In [26]:
import subprocess

In [111]:
# objdumpでjmp系命令を全て取得
target_file_path = './target/test'

def subprocess_helper(args, _stdin=None, _stdout=subprocess.PIPE):
    return subprocess.Popen(args, stdin=_stdin, stdout=_stdout)

def get_jmp_addrs():
    objdump_args = ['objdump', '-d', '-M', 'intel', target_file_path]
    proc1 = subprocess_helper(objdump_args)
    
    filter_jump_args = ['grep', 'j']
    proc2 = subprocess_helper(filter_jump_args, proc1.stdout)
    proc1.stdout.close()
    
    filter_main_args = ['grep', 'main']
    proc1 = subprocess_helper(filter_main_args, proc2.stdout)
    proc2.stdout.close()
    
    filter_cut_args = ['cut', '-d', ':', '-f', '1']
    proc2 = subprocess_helper(filter_cut_args, proc1.stdout)
    proc1.stdout.close()
    
    output = proc2.communicate()[0].decode('utf8')
    jmp_addrs = []
    if '\n' in output:
        jmp_addrs = output.split('\n')[:-1]
        jmp_addrs = [hex(int(addr.strip(' '), 16)) for addr in jmp_addrs]
    return jmp_addrs


print(get_jmp_addrs())

['0x654', '0x666', '0x674', '0x682', '0x694', '0x6a2']


In [93]:
# objdumpでの止まるアドレスを取得
def get_stop_addr_objdump():
    objdump_args = ['objdump', '-d', '-M', 'intel', target_file_path]
    proc1 = subprocess_helper(objdump_args)
    
    filter_main_args = ['grep', '-A', '5', '<main>']
    proc2 = subprocess_helper(filter_main_args, proc1.stdout)
    proc1.stdout.close()
    
    filter_stop_addr = ['grep', 'sub']
    proc1 = subprocess_helper(filter_stop_addr, proc2.stdout)
    proc2.stdout.close()
    
    filter_cut_args = ['cut', '-d', ':', '-f', '1']
    proc2 = subprocess_helper(filter_cut_args, proc1.stdout)
    proc1.stdout.close()
    
    output = proc2.communicate()[0].decode('utf8').strip(' ')
    return output
    
print(get_stop_addr_objdump())

63e



In [81]:
# gdb実行時での止まるアドレスを取得
def get_stop_addr_gdb():
    init_args = ['rm', 'tmp.out']
    subprocess.call(init_args)
    
    gdb_args = ['gdb', '-q', '-x', 'get_stop_addr.py', './target/test']
    subprocess.call(gdb_args)
    
    filter_cat_args = ['cut', '-d', ' ', '-f', '2', 'tmp.out' ]
    addr = subprocess.check_output(filter_cat_args)
    return addr.decode('utf8')

print(get_stop_addr_gdb())

0x55555555463e



In [112]:
# objdumpとgdb実行時のoffsetを取得
def get_offset_with_objdump_and_gdb():
    return hex(int(get_stop_addr_gdb(), 0) - int(get_stop_addr_objdump(), 16))

print(get_offset_with_objdump_and_gdb())

0x555555554000


In [118]:
# breakpointを立てるアドレスを再計算(offsetを考慮する)
def update_jmp_addrs():
    offset = get_offset_with_objdump_and_gdb()
    addrs = get_jmp_addrs()
    addrs = [hex(int(addr, 0) + int(offset, 0)) for addr in addrs]
    return addrs

update_jmp_addrs()

['0x555555554654',
 '0x555555554666',
 '0x555555554674',
 '0x555555554682',
 '0x555555554694',
 '0x5555555546a2']