Re: Facing challenge in making some changes in GDB for my personal project

[Ruslan Kabatsayev <b7.10110111@gmail.com>]

Hi,

On Sun, 4 Aug 2019 at 19:14, krishnan gosakan
<krishnan.gosakan@gmail.com> wrote:
>
> Hi,
> This is my first message in this mailing group. I am pretty new to gdb code
> base. I am thinking of implementing something similar to findcrypt in IDA
> pro in GDB. I first tried to script it in python but it took so long that
> it is impractical. So, I decided to get the GDB source and make a few
> modifications such that I can add a new command(like run,step etc..) which
> does the same.
> This command has two parts: It should do a single step execution. After
> each step, I should disassemble the current instruction and find if any
> crypto constants are used.
> I am facing difficulty in disassembling the instructions. As far as I
> analysed the source code, there is no option for returning the disassembled
> information as some kind of object to caller. All that is available is
> functions which can print the disassembled instruction. So, I would like to
> know how I could get the disassembled instruction as some kind of object,
> which I can use for future analysis.

I'm afraid binutils' disassembler doesn't provide such in-depth
information on the instructions as their operands, affected registers
etc.: it can only format the disassembly string.
I suggest you to try a specialized disassembler like e.g. Capstone [1]
to do the analysis. I have actually used it to implement some
instruction analysis in another debugger (EDB) and, although some
quirks are sometimes required, Capstone does do its job generally.

[1]: https://github.com/aquynh/capstone

Regards,
Ruslan

> Thank you in advance for any help.
>
> Regards,
> G.Krishnan.