mgeeky/findInstr.sh

## findInstr.sh
#!/bin/bash
#
# Simple script for finding specific instructions within target's .text section
# even inside other ones (rolling byte-by-byte), like to be used during ROP
# building in Exploit development.
#
# Written as I was out of internet and needed such utility on a vanilla plain
# linux where all I had was binutils. :)
# Yup, it's not perfect, but allowed me to find JMP ESP in a blink of an eye.
#
# Mariusz B., 2016
#


if [ "$#" -lt "2" ]; then
    echo "Usage: findInstr <file> <regexp> [grep-opts]"
    exit 1
fi

FILE=$1
PATTERN=$2
OPTS=${@:3}

S=$(readelf -W -S $FILE | grep .text);
A=0x$(echo $S | awk '{print $4}');
B=0x$(echo $S | awk '{print $6}');

for (( i = 0 ; i < $B ; i++))
do
    ADDR=$(printf "0x%08X" $(($A + $i)) );
    objdump -j .text -D -M intel --start-address $ADDR $FILE | grep -vE "^$" | grep -vE "<|>|Disassembly|file|format" 2>&1
done | grep --color=always $OPTS -iE "$PATTERN" | sed -r 's/DWORD|FWORD|WORD|BYTE|PTR//g' | sort -u
	#!/bin/bash
	#
	# Simple script for finding specific instructions within target's .text section
	# even inside other ones (rolling byte-by-byte), like to be used during ROP
	# building in Exploit development.
	#
	# Written as I was out of internet and needed such utility on a vanilla plain
	# linux where all I had was binutils. :)
	# Yup, it's not perfect, but allowed me to find JMP ESP in a blink of an eye.
	#
	# Mariusz B., 2016
	#


	if [ "$#" -lt "2" ]; then
	echo "Usage: findInstr <file> <regexp> [grep-opts]"
	exit 1
	fi

	FILE=$1
	PATTERN=$2
	OPTS=${@:3}

	S=$(readelf -W -S $FILE \| grep .text);
	A=0x$(echo $S \| awk '{print $4}');
	B=0x$(echo $S \| awk '{print $6}');

	for (( i = 0 ; i < $B ; i++))
	do
	ADDR=$(printf "0x%08X" $(($A + $i)) );
	objdump -j .text -D -M intel --start-address $ADDR $FILE \| grep -vE "^$" \| grep -vE "<\|>\|Disassembly\|file\|format" 2>&1
	done \| grep --color=always $OPTS -iE "$PATTERN" \| sed -r 's/DWORD\|FWORD\|WORD\|BYTE\|PTR//g' \| sort -u