summaryrefslogtreecommitdiff
path: root/contrib/brute-map.bash
blob: 4a5a8113463c8696a4d73581acc3a9b4e7121906 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#!/bin/bash
# usage: ./brute-map.bash pid file [window-size]
# Sometimes region offsets aren't available, but we know that some regions map a file
# Fix the region offsets by bruteforcing the offsets from a known file
while read -r region; do
   offset=$(printf '%d' "0x$(awk '{print $3}' <<<"$region")")
   if ((offset == 0)); then
      offset=$(binsearch <(ptrace-region-rw "$1" read <<<"$region" 2>/dev/null | bintrim) $3 < "$2")
      if [[ -n "$offset" ]]; then
         hex=$(printf '%.8x' "$offset")
         awk '{printf "%s %s %s %s %s %s\n", $1, $2, "'"$hex"'", $4, $5, $6, $7}' <<<"$region"
      fi
   else
      printf '%s\n' "$region"
   fi
done