def test_carve(self): s = 'redbluegreenyellowred' r = drillresults.carve(s, 'red', 'red') self.assertEqual('bluegreenyellow', r) r = drillresults.carve(s, 'blue', 'yellow') self.assertEqual('green', r)
def test_carve(self): s = 'redbluegreenyellowred' r = drillresults.carve(s, 'red', 'red') self.assertEqual('bluegreenyellow', r) r = drillresults.carve(s, 'blue', 'yellow') self.assertEqual('green', r)
def get_fault_addr(self): ''' Find the EFA ''' faultaddr = carve(self.reporttext, 'access_address=', ':') logger.debug('carved fault address: %s' % faultaddr) return self.format_addr(faultaddr)
def get_fault_addr(self): ''' Find the EFA ''' faultaddr = carve(self.reporttext, 'access_address=', ':') logger.debug('carved fault address: %s' % faultaddr) return self.format_addr(faultaddr)
def _find_testcase_file(self): # Tries a little harder than the base class to find a test case file to # work with # Check if the expected crasher file (fuzzed file) exists current_dir = os.path.dirname(self.dbg_outfile) if not os.path.isfile(self.testcase_file): # It's not there, so try to extract the filename from the cdb # commandline commandline = carve(self.reporttext, "CommandLine: ", "\n") args = commandline.split() for arg in args: if "sf_" in arg: self.testcase_file = os.path.basename(arg) if os.path.isfile(os.path.join(current_dir, self.testcase_file)): self.testcase_file = os.path.join( current_dir, self.testcase_file) elif "-" in self.testcase_file: # FOE 2.0 verify mode puts a '-<iteration>' part on the # filename when invoking cdb, however the resulting file # is really just 'sf_<hash>.<ext>' fileparts = self.testcase_file.split('-') m = re.search('\..+', fileparts[1]) # Recreate the original file name, minus the iteration self.testcase_file = os.path.join( current_dir, fileparts[0] + m.group(0)) TestCaseBundle._find_testcase_file(self)
def _find_testcase_file(self): # Tries a little harder than the base class to find a test case file to # work with # Check if the expected crasher file (fuzzed file) exists current_dir = os.path.dirname(self.dbg_outfile) if not os.path.isfile(self.testcase_file): # It's not there, so try to extract the filename from the cdb # commandline commandline = carve(self.reporttext, "CommandLine: ", "\n") args = commandline.split() for arg in args: if "sf_" in arg: self.testcase_file = os.path.basename(arg) if os.path.isfile( os.path.join(current_dir, self.testcase_file)): self.testcase_file = os.path.join( current_dir, self.testcase_file) elif "-" in self.testcase_file: # FOE 2.0 verify mode puts a '-<iteration>' part on the # filename when invoking cdb, however the resulting file # is really just 'sf_<hash>.<ext>' fileparts = self.testcase_file.split('-') m = re.search('\..+', fileparts[1]) # Recreate the original file name, minus the iteration self.testcase_file = os.path.join( current_dir, fileparts[0] + m.group(0)) TestCaseBundle._find_testcase_file(self)
def get_instr_addr(self): ''' Find the address for the current (crashing) instruction ''' instraddr = None instraddr = carve(self.reporttext, 'instruction_address=', ':') logger.debug('carved instruction address: %s' % instraddr) return self.format_addr(instraddr)
def get_instr_addr(self): ''' Find the address for the current (crashing) instruction ''' instraddr = None instraddr = carve(self.reporttext, 'instruction_address=', ':') logger.debug('carved instruction address: %s' % instraddr) return self.format_addr(instraddr)
def fix_efa_bug(self, instraddr, faultaddr): ''' !exploitable often reports an incorrect EFA for 64-bit targets. If we're dealing with a 64-bit target, we can second-guess the reported EFA ''' instructionline = self.get_instr(instraddr) if not instructionline or "=" not in instructionline: # Nothing to fix return faultaddr if 'ds:' in instructionline: # There's a target address in the msec file if '??' in instructionline: # The AV is on dereferencing where to call ds = carve(instructionline, "ds:", "=") else: # The AV is on accessing the code location ds = instructionline.split("=")[-1] else: # AV must be on current instruction ds = instructionline.split(' ')[0] if ds: faultaddr = ds.replace('`', '') return faultaddr
def fix_efa_bug(self, instraddr, faultaddr): ''' !exploitable often reports an incorrect EFA for 64-bit targets. If we're dealing with a 64-bit target, we can second-guess the reported EFA ''' instructionline = self.get_instr(instraddr) if not instructionline or "=" not in instructionline: # Nothing to fix return faultaddr if 'ds:' in instructionline: # There's a target address in the msec file if '??' in instructionline: # The AV is on dereferencing where to call ds = carve(instructionline, "ds:", "=") else: # The AV is on accessing the code location ds = instructionline.split("=")[-1] else: # AV must be on current instruction ds = instructionline.split(' ')[0] if ds: faultaddr = ds.replace('`', '') return faultaddr
def _get_shortdesc(self): self.shortdesc = carve(self.reporttext, "Short description: ", " (") if not self.shortdesc: self.shortdesc = 'UNKNOWN' logger.debug('Short Description: %s', self.shortdesc)
def _get_classification(self): self.classification = carve(self.reporttext, "Classification: ", "\n") if not self.classification: self.classification = 'UNKNOWN' logger.debug('Classification: %s', self.classification)
def _get_classification(self): self.classification = carve(self.reporttext, "Exploitability Classification: ", "\n") logger.debug('Classification: %s', self.classification)
def _get_shortdesc(self): self.shortdesc = carve(self.reporttext, "Short Description: ", "\n") logger.debug('Short Description: %s', self.shortdesc)
def get_instr(self, instraddr): currentinstr = carve(self.reporttext, "instruction_disassembly=", ":") logger.debug('currentinstr: %s' % currentinstr) return currentinstr
def get_instr(self, instraddr): currentinstr = carve(self.reporttext, "instruction_disassembly=", ":") logger.debug('currentinstr: %s' % currentinstr) return currentinstr
def _get_shortdesc(self): self.shortdesc = carve(self.reporttext, "exception=", ":") logger.debug('Short Description: %s', self.shortdesc)
def _get_classification(self): self.classification = carve(self.reporttext, "is_exploitable=", ":") logger.debug('Classification: %s', self.classification)
def get_instr_addr(self): instraddr = carve(self.reporttext, "Instruction Address:", "\n") return self.format_addr(instraddr)
def _get_classification(self): self.classification = carve(self.reporttext, "Classification: ", "\n") if not self.classification: self.classification = 'UNKNOWN' logger.debug('Classification: %s', self.classification)
def _get_classification(self): self.classification = carve( self.reporttext, "Exploitability Classification: ", "\n") logger.debug('Classification: %s', self.classification)
def _get_shortdesc(self): self.shortdesc = carve(self.reporttext, "Short description: ", " (") if not self.shortdesc: self.shortdesc = 'UNKNOWN' logger.debug('Short Description: %s', self.shortdesc)
def _get_classification(self): self.classification = carve(self.reporttext, "is_exploitable=", ":") logger.debug('Classification: %s', self.classification)
def get_instr_addr(self): instraddr = carve(self.reporttext, "Instruction Address:", "\n") return self.format_addr(instraddr)