Global variable chapter added

[Farhan-25]

Your checklist for this pull request

• I've used AI tools to generate these changes, fully or partially.
• I've manually tested all commands and examples in these changes.

[Farhan-25]

@wargio please check i have divided it into 2 seperate PR. This one is for global_variable chapter

[Rot127]

That part is not really necessary I think

[Rot127]

Suggested change

	You use then when a global variables is missed during the analysis. Here `<type>` means the datatype of the variable. Example int, char, long.
	You use then when a global variables is missed during the analysis. Here `<type>` means the datatype of the variable. Example: `int`, `char`, `long`.

[Rot127]

Suggested change

Rizin Example :

[Rot127]

Describe what value it prints. If Rizin is in debug mode, does it print the value of the global at a certain break point?
Does it only print meaningful things for read only globals? Etc.
Please try this out and describe it here.

[Rot127]

Those are not needed as well. They just repeat the command docs.

[Rot127]

Also here, it just repeats the command docs. So I don't think it is needed.

[Rot127]

Add a heading before the example

[Rot127]

Suggested change

	### **What Was Done in This Example**
	### What Was Done in This Example

[Rot127]

Example is good.

But I would suggest to move the description into here. It is easier to follow this way.

# Ran 'avglt' to check for existing global variables (none were present).
[0x00001040]> avglt

# Step ...
[0x00001040]> COMANND

[Farhan-25]

Okay thanks a lot for the review. I will fix the issues.

[Rot127]

Have you tried this btw?

[Farhan-25]

Yes, I tested it using a small C program with a global variable. The behavior works as expected, but my wording was inaccurate I should have said that in debug mode the value is read from process memory, rather than writing that it corresponds to a specific breakpoint location.

[Rot127]

Can you open a PR in Rizin which adds this test please?
Because we don't have one and this is a pretty essential thing to check.

the binary with source code should be added in rizin-testbins repo.

Would really appreciate it.

[Farhan-25]

Sure i can do that,

// test.c
#include <stdio.h>

int test_global = 1337;

int main() {
    printf("Ready: %d\n", test_global); 
    return 0;
}

rizin -d test.exe
Spawned new process with pid 30760, tid = 21376
 -- Save your projects with 'Ps <project-filename>' and restore then with 'Po <project-filename>'
[0x7ffc8970c510]> aaa
[WARNING: invalid address from 0x7ff7465b1500entry0 (aa)
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls
[x] Analyze len bytes of instructions for references
[x] Analyze local variables and arguments
[WARNING: core: analysis propagation type can't be exectured when in debugger mode.
[x] Type matching analysis for all functions
[x] Applied 0 FLIRT signatures via sigdb
[x] Propagate noreturn information
[x] Check for classes
[x] Integrate dwarf function information.
[x] Resolve pointers to data sections
[x] Use -AA or aaaa to perform additional experimental analysis.
[0x7ffc8970c510]> s sym.main
[0x7ff7465b1450]> db
[0x7ff7465b1450]> dc
ERROR: Cannot create flag "teb.40716" at 0x7117ace000 because there is already "PRIVATE__..7117ace000" flag
[0x7ffc8979f4ee]> avgp test_global
 int : 0x140003000 = -1

As you can see while debugging the value of test_global was stored as -1 in the process memory. Hence avgp prints that value instead of test_global.
@Rot127 please check once is this correct?

[Rot127]

No, it is not.

#include <stdio.h>

int test_global = 1337;

int main() {
    printf("Ready: %d\n", test_global); 
    test_global = 1;
    printf("Ready: %d\n", test_global); 
    return 0;
}

Before the first printf call it should print 1337 (and it does for me).
Then it sets it to 1.
Before the second printf call it should print 1. But for me it still prints 1337.