Python QuickCrash Exemples

Exemple #1

def test_quick_triage():
    # Test our ability to triage crashes quickly.

    crash_tuples = [
        (bytes.fromhex(
            "1002000041414141414141414141414d41414141414141414141414141414141001041414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141412a4141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141604141414141414141414102ffffff410080ffff4141410d807f412641414141414141414141414141414141414141413b41415f414141412b41414141417f4141414141412441414141416041f8414141414141c1414139410010000200005541415f4141b9b9b9b1b9d4b9b9b9b99cb99ec4b9b9b941411f4141414141414114414141514141414141414141414141454141494141414141414141404141414141414d414124a0414571717171717171717171717171717171616161616161616161616161616161006161515e41414141412041414141412125414141304141492f41414141492f4141414541412c4141410037373737373737373737414141414141413a41c4b9b9b9b901b9413c41414141414141414141414141412133414141414141412f414141414141414164414141414141414141414141417f41414100010000000055414b4100124141414141414141"
        ), "tests/defcon24/legit_00001", Vulnerability.IP_OVERWRITE),
        (b"1\n" + b"A" * 200, "tests/defcon24/legit_00003",
         Vulnerability.WRITE_WHAT_WHERE),
        (bytes.fromhex(
            "0500ffff80ffffff80f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1ffff80f1f1f1ebf1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f100de7fff80ffffff800fffffff7ef3ffffffff7fffff80fffffeff09fefefefefe0a57656c63fe6d6520746f2850616c696e64726f6d65204669776465720a0affffffff80ffffe8800fffffff7f230a"
        ), "tests/cgc/sc1_0b32aa01_01", Vulnerability.IP_OVERWRITE),
        (b"A" * 512, "tests/i386/vuln_vptr_smash",
         Vulnerability.ARBITRARY_READ),
        (bytes.fromhex(
            "00ea01ffe7fffffffbe3c0d9d9d9d9d9d9d9d9e6e6e6000000e90beae9e9e9e9e9e9d9e6e6e6000000e9e9e9e9e90000f320e9e9e9e9e9e9e900008000e3e3e3e3e3e3e3e3e3e3e3e3e3d8e3e3e3e3e3d2e3e3e3e3e3e3e9e9e9e97fffe9e9e9e9e9e9f1e9e9e9f6e9e9e9e9e9e9e9e9ebe9e9e9e9e9e9e9e9e9e9e9ffff8080e990e9e9ece9e9e9e9e9e9e9e9e9e9e90000ff20e9e9e9e9e9e9e900008000e3e3e3e3e3e3e3e3e3e3e3e3e3e3dde3e3e3e3e3e3e3e3e3e3e3e9e9e9f27fffe9a9e9e9e9e9f1e9e9e9e9e9e9e9e9e9e9e9e9ebe9e9e9e90080e9e91001e9e9e90000d9d9d9d9d9d9d9d9c2d9dae60200"
        ), "tests/cgc/474a5e01_01", Vulnerability.NULL_DEREFERENCE),
        (bytes.fromhex(
            "6675e263640a6e65777a64656c6976657265720a25642525252525252525252525252525257373732525252525252525620a0a0a160a6e6577a670697a7a610a646572656465656c6376300a0a0a0a0a64656c69766572658110006c6976657065720a0a0a8a304a0a0a0a0a64656c697665726564720a720a0a937a770a0a0a0f64656c6976657265720a0a0a8a6e7a5800110f64656c6976657265"
        ), "tests/cgc/PIZZA_00002", Vulnerability.NULL_DEREFERENCE),
        (bytes.fromhex(
            "ac0bfffc100000acffffff1c9fc01600100000acffffff1c9fc01600009b0bfffe2f0000"
        ), "tests/i386/arbitrary_transmit", Vulnerability.ARBITRARY_TRANSMIT),
    ]

    for tup in crash_tuples:
        crash_input = tup[0]
        binary_path = os.path.join(bin_location, tup[1])
        expected_tp = tup[2]

        qc = rex.QuickCrash(binary_path, crash_input)
        nose.tools.assert_true(qc.kind == expected_tp)

Exemple #2

Fichier : showmap_sync.py Projet : firebitsbr/worker

    def _sync_poll_to_crash(self, poll):
        if poll in self._seen:
            return

        crash_kind = None
        try:
            qc = rex.QuickCrash(self._cbn_p, poll)
            crash_kind = qc.kind
        except Exception as e:
            LOG.error("QuickCrash triaging threw exception '%s' NOT SYNCING",
                      e.message)

        if crash_kind is not None:
            Crash.get_or_create(cs=self._cs,
                                job=self._job,
                                blob=poll,
                                kind=crash_kind,
                                crash_pc=qc.crash_pc,
                                bb_count=qc.bb_count)

        self._seen.add(poll)

Exemple #3

    def _check_crash(self, t):
        if t in self._seen:
            return
        self._seen.add(t)

        LOG.info("Got crash of length %s", len(t))
        self._job.produced_output = True
        self._update_bitmap()

        # FIXME need good default values for multicbs
        if not self._cs.is_multi_cbn:
            # quick triaging can only be done on single CBs for now
            cbn = self._cbn_paths[0]

            crash_kind = None
            try:
                qc = rex.QuickCrash(cbn, t)
                crash_kind = qc.kind
            except Exception as e:  # pylint: disable=broad-except
                LOG.error("Received a %s exception, shouldn't happen", str(e))

            if crash_kind is None:
                LOG.error(
                    "Encountered crash_kind of None, this shouldn't happen")
                LOG.error("Challenge: %s", cbn)
                LOG.error("Crash: %s", t.encode('hex'))
                return

            Crash.get_or_create(cs=self._cs,
                                job=self._job,
                                blob=t,
                                kind=qc.kind,
                                crash_pc=qc.crash_pc,
                                bb_count=qc.bb_count)
        else:
            Crash.get_or_create(cs=self._cs, job=self._job, blob=t)