Created
September 24, 2022 00:14
-
-
Save wkz/343f1bf91ae71ed2c140943a4f347c0c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import subprocess | |
| def vmlinux_kaslr_base(): | |
| out = subprocess.run("awk '/ _text$/ { print($1); exit(0); }' /proc/kallsyms", | |
| shell=True, capture_output=True) | |
| if out.returncode != 0: | |
| raise Exception("Unable to determine the running kernel's base address") | |
| base = int(out.stdout.decode(), 16) | |
| if base == 0: | |
| raise Exception("Unable to determine the running kernel's base address") | |
| return base | |
| def vmlinux_link_base(path): | |
| out = subprocess.run("readelf -WS %s | awk '/ .text/ { print($5); exit(0); }'" % path, | |
| shell=True, capture_output=True) | |
| if out.returncode != 0: | |
| raise Exception("Unable to determine the kernel's base link address") | |
| return int(out.stdout.decode(), 16) | |
| class AddVmlinux (gdb.Command): | |
| """Load vmlinux, compensating for KASLR""" | |
| def __init__ (self): | |
| super (AddVmlinux, self).__init__ ("add-vmlinux", gdb.COMMAND_USER) | |
| def invoke (self, arg, from_tty): | |
| kaslr_offset = vmlinux_kaslr_base() - vmlinux_link_base(arg) | |
| gdb.execute("add-symbol-file %s -o %#x" % (arg, kaslr_offset), False) | |
| AddVmlinux () |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment