analysis/datastub/SymbolInfo: Use gdb to recover symbol

Fraunhofer-AISEC · Mar 13, 2023 · 0617ddc · 0617ddc
1 parent c5e198f
commit 0617ddc
Showing 1 changed file with 30 additions and 1 deletion.
diff --git a/analysis/datastub/SymbolInfo.py b/analysis/datastub/SymbolInfo.py
@@ -24,9 +24,11 @@
 # @version 0.3
 
 
-import sys
+import copy
 import os.path
+import shlex
 import subprocess
+import sys
 from operator import itemgetter
 from datastub.SortedCollection import SortedCollection
 from datastub.utils import debug
@@ -35,6 +37,28 @@
 *************************************************************************
 """
 
+DEBUG_SYMBOLS = dict()
+
+
+def getdebugsymbol(sym, address):
+    if address in DEBUG_SYMBOLS:
+        debug(3, f"found symbol {DEBUG_SYMBOLS[address]} at {hex(address)}")
+        return DEBUG_SYMBOLS[address]
+    offset = address - sym.img.lower
+    command = f"gdb -ex 'set print asm-demangle on' -ex 'x/i {hex(offset)}' -ex quit {sym.img.name}"
+    output = subprocess.check_output(shlex.split(command)).decode("utf-8")
+    line = str()
+    lines = output.splitlines()
+    for line in reversed(lines):
+        tmp = line.lstrip().split(" ", 1)[0]
+        if tmp == hex(offset):
+            break
+    line = line.split("<", 1)[1]
+    line = line[::-1].split(">", 1)[1]
+    line = line[::-1]
+    DEBUG_SYMBOLS[address] = line
+    return line
+
 
 def getdebugelf(fname):
     command = f"gdb -ex quit {fname}"
@@ -192,6 +216,11 @@ def lookup(cls, address):
         assert cls.instance is not None
         try:
             (_, sym) = cls.instance.symbols.find_le(address)
+            if sym.name[0].find("_init") >= 0:
+                sym = copy.deepcopy(sym)
+                sym_name = getdebugsymbol(sym, address)
+                sym.name[0] = sym_name
+                return sym
             return sym
         except ValueError:
             return None