st4rk · May 28, 2017 20:17
diff --git a/parse_dump.cpp b/parse_dump.cpp
 #include <iostream>
 #include <cstdio>
 #include <cstdlib>
 #include <experimental/filesystem>

 namespace fs = std::experimental::filesystem;
 FILE *main_dump = nullptr;

 bool parseFileToDump(const std::string& f) {
 	unsigned char *tmpBuff = nullptr;
 	FILE *module_dump = fopen (f.c_str(), "rb");

 	std::size_t hex_start = f.find("0x");

 	if (module_dump == nullptr) {
 		std::cout << "Failed to open the kernel module dump" << std::endl;
 		return false;
 	}

 	if (hex_start == std::string::npos) {
 		std::cout << "Not a valid kernel module dump !" << std::endl;
 		fclose(module_dump);
 		return false;
 	}

 	std::string  hex_value = f.substr(hex_start+2, 8);
 	unsigned int hex_pos  = std::stoi(hex_value, nullptr, 16);
 	std::cout << "starts at: " << hex_start << std::endl;
 	printf("data: 0x%08X\n", hex_pos );
 	std::cout << f << std::endl;

 	fseek(module_dump, 0, SEEK_END);
 	unsigned int fSize = ftell(module_dump);
 	rewind(module_dump);

 	tmpBuff = new unsigned char[fSize];

 	unsigned int readBytes = fread(tmpBuff, 1, fSize, module_dump);

 	if (readBytes != fSize) {
 		fclose(module_dump);
 		delete [] tmpBuff;
 		std::cout << "Failed to load the kernel module dump" << std::endl;
 		return false;
 	}

 	fseek(main_dump, hex_pos, SEEK_SET);
 	fwrite(tmpBuff, sizeof(unsigned char), fSize, main_dump);

 	if (tmpBuff != nullptr)
 		delete [] tmpBuff;


 	fclose(module_dump);
 	return true;
 }

 int main(int argc, const char*argv[]) {

 	if (argc > 1) {
 		std::string path_to_dir = argv[1];
 		main_dump = fopen("full_dump.bin", "wb");

 		for (auto &p : fs::directory_iterator(path_to_dir)) {
 			if(!parseFileToDump(p.path().string())) {
 				fclose(main_dump);
 				std::cout << "An error occured on parseFileToDump, invalid full_dump" << std::endl;
 				return 0;
 			}
 		}

 		std;:cout << "Check the full_dump.bin and have fun with IDA Pro ;) " << std::endl;
 		fclose(main_dump);
 	} else {
 		std::cout << "input: specify the kernel modules path" << std::endl;
 	}

 	return 0;
 }
	#include <iostream>
	#include <cstdio>
	#include <cstdlib>
	#include <experimental/filesystem>

	namespace fs = std::experimental::filesystem;
	FILE *main_dump = nullptr;

	bool parseFileToDump(const std::string& f) {
	unsigned char *tmpBuff = nullptr;
	FILE *module_dump = fopen (f.c_str(), "rb");

	std::size_t hex_start = f.find("0x");

	if (module_dump == nullptr) {
	std::cout << "Failed to open the kernel module dump" << std::endl;
	return false;
	}

	if (hex_start == std::string::npos) {
	std::cout << "Not a valid kernel module dump !" << std::endl;
	fclose(module_dump);
	return false;
	}

	std::string hex_value = f.substr(hex_start+2, 8);
	unsigned int hex_pos = std::stoi(hex_value, nullptr, 16);
	std::cout << "starts at: " << hex_start << std::endl;
	printf("data: 0x%08X\n", hex_pos );
	std::cout << f << std::endl;

	fseek(module_dump, 0, SEEK_END);
	unsigned int fSize = ftell(module_dump);
	rewind(module_dump);

	tmpBuff = new unsigned char[fSize];

	unsigned int readBytes = fread(tmpBuff, 1, fSize, module_dump);

	if (readBytes != fSize) {
	fclose(module_dump);
	delete [] tmpBuff;
	std::cout << "Failed to load the kernel module dump" << std::endl;
	return false;
	}

	fseek(main_dump, hex_pos, SEEK_SET);
	fwrite(tmpBuff, sizeof(unsigned char), fSize, main_dump);

	if (tmpBuff != nullptr)
	delete [] tmpBuff;


	fclose(module_dump);
	return true;
	}

	int main(int argc, const char*argv[]) {

	if (argc > 1) {
	std::string path_to_dir = argv[1];
	main_dump = fopen("full_dump.bin", "wb");

	for (auto &p : fs::directory_iterator(path_to_dir)) {
	if(!parseFileToDump(p.path().string())) {
	fclose(main_dump);
	std::cout << "An error occured on parseFileToDump, invalid full_dump" << std::endl;
	return 0;
	}
	}

	std;:cout << "Check the full_dump.bin and have fun with IDA Pro ;) " << std::endl;
	fclose(main_dump);
	} else {
	std::cout << "input: specify the kernel modules path" << std::endl;
	}

	return 0;
	}