kallsymslookupsearch

1. #include <stdio.h>
2. #include <stdlib.h>
3. #include <string.h>
4.  
5. #if defined(WIN32) || (!defined(__GNUC__) && !defined(__clang__))
6.     #include <fcntl.h>
7.     #define initstdio() setmode(fileno(stdin),O_BINARY),setmode(fileno(stdout),O_BINARY),setmode(fileno(stderr),O_BINARY);
8. #else
9.     #include <unistd.h>
10.     #define initstdio()
11. #endif
12.  
13. static unsigned int read32(const void *p){
14.     const unsigned char *x=(const unsigned char*)p;
15.     return x[0]|(x[1]<<8)|(x[2]<<16)|(x[3]<<24);
16. }
17.  
18. static unsigned int search(unsigned char *mem, unsigned int size,unsigned int base){
19.     if(size<100){fprintf(stderr,"too small\n");return 0;}
20.     unsigned char *check="\x00\x80\x00\xc0\x00\x80\x00\xc0\x00\x80\x00\xc0\x00\x80\x00\xc0";
21.     unsigned int lcheck=16;
22.  
23.     unsigned int i=0,count=0,n=0;
24.     for(;i<size-100;i+=4){
25.         if(!memcmp(mem+i,check,lcheck)){
26.             fprintf(stderr,"Offset=%08x Virtual=%08x\n",i,n=i+base);
27.             count++;
28.         }
29.     }
30.  
31.     if(count==0){
32.         fprintf(stderr,"no hits (search error)\n");return 1;
33.     }
34.  
35.     for(i=0;i<size-100;i+=4){
36.         if(read32(mem+i)==n){
37.             fprintf(stderr,"Data=%08x\n",i+base+4);
38.         }
39.     }
40.     return 0;
41. }
42.  
43. int main(const int argc, const char **argv){
44.     unsigned char *mem;
45.     unsigned int size;
46.     FILE *f;
47.  
48.     if(argc<3){// && isatty(fileno(stdin))){
49.         fprintf(stderr,
50.             "kallsyms_lookup_name searcher\n"
51.             "kallsymslookupsearch kernel base_address\n"
52.             "base_address is usually CONFIG_PAGE_OFFSET+0x8000\n"
53.         );return 1;
54.     }
55.  
56. #if 0
57.     if(!isatty(fileno(stdin))){
58.         fprintf(stderr,"stdin: ");
59.         size=0x1000000; //16MB
60.         mem=(unsigned char*)malloc(size);
61.         if(!mem){fprintf(stderr,"cannot alloc memory\n");goto stdin_end;}
62.         size=fread(mem,1,size,stdin);
63.         fprintf(stderr,"size=%u ",size);
64.         search(mem,size);
65.  
66.         free(mem);
67. stdin_end:;
68.     }
69. #endif
70.     unsigned int base=strtoul(argv[2],NULL,0);
71.  
72.     //for(;c<argc;c++){
73.     //  fprintf(stderr,"%s: ",argv[c]);
74.         f=fopen(argv[1],"rb");
75.         if(!f){fprintf(stderr,"cannot open kernel\n");return 1;}//continue;}
76.         fseek(f,0,SEEK_END);
77.         size=ftell(f);
78.         fseek(f,0,SEEK_SET);
79.         if(size>0x2000000){fprintf(stderr,"too big\n");fclose(f);return 1;}//continue;} //32MB
80.         mem=(unsigned char*)malloc(size);
81.         if(!mem){fprintf(stderr,"cannot alloc memory\n");fclose(f);return 1;}//continue;}
82.         fread(mem,1,size,f);
83.  
84.         search(mem,size,base);
85.  
86.         free(mem);
87.         //break;
88.     //}
89.     return 0;
90. }