def run_test(self,
filename,
patches,
set_oep=None,
inputvalue=None,
expected_output=None,
expected_returnCode=None,
try_without_cfg=True):
filepath = os.path.join(self.bin_location, filename)
pipe = subprocess.PIPE
with patcherex.utils.tempdir() as td:
tmp_file = os.path.join(td, "patched")
backend = DetourBackend(filepath, try_without_cfg=try_without_cfg)
backend.apply_patches(patches)
if set_oep:
backend.set_oep(backend.name_map[set_oep])
backend.save(tmp_file)
p = subprocess.Popen([
self.qemu_location, "-L", "/usr/mips64-linux-gnuabi64",
tmp_file
],
stdin=pipe,
stdout=pipe,
stderr=pipe)
res = p.communicate(inputvalue)
if expected_output:
self.assertEqual(res[0], expected_output)
if expected_returnCode:
self.assertEqual(p.returncode, expected_returnCode)
return backend
def run_test(self,
file,
patches,
set_oep=None,
inputs=None,
expected_output=None,
expected_returnCode=None):
filepath = os.path.join(self.bin_location, file)
pipe = subprocess.PIPE
with patcherex.utils.tempdir() as td:
tmp_file = os.path.join(td, "patched")
backend = DetourBackend(filepath)
backend.apply_patches(patches)
if set_oep:
backend.set_oep(backend.name_map[set_oep])
backend.save(tmp_file)
p = subprocess.Popen([tmp_file],
stdin=pipe,
stdout=pipe,
stderr=pipe)
res = p.communicate(inputs)
if expected_output:
self.assertEqual(res[0], expected_output)
if expected_returnCode:
self.assertEqual(p.returncode, expected_returnCode)
return backend
def execute(self, patches, binary, output_expected=None):
with patcherex.utils.tempdir() as td:
tmp_file = os.path.join(td, "patched")
#backend operations
backend = DetourBackend(self.binary_path + binary)
backend.apply_patches(patches)
backend.save(tmp_file)
#run the patched binary
pipe = subprocess.PIPE
p = subprocess.Popen([tmp_file],
stdin=pipe,
stdout=pipe,
stderr=pipe)
res = p.communicate()
#check the results
self.assertEqual(res[0], output_expected)
typedef = '''
typedef unsigned short uint16_t;
typedef unsigned char uint8_t;
'''
transmit_code = '''
void rx_brake_routine( uint8_t buff[], void *bumper ){
uint16_t speed_value;
uint8_t brake_switch;
speed_value = (buff[3] << 8) + buff[2];
brake_switch = (buff[4] & 0b00001100) >> 2;
((uint8_t*)bumper)[5] = (brake_switch) ? 1 : 0;
if ( ((uint8_t*)bumper)[5] ) {
if ((speed_value > 0) && ( !((uint8_t*)bumper)[4]) ){
((uint8_t*)bumper)[6] = 1;
}
}
else {
((uint8_t*)bumper)[6] = 0;
((uint8_t*)bumper)[4] = 0;
}
}
'''
transmit_code = typedef + transmit_code.replace("\n", " ")
patches.append(ReplaceFunctionPatch(0x400cc4, 0x84, transmit_code))
backend.apply_patches(patches)
backend.save(args.patched)