3.3 Sections

It is usually on firmware images, bootloaders and binary files to find sections that are loaded in memory at different addresses than the one in the disk.

To solve this issue, radare implements two utilities: 'io.vaddr' and 'S'.

The io.vaddr specifies the current virtual address to be used for disassembling and displaying offsets. In the same way all offsets used in expressions are also affected by this eval variable.

For files with more than one virtual address. The 'S'ection command will do the job. Here's the help message:

[0xB7EE8810]> S?
Usage: S len [base [comment]] @ address
 > S                ; list sections
 > S*               ; list sections (in radare commands
 > S=               ; list sections (in visual)
 > S 4096 0x80000 rwx section.text  @ 0x8048000 ; adds new section
 > S 4096 0x80000   ; 4KB of section at current seek with base 0x.
 > S 10K @ 0x300    ; create 10K section at 0x300
 > S -0x300         ; remove this section definition
 > Sc rwx _text     ; add comment to the current section
 > Sv 0x100000      ; change virtual address
 > St 0x500         ; set end of section at this address
 > Sf 0x100         ; set from address of the current section

This command allows you to manage multiple virtual and physical addresses correspondencies depending on the current seek, and enables the possibility to add comments to them. So the debugger information can be imported to the core in a simple way, adding information about the page protections of each section and so.

Here's a sample dummy session.

[0xB7EEA810]> S 10K
[0xB7EE8810]> s +5K
[0xB7EE8810]> S 20K
[0xB7EE9C10]> s +3K
[0xB7EE9C10]> S 5K

We can specify a section in a single line in this way:

S [size] [base-address] [comment] @ [from-address]

For example:

S section.text_end-section.text 0x8048500 r-x section.text @ 0x4300

Displaying the sections information:

[0xB7EEA810]> S
00 * 0xb7ee8810 - 0xb7eeb010 bs=0x00000000 sz=0x00002800   ; eip
01 * 0xb7ee9c10 - 0xb7eeec10 bs=0x00000000 sz=0x00005000  
02 * 0xb7eea810 - 0xb7eebc10 bs=0x00000000 sz=0x00001400  
[0xB7EEA810]> S=
00  0xb7ee8810 |#################-------------------------| 0xb7eeb010
01  0xb7ee9c10 |---------#################################| 0xb7eeec10
02  0xb7eea810 |--------------########--------------------| 0xb7eebc10
=>  0xb7eea810 |#-----------------------------------------| 0xb7eea874

The first three lines are sections and the last one is the current seek representation based on the proportions over them.

The 's'eek command implements a 'sS' (seek to Section) to seek at the beeginging to the section number N. For example: 'sS 1' in this case will seek to 0xb7ee9c10.

To remove a section definition just prefix the from-address of the section with '-':

[0xB7EE8810]> S -0xb7ee9c10
[0xB7EE8810]> S
00 . 0xb7ee9c10 - 0xb7eeec10 bs=0x00000000 sz=0x00005000  
01 . 0xb7eea810 - 0xb7eebc10 bs=0x00000000 sz=0x00001400

After the section definition we can change the parameters of them with the Sf, St, Sc, Sb commands. After this, radare core will automatically setup the io.vaddr depending on this section information