diff --git a/.gitignore b/.gitignore index 7f235865..d9f06796 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,5 @@ index.tex /site_libs/ /index_files/ /docs/* + +**/*.quarto_ipynb diff --git a/_quarto.yml b/_quarto.yml index f412dbe6..c1995c0d 100644 --- a/_quarto.yml +++ b/_quarto.yml @@ -38,6 +38,7 @@ book: - src/configuration/colors.md - src/configuration/evars.md - src/configuration/initial_scripts.md + - src/configuration/global_variables.md - src/configuration/compile_time_variables.md - src/configuration/run_time_variables.md diff --git a/src/configuration/global_variables.md b/src/configuration/global_variables.md new file mode 100644 index 00000000..fa32c335 --- /dev/null +++ b/src/configuration/global_variables.md @@ -0,0 +1,117 @@ +# Global Variables (`avg` Commands) + +Global variables are declared outside of any function or block and are accessible throughout the entire program. They persist for the full duration of execution. + +In reverse engineering, identifying global variables: + +- Improves code readability +- Makes cross-references easier to follow +- Helps with data-flow and structure analysis + +**Important:** +> In Rizin, global variables are identified during analysis. +> Run `aa` or `aaa` before using `avg` commands, otherwise no globals will appear. + +The help command to list all `avg` commands is: `avg?` +``` + avgl[jqt] [] # show/list global variables + avga # add global variable manually + avgd # delete the global variable at the addr + avgm # delete global variable with name + avgn # rename the global variable + avgp # print the global variable value + avgt # change the global variable type + avgx[jq] # print all xrefs to the global variable +``` + + **Listing Global Variables** + + `avgl[jqt] ` This command will list all the global variables. + + ``` + avgl [] # show/list global variables + avglj [] # show/list global variables (JSON mode) + avglq [] # show/list global variables (quiet mode) + avglt [] # show/list global variables (table mode) + ``` + There are 3 modes of display. Which helps in a better analysis and view the variables. + + **Adding Global Variables** + + `avga ` This command lets you manually add global variables with their name and type. + + You use then when a global variables is missed during the analysis. Here `` means the datatype of the variable. Example int, char, long. + + Rizin Example : + + **Deleting Global Variables** + + `avgd ` This command deletes the global variable located at the given address. + + `avgm ` This command also lets you delete the global variable using its name. + + **Renaming Global Variables** + + `avgn ` This command lets you rename the global variables. + + **Printing Global Variables** + + `avgp ` This command prints the value of the variable. + + **Changing Variable Type** + + `avgt ` This command lets you change the data-type of the variable. + + Note: The correct data-type must be used which helps in improving output, cross-reference accuracy and structure recovery. + + **Cross-References to Global Variables** + + `avgx[jq] ` This command shows all the xrefs to the given global variable. + + ``` + avgx # print all xrefs to the global variable + avgxj # print all xrefs to the global variable (JSON mode) + avgxq # print all xrefs to the global variable (quiet mode) + ``` + There are two modes of display quiet and JSON. + + A working example on how the commands work. Lets take a sample file with no global variables. + + ``` + [0x00001040]> avglt +name type size address decl_file decl_line decl_col +―――――――――――――――――――――――――――――――――――――――――――――――――――― +[0x00001040]> avga test_variable int +[0x00001040]> avglt +name type size address decl_file decl_line decl_col +――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― +test_variable int 0x4 0x1040 - -1 -1 +[0x00001040]> avgp test_variable + int : 0x00001040 = 3644689736 +[0x00001040]> avgt test_variable char +[0x00001040]> avgp test_variable + char : 0x00001040 = 'H' +[0x00001040]> avgn test_variable renamed_variable +[0x00001040]> avglt +name type size address decl_file decl_line decl_col +―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― +renamed_variable char 0x1 0x1040 - -1 -1 +[0x00001040]> avgx renamed_variable +[0x00001040]> avgm renamed_variable +[0x00001040]> avglt +name type size address decl_file decl_line decl_col +―――――――――――――――――――――――――――――――――――――――――――――――――――― + ``` +### **What Was Done in This Example** + +- Ran `avglt` to check for existing global variables (none were present). +- Used `avga test_variable int` to manually create a new global variable of type `int`. +- Ran `avglt` again to confirm the variable was successfully added. +- Used `avgp test_variable` to print the value at that memory location as an `int`. +- Changed the variable type with `avgt test_variable char`. +- Printed the value again using `avgp test_variable`, now interpreted as a `char` (`'H'`), showing how type affects data interpretation. +- Renamed the variable using `avgn test_variable renamed_variable`. +- Ran `avglt` to verify the variable name and updated type were reflected. +- Used `avgx renamed_variable` to check for cross-references (none found since it was manually added). +- Deleted the variable using `avgm renamed_variable`. +- Ran `avglt` one final time to confirm the global variable list was empty again. diff --git a/src/introduction/windows_compilation.md b/src/introduction/windows_compilation.md index 41999b54..7fcbe340 100644 --- a/src/introduction/windows_compilation.md +++ b/src/introduction/windows_compilation.md @@ -22,9 +22,10 @@ Visual Studio must be installed with a Visual C++ compiler, supporting C++ libra If you need a copy of Visual Studio, the Community versions are free and work great. -* [Download Visual Studio 2015 Community (registration required)](https://my.visualstudio.com/Downloads?q=Visual%20Studio%202015%20with%20Update%203) -* [Download Visual Studio 2017 Community](https://visualstudio.microsoft.com/downloads/) -* [Download Visual Studio 2019 Community](https://visualstudio.microsoft.com/downloads/) +* [Download Visual Studio 2015 Community (registration required)](https://my.visualstudio.com/Downloads?q=visual%20studio%202015&wt.mc_id=o~msft~vscom~older-downloads) +* [Download Visual Studio 2017 Community](https://my.visualstudio.com/Downloads?q=visual%20studio%202017&wt.mc_id=o~msft~vscom~older-downloads) +* [Download Visual Studio 2019 Community](https://my.visualstudio.com/Downloads?q=visual%20studio%202019&wt.mc_id=o~msft~vscom~older-downloads) +* [Download Visual Studio 2022 Community](https://my.visualstudio.com/Downloads?q=visual%20studio%202022&wt.mc_id=o~msft~vscom~older-downloads) #### Install Python 3 and Meson/Ninja via Conda It is strongly recommended you install Conda — a Python environment management system — when working with Python on the Windows platform. This will isolate the Rizin build environment from other installed Python versions and minimize potential conflicts. @@ -96,6 +97,12 @@ Compiled binaries will be installed into the `dest` folder. Note 3: Change `2017` to `2019` if you are using Visual Studio 2019. `"%ProgramFiles(x86)%\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars32.bat"` + + * **Visual Studio 2022:** + + Note: For the 32-bit version change only the `x64` at the very end of the command to `x86`. + + `call "C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvarsall.bat" x64` * **Visual Studio Preview:** diff --git a/src/refcard/intro.md b/src/refcard/intro.md index 64f4d77a..eab8cacc 100644 --- a/src/refcard/intro.md +++ b/src/refcard/intro.md @@ -67,6 +67,8 @@ Global variables appear after auto-analysis or after adding them manually. | avgp name | Print global variable | | avgx name | Show xrefs to the global | +For more info check [this](/src/configuration/global_variables.md). + ## Information Binary files have information stored inside the headers. The `i` command uses the RzBin API and allows us to the same things rz-bin does. Those are the most common ones.