utils/indirect_calls.py - llvm-project/llvm - Git at Google

 #!/usr/bin/env python

 """A tool for looking for indirect jumps and calls in x86 binaries.

    Helpful to verify whether or not retpoline mitigations are catching
    all of the indirect branches in a binary and telling you which
    functions the remaining ones are in (assembly, etc).

    Depends on llvm-objdump being in your path and is tied to the
    dump format.
 """

 from __future__ import print_function

 import os
 import sys
 import re
 import subprocess
 import optparse

 # Look for indirect calls/jmps in a binary. re: (call|jmp).*\*
 def look_for_indirect(file):
     args = ["llvm-objdump"]
     args.extend(["-d"])
     args.extend([file])

     p = subprocess.Popen(
         args=args, stdin=None, stderr=subprocess.PIPE, stdout=subprocess.PIPE
     )
     (stdout, stderr) = p.communicate()

     function = ""
     for line in stdout.splitlines():
         if line.startswith(" ") == False:
             function = line
         result = re.search("(call|jmp).*\*", line)
         if result != None:
             # TODO: Perhaps use cxxfilt to demangle functions?
             print(function)
             print(line)
     return


 def main(args):
     # No options currently other than the binary.
     parser = optparse.OptionParser("%prog [options] <binary>")
     (opts, args) = parser.parse_args(args)
     if len(args) != 2:
         parser.error("invalid number of arguments: %s" % len(args))
     look_for_indirect(args[1])


 if __name__ == "__main__":
     main(sys.argv)
	#!/usr/bin/env python

	"""A tool for looking for indirect jumps and calls in x86 binaries.

	Helpful to verify whether or not retpoline mitigations are catching
	all of the indirect branches in a binary and telling you which
	functions the remaining ones are in (assembly, etc).

	Depends on llvm-objdump being in your path and is tied to the
	dump format.
	"""

	from __future__ import print_function

	import os
	import sys
	import re
	import subprocess
	import optparse

	# Look for indirect calls/jmps in a binary. re: (call\|jmp).\
	def look_for_indirect(file):
	args = ["llvm-objdump"]
	args.extend(["-d"])
	args.extend([file])

	p = subprocess.Popen(
	args=args, stdin=None, stderr=subprocess.PIPE, stdout=subprocess.PIPE
	)
	(stdout, stderr) = p.communicate()

	function = ""
	for line in stdout.splitlines():
	if line.startswith(" ") == False:
	function = line
	result = re.search("(call\|jmp).\", line)
	if result != None:
	# TODO: Perhaps use cxxfilt to demangle functions?
	print(function)
	print(line)
	return


	def main(args):
	# No options currently other than the binary.
	parser = optparse.OptionParser("%prog [options] <binary>")
	(opts, args) = parser.parse_args(args)
	if len(args) != 2:
	parser.error("invalid number of arguments: %s" % len(args))
	look_for_indirect(args[1])


	if __name__ == "__main__":
	main(sys.argv)