def test_cmd_patch_qword_symbol(self):
target = "/tmp/bss.out"
before = gdb_run_silent_cmd("deref $sp 1", target=target)
after = gdb_run_silent_cmd("patch qword $sp &msg", after=["deref $sp 1",], target=target)
self.assertNoException(before)
self.assertNoException(after)
self.assertNotIn("Hello world!", before)
self.assertIn("Hello world!", after)
return
def test_cmd_patch_qword_symbol(self):
target = "tests/binaries/bss.out"
before = gdb_run_silent_cmd("deref $sp 1", target=target)
after = gdb_run_silent_cmd("patch qword $sp &msg", after=["deref $sp 1",], target=target)
self.assertNoException(before)
self.assertNoException(after)
self.assertNotIn("Hello world!", before)
self.assertIn("Hello world!", after)
return
def test_func_heap(self):
cmd = "deref $_heap()"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="tests/binaries/heap.out"))
res = gdb_run_silent_cmd(cmd, target="tests/binaries/heap.out")
self.assertNoException(res)
self.assertIn("+0x0048:", res)
cmd = "deref $_heap(0x10+0x10)"
res = gdb_run_silent_cmd(cmd, target="tests/binaries/heap.out")
self.assertNoException(res)
self.assertIn("+0x0048:", res)
return
def test_func_heap(self):
cmd = "deref $_heap()"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="/tmp/heap.out"))
res = gdb_run_silent_cmd(cmd, target="/tmp/heap.out")
self.assertNoException(res)
self.assertIn("+0x0048:", res)
cmd = "deref $_heap(0x10+0x10)"
res = gdb_run_silent_cmd(cmd, target="/tmp/heap.out")
self.assertNoException(res)
self.assertIn("+0x0048:", res)
return
def test_cmd_heap_bins_non_main(self):
cmd = 'python gdb.execute("heap bins fast {}".format(get_main_arena().next))'
target = "tests/binaries/heap-non-main.out"
res = gdb_run_silent_cmd(cmd, target=target)
self.assertNoException(res)
self.assertIn("size=0x20, flags=PREV_INUSE|NON_MAIN_ARENA", res)
return
def test_cmd_heap_bins_tcache(self):
cmd = "heap bins tcache"
target = "/tmp/heap-non-main.out"
res = gdb_run_silent_cmd(cmd, target=target)
self.assertNoException(res)
self.assertIn("Tcachebins[idx=0, size=0x20] count=1", res)
return
def test_func_bss(self):
cmd = "deref $_bss()"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="tests/binaries/bss.out"))
res = gdb_run_silent_cmd(cmd, target="tests/binaries/bss.out")
self.assertNoException(res)
self.assertIn("Hello world!", res)
return
def test_func_got(self):
cmd = "deref $_got()"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="tests/binaries/heap.out"))
res = gdb_run_silent_cmd(cmd, target="tests/binaries/heap.out")
self.assertNoException(res)
self.assertIn("malloc", res)
return
def test_func_got(self):
cmd = "deref $_got()"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="/tmp/heap.out"))
res = gdb_run_silent_cmd(cmd, target="/tmp/heap.out")
self.assertNoException(res)
self.assertIn("malloc", res)
return
def test_cmd_heap_bins_non_main(self):
cmd = 'python gdb.execute("heap bins fast {}".format(get_main_arena().next))'
target = "tests/binaries/heap-non-main.out"
res = gdb_run_silent_cmd(cmd, target=target)
self.assertNoException(res)
self.assertIn("size=0x20, flags=PREV_INUSE|NON_MAIN_ARENA", res)
return
def test_func_bss(self):
cmd = "deref $_bss()"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target="/tmp/bss.out"))
res = gdb_run_silent_cmd(cmd, target="/tmp/bss.out")
self.assertNoException(res)
self.assertIn("Hello world!", res)
return
def test_cmd_heap_bins_non_main(self):
cmd = 'python gdb.execute("heap bins fast {}".format(get_main_arena().next))'
before = ['set environment GLIBC_TUNABLES glibc.malloc.tcache_count=0']
target = "/tmp/heap-non-main.out"
res = gdb_run_silent_cmd(cmd, before=before, target=target)
self.assertNoException(res)
self.assertIn("size=0x20", res)
return
def test_cmd_heap_chunk(self):
cmd = "heap chunk p1"
target = "tests/binaries/heap.out"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target))
res = gdb_run_silent_cmd(cmd, target=target)
self.assertNoException(res)
self.assertIn("NON_MAIN_ARENA flag: ", res)
return
def test_cmd_set_permission(self):
self.assertFailIfInactiveSession(gdb_run_cmd("set-permission"))
target = "tests/binaries/set-permission.out"
res = gdb_run_silent_cmd("set-permission 0x1337000", after=["vmmap",], target=target)
self.assertNoException(res)
line = [ l for l in res.splitlines() if "0x0000000001337000" in l ][0]
line = line.split()
self.assertEqual(line[0], "0x0000000001337000")
self.assertEqual(line[1], "0x0000000001338000")
self.assertEqual(line[2], "0x0000000000000000")
self.assertEqual(line[3], "rwx")
res = gdb_run_silent_cmd("set-permission 0x1338000", target=target)
self.assertNoException(res)
self.assertIn("Unmapped address", res)
return
def test_cmd_heap_bins_fast(self):
cmd = "heap bins fast"
target = "tests/binaries/heap-fastbins.out"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target))
res = gdb_run_silent_cmd(cmd, target=target)
self.assertNoException(res)
self.assertIn("Fastbins[idx=0, size=0x10]", res)
return
def test_cmd_heap_bins_tcache_all(self):
cmd = "heap bins tcache all"
target = "/tmp/heap-tcache.out"
res = gdb_run_silent_cmd(cmd, target=target)
self.assertNoException(res)
self.assertIn("Tcachebins[idx=0, size=0x20] count=3", res)
self.assertIn("Tcachebins[idx=1, size=0x30] count=3", res)
return
def test_cmd_heap_bins_fast(self):
cmd = "heap bins fast"
target = "tests/binaries/heap-fastbins.out"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target))
res = gdb_run_silent_cmd(cmd, target=target)
self.assertNoException(res)
self.assertIn("Fastbins[idx=0, size=0x10]", res)
return
def test_cmd_heap_chunk(self):
cmd = "heap chunk p1"
target = "tests/binaries/heap.out"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target))
res = gdb_run_silent_cmd(cmd, target=target)
self.assertNoException(res)
self.assertIn("NON_MAIN_ARENA flag: ", res)
return
def test_cmd_heap_set_arena(self):
cmd = "heap set-arena main_arena"
target = "tests/binaries/heap.out"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target))
res = gdb_run_silent_cmd(cmd, target=target, after=["heap arenas",])
self.assertNoException(res)
self.assertIn("Arena (base=", res)
return
def test_cmd_set_permission(self):
self.assertFailIfInactiveSession(gdb_run_cmd("set-permission"))
target = "tests/binaries/set-permission.out"
res = gdb_run_silent_cmd("set-permission 0x1337000", after=["vmmap",], target=target)
self.assertNoException(res)
line = [ l for l in res.splitlines() if b"0x0000000001337000" in l ][0]
line = line.split()
self.assertEqual(line[0], b"0x0000000001337000")
self.assertEqual(line[1], b"0x0000000001338000")
self.assertEqual(line[2], b"0x0000000000000000")
self.assertEqual(line[3], b"rwx")
res = gdb_run_silent_cmd("set-permission 0x1338000", target=target)
self.assertNoException(res)
self.assertIn(b"Unmapped address", res)
return
def test_cmd_heap_set_arena(self):
cmd = "heap set-arena main_arena"
target = "tests/binaries/heap.out"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target))
res = gdb_run_silent_cmd(cmd, target=target, after=["heap arenas",])
self.assertNoException(res)
self.assertIn(b"Arena (base=", res)
return
def test_cmd_heap_chunks(self):
cmd = "heap chunks"
target = "tests/binaries/heap.out"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target))
res = gdb_run_silent_cmd(cmd, target=target)
self.assertNoException(res)
self.assertIn("Chunk(addr=", res)
self.assertIn("top chunk", res)
return
def test_cmd_heap_chunks(self):
cmd = "heap chunks"
target = "tests/binaries/heap.out"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd, target=target))
res = gdb_run_silent_cmd(cmd, target=target)
self.assertNoException(res)
self.assertIn("Chunk(addr=", res)
self.assertIn("top chunk", res)
return
def test_cmd_ropper(self):
cmd = "ropper"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd))
cmd = "ropper --search \"pop %; pop %; ret\""
res = gdb_run_silent_cmd(cmd)
self.assertNoException(res)
self.assertNotIn(": error:", res)
self.assertTrue(len(res.splitlines()) > 2)
return
def test_cmd_ropper(self):
cmd = "ropper"
self.assertFailIfInactiveSession(gdb_run_cmd(cmd))
cmd = "ropper --search \"pop %; pop %; ret\""
res = gdb_run_silent_cmd(cmd)
self.assertNoException(res)
self.assertNotIn(": error:", res)
self.assertTrue(len(res.splitlines()) > 2)
return
def test_context_correct_registers_refresh_with_frames(self):
"""Ensure registers are correctly refreshed when changing frame (PR #668)"""
lines = gdb_run_silent_cmd("registers",
after=["frame 5", "registers"],
target="/tmp/nested.out").splitlines()
rips = [x for x in lines if x.startswith("$rip")]
self.assertEqual(len(rips), 2) # we must have only 2 entries
self.assertNotEqual(rips[0], rips[1]) # they must be different
self.assertIn("<f10",
rips[0]) # the first one must be in the f10 frame
self.assertIn("<f5", rips[1]) # the second one must be in the f5 frame
return
