While tinkering with spy camera, I found one detail that is significantly slowing the process of reverse engineering and debugging the applications, installed on its embedded Linux platform – finding final values of preprocessor directives and sometimes also results of sizeof() operator.
As I am not aware of any existing solution for that problem (I guess there might be some included in one of the more sophisticated IDEs, however I use Vim for development) it is good reason to create one. By the way I used cmake template I published some days ago to bootstrap the project.
Usage
Ease of use was the main goal here, as it is obviously possible to create improvised solution by creating hello-world type of program, including required headers and printing the symbol we want to compute value of.
So, to be able to use SADVE, you just have to clone the repo and use standard cmake installation commands and you’re done:
mkdir -p build cd build cmake .. make sudo make install
Then you can call it like below:
sadve -d AF_INET sys/socket.h
And you should get 2 as an answer. That’s it. If instead you want to get size of some structure, you can type:
sadve -s sockaddr sys/socket.h
And you should get size of sockaddr structure. Obviously, you can see full usage with sadve --help.
Internals
Internally the program simply automates the process I described in the first paragraph of Usage – it applies what is desired by user to hello-world-like template and compiles. Therefore it might not be the best idea to make it a backend for web service available for general public, at least without a lot of isolation and input sanitization. However for private usage this should be enough. If you are interested in doing such task with cmake, I encourage you to dive into source code on Github.
To speed the process up, I had to store all cmake build files in ~/.cache with no interface for cleaning it up.
> finding final values of preprocessor directives
So cc -E?
Ha, I haven’t thought about it. Generally, yes, but not exactly. With cc -E, you will get a lot of junk we are not interested in, when looking for value of #define. Nevertheless, it works, so that’s good way of optimizing this case by dropping cmake and using just bare cpp. Thanks for the idea.
Now, what about the case of sizeof() operator evaluation? This time it is not computed on preprocessing stage, but during compilation, so I guess the first stage, from which we could extract the value is assembly output. And this might be a bit trickier.