Core grep is a utility that works like grep but was designed to be used against core files.
d20e5c8dc13d0cce1e98db9f2a8559cb03f62d5dee59b44f124f195121335d7e/* coregrep - by eSDee of Netric (www.netric.org)
----------------------------------------------
Usage:
$ ./cgrep core "floppppp"
Match at: 0xBADe5Dee
*/
#include <stdio.h>
#include <fcntl.h>
#include <elf.h>
#include <sys/stat.h>
int
main(int argc, char *argv[])
{
struct stat fstat_struct;
char *filedata;
int iRead = 0;
int i = 0;
int k = 0;
Elf32_Ehdr *elf_header;
Elf32_Phdr *program_header;
if (argc < 3) {
fprintf(stderr, "%s <coredump> <string>\n", argv[0]);
return -1;
}
if ((iRead = open(argv[1], O_RDONLY)) < 0) {
fprintf(stderr, "Unable to open %s!\n", argv[1]);
return -1;
}
if ((fstat(iRead, &fstat_struct)) < 0) {
fprintf(stderr, "fstat failed!\n");
close(iRead);
return -1;
}
if (!(filedata=(char *)malloc(fstat_struct.st_size))) {
fprintf(stderr, "malloc failed!\n");
close(iRead);
return -1;
}
memset(filedata, 0x0, fstat_struct.st_size);
if (read(iRead, filedata, fstat_struct.st_size) < 0) {
fprintf(stderr, "read failed!\n");
free(filedata);
close(iRead);
return -1;
}
elf_header = (Elf32_Ehdr *)filedata;
if (!(elf_header->e_type == ET_CORE && elf_header->e_machine == EM_386)) {
fprintf(stderr, "Not a coredump!\n\n");
free(filedata);
close(iRead);
return -1;
}
for (i=0; i < elf_header->e_phnum; i++) {
program_header = (Elf32_Phdr *)(filedata + elf_header->e_phoff + (i * elf_header->e_phentsize));
for (k = program_header->p_offset; k < program_header->p_offset + program_header->p_filesz; k++)
if (!strncmp((filedata + k), argv[2], strlen(argv[2])))
fprintf(stdout, "Match at: 0x%08x\n", (program_header->p_vaddr + k - program_header->p_offset));
}
free(filedata);
close(iRead);
return 0;
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed