llvm-project
54 строки · 1.4 Кб
1#!/usr/bin/env python
2
3"""A tool for looking for indirect jumps and calls in x86 binaries.
4
5Helpful to verify whether or not retpoline mitigations are catching
6all of the indirect branches in a binary and telling you which
7functions the remaining ones are in (assembly, etc).
8
9Depends on llvm-objdump being in your path and is tied to the
10dump format.
11"""
12
13from __future__ import print_function
14
15import os
16import sys
17import re
18import subprocess
19import optparse
20
21# Look for indirect calls/jmps in a binary. re: (call|jmp).*\*
22def look_for_indirect(file):
23args = ["llvm-objdump"]
24args.extend(["-d"])
25args.extend([file])
26
27p = subprocess.Popen(
28args=args, stdin=None, stderr=subprocess.PIPE, stdout=subprocess.PIPE
29)
30(stdout, stderr) = p.communicate()
31
32function = ""
33for line in stdout.splitlines():
34if line.startswith(" ") == False:
35function = line
36result = re.search("(call|jmp).*\*", line)
37if result != None:
38# TODO: Perhaps use cxxfilt to demangle functions?
39print(function)
40print(line)
41return
42
43
44def main(args):
45# No options currently other than the binary.
46parser = optparse.OptionParser("%prog [options] <binary>")
47(opts, args) = parser.parse_args(args)
48if len(args) != 2:
49parser.error("invalid number of arguments: %s" % len(args))
50look_for_indirect(args[1])
51
52
53if __name__ == "__main__":
54main(sys.argv)
55