From b0c403d7aef0cf232563b83d5773c589d859e057 Mon Sep 17 00:00:00 2001 From: Eric Christopher Date: Tue, 3 Apr 2018 07:01:33 +0000 Subject: [PATCH] Add a wrapper around llvm-objdump to look for indirect calls/jmps in x86 assembly. Useful when looking for indirect calls/jmps the need mitigation via retpoline or other mitigations for Spectre v2. Feedback, extension, additional patches welcome. llvm-svn: 329050 --- llvm/utils/indirect_calls.py | 49 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100755 llvm/utils/indirect_calls.py diff --git a/llvm/utils/indirect_calls.py b/llvm/utils/indirect_calls.py new file mode 100755 index 0000000..1fdbcc1 --- /dev/null +++ b/llvm/utils/indirect_calls.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python + +"""A tool for looking for indirect jumps and calls in x86 binaries. + + Helpful to verify whether or not retpoline mitigations are catching + all of the indirect branches in a binary and telling you which + functions the remaining ones are in (assembly, etc). + + Depends on llvm-objdump being in your path and is tied to the + dump format. +""" + +import os +import sys +import re +import subprocess +import optparse + +# Look for indirect calls/jmps in a binary. re: (call|jmp).*\* +def look_for_indirect(file): + args = ['llvm-objdump'] + args.extend(["-d"]) + args.extend([file]) + + p = subprocess.Popen(args=args, stdin=None, stderr=subprocess.PIPE, stdout=subprocess.PIPE) + (stdout,stderr) = p.communicate() + + function = "" + for line in stdout.splitlines(): + if line.startswith(' ') == False: + function = line + result = re.search('(call|jmp).*\*', line) + if result != None: + # TODO: Perhaps use cxxfilt to demangle functions? + print function + print line + return + +# Compare the debug info between two files. +def main(args): + # No options currently other than the binary. + parser = optparse.OptionParser("%prog [options] ") + (opts, args) = parser.parse_args(args) + if len(args) != 2: + parser.error("invalid number of arguments: %s" % len(args)) + look_for_indirect(args[1]) + +if __name__ == '__main__': + main(sys.argv) -- 2.7.4