Created
August 22, 2010 22:30
-
-
Save dgl/544358 to your computer and use it in GitHub Desktop.
Use GDB to examine a non-executable file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# © 2010 David Leadbeater; https://dgl.cx/licence | |
# Use GDB to examine a non-executable file. The file will be loaded starting at | |
# byte 0 in memory, you can then use normal GDB commands such as "x/s 0". | |
if [ $# -lt 1 ]; then | |
echo "Usage: $0 file" | |
exit 1 | |
fi | |
file="${1:?}" | |
# As this is a security measure remember the setting so we can restore it | |
ORIG_MIN_ADDR=$(sysctl vm.mmap_min_addr) | |
sudo sysctl -w vm.mmap_min_addr=0 | |
DIR=$(mktemp -d) | |
cat <<EOF > $DIR/mmap.c | |
#include <sys/mman.h> | |
#include <stdlib.h> | |
main() { | |
mmap(0, | |
/* Adjust if you need >1GB */ | |
1<<30, | |
PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_FIXED, | |
0, 0); | |
abort(); | |
} | |
EOF | |
cc -o $DIR/mmap $DIR/mmap.c | |
cat <<EOF > $DIR/script | |
r | |
restore $file binary 0 | |
EOF | |
gdb -x $DIR/script $DIR/mmap | |
# Cleanup, but don't delete any files we don't know about just in case | |
rm -f $DIR/mmap $DIR/mmap.c $DIR/script | |
rmdir $DIR | |
# Restore | |
sudo sysctl -w "${ORIG_MIN_ADDR/ }" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment