Exemplo n.º 1
0
def malloc(size):
    output = gdb_utils.execute_output('call malloc(' + str(size) + ')')
    # return memory address
    return int(output[0].split(' ')[2])
Exemplo n.º 2
0
def malloc(size):
    output = gdb_utils.execute_output('call malloc(' + str(size) + ')')
    # return memory address
    return int(output[0].split(' ')[2])
Exemplo n.º 3
0
    # set the register that holds the first argument (amd64 arch) to the address of fuzz_string
    gdb.execute('set $rdi=' + str(fuzz_string_addr))

    # write fuzz_string to that address
    inferior = gdb.inferiors()[0]
    inferior.write_memory(fuzz_string_addr, fuzz_string, len(fuzz_string))

    print 'string len: ' + str(len(fuzz_string))
    gdb.execute("x/s $rdi")

    # continue execution until the end of the function
    gdb.execute('finish')

    # check if the program has crashed
    if gdb_utils.execute_output('info checkpoints')[0] == 'No checkpoints.':
        print ''
        print '#'
        print '# The program has crashed! Stack exhaustion or bug???'
        print '# Now is your turn, have fun! :P'
        print '#'
        print ''
        gdb.execute('quit')

    # restore snapshot
    gdb.execute("restart 1")
    gdb.execute("delete checkpoint 0")

# script ends
print 'No crashes...'
gdb.execute('quit')
Exemplo n.º 4
0
    # set the register that holds the first argument (amd64 arch) to the address of fuzz_string
    gdb.execute('set $rdi=' + str(fuzz_string_addr))

    # write fuzz_string to that address
    inferior = gdb.inferiors()[0]
    inferior.write_memory(fuzz_string_addr, fuzz_string, len(fuzz_string))

    print 'string len: ' + str(len(fuzz_string))
    gdb.execute("x/s $rdi")

    # continue execution until the end of the function
    gdb.execute('finish')

    # check if the program has crashed
    if gdb_utils.execute_output('info checkpoints')[0] == 'No checkpoints.':
        print ''
        print '#'
        print '# The program has crashed! Stack exhaustion or bug???'
        print '# Now is your turn, have fun! :P'
        print '#'
        print ''
        gdb.execute('quit')

    # restore snapshot
    gdb.execute("restart 1")
    gdb.execute("delete checkpoint 0")

# script ends
print 'No crashes...'
gdb.execute('quit')