Created
September 27, 2015 19:22
-
-
Save hc0d3r/455c1ab67a7e46a41580 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Search for x64 system calls numbers and function prototype using man pages | |
# @hc0d3r | |
# | |
# $ source syscallref64.sh | |
# Usage: syscallref syscallname | |
# $ syscallref socket | |
# | |
# Syscall number: 41 | |
# | |
# Function prototype: | |
# | |
# int socket(int domain, int type, int protocol); | |
# | |
# Man entry: man 2 socket | |
# | |
# $ bash syscallref64.sh potato | |
# No syscall number found to potato | |
# | |
# explain regex -> | |
# (?s) active pcre dot_all, to match | |
# ^\s+ ~> the line must start with espaces (1 or more) | |
# (\w+\s)+ ~> match the functions names, like int, unsigned int, void | |
# \*? ~> check for a possible pointer | |
# $1 ~> it is the parameter passed to syscallref function | |
# \( ~> check for function start | |
# [^\)]+ ~> match any char, except ) | |
# \); ~> match function end | |
# (\s+/\*[^/.]+\*/)? ~> match possible comments | |
# UNISTD location ~.~ , set this for skip search proces | |
UNISTD='' | |
syscallref(){ | |
if [ $# -lt 1 ];then | |
echo "Usage: syscallref syscallname" | |
return 1 | |
fi | |
if [ -z "$UNISTD" ];then | |
UNISTD=$(find /usr/include -type f -name "unistd_64.h") | |
if [ $? != "0" ];then | |
echo "unistd not found" | |
return 1 | |
fi | |
else | |
if [ ! -f "$UNISTD" ]; then | |
echo "File $UNISTD doens't exist" | |
return 1 | |
fi | |
fi | |
syscall_number=$(grep -Po "__NR_$1\s\K[[:digit:]]+$" "$UNISTD") | |
if [ $? != "0" ];then | |
echo "No syscall number found to $1" | |
return 1 | |
else | |
echo -e "\nSyscall number: $syscall_number\n" | |
fi | |
men=$(man 2 "$1") | |
if [ $? != "0" ];then | |
echo | |
return 1 | |
fi | |
echo "$men" | grep 'unimplemented system calls' > /dev/null | |
if [ $? = "0" ]; then | |
echo -e "\nThe system call $1 are not implemented\n" | |
return 1 | |
fi | |
function_description=$(echo "$men" | grep -Pzo "(?s)^\s+(\w+\s)+\*?$1\([^\)]+\);(\s+/\*[^/.]+\*/)?\$") | |
if [ -z "$function_description" ]; then | |
i=$(echo "$1" | perl -pe 's/[[:digit:]]+$//') | |
function_description=$(echo "$men" | grep -Pzo "(?s)^\s+(\w+\s)+\*?$i\([^\)]+\);(\s+/\*[^/.]+\*/)?\$") | |
if [ -z "$function_description" ]; then | |
i=$(echo "$1" | perl -pe 's/rt_//') | |
function_description=$(echo "$men" | grep -Pzo "(?s)^\s+(\w+\s)+\*?$i\([^\)]+\);(\s+/\*[^/.]+\*/)?\$") | |
fi | |
if [ -z "$function_description" ]; then | |
i="_$1" | |
function_description=$(echo "$men" | grep -Pzo "(?s)^\s+(\w+\s)+\*?$i\([^\)]+\);(\s+/\*[^/.]+\*/)?\$") | |
fi | |
if [ -z "$function_description" ]; then | |
echo -e "Unable to find function prototype\n" | |
return 1 | |
fi | |
fi | |
echo -e "Function prototype:\n$function_description\n" | |
echo -e "Man entry: man 2 $1\n" | |
return 0 | |
} | |
syscallref ${@:1} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment