Skip to content
/ WhileDetect Public

A python tool for detecting while(True) loop in a given binary

4 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

whuben/WhileDetect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
dissamble.py
dissamble.py
 
 
elf.py
elf.py
 
 
searchwhile.py
searchwhile.py
 
 
typedef.py
typedef.py
 
 
whiledetect.py
whiledetect.py
 
 

Repository files navigation

WhileDetect

--

A python tool for detecting whether there are some while(1) loops in your binary after compiling by GCC

Usage

-- python whiledetect.py [binary_path] eg: python whiledetect.py /opt/nginx/sbin/nginx

Motivation for writing this tool

--

GCC Bug in a hgih version(4.8.*) :the bug of Compile options "-O2"

The code mode(fake c):

for(a=func(b);a!=c;a=func(b)) 
{
    ...task_body...
}

will be optimized to

a=func(b);
if(a!=c)
{
    while(1)
    {
        ...task_body...
    }
}

and the code mode above will run in an endless loop

Problem of false positives of this tool remained

  • The initial function "register_tm_clones" which added by gcc automaticly will be detected as the while true code block, maybe it can be eliminated by set a smaller disntance of JUMP_MAX_DISTANCE in the script named searchwhile.py
  • the code blocks which contain a CALL to EXIT or EXCEPTION syscall will be detected as the while true code block, and this problem remains to be fix by distinguish the target of CALL instructions in the potential code blocks

About

A python tool for detecting while(True) loop in a given binary

Resources

Readme
Activity

Stars

4 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages