2 # Quick and dirty, but inefficient shellscript that
3 # turns all memcpy calls into memmove calls
10 MEMCPY=0x$(objdump -S -j .plt $INPUT | grep memcpy |awk '{ print $1 }')
11 [ $MEMCPY = "0x" ] && echo "Can't find memcpy call in $INPUT PLT" 1>&2 && exit 1
13 MEMMOVE=0x$(objdump -S -j .plt $INPUT | grep memmove |awk '{ print $1 }')
14 [ $MEMMOVE = "0x" ] && echo "Can't find memmove call in $INPUT PLT" 1>&2 && exit 2
16 DELTA=$(($MEMMOVE - $MEMCPY))
17 MEMCPY="$(printf '%x' $MEMCPY)"
19 TEMP_OUTPUT="$(mktemp)"
20 trap "rm -f $TEMP_OUTPUT" ERR
22 cp $INPUT $TEMP_OUTPUT
23 objdump -S -j .text $INPUT | while read offset e8 byte1 byte2 byte3 byte4 call call_offset rest; do
24 test "$call_offset" = "$MEMCPY" || continue;
26 OFFSET=$(printf "0x%x" $((0x${offset%:} + 1)))
27 NUMBER="0x${byte4}${byte3}${byte2}${byte1}"
28 echo -n "Changing call at offset $OFFSET from [${byte1} ${byte2} ${byte3} ${byte4}]"
29 NUMBER=$(printf "0x%08x" $(($NUMBER + $DELTA)))
31 BYTE1=$(printf "%02x" $((($NUMBER >> 24) & 0xff)))
32 BYTE2=$(printf "%02x" $((($NUMBER >> 16) & 0xff)))
33 BYTE3=$(printf "%02x" $((($NUMBER >> 8) & 0xff)))
34 BYTE4=$(printf "%02x" $((($NUMBER >> 0) & 0xff)))
36 echo " to [${BYTE4} ${BYTE3} ${BYTE2} ${BYTE1}]"
37 echo -ne "\x$BYTE4\x$BYTE3\x$BYTE2\x$BYTE1" | dd of=$TEMP_OUTPUT bs=1 seek=$(($OFFSET)) count=4 conv=notrunc 2> /dev/null
40 mv $TEMP_OUTPUT $INPUT