Last active
May 18, 2019 16:55
-
-
Save nevermoe/cf4c6d0e72b545b71e390a8d4b65ff73 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import gdb | |
| import traceback | |
| class StopAtRead(gdb.Command): | |
| def __init__(self): | |
| super(StopAtRead, self).__init__('stop_at_read', gdb.COMMAND_NONE) | |
| def invoke(self, target_fd, from_tty): | |
| gdb.execute('set pagination off') | |
| gdb.execute('handle all nostop pass noprint') | |
| gdb.execute('disable breakpoints') | |
| gdb.execute('set scheduler-locking step') | |
| ret = gdb.execute('info address read', False, True) | |
| ret = ret.split() | |
| read_addr = None | |
| for addr in ret: | |
| if addr.startswith('0x'): | |
| read_addr = addr | |
| break | |
| gdb.execute('break *(%s)' % (read_addr)) | |
| fd = '' | |
| while target_fd not in fd: | |
| gdb.execute('continue') | |
| fd = gdb.execute('info register r0', False, True) | |
| print "fd: %s" % fd | |
| print "found fd: %s" % fd | |
| StopAtRead() | |
| class StopAtOpen(gdb.Command): | |
| def __init__(self): | |
| super(StopAtOpen, self).__init__('stop_at_open', gdb.COMMAND_NONE) | |
| def invoke(self, target_file, from_tty): | |
| gdb.execute('set pagination off') | |
| gdb.execute('handle all nostop pass noprint') | |
| gdb.execute('disable breakpoints') | |
| gdb.execute('set scheduler-locking step') | |
| ret = gdb.execute('info address open', False, True) | |
| ret = ret.split() | |
| open_addr = None | |
| for addr in ret: | |
| if addr.startswith('0x'): | |
| open_addr = addr | |
| break | |
| gdb.execute('break *(%s)' % (open_addr)) | |
| file_name = '' | |
| fd = '' | |
| while target_file not in file_name: | |
| gdb.execute('continue') | |
| file_name = gdb.execute('x/s $r0', False, True) | |
| print "file opened: %s" % (file_name.rstrip()) | |
| lr = gdb.execute('info registers lr', False, True) | |
| lr = lr.split()[1] | |
| lr = int(lr,16) & 0xFFFFFFFE | |
| # execute until open return | |
| gdb.execute('break *0x%x' % lr) | |
| gdb.execute('set scheduler-locking on') # lock thread | |
| gdb.execute('continue') | |
| gdb.execute('set scheduler-locking step') # unlock thread | |
| # get fd from r0 | |
| fd = gdb.execute('info register r0', False, True) | |
| print "file opened: %s\n fd: %s" % (file_name.rstrip(), fd) | |
| StopAtOpen() | |
| class StopAtLoad(gdb.Command): | |
| def __init__(self): | |
| super(StopAtLoad, self).__init__('stop_at_load', gdb.COMMAND_NONE) | |
| def invoke(self, target_library, from_tty): | |
| gdb.execute('set pagination off') | |
| gdb.execute('handle all nostop pass noprint') | |
| gdb.execute('disable breakpoints') | |
| gdb.execute('set scheduler-locking step') | |
| ret = gdb.execute('info address __dl__Z9do_dlopenPKciPK17android_dlextinfoPv', False, True) | |
| ret = ret.split() | |
| dlopen_addr = None | |
| for addr in ret: | |
| if addr.startswith('0x'): | |
| dlopen_addr = addr | |
| break | |
| gdb.execute('break *(%s)' % (dlopen_addr)) | |
| library_name = '' | |
| while target_library not in library_name: | |
| gdb.execute('continue') | |
| library_name = gdb.execute('x/s $r0', False, True) | |
| print "library_name: %s " % library_name | |
| lr = gdb.execute('info registers lr', False, True) | |
| lr = lr.split()[1] | |
| lr = int(lr,16) & 0xFFFFFFFE | |
| # execute until dlopen return | |
| gdb.execute('break *0x%x' % lr) | |
| gdb.execute('set scheduler-locking on') # lock thread | |
| gdb.execute('continue') | |
| gdb.execute('set scheduler-locking step') # unlock thread | |
| print "library %s loaded" % library_name | |
| StopAtLoad() | |
| class FullSearch(gdb.Command): | |
| def __init__(self): | |
| super(FullSearch, self).__init__('full_search', gdb.COMMAND_NONE) | |
| def invoke(self, argv, from_tty): | |
| proc_mappings = gdb.execute('info proc mappings', False, True) | |
| #[/sn] parameter | |
| sn = argv.split(' ')[0] | |
| if not sn.startswith('/'): | |
| sn = '' | |
| bytes = argv.strip(sn) | |
| for line in proc_mappings.splitlines(): | |
| arr = line.strip().split(' ') | |
| start_addr = arr[0].strip() | |
| if start_addr.startswith('0x'): | |
| end_addr = arr[1].strip() | |
| try: | |
| # print 'find %s %s, %s, %s' % (sn, start_addr, end_addr, bytes) | |
| result = gdb.execute('find %s %s, %s, %s' % (sn, start_addr, end_addr, bytes), False, True ) | |
| if "Pattern not found." not in result: | |
| print result | |
| except Exception as e: | |
| print traceback.format_exc() | |
| FullSearch() | |
| class InfoLib(gdb.Command): | |
| def __init__(self): | |
| super(InfoLib, self).__init__('infolib', gdb.COMMAND_NONE) | |
| def invoke(self, lib, from_tty): | |
| proc_mappings = gdb.execute('info proc mappings', False, True) | |
| for line in proc_mappings.splitlines(): | |
| if lib in line: | |
| print line | |
| InfoLib() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment