trishume · June 6, 2024 01:39
diff --git a/gdb.py b/gdb.py
 import re
 import argparse
 import re

 class InstrTraceBreakpoint(gdb.Breakpoint):
    def __init__(self, location, nb_args, *args, **kwargs):
        super(InstrTraceBreakpoint, self).__init__(location, gdb.BP_BREAKPOINT, internal=True)
        self.silent = True
        self.nb_args = nb_args
        return

    def stop(self):
        rax = gef.arch.register('rax')
        rdi = gef.arch.register('rdi')
        print(f"instr: {hex(rax-rdi)}")
        return True

 c = gdb.execute

 def a(x):
    return f"*{hex(x)}"

 def w(x):
    return f"*(char*){hex(x)}"

 class Puppet(GenericCommand):
    """Puppeteer the session"""
    _cmdline_ = "puppet"
    _syntax_  = f"{_cmdline_}"

    def do_invoke(self, argv):
        # c('gef config context.enable 0')
        c('handle SIGSEGV nostop noprint')
        c('handle SIGTRAP nostop noprint')
        b1 = gdb.Breakpoint(a(0x402ff0))
        c('starti')
        # if hasattr(gef, 'session'):
        #     exe = str(gef.session.file)
        #     m = [m.page_start for m in gef.memory.maps if m.path == exe and m.offset == 0][0]
        # else:
        #     m = gef.memory.maps[0].page_start

        # # print(hex(m))

        # b1 = gdb.Breakpoint(a(m+0x18c5)) # just before jump
        # b1.silent = True
        b1 = InstrTraceBreakpoint(a(m+0x18c5),[])
        c('c')
        # for i in range(200):
        N = 8192*2
        old_memspace = b"\x00"*7*N
        for i in range(10):
            rax = gef.arch.register('rax')
            rdi = gef.arch.register('rdi')
            addr = rax-rdi
            addr2 = (addr % 57344)//7
            instr = disassemble(gef.memory.read(rax+4, 7))
            # instr = lookup_address(rax+0x4).dereference() & 0xff
            print(f"{hex(addr)} {addr2}:\t{instr}")

            memspace = gef.memory.read(rdi+4, N*7)
            for i in range(N):
                word = memspace[i*7:(i+1)*7]
                old_word = old_memspace[i*7:(i+1)*7]
                if word != old_word:
                    print(f"    {i}: {old_word.hex()}->{word.hex()}")
            old_memspace = memspace

        #     c('c')
        # b1.delete()
        # c('c')
        # vm_0_mod = gdb.Breakpoint(w(m+0x15d0), type=gdb.BP_WATCHPOINT, wp_class=gdb.WP_WRITE)
        # b1 = gdb.Breakpoint(a(m+0x265d)) # just before table call
        # c('c')

        # exe_end = gef.memory.maps[2].page_end
        # contents = gef.memory.read(m, exe_end-m)
        # with open('secrecy-mod','wb') as f:
        #     f.write(contents)

        # vm_0_mod.enabled = False
        # c('c')
        # b2 = gdb.Breakpoint(a(m+0x15d0)) # vm op 0
        # c('c')

        return

 register_external_command(Puppet())

 # def exit_handler (event):
 #     print ("event type: exit")
 #     if hasattr (event, 'exit_code'):
 #         print ("exit code: %d" % (event.exit_code))
 #     else:
 #         print ("exit code not available")

 # gdb.events.exited.connect (exit_handler)
	import re
	import argparse
	import re

	class InstrTraceBreakpoint(gdb.Breakpoint):
	def __init__(self, location, nb_args, args, *kwargs):
	super(InstrTraceBreakpoint, self).__init__(location, gdb.BP_BREAKPOINT, internal=True)
	self.silent = True
	self.nb_args = nb_args
	return

	def stop(self):
	rax = gef.arch.register('rax')
	rdi = gef.arch.register('rdi')
	print(f"instr: {hex(rax-rdi)}")
	return True

	c = gdb.execute

	def a(x):
	return f"*{hex(x)}"

	def w(x):
	return f"(char){hex(x)}"

	class Puppet(GenericCommand):
	"""Puppeteer the session"""
	_cmdline_ = "puppet"
	_syntax_ = f"{_cmdline_}"

	def do_invoke(self, argv):
	# c('gef config context.enable 0')
	c('handle SIGSEGV nostop noprint')
	c('handle SIGTRAP nostop noprint')
	b1 = gdb.Breakpoint(a(0x402ff0))
	c('starti')
	# if hasattr(gef, 'session'):
	# exe = str(gef.session.file)
	# m = [m.page_start for m in gef.memory.maps if m.path == exe and m.offset == 0][0]
	# else:
	# m = gef.memory.maps[0].page_start

	# # print(hex(m))

	# b1 = gdb.Breakpoint(a(m+0x18c5)) # just before jump
	# b1.silent = True
	b1 = InstrTraceBreakpoint(a(m+0x18c5),[])
	c('c')
	# for i in range(200):
	N = 8192*2
	old_memspace = b"\x00"7N
	for i in range(10):
	rax = gef.arch.register('rax')
	rdi = gef.arch.register('rdi')
	addr = rax-rdi
	addr2 = (addr % 57344)//7
	instr = disassemble(gef.memory.read(rax+4, 7))
	# instr = lookup_address(rax+0x4).dereference() & 0xff
	print(f"{hex(addr)} {addr2}:\t{instr}")

	memspace = gef.memory.read(rdi+4, N*7)
	for i in range(N):
	word = memspace[i7:(i+1)7]
	old_word = old_memspace[i7:(i+1)7]
	if word != old_word:
	print(f" {i}: {old_word.hex()}->{word.hex()}")
	old_memspace = memspace

	# c('c')
	# b1.delete()
	# c('c')
	# vm_0_mod = gdb.Breakpoint(w(m+0x15d0), type=gdb.BP_WATCHPOINT, wp_class=gdb.WP_WRITE)
	# b1 = gdb.Breakpoint(a(m+0x265d)) # just before table call
	# c('c')

	# exe_end = gef.memory.maps[2].page_end
	# contents = gef.memory.read(m, exe_end-m)
	# with open('secrecy-mod','wb') as f:
	# f.write(contents)

	# vm_0_mod.enabled = False
	# c('c')
	# b2 = gdb.Breakpoint(a(m+0x15d0)) # vm op 0
	# c('c')

	return

	register_external_command(Puppet())

	# def exit_handler (event):
	# print ("event type: exit")
	# if hasattr (event, 'exit_code'):
	# print ("exit code: %d" % (event.exit_code))
	# else:
	# print ("exit code not available")

	# gdb.events.exited.connect (exit_handler)