veritas501's Blog

导航

gdb列出所有指定大小的结构体

比如我现在想找会放入256-slab的struct。

首先把所有的type名列出来:

gdb vmlinux -ex "info types" -ex "quit" | tee  ~/types_raw.txt

输出大体如下:

GNU gdb (GDB) 10.1
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
pwndbg: loaded 194 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
Reading symbols from vmlinux...
All defined types:

File ./arch/x86/include/asm//msr-trace.h:
21:     struct trace_event_data_offsets_msr_trace_class;
21:     struct trace_event_raw_msr_trace_class;

File ./arch/x86/include/asm/alternative.h:
41:     struct alt_instr;

File ./arch/x86/include/asm/amd_nb.h:
30:     struct amd_l3_cache;
9:      struct amd_nb_bus_dev_range;
63:     struct amd_northbridge;
71:     struct amd_northbridge_info;
55:     struct threshold_bank;
35:     struct threshold_block;

File ./arch/x86/include/asm/apic.h:
284:    struct apic;
58:     enum apic_intr_mode_id;

File ./arch/x86/include/asm/apicdef.h:
435:    enum ioapic_irq_destination_types;

File ./arch/x86/include/asm/calgary.h:
46:     struct cal_chipset_ops;
33:     struct iommu_table;
......

接着我们用sed来正则处理一下这段内容:

sed -n "s@[0-9]*:\s\(struct.*\);@\1@p" ~/types_raw.txt | tee ~/types.txt

得到如下内容:

struct trace_event_data_offsets_msr_trace_class
struct trace_event_raw_msr_trace_class
struct alt_instr
struct amd_l3_cache
struct amd_nb_bus_dev_range
struct amd_northbridge
struct amd_northbridge_info
struct threshold_bank
struct threshold_block
struct apic
......

之后写个python脚本去挨个查询struct的sizeof,并将合适大小的struct打印输出:

querys = open('/home/veritas/types.txt').read().split('\n')
for query in querys:
	try:
		sym = gdb.lookup_type(query)
		if 192 < sym.sizeof <= 256:
			print(f'{query}: {sym.sizeof}')
			gdb.execute(f"pt/o {query}")
			print('\n-------------------------------------------\n')
	except:
		pass
gdb vmlinux -ex "source ~/find_struct.py" -ex "quit" | tee ~/result.txt

输出如下:

struct cpuinfo_x86: 240
/* offset    |  size */  type = struct cpuinfo_x86 {
/*    0      |     1 */    __u8 x86;
/*    1      |     1 */    __u8 x86_vendor;
/*    2      |     1 */    __u8 x86_model;
/*    3      |     1 */    __u8 x86_stepping;
/*    4      |     4 */    int x86_tlbsize;
/*    8      |     1 */    __u8 x86_virt_bits;
/*    9      |     1 */    __u8 x86_phys_bits;
/*   10      |     1 */    __u8 x86_coreid_bits;
/*   11      |     1 */    __u8 cu_id;
/*   12      |     4 */    __u32 extended_cpuid_level;
/*   16      |     4 */    int cpuid_level;
/*   20      |    80 */    __u32 x86_capability[20];
/*  100      |    16 */    char x86_vendor_id[16];
/*  116      |    64 */    char x86_model_id[64];
/*  180      |     4 */    unsigned int x86_cache_size;
/*  184      |     4 */    int x86_cache_alignment;
/*  188      |     4 */    int x86_cache_max_rmid;
/*  192      |     4 */    int x86_cache_occ_scale;
/*  196      |     4 */    int x86_power;
/*  200      |     8 */    unsigned long loops_per_jiffy;
/*  208      |     2 */    u16 x86_max_cores;
/*  210      |     2 */    u16 apicid;
/*  212      |     2 */    u16 initial_apicid;
/*  214      |     2 */    u16 x86_clflush_size;
/*  216      |     2 */    u16 booted_cores;
/*  218      |     2 */    u16 phys_proc_id;
/*  220      |     2 */    u16 logical_proc_id;
/*  222      |     2 */    u16 cpu_core_id;
/*  224      |     2 */    u16 cpu_index;
/* XXX  2-byte hole  */
/*  228      |     4 */    u32 microcode;
/*  232      |     1 */    u8 x86_cache_bits;
/*  233: 0   |     4 */    unsigned int initialized : 1;
/* XXX  7-bit padding   */
/* XXX  6-byte padding  */

                           /* total size (bytes):  240 */
                         }

-------------------------------------------

struct fork_frame: 224
/* offset    |  size */  type = struct fork_frame {
/*    0      |    56 */    struct inactive_task_frame {
/*    0      |     8 */        unsigned long r15;
/*    8      |     8 */        unsigned long r14;
/*   16      |     8 */        unsigned long r13;
/*   24      |     8 */        unsigned long r12;
/*   32      |     8 */        unsigned long bx;
/*   40      |     8 */        unsigned long bp;
/*   48      |     8 */        unsigned long ret_addr;

                               /* total size (bytes):   56 */
                           } frame;
/*   56      |   168 */    struct pt_regs {
/*   56      |     8 */        unsigned long r15;
/*   64      |     8 */        unsigned long r14;
/*   72      |     8 */        unsigned long r13;
/*   80      |     8 */        unsigned long r12;
/*   88      |     8 */        unsigned long bp;
/*   96      |     8 */        unsigned long bx;
/*  104      |     8 */        unsigned long r11;
/*  112      |     8 */        unsigned long r10;
/*  120      |     8 */        unsigned long r9;
/*  128      |     8 */        unsigned long r8;
/*  136      |     8 */        unsigned long ax;
/*  144      |     8 */        unsigned long cx;
/*  152      |     8 */        unsigned long dx;
/*  160      |     8 */        unsigned long si;
/*  168      |     8 */        unsigned long di;
/*  176      |     8 */        unsigned long orig_ax;
/*  184      |     8 */        unsigned long ip;
/*  192      |     8 */        unsigned long cs;
/*  200      |     8 */        unsigned long flags;
/*  208      |     8 */        unsigned long sp;
/*  216      |     8 */        unsigned long ss;

                               /* total size (bytes):  168 */
                           } regs;

                           /* total size (bytes):  224 */
                         }

-------------------------------------------

posted on 2021-03-08 23:26  veritas501  阅读(440)  评论(0编辑  收藏  举报