class ManticoreTest(unittest.TestCase): def setUp(self): self.m = Manticore('tests/binaries/arguments_linux_amd64') def test_add_hook(self): def tmp(state): pass entry = 0x00400e40 self.m.add_hook(entry, tmp) self.assertTrue(tmp in self.m._hooks[entry]) def test_hook_dec(self): entry = 0x00400e40 @self.m.hook(entry) def tmp(state): pass self.assertTrue(tmp in self.m._hooks[entry]) def test_hook(self): self.m.context['x'] = 0 @self.m.hook(None) def tmp(state): self.m.context['x'] = 1 self.m.terminate() self.m.run() self.assertEqual(self.m.context['x'], 1) def test_hook_dec_err(self): with self.assertRaises(TypeError): @self.m.hook('0x00400e40') def tmp(state): pass @unittest.skip( 'TODO(mark): (#52) activating this test breaks something z3 related for following tests' ) def test_integration_basic_stdin(self): import os, struct self.m = Manticore('tests/binaries/basic_linux_amd64') self.m.run() workspace = os.path.join(os.getcwd(), self.m.workspace) with open(os.path.join(workspace, 'test_00000001.stdin')) as f: a = struct.unpack('<I', f.read())[0] with open(os.path.join(workspace, 'test_00000002.stdin')) as f: b = struct.unpack('<I', f.read())[0] if a > 0x41: self.assertTrue(a > 0x41) self.assertTrue(b <= 0x41) else: self.assertTrue(a <= 0x41) self.assertTrue(b > 0x41)
class ManticoreTest(unittest.TestCase): _multiprocess_can_split_ = True def setUp(self): self.m = Manticore('tests/binaries/arguments_linux_amd64') def test_add_hook(self): def tmp(state): pass entry = 0x00400e40 self.m.add_hook(entry, tmp) self.assertTrue(tmp in self.m._hooks[entry]) def test_hook_dec(self): entry = 0x00400e40 @self.m.hook(entry) def tmp(state): pass self.assertTrue(tmp in self.m._hooks[entry]) def test_hook(self): self.m.context['x'] = 0 @self.m.hook(None) def tmp(state): self.m.context['x'] = 1 self.m.terminate() self.m.run() self.assertEqual(self.m.context['x'], 1) def test_hook_dec_err(self): with self.assertRaises(TypeError): @self.m.hook('0x00400e40') def tmp(state): pass def test_integration_basic_stdin(self): import os, struct self.m = Manticore('tests/binaries/basic_linux_amd64') self.m.run() workspace = self.m._output.uri # os.path.join(os.getcwd(), self.m.workspace) with open(os.path.join(workspace, 'test_00000000.stdin')) as f: a = struct.unpack('<I', f.read())[0] with open(os.path.join(workspace, 'test_00000001.stdin')) as f: b = struct.unpack('<I', f.read())[0] if a > 0x41: self.assertTrue(a > 0x41) self.assertTrue(b <= 0x41) else: self.assertTrue(a <= 0x41) self.assertTrue(b > 0x41)
class ManticoreTest(unittest.TestCase): _multiprocess_can_split_ = True def setUp(self): self.m = Manticore('tests/binaries/arguments_linux_amd64') def test_add_hook(self): def tmp(state): pass entry = 0x00400e40 self.m.add_hook(entry, tmp) self.assertTrue(tmp in self.m._hooks[entry]) def test_hook_dec(self): entry = 0x00400e40 @self.m.hook(entry) def tmp(state): pass self.assertTrue(tmp in self.m._hooks[entry]) def test_hook(self): self.m.context['x'] = 0 @self.m.hook(None) def tmp(state): self.m.context['x'] = 1 self.m.terminate() self.m.run() self.assertEqual(self.m.context['x'], 1) def test_hook_dec_err(self): with self.assertRaises(TypeError): @self.m.hook('0x00400e40') def tmp(state): pass def test_integration_basic_stdin(self): import os, struct self.m = Manticore('tests/binaries/basic_linux_amd64') self.m.run() workspace = self.m._output.uri# os.path.join(os.getcwd(), self.m.workspace) with open(os.path.join(workspace, 'test_00000000.stdin')) as f: a = struct.unpack('<I', f.read())[0] with open(os.path.join(workspace, 'test_00000001.stdin')) as f: b = struct.unpack('<I', f.read())[0] if a > 0x41: self.assertTrue(a > 0x41) self.assertTrue(b <= 0x41) else: self.assertTrue(a <= 0x41) self.assertTrue(b > 0x41)
@m.hook(0x4009c8) def hook(state): """ Inject symbolic buffer instead of fgets """ global buff_addr buff_addr = state.cpu.RDI buffer = state.new_symbolic_buffer(12) state.cpu.write_bytes(buff_addr, buffer) @m.hook(0x400981) def hook(state): """ Finish all the checks, solve for the solution """ buffer = state.cpu.read_bytes(buff_addr, 12) res = ''.join(chr(state.solve_one(x)) for x in buffer) print(res) # =MANTICORE== state.abandon() # Be sure to abandon and not continue execution def exit_hook(state): """ Abandon hook for each exit call """ state.abandon() """ For each exit that we found in each of the checks, add the exit_hook to that call """ for index, exit in enumerate(get_exits()): m.add_hook(exit, exit_hook) m.verbosity = 0 m.workers = 1 m.run()
class ManticoreTest(unittest.TestCase): _multiprocess_can_split_ = True def setUp(self): dirname = os.path.dirname(__file__) self.m = Manticore( os.path.join(dirname, 'binaries', 'arguments_linux_amd64')) def test_profiling_data(self): self.m.run(should_profile=True) profile_path = os.path.join(self.m.workspace, 'profiling.bin') self.assertTrue(os.path.exists(profile_path)) self.assertTrue(os.path.getsize(profile_path) > 0) def test_add_hook(self): def tmp(state): pass entry = 0x00400e40 self.m.add_hook(entry, tmp) self.assertTrue(tmp in self.m._hooks[entry]) def test_hook_dec(self): entry = 0x00400e40 @self.m.hook(entry) def tmp(state): pass self.assertTrue(tmp in self.m._hooks[entry]) def test_hook(self): self.m.context['x'] = 0 @self.m.hook(None) def tmp(state): self.m.context['x'] = 1 self.m.terminate() self.m.run() self.assertEqual(self.m.context['x'], 1) def test_init_hook(self): self.m.context['x'] = 0 @self.m.init def tmp(state): self.m.context['x'] = 1 self.m.terminate() self.m.run() self.assertEqual(self.m.context['x'], 1) def test_hook_dec_err(self): with self.assertRaises(TypeError): @self.m.hook('0x00400e40') def tmp(state): pass def test_integration_basic_stdin(self): import struct dirname = os.path.dirname(__file__) self.m = Manticore( os.path.join(dirname, 'binaries', 'basic_linux_amd64')) self.m.run() workspace = self.m._output.store.uri with open(os.path.join(workspace, 'test_00000000.stdin'), 'rb') as f: a = struct.unpack('<I', f.read())[0] with open(os.path.join(workspace, 'test_00000001.stdin'), 'rb') as f: b = struct.unpack('<I', f.read())[0] if a > 0x41: self.assertTrue(a > 0x41) self.assertTrue(b <= 0x41) else: self.assertTrue(a <= 0x41) self.assertTrue(b > 0x41)
""" """ def je_hook(state): # print("je HOOK: Here: {}".format(hex(state.cpu.EIP))) print('constra', state.constraints) res = state.solve_one(state.cpu.read_register('EDI')) # res = state.solve_one(state.cpu.EDI) print(chr(res), res) state.cpu.BL = res """ def exit_hook(state): # print("EXIT HOOK: Here: {}".format(hex(state.cpu.EIP))) state.abandon() for index, items in enumerate(addrs): entry, je_statement, exit_call = items # m.add_hook(je_statement, je_hook) m.add_hook(exit_call, exit_hook) """ def print_ip(state): if 0x400000 < state.cpu.RIP < 0x500000: print(hex(state.cpu.RIP)) """ m.verbosity = 0 m.workers = 1 m.run()