crowell

diff --git a/libr/anal/esil.c b/libr/anal/esil.c
index 7b5cf2d..0ff8a72 100644
--- a/libr/anal/esil.c
+++ b/libr/anal/esil.c
@@ -1988,14 +1988,16 @@ static int esil_dup(RAnalEsil *esil) {
 }
 
 static int esil_swap (RAnalEsil *esil) {
-	char *tmp;
+	char *tmp1;

crowell

00000000: 7f45 4c46 0101 0100 0000 0000 0000 0000  .ELF............
00000010: 0200 0300 0100 0000 a080 0408 3400 0000  ............4...
00000020: dc00 0000 0000 0000 3400 2000 0200 2800  ........4. ...(.
00000030: 0600 0300 0100 0000 0000 0000 0080 0408  ................
00000040: 0080 0408 a800 0000 a800 0000 0500 0000  ................
00000050: 0010 0000 0400 0000 7400 0000 7480 0408  ........t...t...
00000060: 7480 0408 2400 0000 2400 0000 0400 0000  t...$...$.......
00000070: 0400 0000 0400 0000 1400 0000 0300 0000  ................
00000080: 474e 5500 f7c9 6c3a 1ebd c1a7 2a73 3257  GNU...l:....*s2W
00000090: f291 2172 9b3f b818 0000 0000 0000 0000  ..!r.?..........

crowell

diff --git a/crypto/cpu-intel.c b/crypto/cpu-intel.c
index 924bab0..cb48bb3 100644
--- a/crypto/cpu-intel.c
+++ b/crypto/cpu-intel.c
@@ -116,7 +116,7 @@ static uint64_t OPENSSL_xgetbv(uint32_t xcr) {
   return (uint64_t)_xgetbv(xcr);
 #else
   uint32_t eax, edx;
-  __asm__ volatile ("xgetbv" : "=a"(eax), "=d"(edx) : "c"(xcr));
+  __asm__ volatile (".byte 0x0f,0x01,0xd0" : "=a"(eax), "=d"(edx) : "c"(xcr));

crowell

#include <elf.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>

// killgdb.c - prevent an elf from being loaded by gdb.
// Jeffrey Crowell <crowell [at] bu [dot] edu>
//
// $ objcopy --only-keep-debug program program.debug

crowell

digraph code {
	graph [bgcolor=white];
	node [color=lightgray, style=filled shape=box fontname="Courier" fontsize="8"];
 "0x00401169_0x00401169" [color="lightgray", label="/ (fcn) fcn.00401169 271\l| 0x00401169   mov dword [rip + 0x200f75], 0\l| 0x00401173   mov qword [rip + 0x200f72], 0\l| 0x0040117e   mov qword [rip + 0x200f6f], 0\l| 0x00401189   mov qword [rip + 0x200f6c], 0x401100\l| 0x00401194   mov qword [rip + 0x200f69], 0x65736163\l| 0x0040119f   mov qword [rip + 0x200f66], 0\l| 0x004011aa   mov qword [rip + 0x200f63], 0\l| 0x004011b5   mov qword [rip + 0x200f60], 0\l| 0x004011c0   mov qword [rip + 0x200f5d], 0x400a54\l| 0x004011cb   movabs rax, 0x65646f636e65\l| 0x004011d5   mov qword [rip + 0x200f54], rax\l| 0x004011dc   mov qword [rip + 0x200f51], 0\l| 0x004011e7   mov qword [rip + 0x200f4e], 0\l| 0x004011f2   mov qword [rip + 0x200f4b], 0\l| 0x004011fd   mov qword [rip + 0x200f48], 0x400d04\l| 0x00401208   mov qword [rip + 0x200f45], 0x726f78\l| 0x00401213   mov qword [rip + 0x200f42], 0\l| 0x0040

crowell

digraph code {
	graph [bgcolor=white];
	node [color=lightgray, style=filled shape=box fontname="Courier" fontsize="8"];
	"0x0040128e_0x0040128e" -> "0x0040128e_0x00401356" [color="blue"];
 "0x0040128e_0x0040128e" [color="red", label="/ (fcn) fcn.0040128e 258\l| ; var int local_0      @ rbp-0x0\l| ; var int local_0_1    @ rbp-0x1\l| ; var int local_1      @ rbp-0x8\l| ; var int local_66     @ rbp-0x210\l| ; var int local_67     @ rbp-0x218\l| ; var int local_68     @ rbp-0x220\l| ; var int local_69     @ rbp-0x228\l| 0x0040128e   clc\l| 0x00401290   xor eax, eax\l| 0x00401292   mov edi, 0x401633\l| 0x00401297   mov eax, 0\l| 0x0040129c   call sym.imp.printf\l| 0x004012a1   mov rax, qword [rip + 0x200e18]\l| 0x004012a8   mov rdi, rax\l| 0x004012ab   call sym.imp.fflush\l| 0x004012b0   jmp 0x401356\l", URL="fcn.0040128e/0x0040128e"]
	"0x0040128e_0x00401356" -> "0x0040128e_0x004012b5" [color="green"];
	"0x0040128e_0x00401356" -> "0x0040128e_0x0040137a" [color="red"];
 "0x0040128e_0x00401356" [color="yellow", labe

crowell

--[[
Wireshark Dissector for Qualcomm MSM Interface (QMI) Protocol v0.1

Copyright (c) 2012 Ilya Voronin <[email protected]>

Based on Code Aurora Forum's BSD/GPL licensed code:
http://www.codeaurora.org/contribute/projects/gobi/

Short howto for using this script:

crowell

╒ (fcn) sym.serf_bucket_create 71
│           0x003576e0    48895c24e8     mov qword [rsp - 0x18], rbx
│           0x003576e5    4889f3         mov rbx, rsi
│           0x003576e8    48896c24f0     mov qword [rsp - 0x10], rbp
│           0x003576ed    4c896424f8     mov qword [rsp - 8], r12
│           0x003576f2    4889fd         mov rbp, rdi
│           0x003576f5    4883ec18       sub rsp, 0x18
│           0x003576f9    4989d4         mov r12, rdx
│           0x003576fc    4889df         mov rdi, rbx
│           0x003576ff    be18000000     mov esi, 0x18

crowell

GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Attaching to process 4570

crowell

[0x000442b1]> izz~bin/sh
vaddr=0x0018c3dd paddr=0x0018c3dd ordinal=17671 sz=8 len=7 section=.rodata type=ascii string=/bin/sh
[0x000442b1]> axt 0x0018c3dd
d 0x442b1 lea rdi, [rip + 0x148125]
d 0xcb945 lea rsi, [rip + 0xc0a91]
d 0xcb6f1 lea rax, [rip + 0xc0ce5]
d 0xcb9c0 lea rdi, [rip + 0xc0a16]
d 0xff97e lea rax, [rip + 0x8ca58]
d 0x70953 lea rdi, [rip + 0x11ba83]
d 0xcbaa0 lea rdi, [rip + 0xc0936]