News
Download
Prepatch
Documentation
Contact
|
Pfp Reference
The PIE fingerprinting tool pfp is used to create function fingerprints. Function fingerprints can be used to identify the location of a function in the target binary where debugging symbols have been stripped. Pfp creates a fingerprint by examing a version of the target binary where debugging symbols have not been stripped. The most important stage in creating a useful function fingerprint is the creation of this debugging enabled binary. This is done by attempting to reproduce the conditions by which the original binary was compiled, trying to match the version of the binary itself and the version and flags used by the compilation tools.
Once an accurate debugging enabled binary has been created pfp can examine certain attributes of the target function in order to create a function fingerprint.
Pfp Usage
usage: pfp [options] <binarypath>
-f, --function <functionname>
Set target function name.
-o, --output <filename>
Set output file name.
-v, --verbose
Enable verbose output.
The binarypath is the path to the target debugging enabled binary. The target function can be specified on the command line, or if ommited can be entered through standard input.
If an output file is specified on the command line the fingerprint is written to that file, otherwise a default file name based on the target function name is created. If a specified output file does not end with the correct fingerprint suffix of ".pf" then it is appended.
For detailed techincal information on how function fingerprints work see the section "Fingerprints" in the document "PIE Internals".
|