Logo Search packages:      
Sourcecode: eresi version File versions  Download package

int revm_match_symtab ( elfshobj_t file,
elfshsect_t symtab,
revmlist_t *  actual,
int  flag 
)

Match regular expressions in the symbol tables

Parameters:
file 
symtab 
actual 
flag 
Returns:

Definition at line 699 of file disasm.c.

References s_sect::altdata, s_rehdr::base, elfsh_get_dynsymbol_name(), elfsh_get_foffset_from_vaddr(), elfsh_get_parent_section(), elfsh_get_raw(), elfsh_get_symbol_name(), elfsh_get_symbol_size(), elfsh_get_symbol_type(), elfsh_get_symbol_value(), elfsh_toggle_mode(), revm_object_display(), revm_output(), s_obj::rhdr, and s_sect::shdr.

Referenced by cmd_disasm().

{
  elfshsect_t     *s;
  char            *name;
  int       matchs = 0;
  u_int           saved_size;
  elfsh_Sym *sym;
  eresi_Addr      addr;
  int       index;
#if __DEBUG_DISASM__
  char            logbuf[BUFSIZ];
#endif

  /* Natural checks */
  PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);
  if (!file || !symtab || !actual)
    PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__,
                  "Invalid NULL parameter", -1);
  saved_size = actual->size;
  
  /* Iterate on symbols */
  sym = (flag ? elfsh_get_raw(symtab) : (elfsh_Sym *) symtab->altdata);
  for (index = 0; index < symtab->shdr->sh_size / sizeof(elfsh_Sym); index++)
    {
      
      /* Match ? */
      name = (flag ? elfsh_get_dynsymbol_name(file, sym + index) : 
            elfsh_get_symbol_name(file, sym + index));      
      if (name == NULL || *name == 0x00 || !DUMPABLE(sym + index) ||
        elfsh_get_symbol_type(sym + index) == STT_SECTION ||
        regexec(&actual->name, name, 0, 0, 0))
      continue;
      matchs++;
      if (!actual->size)
      actual->size = elfsh_get_symbol_size(sym + index);
      else
      actual->size = ((actual->size + actual->off) > 
                  elfsh_get_symbol_size(sym + index) ?
                  elfsh_get_symbol_size(sym + index) : 
                  actual->size + actual->off);
      
#if __DEBUG_DISASM__
      snprintf(logbuf, BUFSIZ - 1, 
             "[debug_disasm:cmd_disasm] Found dynsym regx (%s) (" AFMT ")\n", 
             name, elfsh_get_symbol_value(sym + index));
      revm_output(logbuf);
#endif

      /* Only use toggle mode when inspecting .dynsym */
      if (flag && !elfsh_get_symbol_value(sym + index))
      {
        elfsh_toggle_mode();
        sym = elfsh_get_raw(symtab);
        elfsh_toggle_mode();
        s = elfsh_get_parent_section(file, 
                               file->rhdr.base + sym[index].st_value,
                               NULL);
      }
      else
      s = elfsh_get_parent_section(file, sym[index].st_value, NULL);

      /* Display matched object */
      addr = elfsh_get_foffset_from_vaddr(file, sym[index].st_value);
      if (revm_object_display(s, sym + index, actual->size, actual->off, addr,
                      sym[index].st_value, name, actual->otype) == -1)
      PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, 
                    "Error while displaying matched object", -1);
      
      if (!flag)
      actual->size = saved_size;
    }

  /* Everything went ok */
  PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, matchs);
}


Generated by  Doxygen 1.6.0   Back to index