CbC/CbC_llvm: utils/indirect

annotate utils/indirect_calls.py @ 171:66f3bfe93da9

git version 2c4ca6832fa6b306ee6a7010bfb80a3f2596f824

author	Shinji KONO <kono@ie.u-ryukyu.ac.jp>
date	Mon, 25 May 2020 11:07:02 +0900
parents	c2174574ed3a
children

rev	line source
147 c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	1 #!/usr/bin/env python
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	2
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	3 """A tool for looking for indirect jumps and calls in x86 binaries.
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	4
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	5 Helpful to verify whether or not retpoline mitigations are catching
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	6 all of the indirect branches in a binary and telling you which
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	7 functions the remaining ones are in (assembly, etc).
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	8
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	9 Depends on llvm-objdump being in your path and is tied to the
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	10 dump format.
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	11 """
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	12
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	13 from __future__ import print_function
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	14
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	15 import os
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	16 import sys
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	17 import re
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	18 import subprocess
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	19 import optparse
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	20
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	21 # Look for indirect calls/jmps in a binary. re: (call\|jmp).\
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	22 def look_for_indirect(file):
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	23 args = ['llvm-objdump']
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	24 args.extend(["-d"])
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	25 args.extend([file])
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	26
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	27 p = subprocess.Popen(args=args, stdin=None, stderr=subprocess.PIPE, stdout=subprocess.PIPE)
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	28 (stdout,stderr) = p.communicate()
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	29
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	30 function = ""
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	31 for line in stdout.splitlines():
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	32 if line.startswith(' ') == False:
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	33 function = line
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	34 result = re.search('(call\|jmp).\', line)
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	35 if result != None:
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	36 # TODO: Perhaps use cxxfilt to demangle functions?
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	37 print(function)
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	38 print(line)
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	39 return
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	40
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	41 def main(args):
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	42 # No options currently other than the binary.
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	43 parser = optparse.OptionParser("%prog [options] <binary>")
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	44 (opts, args) = parser.parse_args(args)
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	45 if len(args) != 2:
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	46 parser.error("invalid number of arguments: %s" % len(args))
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	47 look_for_indirect(args[1])
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	48
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	49 if __name__ == '__main__':
c2174574ed3a LLVM 10 Shinji KONO <kono@ie.u-ryukyu.ac.jp> parents: diff changeset	50 main(sys.argv)

Mercurial > hg > CbC > CbC_llvm

annotate utils/indirect_calls.py @ 171:66f3bfe93da9