metasploit-framework/lib/metasm/samples/dasm-plugins/scanxrefs.rb

#    This file is part of Metasm, the Ruby assembly manipulation suite
#    Copyright (C) 2006-2009 Yoann GUILLOT
#
#    Licence is LGPL, see LICENCE in the top-level directory


# metasm dasm plugin: scan for xrefs to the target address, incl. relative offsets (eg near call/jmp)
def scanxrefs(target)
  ans = []
  sections.sort.each { |s_addr, edata|
    raw = edata.data.to_str
    (0..raw.length-4).each { |off|
      r = raw[off, 4].unpack('V').first
      ans << (s_addr + off) if (r + off+4 + s_addr)&0xffffffff == target or r == target
    }
  }
  ans
end

gui.keyboard_callback[?X] = lambda { |*a|
  target = gui.curaddr
  ans = scanxrefs(target)
  list = [['addr']] + ans.map { |off| [Expression[off].to_s] }
  gui.listwindow("scanned xrefs to #{Expression[target]}", list) { |i| gui.focus_addr i[0] }
  true
} if gui
Add up to date metasm 2014-02-19 19:13:08 +00:00			`# This file is part of Metasm, the Ruby assembly manipulation suite`
			`# Copyright (C) 2006-2009 Yoann GUILLOT`
			`#`
			`# Licence is LGPL, see LICENCE in the top-level directory`


			`# metasm dasm plugin: scan for xrefs to the target address, incl. relative offsets (eg near call/jmp)`
			`def scanxrefs(target)`
Retab metasm 2014-02-19 20:01:20 +00:00			`ans = []`
			`sections.sort.each { \|s_addr, edata\|`
			`raw = edata.data.to_str`
			`(0..raw.length-4).each { \|off\|`
			`r = raw[off, 4].unpack('V').first`
			`ans << (s_addr + off) if (r + off+4 + s_addr)&0xffffffff == target or r == target`
			`}`
			`}`
			`ans`
Add up to date metasm 2014-02-19 19:13:08 +00:00			`end`

			`gui.keyboard_callback[?X] = lambda { \|*a\|`
Retab metasm 2014-02-19 20:01:20 +00:00			`target = gui.curaddr`
			`ans = scanxrefs(target)`
			`list = [['addr']] + ans.map { \|off\| [Expression[off].to_s] }`
			`gui.listwindow("scanned xrefs to #{Expression[target]}", list) { \|i\| gui.focus_addr i[0] }`
			`true`
Add up to date metasm 2014-02-19 19:13:08 +00:00			`} if gui`