1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
#!/bin/bash
# script to find system call table in /dev/mem
# written by palmers / teso
TMP=./______some_strange_tmp_file
A=`./findsym -s sys_exit`
B=`./findsym -s sys_fork`
C=`./findsym -s sys_read`
D=`./findsym -s sys_write`
#echo $A $B $C $D
#transform the addresses ...
A1=`echo $A | cut -c 7,8`
A2=`echo $A | cut -c 5,6`
A3=`echo $A | cut -c 3,4`
A4=`echo $A | cut -c 1,2`
B1=`echo $B | cut -c 7,8`
B2=`echo $B | cut -c 5,6`
B3=`echo $B | cut -c 3,4`
B4=`echo $B | cut -c 1,2`
C1=`echo $C | cut -c 7,8`
C2=`echo $C | cut -c 5,6`
C3=`echo $C | cut -c 3,4`
C4=`echo $C | cut -c 1,2`
D1=`echo $D | cut -c 7,8`
D2=`echo $D | cut -c 5,6`
D3=`echo $D | cut -c 3,4`
D4=`echo $D | cut -c 1,2`
echo "sys_call_table c01a0000 c0260000 -4 10 $A1 $A2 $A3 $A4 $B1 $B2 $B3 $B4 $C1 $C2 $C3 $C4 $D1 $D2 $D3 $D4" > $TMP
./findsym -f $TMP sys_call_table
rm $TMP
|
