def run(self, guinea):
address = proctal_cli.allocate(guinea.pid(), self.value.size())
try:
proctal_cli.write(guinea.pid(), address, self.type, self.value)
reader = proctal_cli.read(guinea.pid(), address, self.type, binary=True)
try:
value = reader.next_value()
if self.value.cmp(value) != 0:
raise Error("Expected {expected} but got {found}.".format(expected=self.value, found=value))
finally:
reader.stop()
finally:
proctal_cli.deallocate(guinea.pid(), address)
def run(self):
with sleeper.run() as guinea:
total_length = self.length * self.value.size()
total_offset = self.offset * self.value.size()
address = proctal_cli.allocate(guinea.pid(),
total_offset + total_length)
proctal_cli.write(guinea.pid(),
address,
self.type,
self.value,
array=self.offset + self.length)
start_address = address
start_address.add_address_offset(total_offset)
stop_address = start_address.clone()
stop_address.add_address_offset(total_length)
searcher = proctal_cli.search(guinea.pid(),
self.type,
address_start=start_address,
address_stop=stop_address,
eq=test.value)
found = 0
for match in searcher.match_iterator():
if self.value.cmp(match.value) != 0:
searcher.stop()
raise UnexpectedMatchValue(match.value, self.value)
if not (start_address.cmp(match.address) <= 0
and stop_address.cmp(match.address) > 0):
searcher.stop()
raise UnexpectedMatchAddress(start_address, stop_address,
match.address)
found += 1
searcher.stop()
if self.length != found:
raise UnexpectedTotalMatches(self.length, found)
def run(self):
byte_type = proctal_cli.TypeByte();
value = proctal_cli.ValueByte(byte_type)
value.parse_binary(b'\x42')
with sleeper.run() as guinea:
address = proctal_cli.allocate(guinea.pid(), self.offset + self.length)
address.add_address_offset(self.offset)
proctal_cli.write(guinea.pid(), address, byte_type, value, array=self.length)
start_address = address
stop_address = start_address.clone()
stop_address.add_address_offset(self.length)
dumper = proctal_cli.dump(
guinea.pid(),
address_start=start_address,
address_stop=stop_address)
found = 0
for match in dumper.byte_iterator():
byte = proctal_cli.ValueByte(byte_type)
byte.parse_binary(match)
if value.cmp(byte) != 0:
dumper.stop()
raise UnexpectedMatchValue(value, byte)
found += 1
dumper.stop()
if self.length != found:
raise UnexpectedTotalMatches(self.length, found)
def start(test):
with sleeper.run() as guinea:
total_size = int(test.value.size() * test.length)
address = proctal_cli.allocate(guinea.pid(), str(total_size))
proctal_cli.write(guinea.pid(),
address,
test.type,
test.value,
array=test.length)
searcher = proctal_cli.search(guinea.pid(), test.type, eq=test.value)
start_address = address
end_address = start_address.clone()
end_address.add_address_offset(total_size)
found = 0
for match in searcher.match_iterator():
if test.value.cmp(match.value) != 0:
searcher.stop()
raise UnexpectedMatchValue(test.value, match.value)
if not (start_address.cmp(match.address) <= 0
and end_address.cmp(match.address) > 0):
searcher.stop()
raise UnexpectedMatchAddress(start_address, end_address,
match.address)
found += 1
searcher.stop()
if test.length != found:
raise UnexpectedTotalMatches(test.length, found)
from util import proctal_cli, sleeper
codes = {
"x86-64":
"""
mov rax, 0x{address}
mov DWORD PTR [rax], {value}
"""
}
with sleeper.run() as guinea:
address = proctal_cli.allocate(guinea.pid(), 14)
type = proctal_cli.TypeInteger(bits=32)
value = proctal_cli.ValueInteger(type)
value.parse(0)
proctal_cli.write(guinea.pid(), address, type, value)
proctal_cli.execute(guinea.pid(),
codes["x86-64"].format(address=str(address), value=1))
reader = proctal_cli.read(guinea.pid(), address, type)
read = reader.next_value()
reader.stop()
if read.cmp(value) == 0:
exit("Value was not overwritten.")
from util import proctal_cli, sleeper
with sleeper.run() as guinea:
active_flags = "r"
inactive_flags = "wx"
int32 = proctal_cli.TypeInteger(32)
test_value = proctal_cli.ValueInteger(int32)
test_value.parse(0xFFAAFFAA)
for flag in active_flags:
address = proctal_cli.allocate(guinea.pid(),
test_value.size(),
permission=flag)
proctal_cli.write(guinea.pid(), address, int32, test_value)
searcher = proctal_cli.search(guinea.pid(), int32, eq=test_value)
found = False
for match in searcher.match_iterator():
if match.address.cmp(address) == 0:
found = True
if not found:
searcher.stop()
exit("Default search permissions is missing the {flag} flag.\n".
format(flag=flag))
for flag in inactive_flags:
message = "Expected {expected} matches but found {found}.".format(
expected=self.expected, found=self.found)
super().__init__(message)
test_type = proctal_cli.TypeInteger(32)
test_value = proctal_cli.ValueInteger(test_type)
test_value.parse(0x7FDDCCAA)
test_pattern = "AA CC DD 7F"
with sleeper.run() as guinea:
length = 10
byte_length = length * test_value.size()
address = proctal_cli.allocate(guinea.pid(), byte_length)
proctal_cli.write(guinea.pid(),
address,
test_type,
test_value,
array=length)
start_address = address
stop_address = start_address.clone()
stop_address.add_address_offset(byte_length)
def make_test_full_range():
"""Search entire range of addresses."""
start = start_address.clone()
end = stop_address.clone()
from util import proctal_cli, sleeper
with sleeper.run() as guinea:
int32 = proctal_cli.TypeInteger(32)
test_value = proctal_cli.ValueInteger(int32)
test_value.parse(0xFFAAFFAA)
address = proctal_cli.allocate(guinea.pid(), test_value.size())
proctal_cli.write(guinea.pid(), address, int32, test_value)
proctal_cli.deallocate(guinea.pid(), address)
searcher = proctal_cli.search(guinea.pid(), int32, eq=test_value)
for match in searcher.match_iterator():
if match.address.cmp(address) == 0:
searcher.stop()
exit("Memory block still seems accessible.")
break
searcher.stop()