オブジェクトファイルシンボルテーブルクエリ

動的ライブラリ（.so）および静的ライブラリ（.a）のシンボルテーブルをクエリし、動的ライブラリで定義された関数が参照されているかどうかを判断します。

#!/bin/bash

NGTOS="/home/ngos/workspace/V3.2294.23024_NGFW_GM_1.1_R"
TARGET="$NGTOS/target"
TMP_DIR="/tmp/Gmssl"

SO_LIB_LIST=$TMP_DIR/dynamic.log
STATIC_LIB_LIST=$TMP_DIR/static.log

FUNC_LIST=$TMP_DIR/funcInSo.log
FUNCS_USED=$TMP_DIR/funcUsedIn_GM_1_0.log
FUNCS_ABSENT=$TMP_DIR/GMssl_1_1_NotHave.log
FUNCS_PRESENT=$TMP_DIR/GMssl_1_1_Have.log

OPENSSL_1_1_FUNCS=$TMP_DIR/openssl_1.1.log

PLUTO_LOG=$TMP_DIR/pluto.log
WHACK_LOG=$TMP_DIR/whack.log

RESULT=$TMP_DIR/result.log

FUNCS_IN_SO=""
OPENSSL_LIBs=""


if [ ! -d $TMP_DIR ];then
	mkdir -p $TMP_DIR && echo "mkdir -p $TMP_DIR"
else
	#rm -rf $TMP_DIR/*
	date
fi

num=0
num_funcs=0

showFuncList(){
	SO_NAME=$1
	for func in $2
	do
		let num_funcs++
		echo "@@$num_funcs@@$SO_NAME@@$func" >> $FUNC_LIST
	done
}
<<AAA
	for example
	nm libtest.so | awk  '{ FS=" " } { if ( $2 == "T" || $2 == "t" || $2 == "D" || $2 == "d") { print $3 }}' 
	nm libtest.so | awk  '{ FS=" " } { if ( $2 == "T" || $2 == "D") { print $3 }}' | sed '/^_/d' 删除以_开始的函数
AAA

getFuncList(){
	SO_NAME=$1
	#echo "	SO_NAME is $SO_NAME"
	funcs=`nm $SO_NAME| awk  '{ FS=" " } { if ( $2 == "T" || $2 == "D") { print $3 }}' | sed '/^_/d'`
	FUNCS_IN_SO+=$funcs
	#echo $SO_NAME $funcs
	showFuncList "$SO_NAME" "$funcs"
}

<<FUNC
	findOpensslLib
	获取openssl相关的动态库：libssl.so  libcrypto.so libssl_vpn.so libcrypto_vpn.so
	并获取到他们导出的符号表信息
FUNC

findOpensslLib(){
	if [ -e $FUNC_LIST ];
	then
		rm -rf $FUNC_LIST
	fi	
	OPENSSL_LIBs+=`find $TARGET -name "*.so" | grep "ssl"`
	OPENSSL_LIBs+=" "
	OPENSSL_LIBs+=`find $TARGET -name "*.so" | grep "crypt"`
	echo "OPENSSL library contains: "
	for lib in $OPENSSL_LIBs
	do
		echo "Getting functions in $lib"
		getFuncList "$lib"
	done
	echo "findOpensslLib() : openssl functions is in $FUNC_LIST"
	echo "Getting functions over!!!"
}


#############################################get openssl lib func over###################################################


<<COMMON
	获取系统中所有的动态库和静态库，处理包含ssl 和 crypt的
COMMON

getLibOfNGFW(){
	find $TARGET -name *.so | sed '/ssl/d' | sed '/crypt/d' > $SO_LIB_LIST
	find $TARGET -name *.a | sed '/ssl/d' | sed '/crypt/d' > $STATIC_LIB_LIST
	
	echo "getLibOfNGFW() : Dynamic libraries is in $SO_LIB_LIST"
	echo "getLibOfNGFW() : Static libraries is in $STATIC_LIB_LIST"
}

getLDDInfo_So(){	
	SO_NAME=$1
	echo "$SO_NAME"
	ssl_so=`ldd $SO_NAME | grep ssl`
	crypt_so=`ldd $SO_NAME | grep crypt`
	if [ -n "$ssl_so" ] || [ -n "$crypt_so" ];
	then
		let num++
		echo "${num} ${SO_NAME}" >> $RESULT
		if [ -n "$ssl_so" ];
		then
			echo "$ssl_so" >> $RESULT 
		fi
		if [ -n "$crypt_so" ];
		then
			echo "$crypt_so" >> $RESULT
			#getFuncList "$crypt_so"
		fi
<<DEL
		func_name=`awk '{print $3}' $FUNC_LIST`
		for func in $func_name
		do
			info=`nm -Da $SO_NAME | grep $func`
			[ -n "$info"] && echo $info
			# if [ -n "$info"];
			# then
				# echo "$SO_NAME : $func"
				# #echo "$SO_NAME : $func" >> $RESULT
			# fi
		done
DEL
		funcs=`nm -Da $SO_NAME | awk '{if ( $1 == "U" ) {print $2}}'`
		for func in $funcs
		do
			#echo $func
			result=`cat $FUNC_LIST | grep -w $func | tr '@' '\t'`
			if [ -n "$result" ];
			then
				
				echo "$result" >> $RESULT
				echo $func >> $FUNCS_USED
			fi
		done
		echo "" >> $RESULT
	fi
}

getStaticInfo_a(){
	first=1
	STATIC_NAME=$1
	
	echo $STATIC_NAME
	funcs=`nm -a $STATIC_NAME | awk '{if ( $1 == "U" ) {print $2}}'`	
	for func in $funcs
	do
		result=`cat $FUNC_LIST | grep -w $func | tr '@' '\t'`
		if [ -n "$result" ];
		then
			if [ $first -eq 1 ];
			then
				let num++
				echo "${num} ${STATIC_NAME}" >> $RESULT
				first=0
			fi
			echo "$result" >> $RESULT
			echo $func >> $FUNCS_USED
		fi
	done
	[ $first -eq 0 ] && echo "" >> $RESULT
	
}


findFuncInDynamicLib(){
	echo "=============findFuncInDynamicLib() : Find functions in .so============="
	while read LINE
	do
		getLDDInfo_So "$LINE"
	done < $SO_LIB_LIST
}
findFuncInStaticLib(){
	echo "=============findFuncInStaticLib() ：Find functions in .a============="
	while read LINE
	do
		getStaticInfo_a "$LINE"
	done < $STATIC_LIB_LIST
}

delFiles(){
	[ -e $STATIC_LIB_LIST ] && rm -rf $STATIC_LIB_LIST && echo "delete file $STATIC_LIB_LIST"
	[ -e $SO_LIB_LIST ] && rm -rf $SO_LIB_LIST && echo "delete file $SO_LIB_LIST"
	[ -e $CUR_FUNCS ] && rm -rf $CUR_FUNCS && echo "delete file $CUR_FUNCS"
	[ -e $FUNC_LIST ] && rm -rf $FUNC_LIST && echo "delete file $FUNC_LIST"
	[ -e $RESULT ] && rm -rf $RESULT && echo "delete file $RESULT"
	
	[ -e $FUNCS_USED ] && rm -rf $FUNCS_USED && echo "delete file $FUNCS_USED"
	[ -e $FUNCS_ABSENT ] && rm -rf $FUNCS_ABSENT && echo "delete file $FUNCS_ABSENT"
	[ -e $FUNCS_PRESENT ] && rm -rf $FUNCS_PRESENT && echo "delete file $FUNCS_PRESENT"
	[ -e $OPENSSL_1_1_FUNCS ] && rm -rf $OPENSSL_1_1_FUNCS && echo "delete file $OPENSSL_1_1_FUNCS"
	
	return 0
}




findFuncInOpenssl_1_1(){
	[ -e $FUNCS_ABSENT ] && rm -rf $FUNCS_ABSENT
	[ -e $FUNCS_PRESENT ] && rm -rf $FUNCS_PRESENT
	[ -e $OPENSSL_1_1_FUNCS ] && rm -rf $OPENSSL_1_1_FUNCS

<<BBB
	解析GMssl 1.1版本动添库的符号表
BBB
	
	for SO_NAME in "/usr/src/GmSSL-master/libcrypto.so" "/usr/src/GmSSL-master/libssl.so"
	do
		echo "	GmSSL-1.1 so contains: $SO_NAME"
		funcs=`nm $SO_NAME| awk  '{ FS=" " } { if ( $2 == "T" || $2 == "D") { print $3 }}' | sed '/^_/d'`
		for func in $funcs
		do
			echo "$func" >> ${OPENSSL_1_1_FUNCS}
		done
	done

	echo "GMssl 1.1 libraries and functions extract over!!!"
<<CCC
	将NGTOS中调用的函数接口在GM1.1库中查找
CCC
	
	while read LINE
	do
		#echo "cat ${OPENSSL_1_1_FUNCS} | grep ${LINE} | uniq "
		result=` cat ${OPENSSL_1_1_FUNCS} | grep ${LINE} | uniq ` 
		if [ -z "$result" ]; then
			echo $LINE >> ${FUNCS_ABSENT}
		else
			echo $LINE >> ${FUNCS_PRESENT}
		fi
	done < $FUNCS_USED
	
	echo "openssl-1.0 functions those NGTOS used are found in GmSSL-1.1 over!!!"
}

pluto_ldd_funcs(){
<<ppp
	统计pluto中引用的openssl库信息
ppp
	[ -e $PLUTO_LOG ] && rm -rf $PLUTO_LOG && echo "Delete file $PLUTO_LOG"
	
	PLUTO="$NGTOS/SE/ipsec/ver6/openswan/openswan-2.3.1/programs/pluto/pluto"
	[ ! -e $PLUTO ] && echo "Target File not eixst : $NGTOS/SE/ipsec/ver6/openswan/openswan-2.3.1/programs/pluto/pluto" && exit 0
	
	defined_funcs=`nm -a $PLUTO | awk '{ if ( $2 == "T" || $2 == "D" ) { print $3 }}' | sed '/^_/d'`
	undefined_funcs=`nm -a $PLUTO | awk '{ if ( $1 == "U" ) { print $2 }}' | sed '/^_/d'`
	#echo $defined_funcs
	#echo $undefined_funcs
	echo "=========find funcions in Undefined symbols begin=========="	>> $PLUTO_LOG
	count=0
	for func in $undefined_funcs
	do
		echo "pluto : $func"
		result=`cat $FUNC_LIST | tr '@' ' ' | grep -w $func `
		if [ -n "$result" ]; then
			let count++
			echo "$count $func"	>> $PLUTO_LOG
			echo "$result" >> $PLUTO_LOG
		fi
	done
	echo "=========find funcions in Undefined symbols end=========="	>> $PLUTO_LOG
	echo "=========find funcions in defined symbols begin=========="	>> $PLUTO_LOG
	for func in $defined_funcs
	do
		echo "pluto : $func"
		result=`cat $FUNC_LIST | tr '@' '\t' | grep -w $func `
		if [ -n "$result" ]; then
			let count++
			echo "$count $func"	>> $PLUTO_LOG
			echo "$result" >> $PLUTO_LOG
		fi
	done
	echo "=========find funcions in defined symbols end=========="	>> $PLUTO_LOG
}

whack_ldd_funcs(){
<<ppp
	统计whack中引用的openssl库信息
ppp
	[ -e $WHACK_LOG ] && rm -rf $WHACK_LOG && echo "Delete file $WHACK_LOG"
	
	WHACK="$NGTOS/SE/ipsec/ver6/openswan/openswan-2.3.1/programs/pluto/whack"
	[ ! -e $WHACK ] && echo "Target File not eixst : $NGTOS/SE/ipsec/ver6/openswan/openswan-2.3.1/programs/pluto/whack" && exit 0
	
	defined_funcs=`nm -a $WHACK | awk '{ if ( $2 == "T" || $2 == "D" ) { print $3 }}' | sed '/^_/d'`
	undefined_funcs=`nm -a $WHACK | awk '{ if ( $1 == "U" ) { print $2 }}' | sed '/^_/d'`
	#echo $defined_funcs
	#echo $undefined_funcs
	echo "=========find funcions in Undefined symbols begin=========="	>> $WHACK_LOG
	count=0
	for func in $undefined_funcs
	do
		echo "whack : $func"
		result=`cat $FUNC_LIST | tr '@' ' ' | grep -w $func `
		if [ -n "$result" ]; then
			let count++
			echo "$count $func"	>> $WHACK_LOG
			echo "$result" >> $WHACK_LOG
		fi
	done
	echo "=========find funcions in Undefined symbols end=========="	>> $WHACK_LOG
	echo "=========find funcions in defined symbols begin=========="	>> $WHACK_LOG
	for func in $defined_funcs
	do
		echo "whack : $func"
		result=`cat $FUNC_LIST | tr '@' '\t' | grep -w $func `
		if [ -n "$result" ]; then
			let count++
			echo "$count $func"	>> $WHACK_LOG
			echo "$result" >> $WHACK_LOG
		fi
	done
	echo "=========find funcions in defined symbols end=========="	>> $WHACK_LOG
}

Usage(){
	echo "Usage:"
	echo "       $0 [.so] [.a] : find openssl funcs in .so or .a"
	echo "       $0 [pluto]    : check openssl funcs in pluto"
	echo "       $0 [whack]    : check openssl funcs in whack"
	exit 1
}


main(){
	start_time=`date`
	echo "Begin !!!!!"
	#删除以前的临时文件
	delFiles
	[ $? -ne 0 ] && echo "delFiles return $?, exit!" && exit -1
	echo "Delete unused files over!!!"
	
	#获取openssl相关的动态库：libssl.so  libcrypto.so libssl_vpn.so libcrypto_vpn.so
	#并获取到他们的符号表
	findOpensslLib
	echo "Get Openssl-1.0 lib and functions over!!!"

	#获取NGTOS中的动态库和静态库
	getLibOfNGFW
	echo "Get XXX.so and YYY.a in NGFW over!!!"
		
	#[ $# -eq 1 ] && (([ $1 == ".so" ] && findFuncInDynamicLib ) || ( [ $1 == ".a" ] && findFuncInStaticLib )) && findFuncInOpenssl_1_1 && exit 0
	if [ $# -eq 1 ];then
		([ $1 == ".so" ] && findFuncInDynamicLib) || ([ $1 == ".a" ] && findFuncInStaticLib)
	elif [ $# -eq 2 ];then
		findFuncInDynamicLib
		findFuncInStaticLib
	fi
	
	findFuncInOpenssl_1_1
	echo "Over !!!!!!"
	echo "====================sucess======================"	
	end_time=`date`
	echo "Start Time: $start_time"
	echo " End  Time: $end_time"
	exit 1
}
[ $# -gt 2 ] && Usage && exit 0
[ $# -eq 0 ] && Usage && exit 0

[ $# -eq 1 ] && [ $1 == "pluto" ] && pluto_ldd_funcs && exit 0
[ $# -eq 1 ] && [ $1 == "whack" ] && whack_ldd_funcs && exit 0

[ $# -eq 1 ] && main "${1}" && exit 0
[ $# -eq 2 ] && main "${1}" "${2}" && exit 0

Usage