def test_call_function_brancher(): class NonLocal(object): the_state = None the_goal = None def goal_reached_callback(goal, p, pg): # pylint:disable=unused-argument NonLocal.the_state = p NonLocal.the_goal = goal p = angr.Project(os.path.join(test_location, 'x86_64', 'brancher'), load_options={'auto_load_libs': False}) pg = p.factory.simulation_manager() # initialize the exploration technique dm = angr.exploration_techniques.Director( cfg_keep_states=True, goal_satisfied_callback=goal_reached_callback, num_fallback_states=1) _ = p.analyses.CFG() puts_func = p.kb.functions.function(name='puts') goal = angr.exploration_techniques.CallFunctionGoal( puts_func, [(SimTypePointer(SimTypeChar()), ">=20")]) dm.add_goal(goal) pg.use_technique(dm) pg.explore(find=(0x40059e, )) assert len(pg.deprioritized) > 0 assert len(pg.found) > 0 assert NonLocal.the_state is not None assert NonLocal.the_goal is goal
def test_stub_procedure_args(): # stub procedures should have the right number of arguments lib.set_prototype( "____a_random_stdcall_function__", SimTypeFunction( [ SimTypeInt(signed=True), SimTypeInt(signed=True), SimTypeInt(signed=False) ], SimTypePointer(SimTypeChar(), offset=0), arg_names=["_random_arg_0", "_random_arg_1", "_random_arg_2"])) stub = lib.get_stub('____a_random_stdcall_function__', archinfo.ArchX86()) stub.cc = SimCCStdcall(archinfo.ArchX86()) lib._apply_metadata(stub, archinfo.ArchX86()) assert len(stub.cc.args) == 3 assert all(isinstance(arg, SimStackArg) for arg in stub.cc.args) proj = angr.Project(os.path.join(binaries_base, "i386", "all"), auto_load_libs=False) state = proj.factory.blank_state() initial_sp = state.regs.sp stub.state = state stub.successors = SimSuccessors(0, state) stub.ret(0) succ = stub.successors.all_successors[0] assert state.solver.eval_one(succ.regs.sp - initial_sp) == 0x10
def run_fauxware(arch): addr = addresses_fauxware[arch] p = angr.Project(location + '/' + arch + '/fauxware') charstar = SimTypePointer(SimTypeChar()) prototype = SimTypeFunction((charstar, charstar), SimTypeInt(False)) cc = p.factory.cc(func_ty=prototype) authenticate = p.factory.callable(addr, toc=0x10018E80 if arch == 'ppc64' else None, concrete_only=True, cc=cc) nose.tools.assert_equal(authenticate("asdf", "SOSNEAKY")._model_concrete.value, 1) nose.tools.assert_raises(AngrCallableMultistateError, authenticate, "asdf", "NOSNEAKY")
def run_fauxware(self, arch): addr = addresses_fauxware[arch] p = angr.Project(os.path.join(location, 'tests', arch, 'fauxware')) charstar = SimTypePointer(SimTypeChar()) prototype = SimTypeFunction((charstar, charstar), SimTypeInt(False)) authenticate = p.factory.callable( addr, toc=0x10018E80 if arch == 'ppc64' else None, concrete_only=True, prototype=prototype) assert authenticate("asdf", "SOSNEAKY")._model_concrete.value == 1 self.assertRaises(AngrCallableMultistateError, authenticate, "asdf", "NOSNEAKY")
def ty_ptr(self, ty): return SimTypePointer(self.arch, ty)