def test_cmd_theme(self): res = gdb_run_cmd("theme") self.assertNoException(res) possible_themes = [ "context_title_line" "dereference_base_address" "context_title_message" "disable_color" "dereference_code" "dereference_string" "default_title_message", "default_title_line" "dereference_register_value", "xinfo_title_message", ] for t in possible_themes: # testing command viewing res = gdb_run_cmd("theme {}".format(t)) self.assertNoException(res) # testing command setting v = "blue blah 10 -1 0xfff bold" res = gdb_run_cmd("theme {} {}".format(t, v)) self.assertNoException(res) return
def test_cmd_pattern(self): cmd = "pattern create 32" target = "tests/binaries/pattern.out" res = gdb_run_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("aaaaaaaabaaaaaaacaaaaaaadaaaaaaa", res) cmd = "pattern search $rbp" target = "tests/binaries/pattern.out" res = gdb_run_cmd(cmd, before=["set args aaaaaaaabaaaaaaacaaaaaaadaaaaaaa", "run"], target=target) self.assertNoException(res) self.assertIn("Found at offset", res) return
def test_cmd_pattern_create(self): cmd = "pattern create 32" target = "/tmp/pattern.out" res = gdb_run_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("aaaabaaacaaadaaaeaaaf", res) cmd = "pattern create --period 8 32" target = "/tmp/pattern.out" res = gdb_run_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("aaaaaaaabaaaaaaacaaaaaaadaaaaaaa", res) return
def test_cmd_pattern(self): cmd = "pattern create 32" target = "tests/binaries/pattern.out" res = gdb_run_cmd(cmd, target=target) self.assertNoException(res) self.assertIn(b"aaaaaaaabaaaaaaacaaaaaaadaaaaaaa", res) cmd = "pattern search $rbp" target = "tests/binaries/pattern.out" res = gdb_run_cmd(cmd, before=["set args aaaaaaaabaaaaaaacaaaaaaadaaaaaaa", "run"], target=target) self.assertNoException(res) self.assertIn(b"Found at offset", res) return
def test_cmd_capstone_disassemble(self): self.assertFailIfInactiveSession(gdb_run_cmd("capstone-disassemble")) res = gdb_start_silent_cmd("capstone-disassemble") self.assertNoException(res) self.assertTrue(len(res.splitlines()) > 1) self.assertFailIfInactiveSession(gdb_run_cmd("cs --show-opcodes")) res = gdb_start_silent_cmd("cs --show-opcodes") self.assertNoException(res) self.assertTrue(len(res.splitlines()) > 1) # match the following pattern # 0x5555555546b2 897dec <main+8> mov DWORD PTR [rbp-0x14], edi self.assertRegex(res, r"0x.{12}\s([0-9a-f]{2})+\s+.*") return
def test_func_stack(self): cmd = "deref $_stack()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd)) res = gdb_start_silent_cmd(cmd) self.assertNoException(res) self.assertRegex(res, r"\+0x0*20: *0x0000000000000000\n") return
def test_cmd_entry_break(self): res = gdb_run_cmd("entry-break", before=[ "gef config gef.disable_color 1", ]) self.assertNoException(res) return
def test_cmd_registers(self): self.assertFailIfInactiveSession(gdb_run_cmd("registers")) res = gdb_start_silent_cmd("registers") self.assertNoException(res) self.assertIn("$rax", res) self.assertIn("$eflags", res) return
def test_cmd_canary(self): self.assertFailIfInactiveSession(gdb_run_cmd("canary")) res = gdb_start_silent_cmd("canary", target="tests/binaries/canary.out") self.assertNoException(res) self.assertIn("Found AT_RANDOM at", res) self.assertIn("The canary of process ", res) return
def test_func_got(self): cmd = "deref $_got()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="tests/binaries/heap.out")) res = gdb_run_silent_cmd(cmd, target="tests/binaries/heap.out") self.assertNoException(res) self.assertIn("malloc", res) return
def test_func_bss(self): cmd = "deref $_bss()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="tests/binaries/bss.out")) res = gdb_run_silent_cmd(cmd, target="tests/binaries/bss.out") self.assertNoException(res) self.assertIn("Hello world!", res) return
def test_func_got(self): cmd = "deref $_got()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="/tmp/heap.out")) res = gdb_run_silent_cmd(cmd, target="/tmp/heap.out") self.assertNoException(res) self.assertIn("malloc", res) return
def test_func_bss(self): cmd = "deref $_bss()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="/tmp/bss.out")) res = gdb_run_silent_cmd(cmd, target="/tmp/bss.out") self.assertNoException(res) self.assertIn("Hello world!", res) return
def test_cmd_canary(self): self.assertFailIfInactiveSession(gdb_run_cmd("canary")) res = gdb_start_silent_cmd("canary", target="tests/binaries/canary.out") self.assertNoException(res) self.assertIn(b"Found AT_RANDOM at", res) self.assertIn(b"The canary of process ", res) return
def test_cmd_heap_chunk(self): cmd = "heap chunk p1" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("NON_MAIN_ARENA flag: ", res) return
def test_cmd_process_status(self): self.assertFailIfInactiveSession(gdb_run_cmd("process-status")) res = gdb_start_silent_cmd("process-status") self.assertNoException(res) self.assertIn("Process Information", res) self.assertIn("No child process", res) self.assertIn("No open connections", res) return
def test_cmd_checksec(self): cmd = "checksec" res = gdb_run_cmd(cmd) self.assertNoException(res) target = "tests/binaries/checksec-no-canary.out" res = gdb_run_cmd(cmd, target=target) self.assertIn("Canary : No", res) target = "tests/binaries/checksec-no-nx.out" res = gdb_run_cmd(cmd, target=target) self.assertIn("NX : No", res) target = "tests/binaries/checksec-no-pie.out" res = gdb_run_cmd(cmd, target=target) self.assertIn("PIE : No", res) return
def test_cmd_checksec(self): cmd = "checksec" res = gdb_run_cmd(cmd) self.assertNoException(res) target = "tests/binaries/checksec-no-canary.out" res = gdb_run_cmd(cmd, target=target) self.assertIn("Canary : x", res) target = "tests/binaries/checksec-no-nx.out" res = gdb_run_cmd(cmd, target=target) self.assertIn("NX : x", res) target = "tests/binaries/checksec-no-pie.out" res = gdb_run_cmd(cmd, target=target) self.assertIn("PIE : x", res) return
def test_cmd_heap_set_arena(self): cmd = "heap set-arena main_arena" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target, after=["heap arenas",]) self.assertNoException(res) self.assertIn(b"Arena (base=", res) return
def test_cmd_heap_arenas(self): cmd = "heap arenas" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_start_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("Arena (base=", res) return
def test_cmd_heap_bins_fast(self): cmd = "heap bins fast" target = "tests/binaries/heap-fastbins.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("Fastbins[idx=0, size=0x10]", res) return
def test_cmd_heap_set_arena(self): cmd = "heap set-arena main_arena" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target, after=["heap arenas",]) self.assertNoException(res) self.assertIn("Arena (base=", res) return
def test_cmd_unicorn_emulate(self): cmd = "emu -n 1" res = gdb_run_cmd(cmd) self.assertFailIfInactiveSession(res) res = gdb_start_silent_cmd(cmd) self.assertNoException(res) self.assertIn("Final registers", res) return
def test_cmd_heap_chunks(self): cmd = "heap chunks" target = "tests/binaries/heap.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_run_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn("Chunk(addr=", res) self.assertIn("top chunk", res) return
def test_cmd_ropper(self): cmd = "ropper" self.assertFailIfInactiveSession(gdb_run_cmd(cmd)) cmd = "ropper --search \"pop %; pop %; ret\"" res = gdb_run_silent_cmd(cmd) self.assertNoException(res) self.assertNotIn(": error:", res) self.assertTrue(len(res.splitlines()) > 2) return
def test_cmd_xinfo(self): self.assertFailIfInactiveSession(gdb_run_cmd("xinfo $sp")) res = gdb_start_silent_cmd("xinfo") self.assertIn("At least one valid address must be specified", res) res = gdb_start_silent_cmd("xinfo $sp") self.assertNoException(res) self.assertTrue(len(res.splitlines()) >= 7) return
def test_cmd_vmmap(self): self.assertFailIfInactiveSession(gdb_run_cmd("vmmap")) res = gdb_start_silent_cmd("vmmap") self.assertNoException(res) self.assertTrue(len(res.splitlines()) > 1) res = gdb_start_silent_cmd("vmmap stack") self.assertNoException(res) self.assertTrue(len(res.splitlines()) > 1) return
def test_cmd_pattern_search(self): cmd = "pattern search $rbp" target = "/tmp/pattern.out" res = gdb_run_cmd( cmd, before=["set args aaaabaaacaaadaaaeaaafaaagaaahaaa", "run"], target=target) self.assertNoException(res) self.assertIn("Found at offset", res) cmd = "pattern search --period 8 $rbp" target = "/tmp/pattern.out" res = gdb_run_cmd( cmd, before=["set args aaaaaaaabaaaaaaacaaaaaaadaaaaaaa", "run"], target=target) self.assertNoException(res) self.assertIn("Found at offset", res) return
def test_cmd_format_string_helper(self): cmd = "format-string-helper" target = "tests/binaries/format-string-helper.out" res = gdb_run_cmd(cmd, after=["set args testtest", "run",], target=target) self.assertNoException(res) self.assertIn(b"Possible insecure format string:", res) return
def test_cmd_trace_run(self): cmd = "trace-run" res = gdb_run_cmd(cmd) self.assertFailIfInactiveSession(res) cmd = "trace-run $pc+1" res = gdb_start_silent_cmd(cmd,before=["gef config trace-run.tracefile_prefix /tmp/gef-trace-"]) self.assertNoException(res) self.assertIn("Tracing from", res) return
def test_cmd_format_string_helper(self): cmd = "format-string-helper" target = "tests/binaries/format-string-helper.out" res = gdb_run_cmd(cmd, after=["set args testtest", "run",], target=target) self.assertNoException(res) self.assertIn("Possible insecure format string:", res) return
def test_cmd_hexdump(self): self.assertFailIfInactiveSession(gdb_run_cmd("hexdump $pc")) res = gdb_start_silent_cmd("hexdump qword $pc") self.assertNoException(res) res = gdb_start_silent_cmd("hexdump dword $pc l1") self.assertNoException(res) res = gdb_start_silent_cmd("hexdump word $pc l5 down") self.assertNoException(res) res = gdb_start_silent_cmd("hexdump byte $sp l32") self.assertNoException(res) return
def test_cmd_hexdump(self): self.assertFailIfInactiveSession(gdb_run_cmd("hexdump $pc")) res = gdb_start_silent_cmd("hexdump qword $pc") self.assertNoException(res) res = gdb_start_silent_cmd("hexdump dword $pc l1") self.assertNoException(res) res = gdb_start_silent_cmd("hexdump word $pc l5 reverse") self.assertNoException(res) res = gdb_start_silent_cmd("hexdump byte $sp l32") self.assertNoException(res) return
def test_cmd_trace_run(self): cmd = "trace-run" res = gdb_run_cmd(cmd) self.assertFailIfInactiveSession(res) cmd = "trace-run $pc+1" res = gdb_start_silent_cmd(cmd, before=["gef config trace-run.tracefile_prefix /tmp/gef-trace-"]) self.assertNoException(res) self.assertIn("Tracing from", res) return
def test_cmd_print_format(self): self.assertFailIfInactiveSession(gdb_run_cmd("print-format")) res = gdb_start_silent_cmd("print-format $rsp") self.assertNoException(res) self.assertTrue("buf = [" in res) res = gdb_start_silent_cmd("print-format -f js $rsp") self.assertNoException(res) self.assertTrue("var buf = [" in res) res = gdb_start_silent_cmd("print-format -f iDontExist $rsp") self.assertNoException(res) self.assertTrue("Language must be :" in res) return
def test_func_heap(self): cmd = "deref $_heap()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="tests/binaries/heap.out")) res = gdb_run_silent_cmd(cmd, target="tests/binaries/heap.out") self.assertNoException(res) self.assertIn("+0x0048:", res) cmd = "deref $_heap(0x10+0x10)" res = gdb_run_silent_cmd(cmd, target="tests/binaries/heap.out") self.assertNoException(res) self.assertIn("+0x0048:", res) return
def test_cmd_dereference(self): self.assertFailIfInactiveSession(gdb_run_cmd("dereference")) res = gdb_start_silent_cmd("dereference $sp") self.assertNoException(res) self.assertTrue(len(res.splitlines()) > 2) self.assertIn("$rsp", res) res = gdb_start_silent_cmd("dereference 0") self.assertNoException(res) self.assertIn("Unmapped address", res) return
def test_cmd_got(self): cmd = "got" target = "tests/binaries/format-string-helper.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target)) res = gdb_start_silent_cmd(cmd, target=target) self.assertIn("printf", res) self.assertIn("strcpy", res) res = gdb_start_silent_cmd("got printf", target=target) self.assertIn("printf", res) self.assertNotIn("strcpy", res) return
def test_func_heap(self): cmd = "deref $_heap()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="/tmp/heap.out")) res = gdb_run_silent_cmd(cmd, target="/tmp/heap.out") self.assertNoException(res) self.assertIn("+0x0048:", res) cmd = "deref $_heap(0x10+0x10)" res = gdb_run_silent_cmd(cmd, target="/tmp/heap.out") self.assertNoException(res) self.assertIn("+0x0048:", res) return
def test_cmd_dereference(self): self.assertFailIfInactiveSession(gdb_run_cmd("dereference")) res = gdb_start_silent_cmd("dereference $sp") self.assertNoException(res) self.assertTrue(len(res.splitlines()) > 2) self.assertIn("$rsp", res) res = gdb_start_silent_cmd("dereference 0x0") self.assertNoException(res) self.assertIn("Unmapped address", res) return
def test_func_pie(self): cmd = "x/s $_pie()" self.assertFailIfInactiveSession(gdb_run_cmd(cmd)) res = gdb_start_silent_cmd(cmd) self.assertNoException(res) self.assertIn("\\177ELF", res) cmd = "x/s $_pie(1)" res = gdb_start_silent_cmd(cmd) self.assertNoException(res) self.assertNotIn("\\177ELF", res) self.assertIn("ELF", res) return
def test_cmd_xor_memory(self): cmd = "xor-memory display $sp 0x10 0x41" self.assertFailIfInactiveSession(gdb_run_cmd(cmd)) res = gdb_start_silent_cmd(cmd) self.assertNoException(res) self.assertIn("Original block", res) self.assertIn("XOR-ed block", res) cmd = "xor-memory patch $sp 0x10 0x41" res = gdb_start_silent_cmd(cmd) self.assertNoException(res) self.assertIn("Patching XOR-ing ", res) return
def test_cmd_heap_analysis(self): cmd = "heap-analysis-helper" target = "tests/binaries/heap-analysis.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd)) res = gdb_start_silent_cmd(cmd, after=["continue"], target=target) self.assertNoException(res) self.assertIn("Tracking", res) self.assertIn("correctly setup", res) self.assertIn("malloc(16)=", res) self.assertIn("calloc(32)=", res) addr = int(res.split("calloc(32)=")[1].split("\n")[0], 0) self.assertRegex(res, r"realloc\(.+, 48") self.assertIn("free({:#x}".format(addr), res) return
def test_cmd_scan(self): cmd = "scan libc stack" target = "tests/binaries/checksec-no-pie.out" self.assertFailIfInactiveSession(gdb_run_cmd(cmd)) res = gdb_start_silent_cmd(cmd, target=target) self.assertNoException(res) self.assertIn(target, res) target = "tests/binaries/default.out" res = gdb_start_silent_cmd("scan binary libc", target=target) self.assertNoException(res) self.assertIn("__libc_start_main", res) return
def test_cmd_set_permission(self): self.assertFailIfInactiveSession(gdb_run_cmd("set-permission")) target = "tests/binaries/set-permission.out" res = gdb_run_silent_cmd("set-permission 0x1337000", after=["vmmap",], target=target) self.assertNoException(res) line = [ l for l in res.splitlines() if "0x0000000001337000" in l ][0] line = line.split() self.assertEqual(line[0], "0x0000000001337000") self.assertEqual(line[1], "0x0000000001338000") self.assertEqual(line[2], "0x0000000000000000") self.assertEqual(line[3], "rwx") res = gdb_run_silent_cmd("set-permission 0x1338000", target=target) self.assertNoException(res) self.assertIn("Unmapped address", res) return