def test_cmd_patch_qword_symbol(self): target = "/tmp/bss.out" before = gdb_run_silent_cmd("deref $sp 1", target=target) after = gdb_run_silent_cmd("patch qword $sp &msg", after=["deref $sp 1",], target=target) self.assertNoException(before) self.assertNoException(after) self.assertNotIn("Hello world!", before) self.assertIn("Hello world!", after) return
def test_cmd_patch_qword_symbol(self): target = "tests/binaries/bss.out" before = gdb_run_silent_cmd("deref $sp 1", target=target) after = gdb_run_silent_cmd("patch qword $sp &msg", after=["deref $sp 1",], target=target) self.assertNoException(before) self.assertNoException(after) self.assertNotIn("Hello world!", before) self.assertIn("Hello world!", after) return
def test_func_heap(self): cmd = "deref $_heap()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="tests/binaries/heap.out")) res = gdb_run_silent_cmd(cmd, target="tests/binaries/heap.out") self.assertNoException(res) self.assertIn("+0x0048:", res) cmd = "deref $_heap(0x10+0x10)" res = gdb_run_silent_cmd(cmd, target="tests/binaries/heap.out") self.assertNoException(res) self.assertIn("+0x0048:", res) return
def test_func_heap(self): cmd = "deref $_heap()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="/tmp/heap.out")) res = gdb_run_silent_cmd(cmd, target="/tmp/heap.out") self.assertNoException(res) self.assertIn("+0x0048:", res) cmd = "deref $_heap(0x10+0x10)" res = gdb_run_silent_cmd(cmd, target="/tmp/heap.out") self.assertNoException(res) self.assertIn("+0x0048:", res) return
def test_cmd_heap_bins_non_main(self): cmd = 'python gdb.execute("heap bins fast {}".format(get_main_arena().next))' target = "tests/binaries/heap-non-main.out" res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("size=0x20, flags=PREV_INUSE|NON_MAIN_ARENA", res) return
def test_cmd_heap_bins_tcache(self): cmd = "heap bins tcache" target = "/tmp/heap-non-main.out" res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("Tcachebins[idx=0, size=0x20] count=1", res) return
def test_func_bss(self): cmd = "deref $_bss()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="tests/binaries/bss.out")) res = gdb_run_silent_cmd(cmd, target="tests/binaries/bss.out") self.assertNoException(res) self.assertIn("Hello world!", res) return
def test_func_got(self): cmd = "deref $_got()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="tests/binaries/heap.out")) res = gdb_run_silent_cmd(cmd, target="tests/binaries/heap.out") self.assertNoException(res) self.assertIn("malloc", res) return
def test_func_got(self): cmd = "deref $_got()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="/tmp/heap.out")) res = gdb_run_silent_cmd(cmd, target="/tmp/heap.out") self.assertNoException(res) self.assertIn("malloc", res) return
def test_cmd_heap_bins_non_main(self): cmd = 'python gdb.execute("heap bins fast {}".format(get_main_arena().next))' target = "tests/binaries/heap-non-main.out" res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("size=0x20, flags=PREV_INUSE|NON_MAIN_ARENA", res) return
def test_func_bss(self): cmd = "deref $_bss()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="/tmp/bss.out")) res = gdb_run_silent_cmd(cmd, target="/tmp/bss.out") self.assertNoException(res) self.assertIn("Hello world!", res) return
def test_cmd_heap_bins_non_main(self): cmd = 'python gdb.execute("heap bins fast {}".format(get_main_arena().next))' before = ['set environment GLIBC_TUNABLES glibc.malloc.tcache_count=0'] target = "/tmp/heap-non-main.out" res = gdb_run_silent_cmd(cmd, before=before, target=target) self.assertNoException(res) self.assertIn("size=0x20", res) return
def test_cmd_heap_chunk(self): cmd = "heap chunk p1" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("NON_MAIN_ARENA flag: ", res) return
def test_cmd_set_permission(self): self.assertFailIfInactiveSession(gdb_run_cmd("set-permission")) target = "tests/binaries/set-permission.out" res = gdb_run_silent_cmd("set-permission 0x1337000", after=["vmmap",], target=target) self.assertNoException(res) line = [ l for l in res.splitlines() if "0x0000000001337000" in l ][0] line = line.split() self.assertEqual(line[0], "0x0000000001337000") self.assertEqual(line[1], "0x0000000001338000") self.assertEqual(line[2], "0x0000000000000000") self.assertEqual(line[3], "rwx") res = gdb_run_silent_cmd("set-permission 0x1338000", target=target) self.assertNoException(res) self.assertIn("Unmapped address", res) return
def test_cmd_heap_bins_fast(self): cmd = "heap bins fast" target = "tests/binaries/heap-fastbins.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("Fastbins[idx=0, size=0x10]", res) return
def test_cmd_heap_bins_tcache_all(self): cmd = "heap bins tcache all" target = "/tmp/heap-tcache.out" res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("Tcachebins[idx=0, size=0x20] count=3", res) self.assertIn("Tcachebins[idx=1, size=0x30] count=3", res) return
def test_cmd_heap_bins_fast(self): cmd = "heap bins fast" target = "tests/binaries/heap-fastbins.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("Fastbins[idx=0, size=0x10]", res) return
def test_cmd_heap_chunk(self): cmd = "heap chunk p1" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("NON_MAIN_ARENA flag: ", res) return
def test_cmd_heap_set_arena(self): cmd = "heap set-arena main_arena" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target, after=["heap arenas",]) self.assertNoException(res) self.assertIn("Arena (base=", res) return
def test_cmd_set_permission(self): self.assertFailIfInactiveSession(gdb_run_cmd("set-permission")) target = "tests/binaries/set-permission.out" res = gdb_run_silent_cmd("set-permission 0x1337000", after=["vmmap",], target=target) self.assertNoException(res) line = [ l for l in res.splitlines() if b"0x0000000001337000" in l ][0] line = line.split() self.assertEqual(line[0], b"0x0000000001337000") self.assertEqual(line[1], b"0x0000000001338000") self.assertEqual(line[2], b"0x0000000000000000") self.assertEqual(line[3], b"rwx") res = gdb_run_silent_cmd("set-permission 0x1338000", target=target) self.assertNoException(res) self.assertIn(b"Unmapped address", res) return
def test_cmd_heap_set_arena(self): cmd = "heap set-arena main_arena" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target, after=["heap arenas",]) self.assertNoException(res) self.assertIn(b"Arena (base=", res) return
def test_cmd_heap_chunks(self): cmd = "heap chunks" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("Chunk(addr=", res) self.assertIn("top chunk", res) return
def test_cmd_heap_chunks(self): cmd = "heap chunks" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("Chunk(addr=", res) self.assertIn("top chunk", res) return
def test_cmd_ropper(self): cmd = "ropper" self.assertFailIfInactiveSession(gdb_run_cmd(cmd)) cmd = "ropper --search \"pop %; pop %; ret\"" res = gdb_run_silent_cmd(cmd) self.assertNoException(res) self.assertNotIn(": error:", res) self.assertTrue(len(res.splitlines()) > 2) return
def test_cmd_ropper(self): cmd = "ropper" self.assertFailIfInactiveSession(gdb_run_cmd(cmd)) cmd = "ropper --search \"pop %; pop %; ret\"" res = gdb_run_silent_cmd(cmd) self.assertNoException(res) self.assertNotIn(": error:", res) self.assertTrue(len(res.splitlines()) > 2) return
def test_context_correct_registers_refresh_with_frames(self): """Ensure registers are correctly refreshed when changing frame (PR #668)""" lines = gdb_run_silent_cmd("registers", after=["frame 5", "registers"], target="/tmp/nested.out").splitlines() rips = [x for x in lines if x.startswith("$rip")] self.assertEqual(len(rips), 2) # we must have only 2 entries self.assertNotEqual(rips[0], rips[1]) # they must be different self.assertIn("<f10", rips[0]) # the first one must be in the f10 frame self.assertIn("<f5", rips[1]) # the second one must be in the f5 frame return