Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- def ggetr(name):
- return int(gdb.parse_and_eval(name))
- def ggeta(addr):
- return int(gdb.parse_and_eval('*(unsigned long long *){}'.format(addr)))
- def gseta(name, value):
- gdb.execute('set *(unsigned long long *){} = {}'.format(name, value))
- def gsetr(name, value):
- gdb.execute('set {} = {}'.format(name, value))
- def gst():
- return int(gdb.parse_and_eval('*(unsigned long long*)$rsp'))
- def ret():
- rsp = ggetr('$rsp')
- ret_addr = gst()
- gsetr('$rip', ret_addr)
- gsetr('$rsp', rsp + 8)
- cache = {}
- states = []
- class BrB(gdb.Breakpoint):
- def __init__(self, location):
- super(BrB, self).__init__(spec=location, type=gdb.BP_BREAKPOINT, internal=False, temporary=False)
- def stop(self):
- rdi, rsi, rdx, rcx = ggetr('$rdi'), ggetr('$rsi'), ggetr('$rdx'), ggetr('$rcx')
- state = (rsi, rdx, rcx)
- states.append((rdi, state))
- print('in', state)
- if state in cache:
- print('!!!!')
- a, b, c = cache[state]
- gseta(rdi, a)
- gseta(rdi + 8, b)
- gseta(rdi + 16, c)
- ret()
- return False
- class BrE(gdb.Breakpoint):
- def __init__(self, location):
- super(BrE, self).__init__(spec=location, type=gdb.BP_BREAKPOINT, internal=False, temporary=False)
- def stop(self):
- rdi, state = states[-1]
- states.pop()
- a, b, c = ggeta(rdi), ggeta(rdi + 8), ggeta(rdi + 16)
- print('out', state)
- cache[state] = (a, b, c)
- return False
- BrB('*0x00005555555553b0')
- BrE('*0x0000555555555424')
- gdb.execute('run')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
