Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //usage: spsearch boot_img_via_dump_image
- #include <stdio.h>
- #include <stdlib.h>
- unsigned int read32(const void *p){
- const unsigned char *x=(const unsigned char*)p;
- return x[0]|(x[1]<<8)|(x[2]<<16)|(x[3]<<24);
- }
- int main(const int argc, const char **argv){
- unsigned char *mem;
- unsigned size,c=1,startaddr;
- FILE *f;
- if(argc<2){fprintf(stderr,"s_protect_info searcher\nspsearch kernel...\n");return 1;}
- //read
- //startaddr=strtoul(argv[1],NULL,0);
- for(;c<argc;c++){
- //fprintf(stderr,"%s: ",argv[c]);
- f=fopen(argv[c],"rb");
- if(!f){fprintf(stderr,"cannot open kernel\n");continue;}
- fseek(f,0,SEEK_END);
- size=ftell(f);
- fseek(f,0,SEEK_SET);
- if(size>0x2000000){fprintf(stderr,"too big\n");fclose(f);continue;} //32MB
- mem=(unsigned char*)malloc(size);
- if(!mem){fprintf(stderr,"cannot alloc memory\n");fclose(f);continue;}
- fread(mem,1,size,f);
- fclose(f);
- //search
- {
- unsigned int i=0,p=0,x=0;
- for(;i<size-100;i+=4){
- if(
- mem[i+ 3]==0xe5&&mem[i+ 2]==0x9f && // ldr r*,=immediate
- mem[i+ 7]==0xe3&&mem[i+ 6]==0xa0&&mem[i+ 5]==0x10&&mem[i+ 4]==0x48 && // mov r1,#0x48
- mem[i+11]==0xe5&&(mem[i+10]&0xf0)==0x90 && // ldr ...
- ((
- mem[i+15]==0xe3&&mem[i+14]==0xa0 && // mov r*...
- mem[i+19]==0xeb // bl
- )||(
- mem[i+15]==0xeb // bl
- ))
- ){
- //fprintf(stderr,"%08x\n",i);
- if(p){fprintf(stderr,"multiple hits (search error)\n");free(mem);goto next;}
- x=((mem[i+1]&0x0f)<<8)|mem[i];
- p=i+x+8;
- //fprintf(stderr,"%08x %08x -> %08x\n",i,p,read32(mem+p));
- }
- }
- if(!p){fprintf(stderr,"no hits (search error)\n");free(mem);goto next;}
- fprintf(stderr,"%08x\n",read32(mem+p));
- if(!isatty(fileno(stdout)))printf("%08x",read32(mem+p));
- }
- free(mem);
- next:;
- break;
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
