Created
April 5, 2018 23:15
-
-
Save ajeddeloh/16de09739e5c1c8f4671e5282eb573e3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### | |
### Load debuging information about GNU GRUB 2 modules into GDB | |
### automatically. Needs readelf, Perl and gmodule.pl script | |
### | |
### $Id: .gdbinit,v 1.1 2006/05/14 11:38:08 lkundrak Exp $ | |
### Lubomir Kundrak <lkudrak@skosi.org> | |
### Hacked up for more memory mgmt by Andrew Jeddeloh | |
set architecture i386 | |
# Add section numbers and addresses to .segments.tmp | |
define dump_module_sections | |
set $mod = $arg0 | |
# FIXME: save logging status | |
set logging file .segments.tmp | |
set logging redirect on | |
set logging overwrite off | |
set logging on | |
printf "%s", $mod->name | |
set $segment = $mod->segment | |
while ($segment) | |
printf " %i 0x%x", $segment->section, $segment->addr | |
set $segment = $segment->next | |
end | |
printf "\n" | |
set logging off | |
# FIXME: restore logging status | |
end | |
document dump_module_sections | |
Gather information about module whose mod structure was | |
given for use with match_and_load_symbols | |
end | |
# Generate and execute GDB commands and delete temporary files | |
# afterwards | |
define match_and_load_symbols | |
shell perl gmodule.pl <.segments.tmp >.loadsym.gdb | |
source .loadsym.gdb | |
shell rm -f .segments.tmp .loadsym.gdb | |
end | |
document match_and_load_symbols | |
Launch script, that matches section names with information | |
generated by dump_module_sections and load debugging info | |
apropriately | |
end | |
### | |
define load_module | |
dump_module_sections $arg0 | |
match_and_load_symbols | |
end | |
document load_module | |
Load debugging information for module given as argument. | |
end | |
define load_all_modules | |
set $this = grub_dl_head | |
while ($this != 0) | |
dump_module_sections $this->mod | |
set $this = $this->next | |
end | |
match_and_load_symbols | |
end | |
document load_all_modules | |
Load debugging information for all loaded modules. | |
end | |
set output-radix 16 | |
file kernel.exec | |
target remote :1234 | |
watch *0x3cec8166 | |
define get_header_from_ptr_gdb | |
# rewriting c in gdb macros: my favorite activity, original c code in comments | |
set $ptr = $arg0 | |
#if ((grub_addr_t) ptr & (GRUB_MM_ALIGN - 1)) | |
if ((grub_addr_t) $ptr & (16 - 1)) | |
print "ptr is not aligned, dunno if we care" | |
end | |
#for (*r = grub_mm_base; *r; *r = (*r)->next) | |
set $r = grub_mm_base | |
while $r != 0 | |
# if ((grub_addr_t) ptr > (grub_addr_t) ((*r) + 1) && (grub_addr_t) ptr <= (grub_addr_t) ((*r) + 1) + (*r)->size) | |
if ((grub_addr_t) $ptr > (grub_addr_t) ($r + 1) && (grub_addr_t) $ptr <= (grub_addr_t) ($r + 1) + $r->size) | |
loop_break | |
end | |
#end of for | |
set $r = $r.next | |
end | |
if ($r == 0) | |
print "out of range pointer" | |
return | |
end | |
# *p = (grub_mm_header_t) ptr - 1; | |
set $p = (grub_mm_header_t) $ptr - 1 | |
# if ((*p)->magic == GRUB_MM_FREE_MAGIC) | |
if $p->magic == 0x2d3c2808 | |
print "double free" | |
end | |
#if ((*p)->magic != GRUB_MM_ALLOC_MAGIC) | |
if $p->magic != 0x6db08fa4 | |
print "alloc magic broken" | |
end | |
print "memory header" | |
print *$p | |
print "region" | |
print *$r | |
end | |
python | |
allocs = {} | |
msize = 0 | |
def get_reg(r): | |
return int(gdb.selected_frame().read_register(r)) | |
def check_mallocs(): | |
for base in allocs: | |
gdb.execute("check_malloc" + " " + str(base)) | |
end | |
break grub_memalign | |
commands | |
silent | |
pi msize = get_reg("edx") | |
cont | |
end | |
# end of grub_memalign (called from grub_malloc) | |
break *0x0000a0ad | |
commands | |
silent | |
# # alloc'd value should be in eax | |
pi allocs[get_reg("eax")]={"size": msize, "caller": gdb.selected_frame().older().pc()} | |
cont | |
end | |
break grub_free | |
commands | |
silent | |
if $eax != 0 | |
pi a = allocs.pop(get_reg("eax"), None) | |
cont | |
end | |
cont | |
end | |
define ptr_magic | |
set $foo = $arg0 | |
print $foo | |
python | |
ptr = int(gdb.parse_and_eval("$foo").__str__(),16) | |
for base in allocs: | |
if base <= ptr and base + allocs[base]['size'] >= ptr: | |
print base | |
print gdb.execute("get_header_from_ptr_gdb " + str(base)).__str__() | |
print gdb.execute("info sym " + str(allocs[base]['caller'])).__str__() | |
end | |
end | |
define check_malloc | |
set $ptr = $arg0 | |
set $p = (grub_mm_header_t) $ptr - 1 | |
if $p->magic != 0x6db08fa4 | |
print "alloc magic broken at" | |
print $ptr | |
end | |
end | |
# inform when module is loaded | |
break grub_dl_add | |
commands | |
silent | |
load_module mod | |
cont | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment