Authors

Dennis Goodlett Dennis Goodlett Francesco Tamagni Jose Antonio Romero Jules Maselbas Jules Maselbas Koh M. Nakagawa Lazula Mewt R MewtR Mohamed Lemine Ould El-Hadj Murphy Murphy Murphy Pau Rodriguez-Estivill Richard Patel Siguza Sylvain Pelissier Sören Tempel Teutates Yaroslav Yuvraj Saxena Zhipeng Xue condret icy17 ksen-lin meme pancake

Changes

anal

• Support function arguments without a name
• Optimize RCore.analOp() lowers aa from 1m23 to 1m19
• Make aab even faster (39s -> 32s)
• Fix #21340 - fix list of callrefs in afij
• Add some recently seen x86-32 preludes
• New 'aarr' command to reanalize all function refs
• Add support for DUP in esil_dfg
• Add fake =SN for gb to fix the missing =SN warning
• Implement esil-dfg support for POP
• Initial implementation of the aob/aobj commands
• Do not override anal.calls user settings in aaa
• Use a visited check to speedup recursive reference analysis
• Invalid call from warning is now a debug message
• Handle missing LDURH on arm.v35
• Add refs column in aflt listing and fix refs&xrefs counting apis
• Remove duplicated code adding a string reference during analysis
• Set refptr for Xtensa l32r opcode for better disassembly output

api

• Introduce the new R_CONST macros

arch

• Migrate cr16
• Migrate cris from anal to
• Update to the latest capstone for SH and arm64 improvements
• Move the riscv.cs plugin
• Improve v850 esil support
• Move the pic
• Move the anal.tricore
• Improve the NIOS arch plugin with regs, archinfo and invalid
• Move and improve the anal.alpha
• Move Vax plugin from anal
• Add Inferno Dis VM
• Move the bpf plugins
• Move anal.lm32
• Move the z80 plugin
• Add support for all-bits-set registers needed for LANAI
• Move the lanai plugin
• Fix the type used for the fini callback in r_arch_plugin_t
• Move the mcs96 plugin
• Fix #21325 - Do not assert when instantiating empty plugins
• Convert kvx analysis plugin into arch
• Add esil support for satadd, satadd_imm5, satsub and satsubr v850 instruction
• Handle wasm control flow errors better
• Wasm accept br out of if/else
• Refactor wasm into arch
• Move xtensa into the
• Initial re-import of the LUA bin parser and disassembler from extras
• Move the ws plugin and annotate the plans for 5.9
• Move or1k into the arch
• Add evm.sdb.txt with description
• Add esil support for mulh reg, reg v850 instruction
• Move anal.evm.cs into arch.evm
• Rename evm.cs to evm
• Add esil support for v850 stb, sth and stw instruction
• Add esil support for v850 ldb, ldh and ldw instruction

asm

• Add more conditional branch instructions for the arm64 assembler
• Implement conditional branch instruction for the arm64 assembler
• Improve armass64 for tbz/tbnz to handle relative instructions

bin

• Report errors when failing to patch relocs in the internal buffer
• Implement qword to better display patched relocs in macho
• Fix #21451 - Support IDREF in cf_dict parsing
• Apply macho relocs on the swizzled buffer if bin.cache is not set
• Find libswiftCore and libswiftDemangle in linux paths too
• Fix wrong check in dyldcache rebase v2 logic
• Add new fuzz.bin2 program and fix integer overflow for XTAC
• Prevent an oom in the macho when corrupted fields are involved
• Fix infinite loop in the xtac parser
• Fix oom in the LE parser
• Fix ELF parser hang on malformed .plt.got header
• Fix sign warnings in the elf parser spotted by msvc
• Fix absolute path resolution for dwarf source files
• Remove globals from the MSVC demangler
• Blindfix for some msvc demangling characters
• Fix Dis fuzz failure
• Add missing S_INIT_FUNC_OFFSETS definition for macho
• Add Inferno Dis VM
• Improve checks parsing dyldcache headers
• Fix missing types and paddr/vaddr issue in ihj
• Fix double free in class method handling
• Update dyld shared cache parser
• Better header checks for the MSX plugin
• Some fixes for the bin.msx plugin
• Add support for the XTAC file format
• Add XCOFF64 support
• Refix another null deref after 586af3f
• Improve code quality in some RBin plugins (1/n)
• Fix null deref when no signature is found
• Minor improvements to elf parse
• Fix memory leak when parsing DW_FORM_line_strp
• Use correct compilation directory for binaries that use DWARF before version 5
• Fix heap overflow in the swift parser

build

• Add --with-new-io-cache configure and meson flags
• Use acr-2.1.0 new PKGCFG_DO to speedup pkg-config file generation
• Fix libdir and includedir in the pkgconfig templates with latest acr
• Fix #21375 - Generate .sdb files properly for syscalls with meson
• Fix #21332 - Add missing use_sys_openssl option for meson
• Fix #21287 - compilation with .c in path
• Clear SSL (C|LD)FLAGS if not willing to use SSL at all
• Fix 'no rule to make libcapstone.a' error
• Fix meson build with x86 option arch
• Check for linux/can.h at configure time
• meson: install rasign2.1 man page too
• Fixes for the offline tarball generation

ci

• Abidiff shouldnt check internal structs like the capstone ones
• Remove broken github counters and introduce the sys/counters.sh
• Add pkg-config for macos-test
• Add pkg-config for macOS via brew
• Upgrade to abidiff 2.2
• Remove LGTM, it's no longer available

cleanup

• Remove all char* casts in free

cons

• Fix scr.html when using bold attribute in scr.color=1

core

• Support R2_PREFIX env var to override compile-time PREFIX
• Use single quote instead of "" for RCore.call()
• Fix command injection bugs in patch scripts

crash

• Fix oob in we command
• Fix null deref in omr with no maps
• Fix null deref in fuzzed omt command
• Fix uaf in r_asm_op_get_hex
• Fix UAF in y-;q and assert with 0 size functions
• Fix uaf caused by RRegItem.free instead of .unref
• Fix oom in the nso parser
• Fix uaf in xtac and check for more vector allocation failures
• Fix unchecked vector allocation in wasm
• Fix oom spotted in the wasm bin parser and other stylish things
• Fix segfault when saving a project with no write perms in home
• Fix oobread in dwarf5 parser
• Fix #21363 - null deref in the wasm disassembler
• Fix use after free in RStr.replaceAll()
• Fix null deref in aeg command

debug

• Fix setting registers in linux/rv64
• Fix retrieving registers on Linux/RV64
• Fix #21329 - do not include the privileged registers from the gdb profile

disasm

• Dont try to resolve strings on call destinations
• Fix instruction colors when '0' is at the end
• Deprecate the asm.minicols config variable
• Truncate invalid strings in disasm

dwarf

• Add CLLf command as an alias for 'list' and fix @@i

esil

• Avoid >64 bit shift left on 128bit registers
• Implement esil for arm64's brk and clarify TRAP usage
• Simplify the ESIL for x86 shift instruction
• Better nullchk and reduce dereferences in esil

globals

• Remove 2 globals from arch.or1k
• Remove 1 global from arch.snes

io

• Initial implementation of the io-write-cache command

json

• iCj always renders valid json, fixing a warning in iaito

lang

• Run the pending jobs in the qjs repl and expose r2pipe module
• Add fake 'r2papi' module for r2frida-compile scripts
• Implement ESM module loader for the QJS runtime
• Initial support for r_arch plugins via qjs
• Add support for NIM scripting on top of the QJS engine

magic

• Add Inferno Dis

panels

• Move Stack into Debug menu, and add Register columns output

print

• Improve the pseudo-decompilation output for !x86 and inlined gotos
• Fix duplicated source lines in CLLf output
• Honor hex.offset + hex.header
• Initial support for custom bitmap images

projects

• Add Pz[ie] command to import/export project in zip format

r2pm

• Fix support for builddir-less packages
• mkdir home plugin directory
• Add R2PM_DIR directive needed for tarball/zip packages
• mkdir(R2PM_BINDIR) before pkg install, so packages dont have to mkdir

search

• Magic depth starts at 0 now
• Remove global magic depth
• Honor esil.* options in RAnal.search
• Improve syscall detection in /as
• Fix #21339 - Fix syscall search when executed twice

shell

• Fix help message when write fails (omp -> omf)
• Fix #21380 - Refer to "? in /R for escaping chars
• Correctly align r_core_cmd_help_match output in inexact mode
• Update help message for ""? for ""@""
• Drastically reduce eUsage count...

Authors

0x8ff Apkunpacker Dennis Goodlett Fraser Price Jules Maselbas MewtR Mohamed Lemine Ould El-Hadj Ole André Vadla Ravnås Richard Patel Sylvain Pelissier Vitaly Bogdanov condret kyufie meme nmeum pancake pancake

Changes

anal

• Honor the micromips codealign, add missing =SN and cc
• Set indirect code refs from load instructions
• Make r_anal_optype_{to,from}_string use the same optypes array
• Rework of the function merging
• Add Plan 9 calling conventions
• Basic blocks are not modified if not initialized
• Add test for gb srcs/dsts json and valtype
• Fix multiple typos in ios-syscalls.txt

analysis

• Make r_anal_optype_{to,from}_string use the same optypes array
• Rework of the function merging

api

• Make r_str_casecmp() null-proof to fix weird crash on windows
• Implement RCore.cmdCallAt() + minor improve internal cmd calls
• Fix RFile.path() when $PATH contains no colon

arch

• Add esil support for v850 ei and di instructions
• Add esil support for v850 reti instruction
• Add esil support for v850 stsr instruction
• Add esil support for v850 ldsr instruction
• Blindfix for a glitch in the v850 disassembler
• Simplify esil generation of v850 bcond instructions
• Add esil support for v850 setf instruction
• Improve v850 esil support and fix some related bugs
• Fix asm.cpu=? when using arch plugins
• Fix rasm2 -a mips{.gnu} -b16 -e -c micro -d '4fe5'
• Move mcore into the arch
• Support micromips on both gnu and capstone plugins
• Move anal.propeller
• Add micromips cpu for the mips.gnu plugin
• Move nios2 away from anal
• Register RArch plugins to be loaded dynamically

asm

• Implement .extern directive in rasm2, fix other directives
• Fix ARM assembler for blt, ble, cmn, tst, and teq instructions

bin

• Fix null deref assert in the TE parser
• Fix unnecessary memory exhaustion in the elf parser
• Fix allocation crash in bin.symbols
• Support elf-micromips auto detection
• DWARF5 line header parsing
• License Plan 9 code as MIT
• Add Plan 9 line number information
• Fix load address of arm64 kernel

build

• Do not depend on strcasecmp in libzip, build fail on Centos7
• Upgrade v35arm64 to fix non-c99 compilation
• Update to the latest tinycc in the CI
• Remove the need for ios-include.tar.gz
• Use an authorized API call for the abi job to increase the rate limit
• Remove condition on 'linux-static' job
• Integrate ABI diffing into CI scripts
• Add --with-ssl-crypto, rename --with-openssl to --with-ssl
• meson: Install various missing files
• Use fakeroot if available when packaging for debian

build,

• Integrate ABI diffing into CI scripts

ci

• Upgrade CodeQL actions from v1 to v2
• Update the SPEC file and build RPM packages in the CI
• • Update the SPEC file and build RPM packages in the CI

crash

• Fix infinite loop and null derefs when calling pd from pd in Cr
• Blindfix with a hack and a workaround to fix an UAF in Cr
• Fix an UAF in the visual bit editor
• Fix null deref segfault in Vd1
• Fix UAF in oc
• Fix null deref in io.bank

debug

• Fix #8992 - Apply command line settings before initializing debug plugin
• Add required A0 register into x86 register profile provided by GDB
• Use proper type for the XMM register inside profile recieved
• Implement dpt. command to print the current selected process

disasm

• Optimize RAnal.kind() as its called many times with a large buffer from pd
• Bring back and improve the Cr command

doc

• Reference abidiff's ci usage in doc/abi.md
• Reference doc/abi in DEVELOPERS

esil

• Fix emulation of the arm64 tst instruction

fs

• Improve json output for mlj - mountpoint type and delta

globals

• Remove global in util/lib and just use RLogLevel

indent

• Balance spacings in braces

js

• Add experimental r2.cmd0 and r2.call0 for qjs
• Enable stack overflow check when recursive calls
• Improve error messages in the qjs repl
• Rename qjs's dir function to dump
• Support loading/unloading multiple QJS plugins
• Update typescript compiler and move r2plugin into r2
• Fix undefined behaviour in quickjs when casting double to int64
• Fix #21205 - Missing object definition for aoj
• Fix undefined behaviour in double->int cast
• Extra checks and enforce the singleton core plugin
• Improve typescript entrypoint logic detection
• Initial support for javascript core plugins
• Upgrade r2papi-ts from 0.0.4 to 0.0.10
• Support typescript Main namespace and pass --allowJs

json

• Fix #21205 - Missing object definition for aoj

lang

• Initial implementation of lang.s assembly scripting
• R_TH_LOCAL two globals in RLang.c
• Reestructure lib dependencies, add lang.asm plugin

perf

• Massage the bottleneck that was making r2dec super slow
• Some more likely hints in RCore.cmd from valgrind

print

• Fix pA and pA? (/A was moved into /a)
• Implement pvp and wvp to print and write pointers
• Fix fortune message for #md5 and add ph: variant of "ph "

qjs

• Add QJS_NOABORT option to avoid aborts

r2pm

• Improvements for r2pm when getcwd is null
• Add R2PM_NEEDS and auto-install system build deps if possible
• Fix git check before cloning the repo
• Fix R2PM_DEPS first time issue
• Report better errors on first r2pm setup
• Initial experimental support for portable qjs packages

search

• Implement tire algorithm in

shell

• Fix assert in ph
• Initial skeleton integration with GNU/Poke
• Fix profiling RCore.cmdCall() via ?t""
• Add help message for the quote command "?
• Implement LAj and LAq commands to list arch plugins
• Implement uname -h, -m, -b, -j ...
• Handle unknown subcommands for t
• pdrj shouldnt be modifying the current seek
• Add -j command as an alias for js:
• Add the ability to run qjs scripts with r2 -je

slides:xa

• Improve r2slides with title, colors and 2 column mode

test

• Update libfuzz build instructions
• Add the dwarf fuzzer program
• Add some test for ARM assembler

tools

• Add R2_DEBUG_NOPAPI env var
• Show error when passing un-even hexpair to rasm2

visual

• Fix (null) regression in visual bit editor's disasm
• Handle JK in bit editor to move 8 bytes fwd/backward

vuln

• Fix ANSI Escape Sequence Injection vulns via DWARF

Authors

0x8ff Alex Bender Anton Kochkov Axel Iota DaKnig Dennis Goodlett Dennis Goodlett Ernest Deák (Tino) Francesco Tamagni HighW4y2H3ll Hors Lars Haukli Lazula Matthias MewtR Miles Liu Mohamed Lemine Ould El-Hadj Murphy Ole André Vadla Ravnås Paul B Mahol Peter Meerwald-Stadler Quentin Kaiser RHL120 Sylvain Pelissier Sylvain Pelissier TheAllSeeingOwl condret iTrooz_ meme pancake pancake rax2 rhl120 schrotthaufen schrotthaufen singurty

Changes

abi

• RAnalOp.srcs,dsts are not pointers

anal

• Working apt and add apl to list function preludes
• Rename axj to axlj, because axj is for jmp refs
• Introduce anal.tailcall.delta and use flags for better metrics
• Improve the tailcall detection logic
• Improve warning that only seems to happen when anal.nopskip is set
• Always show all the archinfo, even when not provided by the plug
• Dont show analysis progress on non-interactive shells
• Add esil.dfg.mapinfo and esil.dfg.maps config vars
• Some more improvements to esil_dfg
• Fix size returned from r_anal_op
• Fix warning in aflj when parsing vargarg signatures
• Add register computed const pointer support for esil dfg
• Add memory computed const pointer support for esil dfg
• Introduce R_ANAL_ESIL_DFG_TAG_{REG,MEM}
• Use treebuf io plugin as memory access backed for esil_dfg
• Fix pickle asm rejecting empty strings
• Do not recurse noreturn inspection when !addr or -1
• Generalize vector instruction types instead of following intel-specific
• Add /au to search for unknown destination jmp/call
• Add anal.noret and refactor anal.noret.refs
• Fix #20827 - Show srcs/dsts in aoj
• Fix aae argument parsing regression in and improve help
• Add support for stack-computed const pointers in esil_dfg
• Fix anal.a2f in aac
• Increase default anal.depth from 64 to 128
• Clarify which commands are used on each aaaa line
• Fix anal.depth usage when analyzing one basic block
• Loongarch analysis bug fixes (bl, race condition)
• Implement aflxv and aflx? commands
• Run /azq in aaaa
• Fix long1,long4 pickle opcodes
• Fix #20798 - Fix bx after add lr,pc,0 in arm32
• Fix null pointer in aflxj
• Implement aflxj
• Add noreturn column in afll
• Use RPVector in RAnalOp src/dst to support ldm/stm/simd
• Fix pickle arch thinking 0 is 64 bit
• Don't show the linearsize in the afl output
• Add anal.vars.newstack - configurable improved stack-relative var

analysis

• Working apt and add apl to list function preludes
• Rename axj to axlj, because axj is for jmp refs
• Introduce anal.tailcall.delta and use flags for better metrics
• Improve the tailcall detection logic
• Improve warning that only seems to happen when anal.nopskip is set
• Always show all the archinfo, even when not provided by the plug
• Dont show analysis progress on non-interactive shells
• Do not recurse noreturn inspection when !addr or -1
• Generalize vector instruction types instead of following intel-specific
• Add /au to search for unknown destination jmp/call
• Add anal.noret and refactor anal.noret.refs
• Fix #20827 - Show srcs/dsts in aoj
• Fix aae argument parsing regression in and improve help
• Fix anal.a2f in aac
• Increase default anal.depth from 64 to 128
• Clarify which commands are used on each aaaa line
• Loongarch analysis bug fixes (bl, race condition)
• Implement aflxv and aflx? commands
• Run /azq in aaaa
• Add noreturn column in afll
• Add anal.vars.newstack - configurable improved stack-relative var

api

• Make RReg refcounted
• Implement {ctz|clz}{32|64} RNum
• Define RPluginMeta and RPluginStatus
• Add new RCore.cmdCallf() helper function
• Merge RParse into RAsm
• Refactor RLang api to use the new design
• Fix null deref on wrong api usage for RCore.cmdStr
• Moving more logic between asm, arch, parse and anal
• RAnalEsil -> REsil api refactor
• Deprecate reil and sysarch defines
• More refactorings and api redesigns in r_arch
• Remove eprintf calls in favor of R_LOG
• Implement RReg.clone()
• Deprecate r_str_dup() - related to #20959
• Rename RVector.len to RVector.length for consistency
• Remove the unnecessary RThread.CpuAffinity()
• Add portable NaN and INF defines for different float sizes
• Deprecate r_cons_eprintf and use R_LOG instead
• Rename RStr.home() to RFile.home() as part of the Plan
• Rename r_mem_memzero to r_mem_zero
• Prefer _tostring() instead of _to_string()
• Improve r_ref implementation with debugging support
• R_BIN_NM -> R_BIN_LANG
• Implement thread-safe refcounting - but disabled by default
• Deprecate the unused RFList
• Implement r_str_ntrim() and speedup r_str_trim() with it
• Initial implementation of RString (30% faster than RStrBuf)
• Implement r_sys_getenv_asint
• Add r_cons_is_initialized
• Boolify r_core_yank_file_all() and fix shadow var bug
• Add r_file_is_executable and r_file_extension apis
• Fix UB bug when using r_vector random access
• Change R_LOG_INFO to R_LOG_TODO where suitable
• Merge rhash into rcrypto and improve apis
• Fix memory leak in r_str_list_join()
• Boolify and rename some methods and fields from RFS
• Add .author field in all the RLang plugins
• Add a public api for the yank-unset action
• Constify the help

arch

• Add the arch.preludes() callback and new RSearchKeyword constructor
• Move anal.v850 to arch
• Fix counted string bug in pickle
• Fix negative unsigned cast in the xtensa disassembler
• Add RAnalOp.weakbytes() and move more analop apis to arch
• Move anal.xap into the arch
• Update tests and better arch.patch/modify callback
• Move anal.{6502,snes} into arch
• Kill RAsmOp, we can reuse RAnalOp in here
• Improve pickle disasm on invalid instructions
• Remove RAsmPlugin struct and add the 'aia' command to show archinfo
• Move the remaining asm plugins into the arch
• Minor plugin selection improvements
• Move asm.nasm into the arch
• Move asm.vasm into arch.any_vasm
• Assemble large pickle instructions
• Fix and move failing tests, reorder lib build
• Move the arm assembler plugin from asm to arch
• Temporary add RAnal as dependency for REgg
• Improve x86.nz assembler parsing and other bugs in rnum
• Initial implementation of the arch.any.as plugin
• Better handle of RNum errors for egg and arch.x86.nz
• Support reg+idx and idx+reg in x86.nz assembler
• Move the x86.nz plugin
• Fix asm.acur supporting arch, anal and asm plugins
• • Fix asm.acur supporting arch, anal and asm plugins
• Move anal_riscv to arch_riscv
• Fix rasm2 -LLL using the new multi-bits macros
• Introduce RSysBits and its packing/checking macros
• Implement archinfo() in RAnal.Plugin.tms320
• Deprecate the unused RArchPlugin.esil field
• Use PJ to return the list of mnemonics aoml in arm.v35
• Move anal.rsp to the new home
• Move anal.v810 into arch.v810
• Move pickle from anal to arch and add it to meson
• Remove anal.malbolge and fix CI r_esil issues
• Move the 'sh' plugin to the new home
• Honor plugin name in rate matching for RArch.use
• Move jdh8 from asm/anal to arch
• Unify RArchOp into RAnalOp using common include files
• Fix RArchOp.refptr from bool to int
• Bump cs5 to support FNOP on m68k
• Wire-up RArch into RAnalOp
• Fix arm64 plugin to work well with latest arm64 changes in capstone
• Use the latest capstone5-next with updated aarch64 support
• Copy anal_amd29k.c to rarch
• Change arch plugin definition
• Add some more arch config vars
• Introduce arch.endian config var
• Instantiate RArch in anal
• Introduce RArchConfig->decoder
• Add R_LIB_TYPE_ARCH and i4004 arch-plugin
• First arch plugin (arch.null), implement basic lib api
• Start moving EVM analysis from extras to core
• First implementation of r_arch decoder api
• Introduce the new r_arch library, just the skeleton
• Add some r_arch api declarations
• Initial commit on RArch structs

asm

• Deprecate more unused fields from RAsmPlugin
• Fix the parse.z80.pseudo plugin and add a test
• Remove the unused RAsm.binb
• Internal cleanup of asm.c, deprecate the disassembly callback
• Load cpu descriptions for multiarch plugins
• Fix rasm2 x86.nz for "xchg eax,eax" and add tests

bin

• Fix JSON encoding of section addresses
• Add test for cwd source listing, CLL and l...

Authors

Axel Iota Ben L Denis Ovsienko Dennis Goodlett Dennis Goodlett Francesco Tamagni Nikhil Saxena Paul B Mahol Richard Patel Seunghwan Chun Sylvain Pelissier adwait1-g condret erfur pancake pancake rax64

Changes

anal

• Define =SN for the sparc register profile and improve warning message
• Include bb instruction addresses in an array for abj
• Fix more tests to run outside x86-64
• Implement aflx and aflx* commands to re-analyze function callers
• Implement aflm. and aflm? to print the makefile-style function call summary
• Fix bug in esil_cfg
• Implement r_anal_esil_dfg_reg_is_const
• Fix quotes in pickle assembly
• Improve aab results by using section size
• Refactor esil new in cmd_anal
• Refactor ar set command to static func
• Fix '/gg' output
• Fix duplicate aarch64 syscalls
• Fix leak in 'aex' command.
• Fix compilation warning
• Silence compilation warning in show_reg_args()
• Fix leak in r_core_esil_step()
• Check list allocation return value
• Fix leak of RAnalBlock in false return code path
• Check that vector length is not 0
• Fix leak of list when using asj command
• Fix leaks caused by not calling r_anal_op_fini()
• Add pickle descriptions

analysis

• Define =SN for the sparc register profile and improve warning message
• Include bb instruction addresses in an array for abj
• Implement aflx and aflx* commands to re-analyze function callers
• Fix duplicate aarch64 syscalls

arch

• Support assembler plugin resolution by aproximated name
• Rename asm.arm_cs to asm.arm
• Merge asm.sparc_gnu into anal.sparc_gnu
• Lowercase all pickle instructions
• Upgrade to the latest capstone-next for ppc purposes

asm

• Fix integer overflow in match_c_lui()

bin

• Fix boundary check in mach0 fixups reconstruction
• Fix two oobreads in coresymbolication and dyldcache
• Update coresymbolication cache parser
• Add table's :help and ignore commas in i subcommand parsing
• Fix incorrect relocs=false in macho
• Fix regressions affecting dyldcache parsing
• Fix #20624 - Implement ic, command to query klass information
• Fix oba $$ in frida://0 global
• Add support for REL file format plugin
• Support powerpc coffs
• Handle RABIN2_MACHO_SKIPFIXUPS env var in the macho parser
• Add wasm globals to symbols
• Fix leak in bin_sections

build

• if != ifdef on msvc
• Add lint for C++ include support

ci

• Fix #20655 - Zip the blob for windows

config

• Fix prj.alwasyprompt description text

cons

• Fix a couple of coverities in canvas and dietline
• Fix 'num' display with gentoo theme on 256 term
• Add to all themes 'ecd' at start
• Remove duplicate entry for basic theme
• Fix background color for dark theme
• Simplify ansi color mapping
• Fix several bugs when interacting in VE mode
• Fix leak in nextpal()
• Fix leaks in VE mode
• Fix leak of memory returned by r_str_ansi_crop()

core

• Fix leaks when calling r_flag_all_list()
• Fix leak in error path of r_core_anal_search_xrefs()
• Fix leak of pointer left behind

crash

• Fix stack exhaustion bug in the c++ gnu demangler
• Fix oobread in protobuf parser
• Fix oobread in r_str_is_printable_limited
• Fix UB bug in afi command causing random segfaults
• Harden swift demangler
• Harden msvc demangler
• Fill null deref check in the x509 parser
• Fix two more bugs in pdb found by libfuzzer
• Some safe fixes in rbin
• More r_run_parseline fixes
• Fix #9782 - r_run_parseline OOB read
• Fix oob write in dyldcache
• Fix null deref on non-capstone builds

crypto

• Add SM4 block cipher

debug

• Add new 'drp*' 'arp*' commands to flag the reg arena
• Fix build for 32bit iOS debugger
• Fix process detach in the xnu debugger
• Fix arm64 register access in xnu debugger
• Initial blind support for io.self for serenity

diff

• Implement radiff2 -B to specify base address
• Emit json when radiff2 is run with -Cj

disasm

• Fix #20202 - pd-55 showing invalid instructions

esil

• Fix tests and emulation for x86_cs BSR and BSF instructions
• Add warning for esil op $$ deprecation
• Tag dfg nodes that are vars with constant values properly in esil_dfg.c

fs

• Implement mdd, mdq and ms's ls -l
• Add initial fs.zip plugin, listing only for now

fuzz

• Fix another crash in the protobuf parser
• Fix too much time spent loading corrupted dyldcaches
• Fix negative allocation in the dex parser
• Fix infinite loop in dyldcache parser
• Fix large allocation bug in wasm parser
• Fuzz pdb
• Fuzz protobuf
• Fuzz pkcs7, punycode, x509
• libFuzzer demangler target
• libFuzzer bin target
• add libFuzzer integration, r_run_parseline test

globals

• Remove two global variables in the anal.ppc.cs plugin
• Remove global in cons.rgb
• Remove globals in bin.sms
• Remove globals in flirt and apply some extra cleanups

graph

• Implement new toyish visualization command agt
• Implement aggb command, like agfb but for agn/age
• Add cmd.bbgraph to use a different command to render the basic blocks
• Remove hack fixing a bug that is now gone for agn

io

• Initial implementation of the reg:// io plugin
• Fix #20616 - Fix analysis when using io.cache
• Implement wcu command to undo cached writes
• Initial implementation of the xattr io plugin
• Fix leaks on error path in r_io_zip_open_many()

lint

• Enable linting for trailing tabs

panels

• Fix #20651 - Decompiler panel was disapearing after clicking

print

• Implement pxu{1,2,4,8} like pxd but unsigned
• Fix w6e and w6d, Add w6x, p6[e|d][s|z] + tests
• Fix #20540 - pc should use an unsigned char buffer
• Implement p8x and p8* similar to y*

refactor

• Add linting to spot misuses of r_strbuf_appendf and fix them all
• Minor optimization of generated esil expressions
• Remove some unused macros in anal_riscv_cs
• Remove occurences of $$ in riscv esil
• Remove occurences of $$ in mips_gnu esil
• Remove occurences of $$ in bf and mips_cs esil
• Move the asm.m68k.gnu into the anal
• move asm.arm_windebg to anal.arm_wd
• Remove occurences of $$ in v810/v850 esil
• Minor optimization of generated esil in anal_arm_cs.c
• Minor optimization of esil generation in anal_arm_cs.c
• Avoid =[*] in arm_cs esil
• Remove occurences of $$ in arm_cs esil
• Move lanai from asm to anal
• Move the hppa plugin from asm to anal
• Use more R_LOG in cmd.open
• Merge asm.arm.gnu into anal.arm.gnu
• Move asm.ppc.cs into anal.ppc.cs
• Merge asm_arm_cs disassembler into anal_arm_cs

search

• Add help message for /at?
• /at accepts a comma separated list of optypes
• Enable emulation in /as, it's fast enough and results are better
• Test and benchmark --with-sysmagic in the CI

shell

• Add open command as a wrapper for the system launcher
• Fix #20387 - woa 1 confusing error message
• Honor autocompletion in the of command
• Use RCoreHelp for j? and uc? to fix a lint
• Add |E |D |J pipe aliases for base64 command execution and encoding
• Support interpreting executable binaries with r2 -i or '.'
• Don't print eol chars for now to fix an r2pipe issue
• Make command repeat behave as expected with the foreach operator
• Improve the yank command and help
• Honor : table modifiers in om,
• omt->om, and make omr print map size with no args
• Implement s** for proper seek history parseable output
• Implement ics command to list address of class methods
• Protect ms shell with scr.interactive
• Fix null deref crash in RTable and improve C,
• Implement 'e,' for table format, old e, is now e:
• Use RCore.help instead of eprintf in more commands under aa
• Implement y- command and some other indentation fixes
• Use : instead of =! in all the io plugin help messages
• Fix autocompletion for :. for r2frida

tests

• Fix total amount count of tests in r2r output
• Add test index progress in default output
• Support REQUIRE in r2r tests
• Add a few tests for cBPF conditional jumps.

tools

• Remove all global variables in rahash2
• Implement native r2pm pkg registry, buffer r2pm -s
• Enable r2pm-native when calling it from r2
• Use R_LOG in libr.main and fix RLogLevelMatch
• Allow rasm2 -f to open files with r_io files
• Fix ragg2 -C for pe64
• Fix memory leak on error path of rabin_do_operation()
• Fix leaks of allocated memory for duplicate plugins
• Check return value of r_list_new()
• Improve pid directive in rarun2, better info reporting

types

• Fix #16492 - Handle - suffix in te and ts, add tests

util

• Tests for the "standard" splist() implementation
• Minor bugfix in strbuf.c
• Add some more asn1 oids from apple
• Check for RGraph in r_graph_free()
• Fix several issues in r_syscmd_join()
• Fix leak of char* in r_table_visual_list()
• Fix leak in some yanking cases
• Fix possible leak of list after each loop iteration
• Move eprintf...

Authors

Adwaith V Gautham Alessandro Carminati Axel Iota ChoobieDesu Denis Ovsienko Dennis Goodlett Ilya Trukhanov Lazula Maurizio Papini Paul B Mahol RHL120 Richard Patel Sergi Àlvarez i Capilla Seunghwan Chun condret mrmacete pancake pancake pluswave

Changes

anal

• Add mnemonic API to pickle arch
• Add last opcodes to pickle assembler
• Add python pickle machine (pypm) dissassembler
• In cBPF jt and jf are unsigned, fix the code
• Handle arm64's BTI instruction as a nop
• • Revert "ARM disassembler: don't compute [pc, reg] memory location
• ARM disassembler: don't compute [pc, reg] memory location
• Updated syscalls for aarch64 to linux 5.19.0-rc1
• Update syscall table for linux-x64 from kernel 5.19-rc1
• Fix leak in wasm opcode disassembly
• • Fix leak in wasm opcode disassembly

analysis

• Handle arm64's BTI instruction as a nop
• • Revert "ARM disassembler: don't compute [pc, reg] memory location
• ARM disassembler: don't compute [pc, reg] memory location

analysis"

• • Revert "ARM disassembler: don't compute [pc, reg] memory location

arch

• Fix riscv left shift bugs and implement archinfo
• Revert "Update capstone which improves the PPC support
• Update capstone which improves the PPC support
• Add pickle assembler

arch"

• Revert "Update capstone which improves the PPC support

asm

• Fix for riscv

bin

• Fix returning imports table
• Fix use-after-free in the macho swizzler
• Add RABIN2_MACHO_NOFUNCSTARTS option for testing purposes
• Expose dbgInfo.LineNum on macho files
• Fix macho swizzle bug by cloning the plugin struct
• Early check to avoid null deref on files with missing buffer
• Workaround for the fatbin slice selection regression
• Refactor wasm custom name parsing

build

• GIT_TAP=$R2_VERSION if no .git is found
• Initial work towards onifying r_util

ci

• Build r2 with muon+samu
• Publish m1 packages automatically on release time
• Add line count history helper scripts

cons

• Speed up rendering by caching context pointer
• Fix picking colors for 256 colors terminals
• Fix display issues with pss visual mode

core

• Add cmd.undo and handles it for w and CC commands

crash

• Fix double free when shrinking vectors
• Fix oobread in iOS arm64 kernel parsing
• Fix FPE crash in p2 visual mode
• Fix buffer overrun in pd reported by durandal_1707
• Fix crash when calling strcmp on NULL
• Fix heap oobread in the macho parser
• Fix asan heap oobread in the tms320 disassembler

disasm

• Dont show asm.describe on strings

doc

• Increase maximum recommended line length

esil

• Fix x86 - ROL RCL ROR RCR with memory locations

fs

• Fix last covs and support mount in ms
• Refactor the RFS.Shell and add the getall command
• Add fs.cwd to define default path in ms

globals

• Remove time_t now global variable for magic

io

• Update the embedded libzip under shlr/zip
• Tiny optimization in RBuffer -0.01s speedup

lint

• Fix a new linting to remove the double error message in RLOG calls

magic

• Add RSA/DSA key magic

panels

• Add Assembler entry in Tools/

print

• Fix color changing for same block and prc=f
• Fix p=F output
• Allow to change entropy bars width with '[]' keys
• Fix p=e output

projects

• Fix two more projects tests with the new onnu

r2pm

• Fix r2pm.sh path resolution issue

refactor

• Refactor a few eprintf to R_LOG_ERROR
• Merge asm.riscv into anal.riscv
• Remove unused daylight logic in magic/mdump
• Remove optyp global variable for magic
• Ignore asm->immdisp
• Merge arc from asm into anal and build it with meson
• Merge v850.np into v850
• Use arch/bits info from anal if asm is not available in r_core_bin_update_arch_bits
• Merge asm_x86_cs into anal_x86_cs
• Merge asm.mips(cs,gnu) into anal.mips
• Merge asm.tms320 into anal.tms320

search

• Fix /rx
• mbr magic is not good for deltified matches
• Remove noisy mail.news magic file
• Fix /as on arm64-linux and add missing tests to cover it
• Improve little and big endian LZMA header magic matching

shell

• Add the infamous command tac
• Implement ~$!! as a tac replacement and clarify the ~$! use
• Handle the s# command as in 's #'
• Partial #19887 - Refactor c[248], add and test c[248]*

tests

• Fix ARC tests and improve r2r.asm output

tools

• Fix #20439 - rafind2 -V search for values like in /v
• Fix #16209 - ragg2 on macOS
• Use of RNum.calc in rax2 to honor error code
• Honor opasm in rasm2 -LL output

util

• Be more strict when parsing numbers
• The RThread.start(true) had racy deadlocks, re-enable the bg http server
• Use R_LIKELY and r_return in the skiplist api
• Optimized implementation of rand for skiplist

view

• Fix r_cons_printf call in calculator
• Add FPU/XMM/YMM panel displays

visual

• Fix recently introduced stack buffer overflow
• Make PageUp/Down keys less laggy
• Allow seek to previous result item when it is at 0 offset

Authors

Alex Bender Baldanos Dennis Goodlett Richard Patel Richard Patel Sergi Àlvarez i Capilla condret gitcolt pancake pancake tbodt

Changes

anal

• Honor syntax cfg in cs anal plugins
• SPARC ignores cfg.bigendian because all instruction fetches are BE
• Add big endian support for arm prelude search

arch

• Re-enable the bpf.mr assembler

asm

• Remove all instances of "ptr " in x86 cs assembly output
• Move the lm32 plugin into the anal

bin

• Fix o-- issue on macho-arm64
• Don't hash files when loading, that's too heavy! 1.2s -> 0.8s
• Fix wasm function offset lookup
• Split wasm imports by types

ci

• Ignore odr-violations by default when running asanified r2r

cleanup

• Lint for x""

cons

• Add r_sys_signable() and use it from r_cons_thready

core

• Fix loading xtr bins without arch dedicated asm plugin loaded

doc

• Correct help msg fro ph command

fs

• Fix mountpoint listing in the rfs shell

io

• Add omu command to create a unique map
• Miniscule optimization of io vread and mapping operations

lint

• Add R_MUSTUSE hint
• Add a linting to avoid R_LOG calls ending with a dot
• Use r_str_startswith() in libr/io/p instead of strncmp

print

• Fix (null) printing on pi command

projects

• Fix #20405 - Multiple fixes and improvements in projects

refactor

• More eprintf -> RLOG here and there
• Merge asm.java into anal.java
• Move asm.sh disassembler into the anal.sh
• Add another source linting to avoid newlines in RCore.cmd()
• Minor simplification of meson build files
• Merge asm_rsp into anal_rsp
• Merge asm_propeller into anal_propeller
• Merge asm_m680x_cs into anal_m680x_cs
• Merge asm gb into anal
• Merge the asm.mcs96 plugin into anal
• Merge asm.cris into anal.cris
• Use more R_LOG instead of eprintfs and add more linting checks
• Add sys/lint.sh and run it in the CI
• Merge asm.8051 into anal.8051
• Merge asm.sparc into anal.sparc
• Merge asm.alpha into anal.alpha

shell

• Fix #16395 - Add open file command to the ms shell

tests

• Remove the -r and -m flags from r2r

tools

• Down with capitalism - lowercase all capitalized strings in r*2 -h
• Add RABIN2_VERBOSE env var to set bin.verbose=true in rabin2
• rabin2 -qqqqqq doesnt swap between simple and simplest now

web

• Few http webserver improvements

Authors

Aleksey Kislitsa Apkunpacker Ben Demick Denis Ovsienko Dennis Goodlett Dennis Goodlett GiulioL GiulioLyons HighW4y2H3ll Lazula RHL120 Richard Patel Richard Patel Sergi Àlvarez i Capilla aemmitt aemmitt-ns colt condret lazymio meme pancake pancake pipothebit rax2 rax64 ypsvlq

Changes

anal

• Add op->cycles for M68K move
• Set data alignment of m68k CPUs
• Use r10 as SP and as an sp alias on arm64
• Fix archinfo for BPF
• Add icg str argument for filtering classes to graph
• Add z vector registers for ARM64 in the register profile
• Add R_REG_TYPE_VEC
• Remove dead code
• Add esil support for VMOVDQU in anal_x86_cs.c
• Fix ARM ujmp op type with rjmp & mjmp
• Fix #20215 - Handle op->direction in XOR x86 instructions
• Reduce LOC of i4004 assembler (only use gperf for 1 byte instructions)
• Move i4004 asm to anal

analysis

• Set data alignment of m68k CPUs
• Use r10 as SP and as an sp alias on arm64
• Fix archinfo for BPF
• Add icg str argument for filtering classes to graph
• Fix ARM ujmp op type with rjmp & mjmp

arch

• Fix reg profile, add archinfo and opinfo for bpf.cs
• Initial import of the asm.bpf plugin from extras
• Add initial anal.bpf.cs plugin + disasm tests

asm

• Support tbz,tbnz,rev16,rev32 instructions in the arm64 assembler
• Support cset and sxt(b,h,w) instructions in the arm64 assembler
• Support mnemonic list for all Capstone-based plugins
• Support ccmn and csel instructions in the arm64 assembler
• Support more arm64 instructions

bin

• Fix #17174 - Add the flagname and real symbol name details in the output of icj
• Better handling of invalid/corrupted wasm files
• Use RPVector for wasm imports
• Use RPVector for wasm data section
• Refactor wasm start section parsing
• Move RBinWasmObj-code to RPVector
• Wasm use rpvector on elements
• WASM use RBinWasmObj in vector parsing
• Update wasm tests for exports
• Fix wasm iE duplicates
• Rename wasm subection index member to sec_i
• Change wasm subsections into RPVectors
• • Use RPVector for wasm tables entries
• • Use RPVector for wasm memmories entries
• • Use RPVector for wasm global entries
• Refactor wasm and add function section parsing
• • Remove unsed buf_read_new from wasm parser
• • Refactor wasm vector sub-section parsing
• • Add wasm function sub-section parsering
• Fix ELF default arch of x86
• Avoid false positives when loading s390 modules
• Refactor wasm function types
• Wasm allow partial custom name parsing
• Wasm iE improvment

build

• Windows builds include debug information by default
• Add macos-m1 GHCI builds
• Update v35arm64 to fix build on riscv
• Massage MAKE_JOBS for sys/debian.sh too
• Remove the r2p symlink on Make purge

cons

• Fix/clarify the use of cons.vtmode/line.vtmode/vmode
• Reduce stack in RLine.histLoad() and early return on windows to fix a crash

core

• Fix fortune file detection
• Make the gnu disassemblers thread safe

crash

• Fix oobread in RTable exposed via an ELF reproducer
• Fix #20336 - wasm bin parser
• Fix oobread in wv
• Fix #20248 - DoubleFree in RCons.pop() triggered via RCore.cmdStr()
• Fix infinite loop in gdbserver =g
• Fix several bugs in the RStack API

disasm

• Fix negative on unsigned value in v850.pseudo
• Update to the latest capstone to fix a bug for BPF
• Fix #17961 - missing flags in asm.reloff=1 + scr.color=0

doc

• Rename doc/crosscompile to doc/cross-compile.md
• Add ABI stability explanation

esil

• Fix SHRD instruction ESIL
• Add ESIL to the anal.bpf.cs plugin

io

• Fix bug in io_ihex
• Optimize io.open() by skipping plugin iteration if no uri found
• Add stdin:// uri handler in the io.malloc plugin

parse

• Make existing types available to r_parse_c_string

print

• Fix #20310 - Handle help suffix on more pd subcommands
• Convert pf d specifier to hex dword

r2pipe

• Fix: pthread_create: Resource temporarily unavailable

r2pm

• Handle R2PM_UNINSTALL on Windows
• Fix environment message for the package manager
• Improvements in the native r2pm, being able to install samu and muon

refactor

• Merge asm.avr into anal.avr
• Merge asm.xap into anal.xap
• Merge asm.i8080 into anal.i8080 and add a test
• Merge asm.xcore_cs into anal.xcore_cs
• Merge asm.amd29k into anal.amd29k
• Merge asm.h8300 into anal.h8300
• Merge asm.lh5801 into anal.lh5801
• Merge asm.cr16 into anal.cr16
• Merge asm.v850 into anal.v850 and add a test
• Merge asm.malbolge into anal.malbolge
• Merge asm.v810 into anal.v810
• Merge asm.pdp11 into anal.pdp11
• Merge asm.6502 into anal.6502
• Remove more R_TH_LOCAL in TCC
• Remove excess zeroing in anal_bpf.c
• Merge asm.riscv.cs into anal.risc.cs
• Move asm.pyc to anal.pyc
• Merge asm.nios2 into anal.nios2

search

• Honor cfg.bigendian in /v subcommands

shell

• Fixes for the R2_FORTUENS system and home paths
• Fix history file path construction
• Fix error message in e- when resetting in debugger
• Remove newline in date and pt. output
• Expose R2_HISTORY in r2 -hh and r2 -H to locate history file

tests

• Add Capstone aoml cases
• Generate r2r.json for profiling the testsuite
• Sort lines in r2r -h
• Use absolute path for r2r -o

tools

• Fix disalignment glitch in rasm2 -L and rasm2 -LL

util

• Compile-time optimization for r_str_startswith()

visual

• Fix arrows in visual prompt on windows cmd V:

windows

• Autoset vtmode=1 or 2 depending on shell or visual
• Detect cmd.exe as vtmode=2
• vmode fixes visual shift issue in cmd.exe
• Support building windbg plugin under mingw

Authors

Aleksey Kislitsa Alex Bender Anton Kochkov Antoni Viciano Dennis Goodlett Dennis Goodlett Elaine Gibson GustavoLCR Jose Antonio Romero Lazula Mario Haustein Mathieu Dolmen Ole André Vadla Ravnås RHL120 Sergi Àlvarez i Capilla Sylvain Pelissier Wadim Mueller condret freddy gogo2464 kakamaika pancake pancake rax2 rhl120 ypsvlq

Changes

anal

• Initial support for op.family on the v850.np plugin
• Add missing =BP for v850
• Fix crash when doing aac in frida://0 which calls 's $S'
• aav output is now cleaner and less verbose
• Implement native r0 relative references in v850
• Fix oobread bugs in the v850.np plugin
• Add missing status registers on v850.np
• Fix missing calling convention when using asm.arch=*.XXX
• Optimize thumb code analysis (4x faster)
• Fix leak in r_anal_get_gperf_cc
• Honor anal.timeout and better ^C handling in aaaa
• Add missing op types to r_anal_optype_to_string
• Remove RAnalPlugin.jmpmid and use ANAL_ARCHINFO_ALIGN instead
• Add r_anal_is_aligned
• Move VAX disassembler to anal
• Fix invalid basic blocks on switch/jmptbl on arm64
• Use @@@f instead of @@f in aaa - fix deadlock in iaito
• Update to the latest v35arm64
• Use RArchConfig in RReg, Add RReg.hasbits() apis
• Improve boundary oobread checks for anal.8051
• Honor anal.calls in aap
• Kill anal.endsize
• Introduce RAnalPlugin.jmpmid and replace some is_x86
• Fix infinite loop when anal.vars on huge empty basic blocks
• Fix a couple of infinite loops in aav
• Do the whitespace thing that pancake wanted me to do
• Add missing Motorola cpu models for m68k.gnu and m68k.cs
• Honor asm.syntax=att in v850.np and handle more op.type
• Better s390 instruction details
• Remove asm.bf, and move its .opasm to the anal.bf
• Add the RAnal.mnemonics() callback in RAnalBind for the arm.v35
• Remove the asm.arm.v35 and move (and fix) the mnemonics cb
• asm.cpu listing fixes for anal plugins
• Remove duplicated register definitions for AVR
• Move asm.xtensa into anal. fix dupplicated symbols linkage bug
• Fix null derefs in anal.avr plugin and improve defaults
• Fix #19990 - Fix aoml for non-x86 targets and add tests
• Fix #7094 - Add direction information in xrefs
• Add =SN and =R0 to 8051
• Add RAnal.use in RAnalBind to use it from RAsm

analysis

• Implement native r0 relative references in v850
• Optimize thumb code analysis (4x faster)
• Fix #19990 - Fix aoml for non-x86 targets and add tests
• Fix #7094 - Add direction information in xrefs
• Add =SN and =R0 to 8051
• Add RAnal.use in RAnalBind to use it from RAsm

api/abi

• Rename REgg.Cfile to REgg.cfile
• Rename corebind fields to coreb, for consistency with analb, iob
• Use RArchConfig in RPrint
• Expose RAnal.opDirection.toString as a public method
• Make CRBTree.foreach() C++ friendly
• RStr.isTrue/isFalse accept NULL argument now
• Use RLog in RCons
• Introduce r_arch.h. Use RArchConfig in RAnal and improve RRef api

arch

• Support '$' in regprofile offset column
• Move tricore from asm to anal

asm

• Move the asm.ppc.gnu into the anal
• Remove the v850.gnu plugin
• Move the asm.pic into anal.pic
• Support cls, clz for 32 and 64 bit registers in the arm64 assembler
• Move asm.snes into anal.snes
• Fix assembling with the arm.v35 plugin
• Move 8051 test into db/tools/rasm2 and fix null deref in asm
• Support 'msub, madd, mneg, ngc, sbc, asr, ror, cls, clz, rev, rbit, rbit16, rbit32, umulh' in the arm64 assembler
• Initial implementation of shared RAsmConfig
• A little better asm directive parsing
• 8051: handle any mov case for reassembling

assembler

• Support assemble for mul, udiv, sdiv, lsl, lsr, mvn, tst arm64 instructions
• Fix endian issue in binary input for rasm2 and add tests
• Support assemble for add, and, eor arm64 instructions

bin

• Better handling of Wasm Names
• Fix large loading times in macho parser for binsz=-1
• Fix off-by-one bound check in wasm format
• Simplify functions in wasm format
• Fix leak in wasm custom names
• Better formating wasm custom name
• Fix parsing LE and COFF on big endian host
• Fix pyc parsing on big endian machines
• Fix leak in wasm sections
• Add bin.maxsymlen to make this symbol name length limit configurable
• Do not accept symbol names in mach0s larger than 2KB
• Fix wasm section parsing
• Remove global from elf parser
• Fix another race condition in the macho parser
• Remove another static global in the sections cache of objc
• Move the local-global cache into the macho object
• Fix allocation peak in macho property parser
• Expose CLR metadata in ih output instead of messy eprintfs
• Add bin.xtr.xalz plugin using the new loadbuf field
• Remove the bin.xalz plugin as its meant to be io or bin.xtr
• Fix null derefs on partially initialized xtr bin plugins
• Fix main detection in x64 elf, after updating condret's machine
• Use the new RBinInfo.charset in bin.s390
• Add headers, sections, symbols and entrypoints to the bin.s390 plugin
• Initial import of the bin.s390 plugin
• Permit RBin plugins to expose a default charset
• Select 'arm' fatmacho slice on -a arm.v35
• Fix #6647 - check map bounds in the pebble bin loader
• RBinFile size must be ut64, not signed int to open > 2GB files

build

• Use meson's gittap command on make
• Fix #13196 - Honor SHARED in configure-plugins
• windows_heap is included in cmd_debug
• Fix meson build with use_sys_openssl
• Leftover for --disable-threads causing runtime problems
• Use longer names in enum to avoid conflicts with the SerenityOS toolchain
• Deshadow some variables, in progress for the full -Wshadow cleanup
• Make capstone include directories consistent
• Add xtensa for the meson (requested for Windows)
• Honor capstone commit in ci
• Fix for --without-pull not working in install.sh

cons

• Add scr.maxpage to remove the CONS_MAX_USER constant
• Fix r_cons_get_cur_line() on windows
• Add ec bgprompt for a colorful shell and visual prompts
• Fix glitch in scr.html when scr.color=1

core

• Introduce R_LIKELY macros and update sdb
• Fix RCons recursive buffer fill causing iaito memory usage problems
• Initial import of the RThreadChannel API with the ::x command
• Deprecate anal.cpu, just use asm.cpu
• Improve RLog API and usage, document R2_LOG_ vars in r2 -hh

crash

• Fix integer overflow in string search causing oobread
• Fix crash in vtable analysis on UB
• Fix 4 byte oobread in msp430 disassembler
• Fix null deref in macho parser
• Fix oobread in java parser
• Fix oobread crash in java parser
• Revert "Prefer memleak over usaf in io.bank's rbtree bug
• Revert "Properly fix the UAF in r_io_bank_map_add_top
• Fix oobread and null deref in symbols file parser
• Revert "Prefer memleak over usaf in io.bank's rbtree bug
• Revert "Properly fix the UAF in r_io_bank_map_add_top

debug

• Cleanup dbg.trace config vars and better error messages
• Software breakpoints fail on m1, lets just enable hwbp by default
• Add d: to run the cmd callback of the debug plugins
• Fix #19966 - Reset seek in r_debug_execute() to real PC

disasm

• Fix disp[ep] regression for v850.np
• Handle comments from analop.ptr, not only for call ops
• Add a parse plugin for tweaking references to r0
• asm.sub.names requires a flagname of strlen > 4
• Honor asm.syntax=att in asm.arch=s390

doc

• Add ubuntu22, kali, haiku and voidlinux as repology badges
• Update ae?? esil keywords help message
• Update README and add doc/devdebug.md

emu

• Fix st.b and stsr esil for v850
• In the V8xx families the R0 is a WTG register
• Make ESIL TODO messages go thru R_LOG_DEBUG instead

emulation

• Fix st.b and stsr esil for v850
• In the V8xx families the R0 is a WTG register

esil

• Fix invalid shifts on esil emulation
• Initial implementation of the v850 prepare/dispose
• Deprecate ESIL's $r and S2D keywords
• Tiny fixes for the v850.np esil

fs

• Implement my command and fix help messages for m subcommands

hash

• Fix argument ... with mismatched bound [-Warray-parameter=] warnings

io

• Fix potential bug in r_io_nread_at
• Fix the io.rbuf plugin (broken since 2017)
• Add the io.xalz plugin
• Honor io.cache in r_io_is_valid_offset()
• Fix some TODOs in libr/io/io_bank.c
• Revert "Fix use-after-free in iobank rbtree usage
• Fix map boundary adjustment in r_io_map_add and r_io_map_add_bottom

io"

• Revert "Fix use-after-free in iobank rbtree usage

json

• Initial support for JSON help messages
• pdrj: ...

Authors

Apkunpacker Dennis Goodlett Fernando Domínguez Francesco Tamagni Lazula RHL120 SeanH Sergi Àlvarez i Capilla condret junchao-loongson max-lv mdolmen n01e0 pancake pancake

Changes

analysis

• Fix comma separated args in r_anal_function_format_sig
• Skip more types of call instructions on linear emulation
• Add missing 'direction' field in the output of aoj
• ar command using ->anal, otherwise for non-debug builds that fails
• Allow abt to handle addresses in the middle of basic blocks
• Handle addresses in the middle of basic blocks in abf
• Implement 'abf' command to list incoming bbs
• Run 'aap' before 'aae' on arm64 binaries in 'aaa'

bin

• Hide some dyldcache parsing error messages and improve string filtering
• Fix infinite loop in strings and better use of is_breaked()
• Handle ^C when loading dyldcache binaries
• Show friendly warning when loading without R_DYLDCACHE_FILTER
• Fix two more oobread bugs in the dyldcache plugin
• Fix oobread crash in the rebasing method of dyldcache
• Fix negative allocation attempt in izz that will surely fail
• Fix mach0 class 64bit address sorting bug
• Show 'missing X info' error in rabin2 -H
• Warn the user when no header fields are found
• Fix rebasing Mach-O DYLD_CHAINED_PTR_64
• Add support for parsing swift metadata from macho binaries
• Assume all machos are made by clang
• Honor baddr=0 in RBin, as it's done for RIO
• Fix oobread in symbols header parsing

build

• Add missing loongarch for the meson
• Add support for Visual Studio 2022 (community+enterprise)

ci

• Disable offline builds
• Ignore asan memory leaks when running the tests
• Run the tests for non-debugger builds

crash

• Fix null deref in code meta commands
• Fix oobread bug in NE parser
• Fix null deref in ne parser
• Fix #19940 - infinite loop in x/i on invalid instructions
• Fix oobread and unaligned casts in the NE entrypoint logic
• Fix random segfault happening with wrong null preconditions in iobank
• Fix UAF in aaef
• Fix oobread in NE parser
• Fix null deref in the ne parser
• Fix oobread in dyldcache
• Fix another oobread in the NE parser
• Fix another oobread segfault in the NE bin parser
• Fix oobread segfaults in the NE bin parser
• Fix oobread in the macho parser
• Fix 1 byte oobread in the cris analysis plugin

crypto

• Fix undefined behaviour bugs in serpent crypto algorithm

debugger

• Apple Silicon can hwstep

disasm

• Fix #19876 - Smarter local variable and argument sorting
• Show args before vars in afv summary also in pd

egg

• Initial WIP implementation of the ESIL backend for ragg2

emulation

• Fix aeim on --without-debugger builds

esil

• Fix 'aeb' emulating the right instructions
• Fix PPC ESIL of addis instruction
• Honor esil.maxsteps in more commands and stop earlier when no =PC
• Add esil.maxsteps to avoid infinite emulation loops

json

• Fix aeabj output which returned different information than aeab
• Instruct drrj to not emit ansi escapes to not damage

print

• Fix pief printing N bytes instead of N instructions
• Add psa command to print any kind of string
• Support relative pointer resolution in pxr
• Implement pfP for relative pointer format memory formatting
• Add pfW for signed short format

projects

• Add an error return to r_core_project_cat

r2pm

• Increase commit log from 3 to 10 in

search

• Initial implementation of the aavr command

security

• Add sandbox checks for the debugger io plugins

shell

• Fix infinite loop in -1 command
• Improve wz help and error handling
• Run r2pm from core internally
• Fixes for the Trim.args() for ?e
• Handle ^C in fg and improve ^C in pd
• Lowercase all the help messages for consistency (2)
• Honor escaping semicolons in macro definitions
• Lowercase all the help messages for consistency
• Use standard help api for aeim too
• Add the cmp command to compare two (alias) files
• Implement 'curl' command
• Implement @c: temporal seek operator
• Add r_core_return_code() and use it
• Fix glob matching in several cases
• Use strstr instead of rstr.glob for now in @@
• Fix seek history for the 's..' partial seeks

signatures

• Update byte signature flag name
• Fix autoloading of

tools

• Add rahash2 -J for simplified single object name=hash output
• Allow rahash2 -a to be passed multiple times

types

• Fix #16335 - tp not handling blocksize properly

util

• Add tests for the code tokenizer and fix <<= assignments

visual

• Visual color theme editor available from panels

zign

• Fix bug in z/, that creates misplaced functions

Authors

Dennis Goodlett Dennis Goodlett Jules Maselbas Lazula Pau Rodriguez-Estivill Sergi Àlvarez i Capilla aandersonl aemmitt-ns pancake pancake

Changes

anal

• Remove the hexagon from anal
• Save sp,bp,src,dst in heap outside the loop
• Add afiq for quiet functino info and refactor the anal/abi.inc
• Add help for 'pie?', add pieq and add ninstr in afi[j]
• Sanitize function names for prototypes
• Unify asm.z80 into anal.z80
• Restrict local vars and args in a 8KB range, otherwise skip
• Adds afva in all fcns flags (if any)
• Skip afva on functions with signature registered
• Do not perform var/arg analysis on Java/Dalvik
• Add missing eiz/riz registers for x86 and x64
• Add mermaid output to all ag commands
• Add an* and fix many other conceptually broken logics in an

analysis

• Remove the hexagon from anal
• Add afiq for quiet functino info and refactor the anal/abi.inc
• Add help for 'pie?', add pieq and add ninstr in afi[j]
• Sanitize function names for prototypes
• Unify asm.z80 into anal.z80
• Restrict local vars and args in a 8KB range, otherwise skip
• Adds afva in all fcns flags (if any)
• Skip afva on functions with signature registered
• Add missing eiz/riz registers for x86 and x64
• Add an* and fix many other conceptually broken logics in an

asm

• Fix #19489 - Implement assembler for jrcxz

bin

• Add help for the CL command
• Cache file_exists when iterating over the source files
• Complete DWARF4 register mappings

build

• Only build library archives when -Dblob is provided
• Fix some static meson blob dependency leftovers
• Fix sys/release-notes when HEAD a tagged
• Make -Dblob=true statically link all r2 libraries

ci

• Publish r2blob-w64 on release and fix artifact name

crash

• Fix heap OOB read in macho.iterate_chained_fixups
• Fix UAF in aaaa on arm/thumb switching
• Fix buffer overflow in asm.nbytes, add hard limit to 64
• aaef on arm/thumb switches causes uaf
• Break large loops when method name resolution fails

debug

• Improve help message for dd? and autocomplete
• Add 'dd+' to open files in the child process as read-write
• Fix unitialized buffer read bug enumerating process files
• Add ddf command
• Fix dd command and update tests accordingly
• Skip wired-to-ground registers in dr=
• Fix drj in debug mode

disasm

• Fix #19838 - Show pins in the disassembly as comments
• Improve the way asm.nbytes plays with asm.flags.inbytes
• Fix issue in asm.tabs.once causing iaito to trim instructions

doc

• Update the Windows build instructions

esil

• Add ESIL for x86 SSE float instructions
• Implement 'aeb' using APIs instead of commands
• Add aaepa command to set all unknown imports as ret0
• Fix aecs and add test emulating hello world without libc
• Add aaep and extend aep to support pin specific commands
• Implement ESIL for the Stlxr arm64 instructions

fix

• Fix undefined behaviour in RVector, RPVector, RInterval and container_of

print

• Initial import of the code tokenizer

refactor

• Lots of cleanups to reduce the regressions in TCC
• Dont use != NULL as its implicit in C, even for bool casts

shell

• Improve help message for psz, aek, aae, aep, aer and aex commands

tools

• Use R_SYS_BITS by default in rasm2

visual

• Fix back scrolling in the decompiler pane in panels
• Improve panels prompt drawing the bottom box line one line above
• Add scr.notch to blank N lines on top of the screen
• Improve panels interactions with decompiler frame
• Record seek history when cliking around in panels
• Fix blank decompiler issue when clicking randomly in panels

windows

• Add w64-static builds in the CI
• Add 'configure.bat static' argument to build r2blob.static.exe
• Fix meson -Dblob=true builds for static
• Fix r2blob for windows