Link: https://binary.ninja/features.html
call sym.func ; will change eax, ebx, ecxbinary.ninja:

r2:

That's it from what I can tell.
Hum for switch statement, have you tried anal.jmptbl and all the stuff related ?
anal.jmptbl indeed can analyze jump tables, but it doesn't connect the blocks. I guess it's because by default a basic block can only diverge into a t and f path?
Relevant image: _8bd3_ seems to not go anywhere, when in fact it's the bb containing the jmp instruction.

The undo operation is simply not generic in r2. Like you said, you have undo for ops such as seek and write, but not for things like undoing flag renaming, for example.
@crowell you have some experience with binary ninja. What do you feel would be useful for r2?
quite sure:
Hints to which registers get modified after a call (I believe this can be done with ESIL, but I'm not sure if there's an option to annotate in comments i.e. call sym.func ; will change eax, ebx, ecx
Is already done too.
There is another useful feature shown in your screenshots show that might be worth mentioning: automatic identification of functions that don't return by propagating a no-return property. The r2 basic block at 0x8048c88 calls explode_bomb for example (which presumably calls exit or otherwise doesn't return itself), but then keeps disassembling unlike the BN graph which terminates after the call which is one of the reasons our layout ends up being a bit cleaner in this instance.
this feature is already supported, but you need to specify that this function is noreturn type. we can improve this if we see that a function calls a noreturn function is also a noreturn one, but only if thats the only exit point
On 04 Sep 2016, at 03:19, Jordan [email protected] wrote:
There is another useful feature shown in your screenshots show that might be worth mentioning: automatic identification of functions that don't return by propagating a no-return property. The r2 basic block at 0x8048c88 calls explode_bomb for example (which presumably calls exit or otherwise doesn't return itself), but then keeps disassembling unlike the BN graph which terminates after the call which is one of the reasons our layout ends up being a bit cleaner in this instance.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/5568#issuecomment-244578716, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lkr2LBRk2kUpjAf26aH8FxqYSzMhks5qmhywgaJpZM4JpDe4.
I think that @oddcoder's work on function's types recognition might help too.
I would add here a better ESIL specification and design.
whats currently done is not suposed to change at all, maybe i would just rewrite the implementation because its a bit spaguetti. and for mmx, fpu, … we are discussing about doing it as “esil coprocessors”, just as extensions of the original esil. this way we can split the implementation in several layers and identify which esil processors we need to emulate some specific code.
On 03 May 2017, at 08:21, Anton Kochkov notifications@github.com wrote:
I would add here a better ESIL specification and design.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/5568#issuecomment-298831476, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lujPWxGRAx44g2Ay-co1TfGVx6Q8ks5r2Bz-gaJpZM4JpDe4.
For Binary Ninja experts - please update the bug, I think they added a lot of features these days.
i think the esil point can be marked as done, and the automatic noreturn..maybe its something to be done by a script. we already support noreturn points
about the undo thing. thats very related to the task of syncing instances
Closing here as the "undo all things" is covered. If someone is in the mood please reopen a new one with new features you want to see.
Most helpful comment
this feature is already supported, but you need to specify that this function is noreturn type. we can improve this if we see that a function calls a noreturn function is also a noreturn one, but only if thats the only exit point