def malloc(size): output = gdb_utils.execute_output('call malloc(' + str(size) + ')') # return memory address return int(output[0].split(' ')[2])
# set the register that holds the first argument (amd64 arch) to the address of fuzz_string gdb.execute('set $rdi=' + str(fuzz_string_addr)) # write fuzz_string to that address inferior = gdb.inferiors()[0] inferior.write_memory(fuzz_string_addr, fuzz_string, len(fuzz_string)) print 'string len: ' + str(len(fuzz_string)) gdb.execute("x/s $rdi") # continue execution until the end of the function gdb.execute('finish') # check if the program has crashed if gdb_utils.execute_output('info checkpoints')[0] == 'No checkpoints.': print '' print '#' print '# The program has crashed! Stack exhaustion or bug???' print '# Now is your turn, have fun! :P' print '#' print '' gdb.execute('quit') # restore snapshot gdb.execute("restart 1") gdb.execute("delete checkpoint 0") # script ends print 'No crashes...' gdb.execute('quit')