-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathbuffer_layout.sh
46 lines (34 loc) · 1.41 KB
/
buffer_layout.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/bin/bash
PATH=/usr/bin:/usr/sbin:/bin:/sbin
if [ $# -eq 0 ]; then
echo "No target binary specified. Exiting..."
exit 1
fi
target_binary="$1"
if [ ! -f "$target_binary" ]; then
echo "Target binary does not exist. Exiting..."
exit 1
fi
readelf -l "$target_binary" > /tmp/readelf_program_headers.txt
start_heap=$(cat /tmp/readelf_program_headers.txt | grep HEAP | awk '{print $2}')
end_heap=$(cat /tmp/readelf_program_headers.txt | grep HEAP | awk '{print $3}')
objdump -d "$target_binary" > /tmp/objdump_assembly.txt
malloc_refs=$(cat /tmp/objdump_assembly.txt | grep -E 'malloc|calloc|realloc|free')
echo "References to memory allocation functions:"
echo "$malloc_refs"
echo ""
echo "Analyzing assembly code to determine how the heap is structured..."
echo ""
echo "Heap region starts at: $start_heap"
echo "Heap region ends at: $end_heap"
echo ""
echo "Analyzing assembly code to determine how memory is allocated and freed in the heap..."
echo ""
echo "Identifying any memory management techniques that are used to manage the heap..."
echo ""
echo "Identifying any security measures that are used to protect the heap from malicious access..."
echo ""
echo "Analyzing assembly code to determine any potential vulnerabilities in the heap layout..."
echo ""
echo "Documenting findings and recommendations for improving the security of the heap layout..."
echo ""