rr.do_track() import time time_start = time.time() rr.do_track() time_end = time.time() print("time cost: %s s" % (time_end-time_start)) res = "time cost: %s s" % (time_end - time_start) with open("time.time", "w") as f: f.write(res) f.close() rr.enable_analysis(["heap_analysis", "call_analysis", "got_analysis", "leak_analysis", "shellcode_analysis"]) rr.do_analysis() # from parse_helpers import * # dumps = parse_dumps(rr, "./maps.19158.dump") # def _hook_socket(state): # print("in socket") # def _hook_ioctl(state): # print("in sigaction") # rsp = state.regs.rsp
# print(hex(simgr.active[0].addr)) # print("over") # list = simgr.deadended[0].history.bbl_addrs.hardcopy # with open("log.log", 'w') as f: # str = "" # for addr in list: # str += hex(addr) + "\n" # f.write(str) # f.close() # print("over") # rr.enable_analysis(["heap_analysis"]) import time time_start = time.time() # # rr.enable_analysis(["heap_analysis", "shellcode_analysis", "leak_analysis", "got_analysis", "call_analysis"]) rr.enable_analysis(["heap_analysis", "leak_analysis"]) rr.do_analysis() # # rr.do_track() time_end = time.time() print("time cost: %s s" % (time_end - time_start)) # # rr.generate_report() # now: read # now: read # INFO | 2021-01-05 17:02:38,513 | shellcode_analysis | Found shellcode written at 0x1dc0040 (heap). # Found exploited state: execve('/bin///sh', None, ...) # Replay finished. # time cost: 134.38854503631592 s
# Found exploited state: execve('/bin/sh', [], ...) # Replay finished. # time cost: 860.9132940769196 s # over # now: socket # now: connect # Found exploited state: execve('/bin/sh', [], ...) # Replay finished. # time cost: 698.7854998111725 s # over import time time_start = time.time() rr.enable_analysis(["heap_analysis"]) rr.do_analysis() time_end = time.time() print("time cost: %s s" % (time_end-time_start)) # rr.do_track() print("over") # rr = Replayer("./ptrace/mutil/thread_tests/thread", "./ptrace/mutil/thread_tests/stdin.txt", "./ptrace/mutil/thread_tests/maps.76058", test=True) # from parse_helpers import * # dumps = parse_dumps(rr, "./maps.19158.dump") # def _hook_socket(state):
import sys sys.path.append("../../source") from replayer import Replayer rr = Replayer("./wget", "./syscalls.record", "./maps", new_syscall=True) rr.enable_analysis(["call_analysis", "heap_analysis", "shellcode_analysis"]) rr.do_analysis() rr.generate_report()