From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 117838 invoked by alias); 5 Aug 2019 20:29:52 -0000 Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org Received: (qmail 117830 invoked by uid 89); 5 Aug 2019 20:29:52 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-0.1 required=5.0 tests=AWL,BAYES_50,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.1 spammy=directed, indepth, in-depth, sk:krishna X-HELO: mail-lj1-f175.google.com Received: from mail-lj1-f175.google.com (HELO mail-lj1-f175.google.com) (209.85.208.175) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 05 Aug 2019 20:29:50 +0000 Received: by mail-lj1-f175.google.com with SMTP id m8so46775812lji.7 for ; Mon, 05 Aug 2019 13:29:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=1EcVmsrwl7zU9xz899OANs8CFRXhQ5QLhC5QcW1qUYg=; b=rA5DiaQicY6d2ooFpVO6PJ5jO+a5lUzqe7dUuE9SaC35Jj8chm7wiq8OHaBr1aL1g0 I/9I7XKJOFsgHD6y6RftXxd7WwbEgDB3ra32nLIsmtDpktq/0hk0lpYTNdGM4+cCFpLn tEFoTDaZUHkE5hN9pVysabUbeeH8ujA7S6OVm/tt312+rWesTXT3ycYvT0gbq5YIYOkE CH0WrYCG5ZRNdAtSWSNge3A8m//rckx4K0yWjD+JdaEZcqWC3i23aJ5aWWXa/m7pGJXe RW6Y5/d3NyoCVSvC/A1XQTjV19oy8b/JM59hM67hV8LnMynEf+m2U3BxSU8rD19Agupj h8nA== MIME-Version: 1.0 References: In-Reply-To: From: Ruslan Kabatsayev Date: Mon, 05 Aug 2019 20:29:00 -0000 Message-ID: Subject: Re: Facing challenge in making some changes in GDB for my personal project To: krishnan gosakan Cc: gdb@sourceware.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes X-SW-Source: 2019-08/txt/msg00002.txt.bz2 On Mon, 5 Aug 2019 at 20:40, krishnan gosakan wrote: > > Hi Ruslan Kabatsayev , Hi, Please keep your replies to the mailing list directed at the mailing list too, not exclusively to me (i.e. use the "Reply to All" function of your mail client). > Thanks for your response. I will definitely try Capstone for disassembly. > But I have a few more queries related to gdb. Is there any special reason= why binutils disassembler is designed such a way that the disassembly part= and the printing part are tightly coupled. > I think it is good if we keep these two parts separate. Is there any spec= ial reason why it is this way? I admit that this model is simplistic, but a= part from that is there anything which makes these two parts together? Generalizing the disassembler would make it more complex and much larger for little reason: none of the programs using it are even close to requiring this level of detail about the instructions. See e.g. GDB, objdump, QEMU =E2=80=94 they only need to dump textual representation = of the machine code, nothing more. Other programs like EDB, radare2 and x64dbg indeed need this, and they use other disassembly engines like Capstone or Zydis. > > Regards, > G.Krishnan. > > On Mon, Aug 5, 2019 at 3:13 PM Ruslan Kabatsayev = wrote: >> >> Hi, >> >> On Sun, 4 Aug 2019 at 19:14, krishnan gosakan >> wrote: >> > >> > Hi, >> > This is my first message in this mailing group. I am pretty new to gdb= code >> > base. I am thinking of implementing something similar to findcrypt in = IDA >> > pro in GDB. I first tried to script it in python but it took so long t= hat >> > it is impractical. So, I decided to get the GDB source and make a few >> > modifications such that I can add a new command(like run,step etc..) w= hich >> > does the same. >> > This command has two parts: It should do a single step execution. After >> > each step, I should disassemble the current instruction and find if any >> > crypto constants are used. >> > I am facing difficulty in disassembling the instructions. As far as I >> > analysed the source code, there is no option for returning the disasse= mbled >> > information as some kind of object to caller. All that is available is >> > functions which can print the disassembled instruction. So, I would li= ke to >> > know how I could get the disassembled instruction as some kind of obje= ct, >> > which I can use for future analysis. >> >> I'm afraid binutils' disassembler doesn't provide such in-depth >> information on the instructions as their operands, affected registers >> etc.: it can only format the disassembly string. >> I suggest you to try a specialized disassembler like e.g. Capstone [1] >> to do the analysis. I have actually used it to implement some >> instruction analysis in another debugger (EDB) and, although some >> quirks are sometimes required, Capstone does do its job generally. >> >> [1]: https://github.com/aquynh/capstone >> >> Regards, >> Ruslan >> >> > Thank you in advance for any help. >> > >> > Regards, >> > G.Krishnan.