ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-07 15:51:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
AFLplusplus/qemu_mode/util/qemu_get_symbol_addr.sh
vanhauser-thc ed1a6f8a57 2024 v4.10c release
2024-02-03 11:01:31 +01:00

54 lines
2.0 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Copyright 2024 AFLplusplus
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
target="$1"
symbol="$2"
base="$3"
test -z "$target" -o -z "$symbol" -o '!' -x "$target" && {
echo "Syntax: $0 executable function [baseaddress]"
echo
echo Help script to calculate the function address of a binary QEMU will load it to.
echo function is e.g. LLVMFuzzerTestOneInput, afl_qemu_driver_stdin, etc.
echo "baseaddress is tried to be auto-detected, you can use 'AFL_QEMU_DEBUG_MAPS=1 afl-qemu-trace ./executable' to see the maps."
exit 1
}
file=$(file $target|sed 's/.*: //')
arch=$(echo $file|awk -F, '{print$2}'|tr -d ' ')
bits=$(echo $file|sed 's/-bit .*//'|sed 's/.* //')
pie=$(echo $file|grep -wqi pie && echo pie)
test $(uname -s) = "Darwin" && symbol=_"$symbol"
tmp_addr=$(nm "$target" | grep -i "T $symbol" | awk '{print$1}' | tr a-f A-F)
test -z "$tmp_addr" && { echo Error: function $symbol not found 1>&2; exit 1; }
test -z "$pie" && { echo 0x$tmp_addr; exit 0; }
test -z "$base" && {
test "$bits" = 32 -o "$bits" = 64 || { echo "Error: could not identify arch (bits=$bits)" 1>&2 ; exit 1; }
test "$arch" = Intel80386 && base=0x40000000
test "$arch" = x86-64 && base=0x4000000000
test "$arch" = ARMaarch64 && base=0x5500000000
# add more here, e.g. "$arch" = ARM
}
test -z "$base" && { echo "Error: could not identify base address! bits=$bits arch=$arch" 1>&2 ; exit 1; }
hex_base=$(echo "$base" | awk '{sub("^0x","");print $0}' | tr a-f A-F )
echo $tmp_addr | echo "ibase=16;obase=10;$hex_base + $tmp_addr" | bc | tr A-F a-f | awk '{print "0x"$0}'
exit 0
Reference in New Issue View Git Blame Copy Permalink