From 073ed382b888b12000afc3bfdc129d1d68829e1a Mon Sep 17 00:00:00 2001 From: Farhanhusein Saiyed Date: Tue, 27 Jan 2026 19:38:39 +0530 Subject: [PATCH 1/4] Global variable chapter added --- .gitignore | 2 + _quarto.yml | 2 + src/configuration/global_variables.md | 117 ++++++++++++++++++++++++++ src/refcard/intro.md | 2 + 4 files changed, 123 insertions(+) create mode 100644 src/configuration/global_variables.md diff --git a/.gitignore b/.gitignore index 7f235865..d9f06796 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,5 @@ index.tex /site_libs/ /index_files/ /docs/* + +**/*.quarto_ipynb diff --git a/_quarto.yml b/_quarto.yml index f412dbe6..b8d0266c 100644 --- a/_quarto.yml +++ b/_quarto.yml @@ -40,6 +40,8 @@ book: - src/configuration/initial_scripts.md - src/configuration/compile_time_variables.md - src/configuration/run_time_variables.md + - src/configuration/global_variables.md + - part: "Basic Commands" chapters: diff --git a/src/configuration/global_variables.md b/src/configuration/global_variables.md new file mode 100644 index 00000000..2b298ab9 --- /dev/null +++ b/src/configuration/global_variables.md @@ -0,0 +1,117 @@ +# Global Variables (`avg` Commands) + +Global variables are declared outside of any function or block and are accessible throughout the entire program. They persist for the full duration of execution. + +In reverse engineering, identifying global variables: + +- Improves code readability +- Makes cross-references easier to follow +- Helps with data-flow and structure analysis + +**Important:** +> In Rizin, global variables are identified during analysis. +> Run `aa` or `aaa` before using `avg` commands, otherwise no globals will appear. + +The help command to list all `avg` commands is: `avg?` +``` + avgl[jqt] [] # show/list global variables + avga # add global variable manually + avgd # delete the global variable at the addr + avgm # delete global variable with name + avgn # rename the global variable + avgp # print the global variable value + avgt # change the global variable type + avgx[jq] # print all xrefs to the global variable +``` + + **Listing Global Variables** + + `avgl[jqt] ` This command will list all the global variables. + + ``` + avgl [] # show/list global variables + avglj [] # show/list global variables (JSON mode) + avglq [] # show/list global variables (quiet mode) + avglt [] # show/list global variables (table mode) + ``` + There are 3 modes of display. Which helps in a better analysis and view the variables. + + **Adding Global Variables** + + `avga ` This command lets you manually add global variables with their name and type. + + You use then when a global variables is missed during the analysis. Here `` means the datatype of the variable. Example int, char, long. + + Rizin Example : + + **Deleting Global Variables** + + `avgd ` This command deletes the global variable located at the given address. + + `avgm ` This command also lets you delete the global variable using its name. + + **Renaming Global Variables** + + `avgn ` This command lets you rename the global variables. + + **Printing Global Variables** + + `avgp ` This command prints the value of the variable. + + **Changing Variable Type** + + `avgt ` This command lets you change the data-type of the variable. + + Note: The correct data-type must be used which helps in improving output, cross-reference accuracy and structure recovery. + + **Cross-References to Global Variables** + + `avgx[jq] ` This command shows all the xrefs to the given global variable. + + ``` + avgx # print all xrefs to the global variable + avgxj # print all xrefs to the global variable (JSON mode) + avgxq # print all xrefs to the global variable (quiet mode) + ``` + There are two modes of display quiet and JSON. + + A working example on how the commands work. Lets take a sample file with no global variables. + + ``` + [0x00001040]> avglt +name type size address decl_file decl_line decl_col +―――――――――――――――――――――――――――――――――――――――――――――――――――― +[0x00001040]> avga test_variable int +[0x00001040]> avglt +name type size address decl_file decl_line decl_col +――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― +test_variable int 0x4 0x1040 - -1 -1 +[0x00001040]> avgp test_variable + int : 0x00001040 = 3644689736 +[0x00001040]> avgt test_variable char +[0x00001040]> avgp test_variable + char : 0x00001040 = 'H' +[0x00001040]> avgn test_variable renamed_variable +[0x00001040]> avglt +name type size address decl_file decl_line decl_col +―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― +renamed_variable char 0x1 0x1040 - -1 -1 +[0x00001040]> avgx renamed_variable +[0x00001040]> avgm renamed_variable +[0x00001040]> avglt +name type size address decl_file decl_line decl_col +―――――――――――――――――――――――――――――――――――――――――――――――――――― + ``` +### **What Was Done in This Example** + +- Ran `avglt` to check for existing global variables (none were present). +- Used `avga test_variable int` to manually create a new global variable of type `int`. +- Ran `avglt` again to confirm the variable was successfully added. +- Used `avgp test_variable` to print the value at that memory location as an `int`. +- Changed the variable type with `avgt test_variable char`. +- Printed the value again using `avgp test_variable`, now interpreted as a `char` (`'H'`), showing how type affects data interpretation. +- Renamed the variable using `avgn test_variable renamed_variable`. +- Ran `avglt` to verify the variable name and updated type were reflected. +- Used `avgx renamed_variable` to check for cross-references (none found since it was manually added). +- Deleted the variable using `avgm renamed_variable`. +- Ran `avglt` one final time to confirm the global variable list was empty again. \ No newline at end of file diff --git a/src/refcard/intro.md b/src/refcard/intro.md index 64f4d77a..eab8cacc 100644 --- a/src/refcard/intro.md +++ b/src/refcard/intro.md @@ -67,6 +67,8 @@ Global variables appear after auto-analysis or after adding them manually. | avgp name | Print global variable | | avgx name | Show xrefs to the global | +For more info check [this](/src/configuration/global_variables.md). + ## Information Binary files have information stored inside the headers. The `i` command uses the RzBin API and allows us to the same things rz-bin does. Those are the most common ones. From a4a074814f2c67531b8dcec63f16999f8e4a99cf Mon Sep 17 00:00:00 2001 From: Farhanhusein Saiyed Date: Mon, 2 Feb 2026 19:18:30 +0530 Subject: [PATCH 2/4] intro.md fix Co-authored-by: Rot127 <45763064+Rot127@users.noreply.github.com> --- src/refcard/intro.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/refcard/intro.md b/src/refcard/intro.md index eab8cacc..d59edd5f 100644 --- a/src/refcard/intro.md +++ b/src/refcard/intro.md @@ -67,7 +67,7 @@ Global variables appear after auto-analysis or after adding them manually. | avgp name | Print global variable | | avgx name | Show xrefs to the global | -For more info check [this](/src/configuration/global_variables.md). +For more info check the [global variable documentation](/src/configuration/global_variables.md). ## Information From 668eba6e691d2be203047b555c5de373d7d74e24 Mon Sep 17 00:00:00 2001 From: Farhanhusein Saiyed Date: Mon, 2 Feb 2026 21:41:57 +0530 Subject: [PATCH 3/4] Few changes --- src/configuration/global_variables.md | 93 +++++++++++---------------- 1 file changed, 38 insertions(+), 55 deletions(-) diff --git a/src/configuration/global_variables.md b/src/configuration/global_variables.md index 2b298ab9..53564dd3 100644 --- a/src/configuration/global_variables.md +++ b/src/configuration/global_variables.md @@ -1,4 +1,4 @@ -# Global Variables (`avg` Commands) +# Global Variables(`avg` Commands) Global variables are declared outside of any function or block and are accessible throughout the entire program. They persist for the full duration of execution. @@ -12,7 +12,7 @@ In reverse engineering, identifying global variables: > In Rizin, global variables are identified during analysis. > Run `aa` or `aaa` before using `avg` commands, otherwise no globals will appear. -The help command to list all `avg` commands is: `avg?` +The help command to list all `avg` commands is: `avg?` ``` avgl[jqt] [] # show/list global variables avga # add global variable manually @@ -24,10 +24,6 @@ The help command to list all `avg` commands is: `avg?` avgx[jq] # print all xrefs to the global variable ``` - **Listing Global Variables** - - `avgl[jqt] ` This command will list all the global variables. - ``` avgl [] # show/list global variables avglj [] # show/list global variables (JSON mode) @@ -40,23 +36,17 @@ The help command to list all `avg` commands is: `avg?` `avga ` This command lets you manually add global variables with their name and type. - You use then when a global variables is missed during the analysis. Here `` means the datatype of the variable. Example int, char, long. - - Rizin Example : - - **Deleting Global Variables** - - `avgd ` This command deletes the global variable located at the given address. - - `avgm ` This command also lets you delete the global variable using its name. + You use then when a global variables is missed during the analysis. Here `` means the datatype of the variable. Example: `int`, `char`, `long`. - **Renaming Global Variables** - - `avgn ` This command lets you rename the global variables. + This manually defines a global variable when Rizin’s automatic analysis did not detect it. **Printing Global Variables** - `avgp ` This command prints the value of the variable. + `avgp ` reads memory at the address of the specified global variable and displays its current value. + >In debug mode → shows the value at the current breakpoint. + + >Without debugging → shows the value stored in the binary. + **Changing Variable Type** @@ -64,45 +54,38 @@ The help command to list all `avg` commands is: `avg?` Note: The correct data-type must be used which helps in improving output, cross-reference accuracy and structure recovery. - **Cross-References to Global Variables** - - `avgx[jq] ` This command shows all the xrefs to the given global variable. - - ``` - avgx # print all xrefs to the global variable - avgxj # print all xrefs to the global variable (JSON mode) - avgxq # print all xrefs to the global variable (quiet mode) - ``` There are two modes of display quiet and JSON. - - A working example on how the commands work. Lets take a sample file with no global variables. - + + ### Example: + ``` +# Ran 'avglt' to check for existing global variables(none were present). + [0x00001040]> avglt + name type size address decl_file decl_line decl_col + ―――――――――――――――――――――――――――――――――――――――――――――――――――― + [0x00001040]> avga test_variable int + [0x00001040]> avglt + name type size address decl_file decl_line decl_col + ――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― + test_variable int 0x4 0x1040 - -1 -1 + [0x00001040]> avgp test_variable + int : 0x00001040 = 3644689736 + [0x00001040]> avgt test_variable char + [0x00001040]> avgp test_variable + char : 0x00001040 = 'H' + [0x00001040]> avgn test_variable renamed_variable [0x00001040]> avglt -name type size address decl_file decl_line decl_col -―――――――――――――――――――――――――――――――――――――――――――――――――――― -[0x00001040]> avga test_variable int -[0x00001040]> avglt -name type size address decl_file decl_line decl_col -――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― -test_variable int 0x4 0x1040 - -1 -1 -[0x00001040]> avgp test_variable - int : 0x00001040 = 3644689736 -[0x00001040]> avgt test_variable char -[0x00001040]> avgp test_variable - char : 0x00001040 = 'H' -[0x00001040]> avgn test_variable renamed_variable -[0x00001040]> avglt -name type size address decl_file decl_line decl_col -―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― -renamed_variable char 0x1 0x1040 - -1 -1 -[0x00001040]> avgx renamed_variable -[0x00001040]> avgm renamed_variable -[0x00001040]> avglt -name type size address decl_file decl_line decl_col -―――――――――――――――――――――――――――――――――――――――――――――――――――― + name type size address decl_file decl_line decl_col + ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― + renamed_variable char 0x1 0x1040 - -1 -1 + [0x00001040]> avgx renamed_variable + [0x00001040]> avgm renamed_variable + [0x00001040]> avglt + name type size address decl_file decl_line decl_col + ―――――――――――――――――――――――――――――――――――――――――――――――――――― ``` -### **What Was Done in This Example** + +### What Was Done in This Example - Ran `avglt` to check for existing global variables (none were present). - Used `avga test_variable int` to manually create a new global variable of type `int`. @@ -114,4 +97,4 @@ name type size address decl_file decl_line decl_col - Ran `avglt` to verify the variable name and updated type were reflected. - Used `avgx renamed_variable` to check for cross-references (none found since it was manually added). - Deleted the variable using `avgm renamed_variable`. -- Ran `avglt` one final time to confirm the global variable list was empty again. \ No newline at end of file +- Ran `avglt` one final time to confirm the global variable list was empty again. From d490741635fab2d68032fc81b3786dfe6eeedddd Mon Sep 17 00:00:00 2001 From: Farhan Saiyed Date: Fri, 27 Mar 2026 21:37:36 +0530 Subject: [PATCH 4/4] Minor change --- src/configuration/global_variables.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/configuration/global_variables.md b/src/configuration/global_variables.md index 53564dd3..ca9731e8 100644 --- a/src/configuration/global_variables.md +++ b/src/configuration/global_variables.md @@ -43,10 +43,6 @@ The help command to list all `avg` commands is: `avg?` **Printing Global Variables** `avgp ` reads memory at the address of the specified global variable and displays its current value. - >In debug mode → shows the value at the current breakpoint. - - >Without debugging → shows the value stored in the binary. - **Changing Variable Type**