86
e asm.calls=false
wx 554889e5534881ec3810000048830c24004881c42010000064488b042528000000488945e831c04885ff4889fb909090909090c3 @ 10
aa
afvn new_1 old_1
afvn my_local var_18h
pd 1
EOF
EXPECT=<<EOF
/ (fcn) fcn.00000000 62
// void fcn.00000000 (int64_t arg1);
|           ; var int64_t my_local @ rbp-0x18
|           ; arg int64_t arg1 @ rdi
|           0x00000000      0000           add byte [rax], al
EOF
RUN

NAME=afvb & afvn
FILE=bins/efi/bootia32.efi
CMDS=<<EOF
af
afvn ImageHandle arg_8h
afvn SystemTable arg_ch
afvb~?ImageHandle
afvb~?SystemTable
EOF
EXPECT=<<EOF
1
1
EOF
RUN

NAME=afvb* & afvn
FILE=bins/efi/bootia32.efi
CMDS=<<EOF
af
afvn ImageHandle arg_8h
afvn SystemTable arg_ch
afvb*~?ImageHandle
afvb*~?SystemTable
EOF
EXPECT=<<EOF
1
1
EOF
RUN

NAME=afvb idx... & afvn
FILE=bins/efi/bootia32.efi
CMDS=<<EOF
af
afvb 8 ImageHandle blah @ 0x10002d8d
afvb*~ImageHandle
EOF
EXPECT=<<EOF
afvb 8 ImageHandle blah @ 0x10002d8d
EOF
RUN

NAME=afvbj
FILE=bins/efi/bootia32.efi
CMDS=<<EOF
af
afvb 8 ImageHandle blah @ 0x10002d8d
afvbj~?ImageHandle
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=afvb-ArgName
FILE=bins/efi/bootia32.efi
CMDS=<<EOF
af
afvb 8 ImageHandle blah @ 0x10002d8d
afvb-ImageHandle
afvb~?ImageHandle
EOF
EXPECT=<<EOF
0
EOF
RUN

NAME=afvr & afvn
FILE=bins/efi/bootia32.efi
CMDS=<<EOF
af
afvr esi myreg int @ 0x10002d8d
afvr~?myreg
afvn blah myreg
afvr~?blah
EOF
EXPECT=<<EOF
1
1
EOF
RUN

NAME=afvr idx & afvr*
FILE=bins/efi/bootia32.efi
CMDS=<<EOF
af
afvr esi myreg int @ 0x10002d8d
afvr*~?myreg
afvr*~?int
EOF
EXPECT=<<EOF
1
1
EOF
RUN

NAME=afvr-name
FILE=bins/efi/bootia32.efi
CMDS=<<EOF
af
afvr esi myreg int @ 0x10002d8d
afvr-myreg
afvr~?myreg
EOF
EXPECT=<<EOF
0
EOF
RUN

NAME=afvb-* afvr-*
FILE=bins/efi/bootia32.efi
CMDS=<<EOF
af
afvb-*
afvr-*
afvb~?
afvr~?
EOF
EXPECT=<<EOF
0
0
EOF
RUN

NAME=anal vars count
FILE=bins/mach0/ls-osx-x86_64
CMDS=<<EOF
af
afvb~?
EOF
EXPECT=<<EOF
13
EOF
RUN

NAME=anal vars retype
FILE=bins/mach0/ls-osx-x86_64
CMDS=<<EOF
af
afvt var_30h char
afvb~_30h
EOF
EXPECT=<<EOF
var char var_30h @ rbp-0x30
EOF
RUN

NAME=anal vars rename
FILE=bins/mach0/ls-osx-x86_64
CMDS=<<EOF
af
afvn newname var_30h
afvb~newname
EOF
EXPECT=<<EOF
var int64_t newname @ rbp-0x30
EOF
RUN

NAME=vars display in debugger
FILE=bins/elf/analysis/fast
CMDS=<<EOF
aa
s 0x0804843b
afvd arg_ch
afvd var_10h
EOF
EXPECT=<<EOF
pf d @ebp+0xc
pf d @ebp-0x10
EOF
RUN

NAME=afvR and afvW test
FILE=bins/elf/crackme0x05
CMDS=<<EOF
e anal.vars.stackname=true
aa
s main
?e
afvR
afvW
EOF
EXPECT=<<EOF

   var_7ch  0x8048577,0x804858a
   var_88h
   var_7ch
   var_88h  0x804857a
EOF
RUN

NAME=axt avr
FILE=bins/firmware/main.avr
CMDS=<<EOF
f str.hello 12 @ 0x276
Csa 12 @ str.hello
axd 0x260 @ str.hello
pd 1 @ 0x260
EOF
EXPECT=<<EOF
            ; DATA XREF from str.hello @
            0x00000260      80e0           ldi r24, 0x00
EOF
RUN

NAME=axt capstone x86
FILE=bins/elf/analysis/main
CMDS=<<EOF
e asm.arch = x86
e anal.arch = x86
e scr.color=false
e scr.wheel = false
aa
axt @ str.Hello_World
EOF
EXPECT=<<EOF
main 0x40050a [DATA] mov edi, str.Hello_World
EOF
RUN

NAME=axt capstone x86: IOLI0
FILE=bins/elf/ioli/crackme0x00
CMDS=<<EOF
e asm.arch = x86
e anal.arch = x86
e scr.color=false
e scr.wheel = false
aa
axt @ str.Password:_
EOF
EXPECT=<<EOF
main 0x804843c [DATA] mov dword [esp], str.Password:_
EOF
RUN

NAME=axt capstone x86: IOLI7 aa
FILE=bins/elf/ioli/crackme0x07
CMDS=<<EOF
aaa
axt @ sym.imp.exit
EOF
EXPECT=<<EOF
fcn.08048524 0x804853d [CALL] call sym.imp.exit
fcn.08048542 0x80485ab [CALL] call sym.imp.exit
(nofunc) 0x804866f [CALL] call sym.imp.exit
EOF
RUN

NAME=axt capstone x86: IOLI7 aa 2
FILE=bins/elf/ioli/crackme0x07
CMDS=<<EOF
aaaa
axt @ sym.imp.exit
EOF
EXPECT=<<EOF
fcn.08048524 0x804853d [CALL] call sym.imp.exit
fcn.08048542 0x80485ab [CALL] call sym.imp.exit
(nofunc) 0x804866f [CALL] call sym.imp.exit
EOF
RUN

NAME=axt respect subrel
FILE=bins/pe/ibknoreloc64.exe
CMDS=<<EOF
aaa
e asm.sub.rel=false
axt @ sym.imp.msvcrt.dll_printf
e asm.sub.rel=true
axt @ sym.imp.msvcrt.dll_printf
EOF
EXPECT=<<EOF
entry0 0xffffffffffff100a [CALL] call qword [rip + 0xd8]
entry0 0xffffffffffff100a [CALL] call qword [sym.imp.msvcrt.dll_printf]
EOF
RUN

NAME=ax-
FILE=-
CMDS=<<EOF
ax 10 20
axq
ax-10 20
axq
EOF
EXPECT=<<EOF
0x00000014 -> 0x0000000a  UNKNOWN
EOF
RUN

NAME=ax-@
FILE=-
CMDS=<<EOF
s 20
ax 10
axq
ax-10
axq
EOF
EXPECT=<<EOF
0x00000014 -> 0x0000000a  UNKNOWN
EOF
RUN

NAME=ax-*
FILE=-
CMDS=<<EOF
ax 10
ax
ax-*
ax
EOF
EXPECT=<<EOF
                                       ? 0x0 ->   UNKNOWN -> 0xa
EOF
RUN

NAME=axt unknown function
FILE=bins/pe/lab11.malware
CMDS=<<EOF
aaa
axt fcn.00401270
EOF
EXPECT=<<EOF
(nofunc) 0x401a1d [CALL] call fcn.00401270
EOF
RUN

NAME=axf string ref capstone x86
FILE=bins/elf/ioli/crackme0x03
CMDS=<<EOF
e asm.arch = x86
e anal.arch = x86
e scr.color = false
e scr.wheel = false
aa
axt str.Sdvvzrug_RN
s str.Sdvvzrug_RN
axt
axf 0x804848a
s 0x804848a
axf
EOF
EXPECT=<<EOF
d 0x80485fe str.SdvvzrugRN____
d 0x80485fe str.SdvvzrugRN____
EOF
RUN

NAME=x86 ref issue
FILE=-
CMDS=<<EOF
e asm.bits=64
e asm.arch=x86
wx c7052a44000050000000
ao~^ptr[1]
EOF
EXPECT=<<EOF
0x00004434
EOF
RUN

NAME=aoj pushf
FILE=-
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
wx 669c
aoj~{}
EOF
EXPECT=<<EOF
[
  {
    "opcode": "pushf",
    "disasm": "pushf",
    "pseudo": "pushf ",
    "description": "push flags register onto the stack",
    "mnemonic": "pushf",
    "mask": "ffff",
    "esil": "8,rsp,-=,eflags,rsp,=[8]",
    "sign": false,
    "prefix": 0,
    "id": 591,
    "opex": {
      "operands": [
        {
          "size": 8,
          "rw": 1,
          "type": "reg",
          "value": "rflags"
        }
      ]
    },
    "addr": 0,
    "bytes": "669c",
    "size": 2,
    "type": "upush",
    "esilcost": 24,
    "scale": 0,
    "refptr": 0,
    "cycles": 2,
    "failcycles": 0,
    "delay": 0,
    "stack": "inc",
    "stackptr": 8,
    "family": "cpu"
  }
]
EOF
RUN

NAME=strings xref issue
FILE=bins/elf/redpill
CMDS=<<EOF
e anal.strings=true
aa
aae
axt 0x00001d89
axt 0x00001da0
axt 0x00001db7
axt 0x00001dd1
axt 0x00001de8
axt 0x00001df4
axt 0x00001e09
EOF
EXPECT=<<EOF
main 0x1457 [STRING] lea eax, str._Take_the_Red_Pill____n
main 0x148e [STRING] lea eax, str._use:_._exploit1_PILL_
main 0x14eb [STRING] lea eax, str._____Red_Pill__0x50444552
main 0x1502 [STRING] lea eax, str._____Your_Pill_0x_08x_n
main 0x1523 [STRING] lea eax, str._n__Red_Pill
main 0x1557 [STRING] lea eax, str.__fwhibbit
main 0x161d [STRING] lea eax, str._n__Blue_Pill
EOF
RUN

NAME=reference to like mov [0x400000], 0x1234
FILE=bins/elf/analysis/reference.out
CMDS=<<EOF
aaa
axt@0x0804a01c
EOF
EXPECT=<<EOF
main 0x80483ee [DATA] mov dword [obj.a], 0x1337
EOF
RUN

NAME=delete references with ax-
FILE=-
CMDS=<<EOF
ax 10 20
axq
ax- 10
axq
ax 10 20
ax 30 40
axq
ax-*
axq
EOF
EXPECT=<<EOF
0x00000014 -> 0x0000000a  UNKNOWN
0x00000014 -> 0x0000000a  UNKNOWN
0x00000028 -> 0x0000001e  UNKNOWN
EOF
RUN

NAME=reference PIC binary
FILE=bins/elf/analysis/xrefpic
CMDS=<<EOF
e anal.strings=true
aa
aae
axt@0x80484e0
EOF
EXPECT=<<EOF
main 0x8048432 [STRING] lea eax, str.Hello_PIC_
EOF
RUN

NAME=strings xref issue without subrel
FILE=bins/elf/redpill
CMDS=<<EOF
e anal.strings=true
e asm.sub.rel=false
aa
aae
axt 0x00001d89
axt 0x00001da0
axt 0x00001db7
axt 0x00001dd1
axt 0x00001de8
axt 0x00001df4
axt 0x00001e09
EOF
EXPECT=<<EOF
main 0x1457 [STRING] lea eax, [esi - 0x2277]
main 0x148e [STRING] lea eax, [esi - 0x2260]
main 0x14eb [STRING] lea eax, [esi - 0x2249]
main 0x1502 [STRING] lea eax, [esi - 0x222f]
main 0x1523 [STRING] lea eax, [esi - 0x2218]
main 0x1557 [STRING] lea eax, [esi - 0x220c]
main 0x161d [STRING] lea eax, [esi - 0x21f7]
EOF
RUN

NAME=reference PIC binary without subrel
FILE=bins/elf/analysis/xrefpic
CMDS=<<EOF
e anal.strings=true
e asm.sub.rel=false
aa
aae
axt@0x80484e0
EOF
EXPECT=<<EOF
main 0x8048432 [STRING] lea eax, [ebx - 0x1b20]
EOF
RUN

NAME=refs on PIC binary disassembly
FILE=bins/elf/analysis/xrefpic
CMDS=<<EOF
e anal.strings=true
aa
aae
pd 1 @ 0x08048432
EOF
EXPECT=<<EOF
|           0x08048432      8d83e0e4ffff   lea eax, str.Hello_PIC_     ; 0x80484e0 ; "Hello PIC!"
EOF
RUN

NAME=refs on PIC binary disassembly (color)
FILE=bins/elf/analysis/xrefpic
CMDS=<<EOF
e asm.bytes=false
e asm.comments=false
e scr.color=1
e anal.strings=true
aa
aae
pd 1 @ 0x08048432
EOF
EXPECT=<<EOF
|           0x08048432      lea eax, str.Hello_PIC_
EOF
RUN

NAME=axs
FILE=-
CMDS=<<EOF
axs 0x10
axq
EOF
EXPECT=<<EOF
0x00000000 -> 0x00000010  STRING
EOF
RUN

NAME=refs with aar
FILE=bins/elf/crackme
CMDS=<<EOF
e asm.lines.bb=false
e asm.lines.fcn=false
aar
pd 1 @0x400730
pd 1 @0x4007f0
pd 1 @0x400610
EOF
EXPECT=<<EOF
; DATA XREF from entry0 @ +0xf
;-- __libc_csu_fini:
0x00400730      f3c3           ret
; CODE XREF from sym.__do_global_ctors_aux @ +0x2d
0x004007f0      4883eb08       sub rbx, 8
; CALL XREF from section..fini @ +0x4
;-- __do_global_dtors_aux:
0x00400610      55             push rbp
EOF
RUN

NAME=refs with afr
FILE=bins/elf/crackme
CMDS=<<EOF
e asm.lines.bb=false
e asm.lines.fcn=false
e anal.jmp.cref=true
aa
afr
pd 1 @0x400730
pd 1 @0x4007f0
pd 1 @0x400610
EOF
EXPECT=<<EOF
  ; DATA XREF from entry0 @ 0x4005cf
2: sym.__libc_csu_fini ();
0x00400730      f3c3           ret
; CODE XREF from sym.__do_global_ctors_aux @ 0x4007fd
0x004007f0      4883eb08       sub rbx, 8
  ; CALL XREF from sym._fini @ 0x40080c
100: sym.__do_global_dtors_aux ();
0x00400610      55             push rbp
EOF
RUN

NAME=cjmp data refs with aar
FILE=malloc://10000
CMDS=<<EOF
e asm.arch=8051
e asm.lines.bb=false
e asm.lines.fcn=false
wx 307401000022
aar
pd 1 @_idata+0x2e
EOF
EXPECT=<<EOF
; DATA XREF from unk @
0x1000002e      00             nop
EOF
RUN

NAME=cjmp data refs with afr
FILE=malloc://10000
CMDS=<<EOF
e asm.arch=8051
e asm.lines.bb=false
e asm.lines.fcn=false
wx 307401000022
aa
afr
pd 1 @_idata+0x2e
EOF
EXPECT=<<EOF
; DATA XREF from fcn.00000000 @
0x1000002e      00             nop
EOF
RUN

NAME=xrefs and overlapping basic blocks
FILE=bins/elf/analysis/ls-linux-x86_64-zlul
CMDS=<<EOF
aaa
axt main
EOF
EXPECT=<<EOF
entry0 0x40488d [DATA] mov rdi, main
EOF
RUN

NAME=unique function names
FILE=bins/elf/bash
CMDS=<<EOF
aaa
f~strlen~390
EOF
EXPECT=<<EOF
EOF
RUN

NAME=no function split without overlapping blocks
FILE=bins/elf/libc.so.6
CMDS=<<EOF
aac
s 0x2254d
agf~invalid
echo end
EOF
EXPECT=<<EOF
end
EOF
RUN

NAME=noreturn of reloc-functions
FILE=bins/elf/ls
CMDS=<<EOF
aaa
afbr 0x80b0
EOF
EXPECT=<<EOF
0x000081cb
0x00008237
EOF
RUN

NAME=r_anal_fcn_split_bb FITFCNSZ fix (#12008)
FILE=-
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
e anal.jmp.mid=false
e io.cache=true
wx b8210000c1ebfdbb2c000000000
af
afi
?e
afb
?e
e asm.bb.middle=true
pdf
?e
e asm.bb.middle=false
pdf
EOF
EXPECT=<<EOF
#
offset: 0x00000000
name: fcn.00000000
size: 7
is-pure: true
realsz: 7
stackframe: 0
call-convention: amd64
cyclomatic-cost: 4
cyclomatic-complexity: 0
bits: 64
type: fcn [NEW]
num-bbs: 2
edges: 2
end-bbs: 0
call-refs:
data-refs:
code-xrefs:
noreturn: false
in-degree: 0
out-degree: 0
data-xrefs:
locals: 0
args: 0
diff: type: new

0x00000000 0x00000004 00:0000 4 j 0x00000004
0x00000004 0x00000007 00:0000 3 j 0x00000004

/ 7: fcn.00000000 ();
|           0x00000000  ~   b8210000c1     mov eax, 0xc1000021         ; '!'
|           ; CODE XREF from fcn.00000000 @ 0x5
\       .-> 0x00000004      c1ebfd         shr ebx, 0xfd

/ 7: fcn.00000000 ();
|           0x00000000      b8210000c1     mov eax, 0xc1000021         ; '!'
\       `=< 0x00000005      ebfd           jmp 4
EOF
RUN

NAME=overlapping basic blocks and anal.jmp.mid
FILE=-
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
e anal.nopskip=false
e asm.bb.middle=true
e anal.jmp.mid=true
e io.cache=true
"(show_fcn bin; wx $0; af-*; af; afi; ?e; afb; ?e; pdr; ?e; agf; ?e; e asm.bb.middle=true; pdf; ?e; e asm.bb.middle=false; pdf)"
.(show_fcn b8210000c1ebfdbb2c000000cc)
?e
.(show_fcn b8210000c1ebfdbb2c000000ebf6)
?e
.(show_fcn b8210000c1ebfdbb2c000000ebf7)
?e
.(show_fcn 0f1f440000b8210000c1ebfdbb2c000000ebf0)
EOF
EXPECT=<<EOF
#
offset: 0x00000000
name: fcn.00000000
size: 13
is-pure: false
realsz: 16
stackframe: 0
call-convention: amd64
cyclomatic-cost: 6
cyclomatic-complexity: 1
bits: 64
type: fcn [NEW]
num-bbs: 2
edges: 1
end-bbs: 1
call-refs: 0x00000004 J
data-refs: 0x0000002c
code-xrefs: 0x00000005 J
noreturn: false
in-degree: 1
out-degree: 0
data-xrefs:
locals: 0
args: 0
diff: type: new

0x00000000 0x00000007 00:0000 7 j 0x00000004
0x00000004 0x0000000d 00:0000 9

/ 16: fcn.00000000 ();
| 0x00000000      b8210000c1     mov eax, 0xc1000021                   ; '!'
| 0x00000005      ebfd           jmp 4
| ----------- true: 0x00000004
| ; CODE XREF from fcn.00000000 @ 0x5
| 0x00000004      c1ebfd         shr ebx, 0xfd
| 0x00000007      bb2c000000     mov ebx, 0x2c                         ; ','
\ 0x0000000c      cc             int3


[0x00000000]>  # fcn.00000000 ();
      .------------------------.
      |  0x0                   |
      | 16: fcn.00000000 ();   |
      | ; '!'                  |
      | mov eax, 0xc1000021    |
      | jmp 4                  |
      `------------------------'
          v
          |
    .-----'
    |
.-------------------------------------.
|  0x4                                |
| ; CODE XREF from fcn.00000000 @ 0x5 |
| shr ebx, 0xfd                       |
| ; ','                               |
| mov ebx, 0x2c                       |
| int3                                |
`-------------------------------------'

/ 16: fcn.00000000 ();
|           0x00000000  ~   b8210000c1     mov eax, 0xc1000021         ; '!'
|           ; CODE XREF from fcn.00000000 @ 0x5
|       .-> 0x00000004      c1ebfd         shr ebx, 0xfd
|           0x00000007      bb2c000000     mov ebx, 0x2c               ; ','
\           0x0000000c      cc             int3
..

/ 16: fcn.00000000 ();
|           0x00000000      b8210000c1     mov eax, 0xc1000021         ; '!'
|       `=< 0x00000005      ebfd           jmp 4
|           0x00000007      bb2c000000     mov ebx, 0x2c               ; ','
\           0x0000000c      cc             int3
..

#
offset: 0x00000000
name: fcn.00000000
size: 14
is-pure: false
realsz: 17
stackframe: 0
call-convention: amd64
cyclomatic-cost: 7
cyclomatic-complexity: 0
bits: 64
type: fcn [NEW]
num-bbs: 2
edges: 2
end-bbs: 0
call-refs: 0x00000004 J 0x00000004 J
data-refs: 0x0000002c
code-xrefs: 0x00000005 J 0x0000000c J
noreturn: false
in-degree: 2
out-degree: 0
data-xrefs:
locals: 0
args: 0
diff: type: new

0x00000000 0x00000007 00:0000 7 j 0x00000004
0x00000004 0x0000000e 00:0000 10 j 0x00000004

/ 17: fcn.00000000 ();
| 0x00000000      b8210000c1     mov eax, 0xc1000021                   ; '!'
| 0x00000005      ebfd           jmp 4
| ----------- true: 0x00000004
| ; CODE XREFS from fcn.00000000 @ 0x5, 0xc
| 0x00000004      c1ebfd         shr ebx, 0xfd
| 0x00000007      bb2c000000     mov ebx, 0x2c                         ; ','
\ 0x0000000c      ebf6           jmp 4
| ----------- true: 0x00000004

[0x00000000]>  # fcn.00000000 ();
          .------------------------.
          |  0x0                   |
          | 17: fcn.00000000 ();   |
          | ; '!'                  |
          | mov eax, 0xc1000021    |
          | jmp 4                  |
          `------------------------'
              v
              |
              '--------.
                       |
                       |
                       |
       .---------------'
.--------.
|      | |
|.-------------------------------------------.
||  0x4                                      |
|| ; CODE XREFS from fcn.00000000 @ 0x5, 0xc |
|| shr ebx, 0xfd                             |
|| ; ','                                     |
|| mov ebx, 0x2c                             |
|| jmp 4                                     |
|`-------------------------------------------'
|    v
|    |
`----'

/ 17: fcn.00000000 ();
|           0x00000000  ~   b8210000c1     mov eax, 0xc1000021         ; '!'
|           ; CODE XREFS from fcn.00000000 @ 0x5, 0xc
|      ..-> 0x00000004      c1ebfd         shr ebx, 0xfd
|       :   0x00000007      bb2c000000     mov ebx, 0x2c               ; ','
\       `=< 0x0000000c      ebf6           jmp 4
..

/ 17: fcn.00000000 ();
|           0x00000000      b8210000c1     mov eax, 0xc1000021         ; '!'
|      `==< 0x00000005      ebfd           jmp 4
|       :   0x00000007      bb2c000000     mov ebx, 0x2c               ; ','
\       `=< 0x0000000c      ebf6           jmp 4
..

#
offset: 0x00000000
name: fcn.00000000
size: 14
is-pure: false
realsz: 17
stackframe: 0
call-convention: amd64
cyclomatic-cost: 7
cyclomatic-complexity: 0
bits: 64
type: fcn [NEW]
num-bbs: 3
edges: 3
end-bbs: 0
call-refs: 0x00000004 J 0x00000005 J
data-refs: 0x0000002c
code-xrefs: 0x00000005 J 0x0000000c J
noreturn: false
in-degree: 2
out-degree: 0
data-xrefs:
locals: 0
args: 0
diff: type: new

0x00000000 0x00000005 00:0000 5 j 0x00000005
0x00000004 0x0000000e 00:0000 10 j 0x00000005
0x00000005 0x00000007 00:0000 2 j 0x00000004

/ 17: fcn.00000000 ();
| 0x00000000      b8210000c1     mov eax, 0xc1000021                   ; '!'
| ----------- true: 0x00000005
| ; CODE XREF from fcn.00000000 @ 0x5
| 0x00000004      c1ebfd         shr ebx, 0xfd
| 0x00000007      bb2c000000     mov ebx, 0x2c                         ; ','
\ 0x0000000c      ebf7           jmp 5
| ----------- true: 0x00000005
| ; CODE XREF from fcn.00000000 @ 0xc
| 0x00000005      ebfd           jmp 4
| ----------- true: 0x00000004

[0x00000000]>  # fcn.00000000 ();
       .------------------------.
       |  0x0                   |
       | 17: fcn.00000000 ();   |
       | ; '!'                  |
       | mov eax, 0xc1000021    |
       `------------------------'
           v
           |
       .---'
.--------.
|      | |
|.-------------------------------------.
||  0x5                                |
|| ; CODE XREF from fcn.00000000 @ 0xc |
|| jmp 4                               |
|`-------------------------------------'
|    v
|    |
|    |
|.-------------------------------------.
||  0x4                                |
|| ; CODE XREF from fcn.00000000 @ 0x5 |
|| shr ebx, 0xfd                       |
|| ; ','                               |
|| mov ebx, 0x2c                       |
|| jmp 5                               |
|`-------------------------------------'
|    v
|    |
`----'

/ 17: fcn.00000000 ();
|           0x00000000  ~   b8210000c1     mov eax, 0xc1000021         ; '!'
|           ; CODE XREF from fcn.00000000 @ 0x5
|       .-> 0x00000004  ~   c1ebfd         shr ebx, 0xfd
|       |   ; CODE XREF from fcn.00000000 @ 0xc
|      .`=< 0x00000005      ebfd           jmp 4
|      :    0x00000007      bb2c000000     mov ebx, 0x2c               ; ','
\      `==< 0x0000000c      ebf7           jmp 5
..

/ 17: fcn.00000000 ();
|           0x00000000      b8210000c1     mov eax, 0xc1000021         ; '!'
|       |   ; CODE XREF from fcn.00000000 @ 0xc
|      .`=< 0x00000005      ebfd           jmp 4
|      :    0x00000007      bb2c000000     mov ebx, 0x2c               ; ','
\      `==< 0x0000000c      ebf7           jmp 5
..

#
offset: 0x00000000
name: fcn.00000000
size: 19
is-pure: false
realsz: 24
stackframe: 0
call-convention: amd64
cyclomatic-cost: 9
cyclomatic-complexity: 0
bits: 64
type: fcn [NEW]
num-bbs: 4
edges: 4
end-bbs: 0
call-refs: 0x00000009 J 0x00000003 J
data-refs: 0x0000002c
code-xrefs: 0x00000011 J 0x0000000a J
noreturn: false
in-degree: 2
out-degree: 0
data-xrefs:
locals: 0
args: 0
diff: type: new

0x00000000 0x00000005 00:0000 5 j 0x00000005
0x00000003 0x00000005 00:0000 2 j 0x00000005
0x00000005 0x0000000c 00:0000 7 j 0x00000009
0x00000009 0x00000013 00:0000 10 j 0x00000003

/ 24: fcn.00000000 ();
| 0x00000000      0f1f440000     nop dword [rax + rax]
| ----------- true: 0x00000005
| ; CODE XREF from fcn.00000000 @ 0x11
| 0x00000003      0000           add byte [rax], al
| ----------- true: 0x00000005
| 0x00000005      b8210000c1     mov eax, 0xc1000021                   ; '!'
| 0x0000000a      ebfd           jmp 9
| ----------- true: 0x00000009
| ; CODE XREF from fcn.00000000 @ 0xa
| 0x00000009      c1ebfd         shr ebx, 0xfd
| 0x0000000c      bb2c000000     mov ebx, 0x2c                         ; ','
\ 0x00000011      ebf0           jmp 3
| ----------- true: 0x00000003

[0x00000000]>  # fcn.00000000 ();
       .--------------------------.
       |  0x0                     |
       | 24: fcn.00000000 ();     |
       | nop dword [rax + rax]    |
       `--------------------------'
           v
           |
           '--.
.---------------.
|             | |
|       .------------------------.
|       |  0x5                   |
|       | ; '!'                  |
|       | mov eax, 0xc1000021    |
|       | jmp 9                  |
|       `------------------------'
|           v
|           |
|     .-----'
|     |
| .-------------------------------------.
| |  0x9                                |
| | ; CODE XREF from fcn.00000000 @ 0xa |
| | shr ebx, 0xfd                       |
| | ; ','                               |
| | mov ebx, 0x2c                       |
| | jmp 3                               |
| `-------------------------------------'
|     v
|     |
|    .'
|    |
|.--------------------------------------.
||  0x3                                 |
|| ; CODE XREF from fcn.00000000 @ 0x11 |
|| add byte [rax], al                   |
|`--------------------------------------'
|    v
|    |
`----'

/ 24: fcn.00000000 ();
|           0x00000000  ~   0f1f440000     nop dword [rax + rax]
|           ; CODE XREF from fcn.00000000 @ 0x11
|       .-> 0x00000003      0000           add byte [rax], al
|       :   0x00000005  ~   b8210000c1     mov eax, 0xc1000021         ; '!'
|       :   ; CODE XREF from fcn.00000000 @ 0xa
|      .--> 0x00000009      c1ebfd         shr ebx, 0xfd
|       :   0x0000000c      bb2c000000     mov ebx, 0x2c               ; ','
\       `=< 0x00000011      ebf0           jmp 3
..

/ 24: fcn.00000000 ();
|           0x00000000      0f1f440000     nop dword [rax + rax]
|       :   0x00000005      b8210000c1     mov eax, 0xc1000021         ; '!'
|      `==< 0x0000000a      ebfd           jmp 9
|       :   0x0000000c      bb2c000000     mov ebx, 0x2c               ; ','
\       `=< 0x00000011      ebf0           jmp 3
..
EOF
RUN

NAME=so -N and overlapping basic blocks
FILE=-
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
e anal.jmp.mid=true
e io.cache=true
e anal.nopskip=false
wx 0f1f440000b8210000c1ebfdbb2c000000ebf0
af
s 0x4
so -1
s
s 0x4
so -2
s
EOF
EXPECT=<<EOF
0x3
0x0
EOF
RUN

NAME=a8 analyze bytes
FILE=-
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
e asm.os=linux
a8 55|
EOF
EXPECT=<<EOF
address: 0x0
opcode: push rbp
esilcost: 24
disasm: push rbp
pseudo: push rbp
mnemonic: push
description: push word, doubleword or quadword onto the stack
mask: ff
prefix: 0
id: 588
bytes: 55
refptr: 0
size: 1
sign: false
type: rpush
cycles: 1
esil: rbp,8,rsp,-,=[8],8,rsp,-=
family: cpu
stackop: inc
stackptr: 8
EOF
RUN

NAME=af jmp after ret
FILE=malloc://512
CMDS=<<EOF
e anal.hasnext=0
e asm.arch=x86
e asm.bits=64
wx b8010000004839ca7f26b8ffffffff4839ca7c1c498b4838498b5138b8010000004839ca7f0ab8ffffffff4839ca7d025dc34883c7684883c6685dc3
af
afl~?
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=af jmp after ret
FILE=malloc://512
CMDS=<<EOF
e anal.hasnext=0
e asm.arch=x86
e asm.bits=64
wx b8010000004839ca7f26b8ffffffff4839ca7c1c498b4838498b5138b8010000004839ca7f0ab8ffffffff4839ca7d025dc34883c7684883c6685dc3
af
afl~?
afl~[2]
EOF
EXPECT=<<EOF
1
60
EOF
RUN

NAME=Windows Function EMU LoadStringA
FILE=bins/pe/standard.exe
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
e asm.os=windows
e asm.emu=true
e emu.write=true
e asm.bytes=0
e asm.cmt.col=20
e asm.lines.bb=false
e io.cache=true
aeim
s 0x00402aee
pd 10~?int LoadStringA
EOF
EXPECT=<<EOF
1
EOF
RUN

NAME=Linux fcnsign test
FILE=bins/elf/analysis/ls-linux64
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
e asm.os=linux
e asm.emu=true
e emu.write=true
e asm.bytes=0
e asm.cmt.col=20
e asm.lines.bb=false
e asm.lines.fcn=false
aa
aeim
s 0x00003cb8-0x30
pd 20~env
EOF
EXPECT=<<EOF
0x00003cb8      call sym.imp.getenv ; rsp=0x177fe8 -> 0x464c457f ; rip=0x3430 -> 0x97fa25ff
                    ; char *getenv("COLUMNS")
EOF
RUN

NAME=sar on x86-64
FILE=-
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
e anal.hasnext=0
# testing mov eax, -4 sar
wx 48c7c0fcffffff 48d1f8 48d1f8 48d1f8 48d1f8 48d1f8 48d1f8
aes
dr?rax
aes
dr?rax
aes
dr?rax
aes
dr?rax
EOF
EXPECT=<<EOF
0xfffffffffffffffc
0xfffffffffffffffe
0xffffffffffffffff
0xffffffffffffffff
EOF
RUN

NAME=aes
FILE=-
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
e anal.hasnext=0
wx 48c7c0fcffffff 48d1f8 48d1f8 48d1f8
aes
dr?rax
aes
dr?rax
aes
dr?rax
EOF
EXPECT=<<EOF
0xfffffffffffffffc
0xfffffffffffffffe
0xffffffffffffffff
EOF
RUN

NAME=x86-64 after unknown jmp
FILE=bins/elf/analysis/ls-linux64
CMDS=<<EOF
s 0x5c50
af
pif
EOF
EXPECT=<<EOF
lea rdi, loc._edata
lea rax, [0x0021d28f]
push rbp
sub rax, rdi
mov rbp, rsp
cmp rax, 0xe
jbe 0x5c80
mov rax, qword [reloc._ITM_deregisterTMCloneTable]
test rax, rax
je 0x5c80
pop rbp
jmp rax
nop word [rax + rax]
pop rbp
ret
EOF
RUN

NAME=t.anal/x86/aap
FILE=bins/mach0/ls-osx-x86_64
CMDS=<<EOF
f-sym.func.*
aap
pi 2 @ fcn.1000010f8
EOF
EXPECT=<<EOF
push rbp
mov rbp, rsp
EOF
RUN

NAME=mac-ls switch count
FILE=bins/mach0/ls-osx-x86_64
CMDS=<<EOF
e anal.jmp.tbl=true
af
f~switch
EOF
EXPECT=<<EOF
0x100001527 1 switch.0x100001527
EOF
RUN

NAME=gcc_5.5.0_64 switch/case flags, meta, hints, etc.
FILE=bins/jmptbl/test_gcc_5.5.0_64.out
CMDS=<<EOF
aaa
f~switch
f~case.
C~Cd 4
ah
axf 0x59d
afb 0x59d
EOF
EXPECT=<<EOF
0x0000059d 1 switch.0x0000059d
0x0000059f 1 case.0x59d.13
0x000005b2 1 case.0x59d.1
0x000005c0 1 case.0x59d.2
0x000005c0 1 case.0x59d.3
0x000005c0 1 case.0x59d.4
0x000005ce 1 case.0x59d.5
0x000005dc 1 case.0x59d.6
0x000005ea 1 case.0x59d.7
0x000005f8 1 case.0x59d.9
0x00000606 1 case.0x59d.11
0x00000614 1 case.0x59d.12
0x00000622 1 case.0x59d.0
0x00000622 1 case.0x59d.8
0x00000622 1 case.0x59d.10
0x00000622 1 case.default.0x59d
0x00000844 data Cd 4
0x00000848 data Cd 4
0x0000084c data Cd 4
0x00000850 data Cd 4
0x00000854 data Cd 4
0x00000858 data Cd 4
0x0000085c data Cd 4
0x00000860 data Cd 4
0x00000864 data Cd 4
0x00000868 data Cd 4
0x0000086c data Cd 4
0x00000870 data Cd 4
0x00000874 data Cd 4
0x00000878 data Cd 4
 0x00000844 => immbase=10
 0x00000848 => immbase=10
 0x0000084c => immbase=10
 0x00000850 => immbase=10
 0x00000854 => immbase=10
 0x00000858 => immbase=10
 0x0000085c => immbase=10
 0x00000860 => immbase=10
 0x00000864 => immbase=10
 0x00000868 => immbase=10
 0x0000086c => immbase=10
 0x00000870 => immbase=10
 0x00000874 => immbase=10
 0x00000878 => immbase=10
c 0x59f case.0x59d.13
c 0x5b2 case.0x59d.1
c 0x5c0 case.0x59d.2
c 0x5ce case.0x59d.5
c 0x5dc case.0x59d.6
c 0x5ea case.0x59d.7
c 0x5f8 case.0x59d.9
c 0x606 case.0x59d.11
c 0x614 case.0x59d.12
c 0x622 case.0x59d.0
0x00000580 0x0000058d 00:0000 13 j 0x00000622 f 0x0000058d
0x0000058d 0x0000059f 00:0000 18 s 0x00000622 s 0x000005b2 s 0x000005c0 s 0x000005ce s 0x000005dc s 0x000005ea s 0x000005f8 s 0x00000606 s 0x00000614 s 0x0000059f
0x0000059f 0x000005ab 00:0000 12 j 0x000005ab
0x000005ab 0x000005b2 00:0000 7
0x000005b2 0x000005c0 00:0000 14 j 0x000005ab
0x000005c0 0x000005ce 00:0000 14 j 0x000005ab
0x000005ce 0x000005dc 00:0000 14 j 0x000005ab
0x000005dc 0x000005ea 00:0000 14 j 0x000005ab
0x000005ea 0x000005f8 00:0000 14 j 0x000005ab
0x000005f8 0x00000606 00:0000 14 j 0x000005ab
0x00000606 0x00000614 00:0000 14 j 0x000005ab
0x00000614 0x00000622 00:0000 14 j 0x000005ab
0x00000622 0x00000633 00:0000 17 j 0x000005ab
EOF
RUN

NAME=gcc_7.2.0_64 switch/case flags
FILE=bins/jmptbl/test_gcc_7.2.0_64.out
CMDS=<<EOF
aaa
f~switch
f~case.
EOF
EXPECT=<<EOF
0x0000054d 1 switch.0x0000054d
0x0000054f 1 case.0x54d.13
0x00000562 1 case.0x54d.1
0x00000570 1 case.0x54d.2
0x00000570 1 case.0x54d.3
0x00000570 1 case.0x54d.4
0x0000057e 1 case.0x54d.5
0x0000058c 1 case.0x54d.6
0x0000059a 1 case.0x54d.7
0x000005a8 1 case.0x54d.9
0x000005b6 1 case.0x54d.11
0x000005c4 1 case.0x54d.12
0x000005d2 1 case.0x54d.0
0x000005d2 1 case.0x54d.8
0x000005d2 1 case.0x54d.10
0x000005d2 1 case.default.0x54d
EOF
RUN

NAME=clang_3.8_64 switch/case flags
FILE=bins/jmptbl/test_clang_3.8_64.out
CMDS=<<EOF
aaa
f~switch
f~case.
EOF
EXPECT=<<EOF
0x004004d8 1 switch.0x004004d8
0x004004df 1 case.0x4004d8.1
0x004004df 1 case.0x4004d8.2
0x004004df 1 case.0x4004d8.3
0x004004e6 1 case.0x4004d8.0
0x004004ed 1 case.0x4004d8.4
0x004004f4 1 case.0x4004d8.5
0x004004fb 1 case.0x4004d8.6
0x00400502 1 case.0x4004d8.7
0x00400502 1 case.0x4004d8.9
0x00400502 1 case.default.0x4004d8
0x00400509 1 case.0x4004d8.8
0x00400510 1 case.0x4004d8.10
0x00400517 1 case.0x4004d8.11
0x0040051e 1 case.0x4004d8.12
EOF
RUN

NAME=clang_5.0_64 switch/case flags
FILE=bins/jmptbl/test_clang_5.0_64.out
CMDS=<<EOF
aaa
f~switch
f~case.
EOF
EXPECT=<<EOF
0x004004c8 1 switch.0x004004c8
0x004004cf 1 case.0x4004c8.1
0x004004cf 1 case.0x4004c8.2
0x004004cf 1 case.0x4004c8.3
0x004004d6 1 case.0x4004c8.0
0x004004dd 1 case.0x4004c8.4
0x004004e4 1 case.0x4004c8.5
0x004004eb 1 case.0x4004c8.6
0x004004f2 1 case.0x4004c8.7
0x004004f2 1 case.0x4004c8.9
0x004004f2 1 case.default.0x4004c8
0x004004f9 1 case.0x4004c8.8
0x00400500 1 case.0x4004c8.10
0x00400507 1 case.0x4004c8.11
0x0040050e 1 case.0x4004c8.12
EOF
RUN

NAME=msvc_1700_64 switch/case flags
FILE=bins/jmptbl/test_msvc_1700_64.exe
CMDS=<<EOF
aaa
f~switch
f~case.
EOF
EXPECT=<<EOF
0x140001023 1 switch.0x140001023
0x140004b01 1 switch.0x140004b01
0x140001025 1 case.0x140001023.0
0x140001038 1 case.0x140001023.1
0x140001038 1 case.0x140001023.2
0x140001038 1 case.0x140001023.3
0x14000104b 1 case.0x140001023.4
0x14000105e 1 case.0x140001023.5
0x140001071 1 case.0x140001023.6
0x140001084 1 case.0x140001023.8
0x140001097 1 case.0x140001023.10
0x1400010aa 1 case.0x140001023.11
0x1400010bd 1 case.0x140001023.12
0x1400010d0 1 case.0x140001023.7
0x1400010d0 1 case.0x140001023.9
0x1400010d0 1 case.default.0x140001023
0x140004a40 1 case.default.0x140004b01
0x140004b47 1 case.0x140004b01.0
0x140004b4b 1 case.0x140004b01.1
0x140004b56 1 case.0x140004b01.2
0x140004b62 1 case.0x140004b01.3
0x140004b77 1 case.0x140004b01.4
0x140004b80 1 case.0x140004b01.5
0x140004b92 1 case.0x140004b01.6
0x140004ba5 1 case.0x140004b01.7
0x140004bc1 1 case.0x140004b01.8
0x140004bcb 1 case.0x140004b01.9
0x140004bde 1 case.0x140004b01.10
0x140004bf2 1 case.0x140004b01.11
0x140004c0f 1 case.0x140004b01.12
0x140004c20 1 case.0x140004b01.13
0x140004c3a 1 case.0x140004b01.14
0x140004c55 1 case.0x140004b01.15
0x140004c79 1 case.0x140004b01.16
EOF
RUN

NAME=test_switch_indirect.exe switch/case flags
FILE=bins/jmptbl/test_switch_indirect.exe
CMDS=<<EOF
s main
af
e asm.lines = false
pdf~case
EOF
EXPECT=<<EOF
0x140001012      0f871a010000   ja case.0x140001034.2
0x140001034      ffe1           jmp rcx                                ; switch table (99 cases) at 0x140001148
;-- case 0:                                                            ; from 0x140001034
0x140001036      488d0dd31100.  lea rcx, str.case_1                    ; 0x140002210 ; "case 1"
;-- case 1:                                                            ; from 0x140001034
0x14000104b      488d0dc61100.  lea rcx, str.case_2                    ; 0x140002218 ; "case 2"
;-- case 10:                                                           ; from 0x140001034
0x140001060      488d0db91100.  lea rcx, str.case_11                   ; 0x140002220 ; "case 11"
;-- case 12:                                                           ; from 0x140001034
0x140001075      488d0dac1100.  lea rcx, str.case_13                   ; 0x140002228 ; "case 13"
;-- case 14...15:                                                      ; from 0x140001034
0x14000108a      488d0d9f1100.  lea rcx, str.case_15_and_16            ; 0x140002230 ; "case 15 and 16"
;-- case 18:                                                           ; from 0x140001034
0x14000109f      488d0d9a1100.  lea rcx, str.case_19                   ; 0x140002240 ; "case 19"
;-- case 49:                                                           ; from 0x140001034
0x1400010b4      488d0d8d1100.  lea rcx, str.case_50                   ; 0x140002248 ; "case 50"
;-- case 29:                                                           ; from 0x140001034
0x1400010c9      488d0d801100.  lea rcx, str.case_30                   ; 0x140002250 ; "case 30"
;-- case 19:                                                           ; from 0x140001034
0x1400010de      488d0d731100.  lea rcx, str.case_20                   ; 0x140002258 ; "case 20"
;-- case 9:                                                            ; from 0x140001034
0x1400010f3      488d0d661100.  lea rcx, str.case_10                   ; 0x140002260 ; "case 10"
;-- case 98:                                                           ; from 0x140001034
0x140001108      488d0d591100.  lea rcx, str.case_99                   ; 0x140002268 ; "case 99"
;-- case 96:                                                           ; from 0x140001034
0x14000111d      488d0d4c1100.  lea rcx, str.case_97                   ; 0x140002270 ; "case 97"
;-- case 2...8:                                                        ; from 0x140001034
;-- case 11:                                                           ; from 0x140001034
;-- case 13:                                                           ; from 0x140001034
;-- case 17:                                                           ; from 0x140001034
;-- case 21...28:                                                      ; from 0x140001034
;-- case 30:                                                           ; from 0x140001034
;-- case 31...48:                                                      ; from 0x140001034
;-- case 50:                                                           ; from 0x140001034
;-- case 51...95:                                                      ; from 0x140001034
;-- case 97:                                                           ; from 0x140001034
EOF
RUN

NAME=msvc_1900_64 switch/case flags
FILE=bins/jmptbl/test_msvc_1900_64.exe
CMDS=<<EOF
aaa
f~switch
f~case.
EOF
EXPECT=<<EOF
0x140001023 1 switch.0x140001023
0x1400095b4 1 switch.0x1400095b4
0x14000c185 1 switch.0x14000c185
0x140001025 1 case.0x140001023.0
0x140001038 1 case.0x140001023.1
0x140001038 1 case.0x140001023.2
0x140001038 1 case.0x140001023.3
0x14000104b 1 case.0x140001023.4
0x14000105e 1 case.0x140001023.5
0x140001071 1 case.0x140001023.6
0x140001084 1 case.0x140001023.8
0x140001097 1 case.0x140001023.10
0x1400010aa 1 case.0x140001023.11
0x1400010bd 1 case.0x140001023.12
0x1400010d0 1 case.0x140001023.7
0x1400010d0 1 case.0x140001023.9
0x1400010d0 1 case.default.0x140001023
0x1400095b6 1 case.0x1400095b4.0
0x1400095bd 1 case.0x1400095b4.1
0x1400095c4 1 case.0x1400095b4.2
0x1400095cb 1 case.0x1400095b4.3
0x1400095d2 1 case.0x1400095b4.4
0x1400095d9 1 case.0x1400095b4.5
0x1400095e0 1 case.0x1400095b4.6
0x1400095e7 1 case.0x1400095b4.7
0x1400095ee 1 case.0x1400095b4.8
0x1400095f5 1 case.0x1400095b4.9
0x1400095fc 1 case.0x1400095b4.10
0x140009603 1 case.0x1400095b4.11
0x14000960a 1 case.0x1400095b4.12
0x140009611 1 case.0x1400095b4.13
0x140009618 1 case.0x1400095b4.14
0x14000961d 1 case.default.0x1400095b4
0x14000c100 1 case.default.0x14000c185
0x14000c1d0 1 case.0x14000c185.0
0x14000c1d1 1 case.0x14000c185.2
0x14000c1d8 1 case.0x14000c185.8
0x14000c1df 1 case.0x14000c185.3
0x14000c1ef 1 case.0x14000c185.1
0x14000c1f5 1 case.0x14000c185.16
0x14000c200 1 case.0x14000c185.11
0x14000c21b 1 case.0x14000c185.4
0x14000c220 1 case.0x14000c185.5
0x14000c230 1 case.0x14000c185.6
0x14000c240 1 case.0x14000c185.7
0x14000c258 1 case.0x14000c185.13
0x14000c270 1 case.0x14000c185.9
0x14000c280 1 case.0x14000c185.10
0x14000c290 1 case.0x14000c185.12
0x14000c2a0 1 case.0x14000c185.14
0x14000c2c0 1 case.0x14000c185.15
EOF
RUN

NAME=./noncode
FILE=bins/mach0/ls-osx-x86_64
CMDS=<<EOF
e anal.noncode=false
afr
afl~?str.
EOF
EXPECT=<<EOF
0
EOF
RUN

NAME=./noncode
FILE=bins/mach0/ls-osx-x86_64
CMDS=<<EOF
e anal.noncode=false
e anal.calls=true
af
afl~?str.
EOF
EXPECT=<<EOF
0
EOF
RUN

NAME=Microsoft x64 CC Args/Vars
FILE=bins/pe/testx64.exe
CMDS=<<EOF
e asm.comments=0
e anal.vars.stackname=true
s 0x140001080
e anal.cc=ms
af
pdf
EOF
EXPECT=<<EOF
/ 82: fcn.140001080 (int64_t arg1, int64_t arg2, int64_t arg3, int64_t arg4);
|           ; var int64_t var_50h @ rsp+0x20
|           ; var int64_t var_20h @ rsp+0x50
|           ; var int64_t var_18h @ rsp+0x58
|           ; var int64_t var_10h @ rsp+0x60
|           ; var int64_t var_8h @ rsp+0x68
|           ; arg int64_t arg1 @ rcx
|           ; arg int64_t arg2 @ rdx
|           ; arg int64_t arg3 @ r8
|           ; arg int64_t arg4 @ r9
|           0x140001080      48894c2408     mov qword [var_20h], rcx
|           0x140001085      4889542410     mov qword [var_18h], rdx
|           0x14000108a      4c89442418     mov qword [var_10h], r8
|           0x14000108f      4c894c2420     mov qword [var_8h], r9
|           0x140001094      53             push rbx
|           0x140001095      56             push rsi
|           0x140001096      57             push rdi
|           0x140001097      4883ec30       sub rsp, 0x30
|           0x14000109b      488bf9         mov rdi, rcx
|           0x14000109e      488d742458     lea rsi, [var_18h]
|           0x1400010a3      33c9           xor ecx, ecx
|           0x1400010a5      ff15cd100000   call qword [sym.imp.api_ms_win_crt_stdio_l1_1_0.dll___acrt_iob_func]
|           0x1400010ab      488bd8         mov rbx, rax
|           0x1400010ae      e85dffffff     call fcn.140001010
|           0x1400010b3      4533c9         xor r9d, r9d
|           0x1400010b6      4889742420     mov qword [var_50h], rsi
|           0x1400010bb      4c8bc7         mov r8, rdi
|           0x1400010be      488bd3         mov rdx, rbx
|           0x1400010c1      488b08         mov rcx, qword [rax]
|           0x1400010c4      ff159e100000   call qword [sym.imp.api_ms_win_crt_stdio_l1_1_0.dll___stdio_common_vfscanf]
|           0x1400010ca      4883c430       add rsp, 0x30
|           0x1400010ce      5f             pop rdi
|           0x1400010cf      5e             pop rsi
|           0x1400010d0      5b             pop rbx
\           0x1400010d1      c3             ret
EOF
RUN

NAME=x86_64 show registers in table
FILE=-
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
ar=
EOF
EXPECT=<<EOF
    rax 0x00000000           rbx 0x00000000           rcx 0x00000000
    rdx 0x00000000           rsi 0x00000000           rdi 0x00000000
     r8 0x00000000            r9 0x00000000           r10 0x00000000
    r11 0x00000000           r12 0x00000000           r13 0x00000000
    r14 0x00000000           r15 0x00000000           rip 0x00000000
    rbp 0x00000000        rflags 0x00000000           rsp 0x00000000
EOF
RUN

NAME=x86_64 retpoline jmptbl
FILE=bins/elf/retpoline
CMDS=<<EOF
s 0x780
af
pdr~- case[2]
EOF
EXPECT=<<EOF
3:
2:
1:
0:
4:
EOF
RUN

NAME=x86_64 retpoline disabled jmptbl
FILE=bins/elf/retpoline
CMDS=<<EOF
e anal.jmp.retpoline = false
s 0x780
af
pdr~- case[2]
EOF
EXPECT=<<EOF
EOF
RUN

NAME=lea pseudo improvements (pseudo disabled)
FILE=-
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
e asm.comments=false
e asm.pseudo=false
wx 544889e5b40266b83333b85555444448b8bebafecaefbeadde4889d8488d03488b4308488d4308488d041b488d441b0a488d430a488d44240c488d450b488d45f5488d442404488d4508488d45f8
aa
pd 19
EOF
EXPECT=<<EOF
/ 512: fcn.00000000 (int64_t arg_8h, int64_t arg_bh, int64_t arg_ch);
|           ; var int64_t var_bh @ rbp-0xb
|           ; var int64_t var_8h @ rbp-0x8
|           ; arg int64_t arg_8h @ rbp+0x8
|           ; arg int64_t arg_bh @ rbp+0xb
|           ; var int64_t var_4h @ rsp+0x4
|           ; arg int64_t arg_ch @ rsp+0xc
|           0x00000000      54             push rsp
|           0x00000001      4889e5         mov rbp, rsp
|           0x00000004      b402           mov ah, 2
|           0x00000006      66b83333       mov ax, 0x3333
|           0x0000000a      b855554444     mov eax, 0x44445555
|           0x0000000f      48b8bebafeca.  movabs rax, 0xdeadbeefcafebabe
|           0x00000019      4889d8         mov rax, rbx
|           0x0000001c      488d03         lea rax, [rbx]
|           0x0000001f      488b4308       mov rax, qword [rbx + 8]
|           0x00000023      488d4308       lea rax, [rbx + 8]
|           0x00000027      488d041b       lea rax, [rbx + rbx]
|           0x0000002b      488d441b0a     lea rax, [rbx + rbx + 0xa]
|           0x00000030      488d430a       lea rax, [rbx + 0xa]
|           0x00000034      488d44240c     lea rax, [arg_ch]
|           0x00000039      488d450b       lea rax, [arg_bh]
|           0x0000003d      488d45f5       lea rax, [var_bh]
|           0x00000041      488d442404     lea rax, [var_4h]
|           0x00000046      488d4508       lea rax, [arg_8h]
|           0x0000004a      488d45f8       lea rax, [var_8h]
EOF
RUN

NAME=lea pseudo improvements (pseudo enabled)
FILE=-
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
e asm.comments=false
e asm.pseudo=true
wx 544889e5b40266b83333b85555444448b8bebafecaefbeadde4889d8488d03488b4308488d4308488d041b488d441b0a488d430a488d44240c488d450b488d45f5488d442404488d4508488d45f8
aa
pd 19
EOF
EXPECT=<<EOF
/ 512: fcn.00000000 (int64_t arg_8h, int64_t arg_bh, int64_t arg_ch);
|           ; var int64_t var_bh @ rbp-0xb
|           ; var int64_t var_8h @ rbp-0x8
|           ; arg int64_t arg_8h @ rbp+0x8
|           ; arg int64_t arg_bh @ rbp+0xb
|           ; var int64_t var_4h @ rsp+0x4
|           ; arg int64_t arg_ch @ rsp+0xc
|           0x00000000      54             push rsp
|           0x00000001      4889e5         rbp = rsp
|           0x00000004      b402           ah = 2
|           0x00000006      66b83333       ax = 0x3333
|           0x0000000a      b855554444     eax = 0x44445555
|           0x0000000f      48b8bebafeca.  rax = 0xdeadbeefcafebabe
|           0x00000019      4889d8         rax = rbx
|           0x0000001c      488d03         rax = rbx
|           0x0000001f      488b4308       rax = qword [rbx + 8]
|           0x00000023      488d4308       rax = rbx + 8
|           0x00000027      488d041b       rax = rbx + rbx
|           0x0000002b      488d441b0a     rax = rbx + rbx + 0xa
|           0x00000030      488d430a       rax = rbx + 0xa
|           0x00000034      488d44240c     rax = arg_ch
|           0x00000039      488d450b       rax = arg_bh
|           0x0000003d      488d45f5       rax = var_bh
|           0x00000041      488d442404     rax = var_4h
|           0x00000046      488d4508       rax = arg_8h
|           0x0000004a      488d45f8       rax = var_8h
EOF
RUN