0

In Radare2, it should be possible, in visual mode, with the cursor active (press c), to increment and decrement a single byte of raw machine code. While doing this, it should update in real time the new assembled machine code, e.g. incrementing 0x50 to 0x51, 0x52, etc. should result in various PUSH opcodes.

I thought this was done by pushing + and - to increment and decrement, respectively, but I find that it doesn't work. I also find it hard to find this particular information in the manual.

Am I remembering it wrong, from previous versions, or has it changed since then?

Note, I'm not asking about how to do to this using "wa" or similar commands to assemble new assembly statements, I just want to increment and decrement single bytes as a convenient way to instantly change the machine code on the fly.

AttributedTensorField
  • 803
  • 1
  • 8
  • 15

1 Answers1

2

ENVIRONMENT

  • Radare2: 4.5.0-git 24843 @ darwin-x86-64 git.4.4.0-125-g561989265 commit: 5619892652d7dce87458d77962777331c28275a6 build: 2020-05-04__09:53:49
  • System: macOS Catalina Version 10.15.4

SOLUTION

  • Start radare2 with the "-w" flag which "open(s) file in write mode"
user@host:~$ r2 -w /file/to/analyze.x
  • Analyze the file: 
[0x100001060]> aaaa
  • Switch to visual mode with cursor:
[0x100001060]> Vpc
  • Plus/Minus to increment/decrement opcodes:
+
-

EXAMPLE

enter image description here enter image description here enter image description here enter image description here

Kuma
  • 427
  • 5
  • 17
  • What exactly does Vpc do? When I re-enter Vpc after exiting visual mode, I get a different mode in radare2. – AttributedTensorField May 30 '20 at 14:30
  • V: opens visual mode p: changes the view / page in visual mode c: toggles the cursor mode Note all three of these commands could be used separately first enter V, then p, then c – Kuma Jun 01 '20 at 02:12