Is there any static tool to analyze assembly/objdump and detect instructions that access the same memory location?
For instance, consider the following C code, where functions main and f access the same object on heap pointed to by the heapobj pointer.
void f(int *p) {
*p = *(p) + 1;
}
int main() {
int *heapobj;
heapobj = (int *)malloc(sizeof(int));
*heapobj = 666;
f(heapobj);
return 0;
}
And here is the object dump for the above code, where instruction #401171 by main writes to the heap location pointed to by heapobj, and instructions #40113c and #401145 by f read and write from/to the same heap location respectively.
I need a static tool that can look at the objdump/assembly and tell me:
"Hey! Instructions #401171, #40113c, and #401145 access the same memory location!"
Any suggestion is greatly appreciated, including a possible tool that works only for heap/stack objects.
0000000000401130 <f>:
401130: 55 push %rbp
401131: 48 89 e5 mov %rsp,%rbp
401134: 48 89 7d f8 mov %rdi,-0x8(%rbp)
401138: 48 8b 45 f8 mov -0x8(%rbp),%rax
40113c: 8b 08 mov (%rax),%ecx <<<<<
40113e: 83 c1 01 add $0x1,%ecx
401141: 48 8b 45 f8 mov -0x8(%rbp),%rax
401145: 89 08 mov %ecx,(%rax) <<<<<
401147: 5d pop %rbp
401148: c3 retq
401149: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
0000000000401150 <main>:
401150: 55 push %rbp
401151: 48 89 e5 mov %rsp,%rbp
401154: 48 83 ec 10 sub $0x10,%rsp
401158: c7 45 fc 00 00 00 00 movl $0x0,-0x4(%rbp)
40115f: bf 04 00 00 00 mov $0x4,%edi
401164: e8 c7 fe ff ff callq 401030 <malloc@plt>
401169: 48 89 45 f0 mov %rax,-0x10(%rbp)
40116d: 48 8b 45 f0 mov -0x10(%rbp),%rax
401171: c7 00 9a 02 00 00 movl $0x29a,(%rax) <<<<<
401177: 48 8b 7d f0 mov -0x10(%rbp),%rdi
40117b: e8 b0 ff ff ff callq 401130 <f>
401180: 31 c0 xor %eax,%eax
401182: 48 83 c4 10 add $0x10,%rsp
401186: 5d pop %rbp
401187: c3 retq
401188: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
40118f: 00
Instruction #