def test_command_theme(self): res = gdb_run_command("theme") self.assertNoException(res) possible_themes = [ "context_title_line" "dereference_base_address" "context_title_message" "disable_color" "dereference_code" "dereference_string" "default_title_message", "default_title_line" "dereference_register_value", "xinfo_title_message", ] for t in possible_themes: # testing command viewing res = gdb_run_command("theme {}".format(t)) self.assertNoException(res) # testing command setting v = "blue blah 10 -1 0xfff bold" res = gdb_run_command("theme {} {}".format(t, v)) self.assertNoException(res) return
def test_command_pattern(self): cmd = "pattern create 32" target = "tests/binaries/pattern.out" res = gdb_run_command(cmd, target=target) self.assertNoException(res) self.assertTrue(b"aaaaaaaabaaaaaaacaaaaaaadaaaaaaa" in res) cmd = "pattern search $rbp" target = "tests/binaries/pattern.out" res = gdb_run_command(cmd, before=["set args aaaaaaaabaaaaaaacaaaaaaadaaaaaaa", "run"], target=target) self.assertNoException(res) self.assertTrue(b"Found at offset" in res) return
def test_command_capstone_disassemble(self): self.assertFailIfInactiveSession( gdb_run_command("capstone-disassemble")) res = gdb_start_silent_command("capstone-disassemble") self.assertNoException(res) self.assertTrue(len(res.splitlines()) > 1) return
def test_command_registers(self): self.assertFailIfInactiveSession(gdb_run_command("registers")) res = gdb_start_silent_command("registers") self.assertNoException(res) self.assertTrue(b"$rax" in res) self.assertTrue(b"$eflags" in res) return
def test_command_canary(self): self.assertFailIfInactiveSession(gdb_run_command("canary")) res = gdb_start_silent_command("canary", target="tests/binaries/canary.out") self.assertNoException(res) self.assertTrue(b"Found AT_RANDOM at" in res) self.assertTrue(b"The canary of process " in res) return
def test_command_process_status(self): self.assertFailIfInactiveSession(gdb_run_command("process-status")) res = gdb_start_silent_command("process-status") self.assertNoException(res) self.assertTrue(b"Process Information" in res \ and b"No child process" in res \ and b"No open connections" in res) return
def test_command_checksec(self): cmd = "checksec" res = gdb_run_command(cmd) self.assertNoException(res) target = "tests/binaries/checksec-no-canary.out" res = gdb_run_command(cmd, target=target) self.assertTrue("Canary : No") target = "tests/binaries/checksec-no-nx.out" res = gdb_run_command(cmd, target=target) self.assertTrue("NX : No") target = "tests/binaries/checksec-no-pie.out" res = gdb_run_command(cmd, target=target) self.assertTrue("PIE : No") return
def test_command_heap_chunk(self): cmd = "heap chunk p1" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target)) res = gdb_run_silent_command(cmd, target=target) self.assertNoException(res) self.assertTrue(b"NON_MAIN_ARENA flag: " in res) return
def test_command_heap_arenas(self): cmd = "heap arenas" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target)) res = gdb_start_silent_command(cmd, target=target) self.assertNoException(res) self.assertTrue(b"Arena (base=" in res) return
def test_command_heap_set_arena(self): cmd = "heap set-arena main_arena" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target)) res = gdb_run_silent_command(cmd, target=target, after=["heap arenas",]) self.assertNoException(res) self.assertTrue(b"Arena (base=" in res) return
def test_command_heap_chunks(self): cmd = "heap chunks" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target)) res = gdb_run_silent_command(cmd, target=target) self.assertNoException(res) self.assertTrue(b"Chunk(addr=" in res and b"top chunk" in res) return
def test_command_heap_bins_fast(self): cmd = "heap bins fast" target = "tests/binaries/heap-fastbins.out" self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target)) res = gdb_run_silent_command(cmd, target=target) self.assertNoException(res) self.assertTrue(b"Fastbins[idx=0, size=0x10]" in res) return
def test_command_xinfo(self): self.assertFailIfInactiveSession(gdb_run_command("xinfo $sp")) res = gdb_start_silent_command("xinfo") self.assertTrue(b"At least one valid address must be specified" in res) res = gdb_start_silent_command("xinfo $sp") self.assertNoException(res) self.assertTrue(len(res.splitlines()) >= 7) return
def test_command_unicorn_emulate(self): cmd = "emu -n 1" res = gdb_run_command(cmd) self.assertFailIfInactiveSession(res) res = gdb_start_silent_command(cmd) self.assertNoException(res) self.assertTrue(b"Final registers" in res) return
def test_command_heap_bins_fast(self): cmd = "heap bins fast" target = "tests/binaries/heap-fastbins.out" self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target)) res = gdb_run_silent_command(cmd, target=target) self.assertNoException(res) self.assertTrue(b"Fastbins[idx=0, size=0x10]" in res) self.assertTrue(b"Chunk(addr=" in res) return
def test_command_ropper(self): cmd = "ropper" self.assertFailIfInactiveSession(gdb_run_command(cmd)) cmd = "ropper --search \"pop %; pop %; ret\"" res = gdb_run_silent_command(cmd) self.assertNoException(res) self.assertFalse(b": error:" in res) self.assertTrue(len(res.splitlines()) > 2) return
def test_command_vmmap(self): self.assertFailIfInactiveSession(gdb_run_command("vmmap")) res = gdb_start_silent_command("vmmap") self.assertNoException(res) self.assertTrue(len(res.splitlines()) > 1) res = gdb_start_silent_command("vmmap stack") self.assertNoException(res) self.assertTrue(len(res.splitlines()) > 1) return
def test_command_format_string_helper(self): cmd = "format-string-helper" target = "tests/binaries/format-string-helper.out" res = gdb_run_command(cmd, after=["set args testtest", "run",], target=target) self.assertNoException(res) self.assertTrue(b"Possible insecure format string:" in res) return
def test_command_hexdump(self): self.assertFailIfInactiveSession(gdb_run_command("hexdump $pc")) res = gdb_start_silent_command("hexdump qword $pc") self.assertNoException(res) res = gdb_start_silent_command("hexdump dword $pc l1") self.assertNoException(res) res = gdb_start_silent_command("hexdump word $pc l5 down") self.assertNoException(res) res = gdb_start_silent_command("hexdump byte $sp l32") self.assertNoException(res) return
def test_command_trace_run(self): cmd = "trace-run" res = gdb_run_command(cmd) self.assertFailIfInactiveSession(res) cmd = "trace-run $pc+1" res = gdb_start_silent_command(cmd, before=["gef config trace-run.tracefile_prefix /tmp/gef-trace-"]) self.assertNoException(res) self.assertTrue(b"Tracing from" in res) return
def test_command_dereference(self): self.assertFailIfInactiveSession(gdb_run_command("dereference")) res = gdb_start_silent_command("dereference $sp") self.assertNoException(res) self.assertTrue(len(res.splitlines()) > 2) self.assertTrue(b"$rsp" in res) res = gdb_start_silent_command("dereference 0") self.assertNoException(res) self.assertTrue(b"Unmapped address" in res) return
def test_command_print_format(self): self.assertFailIfInactiveSession(gdb_run_command("print-format")) res = gdb_start_silent_command("print-format $rsp") self.assertNoException(res) self.assertTrue(b"buf = [" in res) res = gdb_start_silent_command("print-format -f js $rsp") self.assertNoException(res) self.assertTrue(b"var buf = [" in res) res = gdb_start_silent_command("print-format -f iDontExist $rsp") self.assertNoException(res) self.assertTrue(b"Language must be :" in res) return
def test_command_xor_memory(self): cmd = "xor-memory display $sp 0x10 0x41" self.assertFailIfInactiveSession(gdb_run_command(cmd)) res = gdb_start_silent_command(cmd) self.assertNoException(res) self.assertTrue(b"Original block" in res) self.assertTrue(b"XOR-ed block" in res) cmd = "xor-memory patch $sp 0x10 0x41" res = gdb_start_silent_command(cmd) self.assertNoException(res) self.assertTrue(b"Patching XOR-ing ") return
def test_command_set_permission(self): self.assertFailIfInactiveSession(gdb_run_command("set-permission")) target = "tests/binaries/set-permission.out" res = gdb_run_silent_command("set-permission 0x1337000", after=["vmmap",], target=target) self.assertNoException(res) line = [ l for l in res.splitlines() if b"0x0000000001337000" in l ][0] line = line.split() self.assertEqual(line[0], b"0x0000000001337000") self.assertEqual(line[1], b"0x0000000001338000") self.assertEqual(line[2], b"0x0000000000000000") self.assertEqual(line[3], b"rwx") res = gdb_run_silent_command("set-permission 0x1338000", target=target) self.assertNoException(res) self.assertTrue(b"Unmapped address") return
def test_command_edit_flags(self): self.assertFailIfInactiveSession(gdb_run_command("edit-flags")) # force enable flag res = gdb_start_silent_command_last_line("edit-flags +carry") self.assertNoException(res) self.assertTrue(b"CARRY " in res) # force disable flag res = gdb_start_silent_command_last_line("edit-flags -carry") self.assertNoException(res) self.assertTrue(b"carry " in res) # toggle flag before = gdb_start_silent_command_last_line("edit-flags") self.assertNoException(before) after = gdb_start_silent_command_last_line("edit-flags ~carry") self.assertNoException(after) s = difflib.SequenceMatcher(None, before, after) self.assertTrue(s.ratio() > 0.90) return
def test_command_set_permission(self): self.assertFailIfInactiveSession(gdb_run_command("set-permission")) target = "tests/binaries/set-permission.out" res = gdb_run_silent_command("set-permission 0x1337000", after=[ "vmmap", ], target=target) self.assertNoException(res) self.assertTrue( b"0x0000000001337000 0x0000000001338000 0x0000000000000000 rwx" in res) res = gdb_run_silent_command("set-permission 0x1338000", target=target) self.assertNoException(res) self.assertTrue(b"Unmapped address") return
def test_command_heap_analysis(self): cmd = "heap-analysis-helper" self.assertFailIfInactiveSession(gdb_run_command(cmd)) res = gdb_start_silent_command(cmd) self.assertNoException(res) return
def test_command_elf_info(self): res = gdb_run_command("elf-info") self.assertNoException(res) self.assertTrue(b"7f 45 4c 46" in res) return
def test_command_search_pattern(self): self.assertFailIfInactiveSession(gdb_run_command("grep /bin/sh")) res = gdb_start_silent_command("grep /bin/sh") self.assertNoException(res) self.assertTrue(b"0x" in res) return
def test_command_patch(self): self.assertFailIfInactiveSession(gdb_run_command("patch")) return
def test_command_xfiles(self): self.assertFailIfInactiveSession(gdb_run_command("xfiles")) res = gdb_start_silent_command("xfiles") self.assertNoException(res) self.assertTrue(len(res.splitlines()) >= 3) return
def test_command_stub(self): cmd = "stub printf" self.assertFailIfInactiveSession(gdb_run_command(cmd)) res = gdb_start_silent_command(cmd) self.assertNoException(res) return
def test_command_capstone_disassemble(self): self.assertFailIfInactiveSession(gdb_run_command("capstone-disassemble")) res = gdb_start_silent_command("capstone-disassemble") self.assertNoException(res) self.assertTrue(len(res.splitlines()) > 1) return
def test_command_entry_break(self): res = gdb_run_command("entry-break") self.assertNoException(res) return