From 64b0af9a13da5319aaa40c55f853d301df931425 Mon Sep 17 00:00:00 2001
From: yellows8 <yellows8@users.noreply.github.com>
Date: Tue, 9 Jun 2015 15:47:34 -0400
Subject: [PATCH] Implemented --script, and moved some code-blocks into
 dedicated functions / minor other changes.

---
 ropgadget_patternfinder.c | 388 +++++++++++++++++++++++++++++---------
 1 file changed, 300 insertions(+), 88 deletions(-)

diff --git a/ropgadget_patternfinder.c b/ropgadget_patternfinder.c
index 1f0aaf0..e0d6628 100644
--- a/ropgadget_patternfinder.c
+++ b/ropgadget_patternfinder.c
@@ -16,7 +16,43 @@ unsigned char *filebuf = NULL, *patterndata = NULL, *patternmask = NULL;
 size_t filebufsz=0, hashblocksize=0;
 size_t patterndata_size=0, patternmask_size=0;
 
+int enable_script = 0;
+
 char line_prefix[256];
+char script_path[1024];
+
+void hexdump(void *ptr, int buflen)//From ctrtool.
+{
+	unsigned char *buf = (unsigned char*)ptr;
+	int i, j;
+
+	for (i=0; i<buflen; i+=16)
+	{
+		printf("%06x: ", i);
+		for (j=0; j<16; j++)
+		{ 
+			if (i+j < buflen)
+			{
+				printf("%02x ", buf[i+j]);
+			}
+			else
+			{
+				printf("   ");
+			}
+		}
+
+		printf(" ");
+
+		for (j=0; j<16; j++) 
+		{
+			if (i+j < buflen)
+			{
+				printf("%c", (buf[i+j] >= 0x20 && buf[i+j] <= 0x7e) ? buf[i+j] : '.');
+			}
+		}
+		printf("\n");
+	}
+}
 
 int load_bindata(char *arg, unsigned char **buf, unsigned int *size)
 {
@@ -105,9 +141,127 @@ int load_bindata(char *arg, unsigned char **buf, unsigned int *size)
 	return 0;
 }
 
+int parse_param(char *param, int type)
+{
+	int ret=0;
+	unsigned int tmpsize=0;
+
+	if(strncmp(param, "--patterntype=", 14)==0)
+	{
+		if(strncmp(&param[14], "sha256", 6)==0)
+		{
+			patterntype = 0;
+		}
+		else if(strncmp(&param[14], "datacmp", 7)==0)
+		{
+			patterntype = 1;
+		}
+		else
+		{
+			printf("Invalid pattern-type.\n");
+			ret = 5;
+		}
+	}
+
+	if(strncmp(param, "--patterndata=", 14)==0)
+	{
+		if(patterndata)
+		{
+			free(patterndata);
+			patterndata = NULL;
+		}
+
+		tmpsize = 0;
+		ret = load_bindata(&param[14], &patterndata, &tmpsize);
+		patterndata_size = tmpsize;
+	}
+
+	if(strncmp(param, "--patterndatamask=", 18)==0)
+	{
+		if(patterndata)
+		{
+			free(patternmask);
+			patternmask = NULL;
+		}
+
+		tmpsize = 0;
+		ret = load_bindata(&param[18], &patternmask, &tmpsize);
+		patternmask_size = tmpsize;
+	}
+
+	if(strncmp(param, "--patternsha256size=", 20)==0)
+	{
+		sscanf(&param[20], "0x%x", &tmpsize);
+		hashblocksize = tmpsize;
+	}
+
+	if(strncmp(param, "--stride=", 9)==0)
+	{
+		sscanf(&param[9], "0x%x", &stride);
+	}
+
+	if(strncmp(param, "--findtarget=", 13)==0)
+	{
+		sscanf(&param[13], "0x%x", &findtarget);
+	}
+
+	if(strncmp(param, "--baseaddr=", 11)==0)
+	{
+		sscanf(&param[11], "0x%x", &baseaddr);
+	}
+
+	if(strncmp(param, "--plainout", 10)==0)
+	{
+		plainout = 1;
+		if(param[10] == '=')
+		{
+			strncpy(line_prefix, &param[11], sizeof(line_prefix)-1);
+		}
+	}
+
+	if(type==0 && strncmp(param, "--script", 8)==0)
+	{
+		enable_script = 1;
+		if(param[8] == '=')
+		{
+			strncpy(script_path, &param[9], sizeof(script_path)-1);
+		}
+	}
+
+	return ret;
+}
+
+int verify_params_state()
+{
+	int ret = 0;
+
+	if(patterntype==-1)
+	{
+		printf("No pattern-type specified.\n");
+		ret = 5;
+	}
+
+	if(patterntype==0)
+	{
+		if(patterndata_size==0)
+		{
+			printf("--patternsha256size must be used when pattern-type is sha256.\n");
+			ret = 5;
+		}
+
+		if(patterndata_size != 0x20)
+		{
+			printf("Input hash size is invalid.\n");
+			ret = 5;
+		}
+	}
+
+	return ret;
+}
+
 int locate_pattern()
 {
-	int ret;
+	int ret=0;
 	size_t pos, i;
 	unsigned int found, found2;
 	unsigned int tmpval, tmpval2;
@@ -132,8 +286,6 @@ int locate_pattern()
 		{
 			if(filebufsz - pos < patterndata_size)break;
 
-			
-
 			if(patternmask==NULL)
 			{
 				if(memcmp(patterndata, &filebuf[pos], patterndata_size)==0)
@@ -185,13 +337,107 @@ int locate_pattern()
 	return ret;
 }
 
+int parse_script(FILE *fscript)
+{
+	int pos, pos2;
+	int ret=0;
+	int linenum = 0;
+	char *strptr, *strptr2;
+
+	char linebuf[1024];
+	char tmpbuf[1024];
+
+	memset(linebuf, 0, sizeof(linebuf));
+
+	while(fgets(linebuf, 1023, fscript))
+	{
+		linenum++;
+
+		strptr = strchr(linebuf, '\n');
+		if(strptr)*strptr = 0;
+
+		if(strlen(linebuf)==0)continue;
+
+		strptr = linebuf;
+
+		if(patternmask_size)
+		{
+			free(patternmask);
+			patternmask = NULL;
+			patternmask_size=0;
+		}
+
+		while(*strptr)
+		{
+			if(strptr[0] == ' ')
+			{
+				strptr++;
+				continue;
+			}
+
+			if(strptr[0] == '"' || strptr[0] == '\'')
+			{
+				strptr++;
+
+				memset(tmpbuf, 0, sizeof(tmpbuf));
+
+				for(pos=0; pos<sizeof(tmpbuf)-1; pos++)
+				{
+					if(strptr[pos]==0 || strptr[pos] == '\'' || strptr[pos] == '"')break;
+
+					tmpbuf[pos] = strptr[pos];
+				}
+
+				if(strptr[pos] == '\'' || strptr[pos] == '"')strptr++;
+				strptr+= pos;
+			}
+			else
+			{
+				memset(tmpbuf, 0, sizeof(tmpbuf));
+
+				for(pos=0; pos<sizeof(tmpbuf)-1; pos++)
+				{
+					if(strptr[pos]==0 || strptr[pos] == ' ')break;
+
+					tmpbuf[pos] = strptr[pos];
+				}
+
+				if(strptr[pos] == ' ')strptr++;
+				strptr+= pos;
+			}
+
+			ret = parse_param(tmpbuf, 1);
+			if(ret!=0)
+			{
+				printf("Line#: %d\n", linenum);
+				return ret;
+			}
+		}
+
+		ret = verify_params_state();
+		if(ret!=0)
+		{
+			printf("Line#: %d\n", linenum);
+			return ret;
+		}
+
+		ret = locate_pattern();
+		if(ret!=0)
+		{
+			printf("Line#: %d\n", linenum);
+			return ret;
+		}
+	}
+
+	return ret;
+}
+
 int main(int argc, char **argv)
 {
 	int argi;
 	int ret;
-	unsigned int tmpsize=0;
 	struct stat filestat;
-	FILE *fbin;
+	FILE *fbin, *fscript;
 
 	if(argc<3)
 	{
@@ -209,6 +455,7 @@ int main(int argc, char **argv)
 		printf("--findtarget=0x<hexval> Stop searching once this number of matches were found, by default this is 0x1. When this is 0x0, this will not stop until the end of the binary is reached.\n");
 		printf("--baseaddr=0x<hexval> This is the value which is added to the located offset when printing it, by default this is 0x0.\n");
 		printf("--plainout[=<prefix text>] Only print the located offset/address, unless an error occurs. If '=<text>' is specified, print that before printing the located offset/address.\n");
+		printf("--script=<path> Specifies a script from which to load params from(identical to the cmd-line params), each line is for a different pattern to search for. Each param applies to the current line, and all the lines after that until that param gets specified on another line again. When '=<path>' isn't specified, the script is read from stdin. When this --script option is used, all input-param state is reset to the defaults, except for --patterntype, --baseaddr, and --findtarget. When beginning processing each line, the --patterndatamask is reset to the default before parsing the params each time.\n");
 
 		return 0;
 	}
@@ -216,101 +463,27 @@ int main(int argc, char **argv)
 	ret = 0;
 
 	memset(line_prefix, 0, sizeof(line_prefix));
+	memset(script_path, 0, sizeof(script_path));
 
 	for(argi=2; argi<argc; argi++)
 	{
-		if(strncmp(argv[argi], "--patterntype=", 14)==0)
-		{
-			if(strncmp(&argv[argi][14], "sha256", 6)==0)
-			{
-				patterntype = 0;
-			}
-			else if(strncmp(&argv[argi][14], "datacmp", 7)==0)
-			{
-				patterntype = 1;
-			}
-			else
-			{
-				printf("Invalid pattern-type.\n");
-				ret = 5;
-			}
-		}
-
-		if(strncmp(argv[argi], "--patterndata=", 14)==0)
-		{
-			tmpsize = 0;
-			ret = load_bindata(&argv[argi][14], &patterndata, &tmpsize);
-			patterndata_size = tmpsize;
-		}
-
-		if(strncmp(argv[argi], "--patterndatamask=", 18)==0)
-		{
-			tmpsize = 0;
-			ret = load_bindata(&argv[argi][18], &patternmask, &tmpsize);
-			patternmask_size = tmpsize;
-		}
-
-		if(strncmp(argv[argi], "--patternsha256size=", 20)==0)
-		{
-			sscanf(&argv[argi][20], "0x%x", &tmpsize);
-			hashblocksize = tmpsize;
-		}
-
-		if(strncmp(argv[argi], "--stride=", 9)==0)
-		{
-			sscanf(&argv[argi][9], "0x%x", &stride);
-		}
-
-		if(strncmp(argv[argi], "--findtarget=", 13)==0)
-		{
-			sscanf(&argv[argi][13], "0x%x", &findtarget);
-		}
-
-		if(strncmp(argv[argi], "--baseaddr=", 11)==0)
-		{
-			sscanf(&argv[argi][11], "0x%x", &baseaddr);
-		}
-
-		if(strncmp(argv[argi], "--plainout", 10)==0)
-		{
-			plainout = 1;
-			if(argv[argi][10] == '=')
-			{
-				strncpy(line_prefix, &argv[argi][11], sizeof(line_prefix)-1);
-			}
-		}
+		ret = parse_param(argv[argi], 0);
 
 		if(ret!=0)break;
 	}
 
 	if(ret!=0)return ret;
 
-	if(patterntype==-1)
+	if(!enable_script)
 	{
-		printf("No pattern-type specified.\n");
-		ret = 5;
-	}
+		ret = verify_params_state();
 
-	if(patterntype==0)
-	{
-		if(patterndata_size==0)
+		if(ret!=0)
 		{
-			printf("--patternsha256size must be used when pattern-type is sha256.\n");
-			ret = 5;
+			free(patterndata);
+			free(patternmask);
+			return ret;
 		}
-
-		if(patterndata_size != 0x20)
-		{
-			printf("Input hash size is invalid.\n");
-			ret = 5;
-		}
-	}
-
-	if(ret!=0)
-	{
-		free(patterndata);
-		free(patternmask);
-		return ret;
 	}
 
 	if(stat(argv[1], &filestat)==-1)
@@ -353,7 +526,46 @@ int main(int argc, char **argv)
 
 	fclose(fbin);
 
-	ret = locate_pattern();
+	if(enable_script)
+	{
+		free(patterndata);
+		free(patternmask);
+		patterndata = NULL;
+		patternmask = NULL;
+		patterndata_size=0;
+		patternmask_size=0;
+
+		hashblocksize = 0;
+
+		stride = 4;
+		plainout = 0;
+		memset(line_prefix, 0, sizeof(line_prefix));
+
+		if(script_path[0])
+		{
+			fscript = fopen(script_path, "r");
+			if(fscript==NULL)
+			{
+				printf("Failed to open script.\n");
+				free(filebuf);
+				return 1;
+			}
+		}
+		else
+		{
+			fscript = stdin;
+		}
+	}
+
+	if(!enable_script)
+	{
+		ret = locate_pattern();
+	}
+	else
+	{
+		ret = parse_script(fscript);
+		if(script_path[0])fclose(fscript);
+	}
 
 	free(filebuf);
 	free(patterndata);