Script para buscar valores en memoria de un proceso y modificarlos.
#!/bin/bash
read -p "Proceso: " proce
read -p "Valor: " valo
> gdb.txt
echo "set logging on
set pagination off" > mem.tmp
cat /proc/$proce/maps | grep -v "/" | awk -v v=$valo '{ print "find 0x" $1 ", " v}' | sed 's/-/ ,0x/g' >> mem.tmp
echo "quit
y" >> mem.tmp
gdb -p $proce > /dev/null 2>&1 < mem.tmp
cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x"
echo `cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x" | wc -l` coincidencias encontradas
while [ "$com" != f ]
do
echo
read -p "(p=imprimir; m=modificar; r=recursivo; b=buscar; f=fin) Comando: " com
case $com in
p)
echo "set logging file gdbprint
set logging on
set pagination off" > mem.tmp
cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x" | awk '{ print "echo " $1 "\nprint *" $1}' >> mem.tmp
echo "quit
y" >> mem.tmp
> gdbprint
gdb -p $proce > /dev/null 2>&1 < mem.tmp
cat gdbprint | sed 's/(gdb) //g' | egrep "^0x" | awk -F '[$=]' '{print $1 " =" $3}'
echo `cat gdbprint | sed 's/(gdb) //g' | egrep "^0x" | wc -l` direcciones imprimidas
rm gdbprint
;;
m)
read -p "Valor: " valo
cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x" | awk -v v=$valo '{ print "set *" $1 "=" v}' > mem.tmp
echo "quit
y" >> mem.tmp
gdb -p $proce > /dev/null 2>&1 < mem.tmp
echo "Direcciones a modificar:"
cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x"
echo `cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x" | wc -l` direcciones modificadas a: $valo
;;
r)
read -p "Nuevo valor: " val2
echo "set logging on
set pagination off" > mem.tmp
cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x" | awk '{ print "echo " $1 "\nprint *" $1}' >> mem.tmp
echo "quit
y" >> mem.tmp
> gdb.txt
gdb -p $proce > /dev/null 2>&1 < mem.tmp
cat gdb.txt | sed 's/(gdb) //g' | egrep "= $val2$" | awk -F $ '{print $1}' > gdb.tmp
mv gdb.tmp gdb.txt
cat gdb.txt | egrep "^0x"
echo `cat gdb.txt | egrep "^0x" | wc -l` coincidencias encontradas
;;
b)
> gdb.txt
read -p "Valor: " valo
echo "set logging on
set pagination off" > mem.tmp
cat /proc/$proce/maps | grep -v "/" | awk -v v=$valo '{ print "find 0x" $1 ", " v}' | sed 's/-/ ,0x/g' >> mem.tmp
echo "quit
y" >> mem.tmp
gdb -p $proce > /dev/null 2>&1 < mem.tmp
cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x"
echo `cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x" | wc -l` coincidencias encontradas
;;
pd)
echo "set logging file gdbprint
set logging on
set pagination off" > mem.tmp
cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x" | awk '{ print "echo " $1 "\nprint {double}" $1}' >> mem.tmp
echo "quit
y" >> mem.tmp
> gdbprint
gdb -p $proce > /dev/null 2>&1 < mem.tmp
cat gdbprint | sed 's/(gdb) //g' | egrep "^0x" | awk -F '[$=]' '{print $1 " =" $3}'
echo `cat gdbprint | sed 's/(gdb) //g' | egrep "^0x" | wc -l` direcciones imprimidas
rm gdbprint
;;
md)
read -p "Valor: " valo
cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x" | awk -v v=$valo '{ print "set {double}" $1 "=(double)" v}' > mem.tmp
echo "quit
y" >> mem.tmp
gdb -p $proce > /dev/null 2>&1 < mem.tmp
echo "Direcciones a modificar:"
cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x"
echo `cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x" | wc -l` direcciones modificadas a: $valo
;;
rd)
read -p "Nuevo valor: " val2
echo "set logging on
set pagination off" > mem.tmp
cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x" | awk '{ print "echo " $1 "\nprint {double}" $1}' >> mem.tmp
echo "quit
y" >> mem.tmp
> gdb.txt
gdb -p $proce > /dev/null 2>&1 < mem.tmp
cat gdb.txt | sed 's/(gdb) //g' | egrep "= $val2$" | awk -F $ '{print $1}' > gdb.tmp
mv gdb.tmp gdb.txt
cat gdb.txt | egrep "^0x"
echo `cat gdb.txt | egrep "^0x" | wc -l` coincidencias encontradas
;;
bd)
> gdb.txt
read -p "Valor: " valo
echo "set logging on
set pagination off" > mem.tmp
cat /proc/$proce/maps | grep -v "/" | awk -v v=$valo '{ print "find 0x" $1 ", (double)" v}' | sed 's/-/ ,0x/g' >> mem.tmp
echo "quit
y" >> mem.tmp
gdb -p $proce > /dev/null 2>&1 < mem.tmp
cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x"
echo `cat gdb.txt | sed 's/(gdb) //g' | egrep "^0x" | wc -l` coincidencias encontradas
;;
esac
done
rm gdb.txt
rm mem.tmp
Linux | memory | memsearch