def getCFAddress(addr): outputStr = '' section = addr.section target = ds.getTarget() fileAddr = addr.file_addr executablePath = addr.module.file.fullpath dataSection = ds.getSection(module=executablePath, name='__DATA.__cfstring') if dataSection is None: return '' size = dataSection.size charPointerType = target.GetBasicType(lldb.eBasicTypeChar).GetPointerType() dataArray = dataSection.data.uint64s # TODO implement 32 bit for i, x in enumerate(dataArray): if i % 4 != 2: continue if x == fileAddr: offset = (i - 2) * 8 # TODO implement 32 bit # size = dataArray[i + 1] # lldb.SBData loadAddress = dataSection.addr.GetLoadAddress(target) + offset startAddr = target.ResolveLoadAddress(loadAddress) straddr = target.ResolveLoadAddress( dataSection.addr.GetLoadAddress(target) + (i * 8)) summary = target.CreateValueFromAddress('somename', straddr, charPointerType).summary outputStr += '[{}] {}\n'.format( hex(startAddr.GetLoadAddress(target)), summary) return outputStr
def generate_cstring_dict(target, command, options): if options.module: module_name = options.module module = target.FindModule(lldb.SBFileSpec(module_name)) if not module.IsValid(): result.SetError( "Unable to open module name '{}', to see list of images use 'image list -b'" .format(module_name)) return modules = [module] else: modules = target.modules return_string = '' error = lldb.SBError() prog = re.compile(command) for m in modules: section = ds.getSection(m, '__TEXT.__cstring') if section is None: continue data = section.data dataArray = section.data.sint8s sectionAddress = section.addr.GetLoadAddress(target) moduleString = '' indices = [ i for i, x in enumerate(dataArray) if x > 1 and dataArray[i - 1] == 0 and x != 0 ] returnDict = {} for i in indices: cString = data.GetString(error, i) if prog.search(cString): returnDict[hex(sectionAddress + i)] = cString if len(returnDict) == 0: continue if options.module_summary: return_string += '{} hits in: {}\n'.format(str(len(returnDict)), m.file.basename) else: moduleString = '\n' + ds.attrStr( '****************************************************', 'cyan') + '\n{} hits in: {}'.format( str(len(returnDict)), ds.attrStr(m.file.basename, 'red')) + '\n' + ds.attrStr( '****************************************************', 'cyan') + '\n' for k, v in returnDict.iteritems(): if options.load_address: moduleString += ds.attrStr('[' + k + ']', 'yellow') + ' ' moduleString += ds.attrStr(v, 'cyan') + '\n' return_string += moduleString return return_string
def handle_command(debugger, command, exe_ctx, result, internal_dict): ''' Documentation for how to use section goes here ''' command_args = shlex.split(command, posix=False) parser = generate_option_parser() try: (options, args) = parser.parse_args(command_args) except: result.SetError(parser.usage) return # Uncomment if you are expecting at least one argument # clean_command = shlex.split(args[0])[0] target = exe_ctx.target if len(args) == 0: options.summary = True sections = [i for i in ds.getSection()] elif len(args) == 1: module = args[0] if target.module[args[0]] else None segment = args[0] if not module else None if segment and '.' in segment: if module: sections = ds.getSection(module=args[0], name=None) else: sections = [ds.getSection(module=None, name=args[0])] else: # module = args[0] if target.module[args[0]] else None options.summary = True if module: sections = ds.getSection(module=args[0], name=None) elif args[0] == '__PAGEZERO' or args[0] == '__LINKEDIT': sections = ds.getSection(module=None, name=args[0]) else: sections = [ i for i in ds.getSection(module=None, name=args[0]) ] elif len(args) == 2: if '.' in args[1]: sections = [ds.getSection(args[0], args[1])] else: options.summary = True sections = [i for i in ds.getSection(args[0], args[1])] if isinstance(sections, lldb.SBSection) and sections.GetNumSubSections() == 0: output = str(sections) else: output = parseSection(sections, options, target) result.AppendMessage(output)
def getObjcMethNameAddress(addr, target): outputStr = '' section = addr.section fileAddr = addr.file_addr executablePath = addr.module.file.fullpath dataSection = ds.getSection(module=executablePath, name='__DATA.__objc_selrefs') charPointerType = target.GetBasicType(lldb.eBasicTypeChar).GetPointerType() dataArray = dataSection.data.uint64s # TODO implement 32 bit for i, x in enumerate(dataArray): if x != fileAddr: continue offset = i * 8 # TODO implement 32 bit loadAddress = dataSection.addr.GetLoadAddress(target) + offset startAddr = target.ResolveLoadAddress(loadAddress) straddr = target.ResolveLoadAddress(dataSection.addr.GetLoadAddress(target) + (i * 8)) summary = target.CreateValueFromAddress('somename', straddr, charPointerType).summary outputStr += '[{}] {}\n'.format(hex(startAddr.GetLoadAddress(target)), summary) return outputStr
def handle_command(debugger, command, result, internal_dict): ''' Documentation for how to use section goes here ''' command_args = shlex.split(command, posix=False) parser = generate_option_parser() try: (options, args) = parser.parse_args(command_args) except: result.SetError(parser.usage) return # Uncomment if you are expecting at least one argument # clean_command = shlex.split(args[0])[0] if len(args) == 0: options.summary = True sections = [i for i in ds.getSection()] elif len(args) == 1: module = args[0] if ds.getTarget().module[args[0]] else None segment = args[0] if not module else None if segment and '.' in segment: if module: sections = ds.getSection(module=args[0], name=None) else: sections = [ds.getSection(module=None, name=args[0])] else: module = args[0] if ds.getTarget().module[args[0]] else None options.summary = True if module: sections = ds.getSection(module=args[0], name=None) else: sections = [i for i in ds.getSection(module=None, name=args[0])] elif len(args) == 2: if '.' in args[1]: sections = [ds.getSection(args[0], args[1])] else: options.summary = True sections = [i for i in ds.getSection(args[0], args[1])] output = parseSection(sections, options) result.AppendMessage(output)
def handle_command(debugger, command, result, internal_dict): ''' Documentation for how to use xref goes here ''' command_args = shlex.split(command, posix=False) parser = generate_option_parser() try: (options, args) = parser.parse_args(command_args) except: result.SetError(parser.usage) return try: addr = int(args[0], 16) except: addr = int(args[0]) target = ds.getTarget() sbaddress = target.ResolveLoadAddress(addr) if len(args) == 2: module = target.module[args[1]] else: module = sbaddress.module section = sbaddress.section resolvedAddresses = [] outputStr = '' if section.name == '__cstring': outputStr += getCFAddress(sbaddress) if section.name == '__objc_methname': outputStr += getObjcMethNameAddress(sbaddress) executablePath = module.file.fullpath pagesizesection = ds.getSection(module.file.basename, name="__PAGEZERO") pagesize = pagesizesection.size if pagesizesection else 0 loadOffset = ds.getSection( module=executablePath, name="__TEXT").addr.GetLoadAddress(target) - pagesize searchAddr = addr - loadOffset otoolCommand = '/usr/bin/otool -tv "{}"'.format(executablePath) output = subprocess.Popen(otoolCommand, stdin=subprocess.PIPE, stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True).communicate()[0] matches = re.findall(".*rip.*\n\w+", output) regex = re.compile( '(?P<initial>\w+)?\t\w+\w.*[^\*](?P<offset>\-?0x\w+).*\n(?P<addr>\w+)') for i, m in enumerate(matches): res = regex.match(m) if not res or not res.group('addr') or not res.group('offset'): continue # result.AppendMessage(m) # result.AppendMessage(res.group('addr') + '\n') try: address = int(res.group('addr'), 16) offset = int(res.group('offset'), 16) except: outputStr += 'error: at {} {}'.format(res.group('addr'), res.group('offset')) continue potential = address + offset if searchAddr == potential: if res.group('initial'): resolved = int(res.group('initial'), 16) + loadOffset else: resolved = int(regex.match(matches[i - 1]).group('addr'), 16) + loadOffset a = target.ResolveLoadAddress(resolved) resolvedAddresses.append(a) # print("match at {}".format(hex(resolved))) outputStr += generateAddressInfo(resolvedAddresses, options) result.AppendMessage(outputStr)