aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbloodstalker <thabogre@gmail.com>2018-07-29 10:52:38 +0000
committerbloodstalker <thabogre@gmail.com>2018-07-29 10:52:38 +0000
commit033635696bd38349cff0b58bca38378c8e009287 (patch)
tree9a9d50af5e6aff05b460b563113e1f9b308d3d77
parentmarkdown... (diff)
downloadmutator-033635696bd38349cff0b58bca38378c8e009287.tar.gz
mutator-033635696bd38349cff0b58bca38378c8e009287.zip
added new options to delf
-rwxr-xr-xbfd/load.py122
-rw-r--r--bruiser/bruiser.cpp1
-rw-r--r--bruiser/bruisercapstone.c2
3 files changed, 123 insertions, 2 deletions
diff --git a/bfd/load.py b/bfd/load.py
index 791f7ee..da361d6 100755
--- a/bfd/load.py
+++ b/bfd/load.py
@@ -86,6 +86,8 @@ class CLIArgParser(object):
parser.add_argument("--rodata", action='store_true', help="dump .rodata", default=False)
parser.add_argument("--disass", type=str, help="disassembls a section by name in section headers")
parser.add_argument("--disassp", type=int, help="disassembls a section by index in program headers")
+ parser.add_argument("--got", action="store_true", help="dump .got section", default=False)
+ parser.add_argument("--gotplt", action="store_true", help="dump .got.plt section",default=False)
self.args = parser.parse_args()
if self.args.obj is None:
raise Exception("no object file provided. please specify an object with --obj.")
@@ -540,6 +542,41 @@ class X86_64_REL_TYPE:
R_AMD64_SIZE32 = 32
R_AMD64_SIZE64 = 33
+class X86_64_REL_TYPE_2:
+ R_X86_64_NONE = 0
+ R_X86_64_64 = 1
+ R_X86_64_PC32 = 2
+ R_X86_64_GOT32 = 3
+ R_X86_64_PLT32 = 4
+ R_X86_64_COPY = 5
+ R_X86_64_GLOB_DAT = 6
+ R_X86_64_JUMP_SLOT = 7
+ R_X86_64_RELATIVE = 8
+ R_X86_64_GOTPCREL = 9
+ R_X86_64_32 = 10
+ R_X86_64_32S = 11
+ R_X86_64_16 = 12
+ R_X86_64_PC16 = 13
+ R_X86_64_64_8 = 14
+ R_X86_64_PC8 = 15
+ R_X86_64_DTPMOD64 = 16
+ R_X86_64_DTPOFF64 = 17
+ R_X86_64_TPOFF64 = 18
+ R_X86_64_TLSGD = 19
+ R_X86_64_TLSLD = 20
+ R_X86_64_DTPOFF32 = 21
+ R_X86_64_GOTTPOFF = 22
+ R_X86_64_TPOFF32 = 23
+ R_X86_64_PC64 = 24
+ R_X86_64_GOTOFF64 = 25
+ R_X86_64_GOTPC32 = 26
+ R_X86_64_SIZE32 = 32
+ R_X86_64_SIZE64 = 33
+ R_X86_64_GOTPC32_TLDSEC = 34
+ R_X86_64_TLDSEC_CALL = 35
+ R_X86_64_TLDSEC = 36
+ R_X86_64_IRELATIVE = 37
+
def get_x86_64_rel_type(val):
if val == X86_64_REL_TYPE.R_AMD64_NONE: return "R_386_NONE"
elif val == X86_64_REL_TYPE.R_AMD64_64: return "R_AMD64_64"
@@ -564,6 +601,42 @@ def get_x86_64_rel_type(val):
elif val == X86_64_REL_TYPE.R_AMD64_SIZE64: return "R_AMD64_SIZE64"
else: return "UNKNOWN"
+def get_x86_64_rel_type_2(val):
+ if val == X86_64_REL_TPE_2.R_X86_64_NONE: return"R_X86_64_NONE"
+ elif val == X86_64_REL_TPE_2.R_X86_64_64: return"R_X86_64_64"
+ elif val == X86_64_REL_TPE_2.R_X86_64_PC32: return"R_X86_64_PC32"
+ elif val == X86_64_REL_TPE_2.R_X86_64_GOT32: return"R_X86_64_GOT32"
+ elif val == X86_64_REL_TPE_2.R_X86_64_PLT32: return"R_X86_64_PLT32"
+ elif val == X86_64_REL_TPE_2.R_X86_64_COPY: return"R_X86_64_COPY"
+ elif val == X86_64_REL_TPE_2.R_X86_64_GLOB_DAT: return"R_X86_64_GLOB_DAT"
+ elif val == X86_64_REL_TPE_2.R_X86_64_JUMP_SLOT: return"R_X86_64_JUMP_SLOT"
+ elif val == X86_64_REL_TPE_2.R_X86_64_RELATIVE: return"R_X86_64_RELATIVE"
+ elif val == X86_64_REL_TPE_2.R_X86_64_GOTPCREL: return"R_X86_64_GOTPCREL"
+ elif val == X86_64_REL_TPE_2.R_X86_64_32: return"R_X86_64_32"
+ elif val == X86_64_REL_TPE_2.R_X86_64_32S: return"R_X86_64_32S"
+ elif val == X86_64_REL_TPE_2.R_X86_64_16: return"R_X86_64_16"
+ elif val == X86_64_REL_TPE_2.R_X86_64_PC16: return"R_X86_64_PC16"
+ elif val == X86_64_REL_TPE_2.R_X86_64_64_8: return"R_X86_64_64_8"
+ elif val == X86_64_REL_TPE_2.R_X86_64_PC8: return"R_X86_64_PC8"
+ elif val == X86_64_REL_TPE_2.R_X86_64_DTPMOD64: return"R_X86_64_DTPMOD64"
+ elif val == X86_64_REL_TPE_2.R_X86_64_DTPOFF64: return"R_X86_64_DTPOFF64"
+ elif val == X86_64_REL_TPE_2.R_X86_64_TPOFF64: return"R_X86_64_TPOFF64"
+ elif val == X86_64_REL_TPE_2.R_X86_64_TLSGD: return"R_X86_64_TLSGD"
+ elif val == X86_64_REL_TPE_2.R_X86_64_TLSLD: return"R_X86_64_TLSLD"
+ elif val == X86_64_REL_TPE_2.R_X86_64_DTPOFF32: return"R_X86_64_DTPOFF32"
+ elif val == X86_64_REL_TPE_2.R_X86_64_GOTTPOFF: return"R_X86_64_GOTTPOFF"
+ elif val == X86_64_REL_TPE_2.R_X86_64_TPOFF32: return"R_X86_64_TPOFF32"
+ elif val == X86_64_REL_TPE_2.R_X86_64_PC64: return"R_X86_64_PC64"
+ elif val == X86_64_REL_TPE_2.R_X86_64_GOTOFF64: return"R_X86_64_GOTOFF64"
+ elif val == X86_64_REL_TPE_2.R_X86_64_GOTPC32: return"R_X86_64_GOTPC32"
+ elif val == X86_64_REL_TPE_2.R_X86_64_SIZE32: return"R_X86_64_SIZE32"
+ elif val == X86_64_REL_TPE_2.R_X86_64_SIZE64: return"R_X86_64_SIZE64"
+ elif val == X86_64_REL_TPE_2.R_X86_64_GOTPC32_TLDSEC: return"R_X86_64_GOTPC32_TLDSEC"
+ elif val == X86_64_REL_TPE_2.R_X86_64_TLDSEC_CALL: return"R_X86_64_TLDSEC_CALL"
+ elif val == X86_64_REL_TPE_2.R_X86_64_TLDSEC: return"R_X86_64_TLDSEC"
+ elif val == X86_64_REL_TPE_2.R_X86_64_IRELATIVE: return"R_X86_64_IRELATIVE"
+ else: return "UNKNOWN"
+
class ELF_ST_BIND:
STB_LOCAL = 0
STB_GLOBAL = 1
@@ -738,6 +811,14 @@ class ELF(object):
self.rela_plt = []
self.rela_plt_ents = []
self.rodata = []
+ self.plt = []
+ self.got = []
+ self.got_plt = []
+ self.plt_got = []
+ self.plt_ents = []
+ self.plt_got_ents = []
+ self.got_ents = []
+ self.got_plt_ents = []
def init(self, size):
self.size = size
@@ -1234,6 +1315,41 @@ class ELF(object):
to_pop.append(dummy)
dummy = {}
+ #FIXME-ELF64 only
+ def pop_got(self):
+ for shhdr in self.shhdr:
+ name = self.read_section_name(byte2int(shhdr.sh_name))
+ if name == ".got":
+ self.so.seek(byte2int(shhdr.sh_offset))
+ self.got = self.so.read(byte2int(shhdr.sh_size))
+ self.so.seek(byte2int(shhdr.sh_offset))
+ for i in range(0, int(byte2int(shhdr.sh_size)/8)):
+ self.got_ents.append(byte2int(self.so.read(8)))
+
+ #FIXME-ELF64 only
+ def pop_got_plt(self):
+ for shhdr in self.shhdr:
+ name = self.read_section_name(byte2int(shhdr.sh_name))
+ if name == ".got.plt":
+ self.so.seek(byte2int(shhdr.sh_offset))
+ self.got_plt = self.so.read(byte2int(shhdr.sh_size))
+ self.so.seek(byte2int(shhdr.sh_offset))
+ for i in range(0, int(byte2int(shhdr.sh_size)/8)):
+ self.got_plt_ents.append(byte2int(self.so.read(8)))
+
+ def dump_got(self):
+ header = ["value"]
+ value_list = [entry for entry in self.got_ents]
+ lines = ffs(2, header, True, value_list)
+ for line in lines:
+ print(line)
+
+ def dump_got_plt(self):
+ header = ["value"]
+ value_list = [entry for entry in self.got_plt_ents]
+ lines = ffs(2, header, True, value_list)
+ for line in lines:
+ print(line)
class obj_loader():
def __init__(self, bytes):
@@ -1458,6 +1574,12 @@ def premain(argparser):
elif argparser.args.dynsecents: elf.dump_dyn_sec_ents(elf.dyn_section_ents)
elif argparser.args.reladyn: elf.dump_rela(elf.rela_dyn_ents)
elif argparser.args.relaplt: elf.dump_rela(elf.rela_plt_ents)
+ elif argparser.args.got:
+ elf.pop_got()
+ elf.dump_got()
+ elif argparser.args.gotplt:
+ elf.pop_got_plt()
+ elf.dump_got_plt()
else: print("why even bother if you were not gonna type anythng decent in?")
def main():
diff --git a/bruiser/bruiser.cpp b/bruiser/bruiser.cpp
index 04c194d..e47d37c 100644
--- a/bruiser/bruiser.cpp
+++ b/bruiser/bruiser.cpp
@@ -752,7 +752,6 @@ class IfBreaker : public MatchFinder::MatchCallback
NameFinder::runDeclRefExprMatcher DRENameMatcher(Rewrite);
DRENameMatcher.runMatcher(StringRef(), *MR.Context);
-
}
if (MR.Nodes.getNodeAs<clang::BinaryOperator>("dous") != nullptr)
diff --git a/bruiser/bruisercapstone.c b/bruiser/bruisercapstone.c
index d0f4217..30fead2 100644
--- a/bruiser/bruisercapstone.c
+++ b/bruiser/bruisercapstone.c
@@ -371,7 +371,7 @@ int main(int argc, char** argv) {
printf("new size is %d.\n", new_size);
for (int i = new_size; i < 44; ++i) {asm_code2[i] = 0;}
for (int i = 0; i < 44; ++i) {printf("%02x ", asm_code2[i]);}
-
+
printf("\n----------------------------------------------------------\n");
printf("etext: %10p\n", &etext);
printf("edata: %10p\n", &edata);