diff options
| -rw-r--r-- | README.md | 8 | ||||
| -rwxr-xr-x | find | 35 |
2 files changed, 31 insertions, 12 deletions
@@ -10,11 +10,11 @@ You can also add a custom libc to your database. $ ./add /usr/lib/libc-2.21.so -Find all the libc's in the database that have a given name at the given address. -Only the last 12 bits are checked, because randomization usually works on page -size level. +Find all the libc's in the database that have the given names at the given +addresses. Only the last 12 bits are checked, because randomization usually +works on page size level. - $ ./find printf 260 + $ ./find printf 260 puts f30 archive-glibc (id libc6_2.19-10ubuntu2_i386) Find a libc from the leaked return address into __libc_start_main. @@ -1,12 +1,31 @@ #!/bin/bash -if [[ $# != 2 ]]; then - echo >&2 "Usage: $0 name address" +function usage() { + echo >&2 "Usage: $0 name address [name address ...]" exit 2 -fi -name=$1 -address=$2 -addr_last12=`echo -n "$address" | tail -c 3` -for id in `grep -e "^$name .*$addr_last12" db/*.symbols \ - | perl -n -e '/db\/(.*)\.symbols/ && print "$1\n"'`; do +} + +function find_single() { + name=$1 + address=$2 + addr_last12=`echo -n "$address" | tail -c 3 | tr '[:upper:]' '[:lower:]'` + grep -e "^$name .*$addr_last12$" db/*.symbols \ + | perl -n -e '/db\/(.*)\.symbols/ && print "$1\n"' \ + | sort +} + +function find() { + [[ $# < 2 ]] && usage + name=$1; shift + address=$1; shift + if [[ $# == 0 ]]; then + find_single $name $address + else + comm -12 \ + <(find_single $name $address) \ + <(find "$@") + fi +} + +for id in `find "$@"`; do echo "`cat db/${id}.info` (id $id)" done |