Different behavior when opening local vs remote files.

[sleirsgoevy]

With this file (repro.elf.gz) I see different behavior when running the decompiler locally or via RAP.

When running directly on a file, the string literal gets recognized:

$ r2 repro.elf
[0x00001000]> ss sym.main
[0x00001050]> af
[0x00001050]> pdg

ulong sym.main(void)

{
    sym.puts_plt("Hello, world!");
    return 0;
}

However, when running via RAP it is not:

$ r2 -nn repro.elf rap://:9999/ &
$ r2 rap://127.0.0.1:9999/
[0x00001000]> ss sym.main
[0x00001050]> af
[0x00001050]> pdg

ulong sym.main(void)

{
    sym.puts_plt(0x2004);
    return 0;
}

Possibly related to #52.

[trufae]

If you do -nn no strings or symbols are parsed so its expected

[sleirsgoevy]

As you can see, the "main" symbol does get recognized on the second set of commands. My guess is that the second r2 sees the ELF magic within the remote memory and does its own processing of the ELF format, including symbols, but for some reason the string literal is not recognized.

[sleirsgoevy]

I've run some tests, and it seems that the direct r2 (as in the first set of commands) only recognizes the string if the size of the .data section is no more than 10 MiB. If the section is larger, the string is not recognized in either way.