def malloc(size):
output = gdb_utils.execute_output('call malloc(' + str(size) + ')')
# return memory address
return int(output[0].split(' ')[2])
def malloc(size):
output = gdb_utils.execute_output('call malloc(' + str(size) + ')')
# return memory address
return int(output[0].split(' ')[2])
# set the register that holds the first argument (amd64 arch) to the address of fuzz_string
gdb.execute('set $rdi=' + str(fuzz_string_addr))
# write fuzz_string to that address
inferior = gdb.inferiors()[0]
inferior.write_memory(fuzz_string_addr, fuzz_string, len(fuzz_string))
print 'string len: ' + str(len(fuzz_string))
gdb.execute("x/s $rdi")
# continue execution until the end of the function
gdb.execute('finish')
# check if the program has crashed
if gdb_utils.execute_output('info checkpoints')[0] == 'No checkpoints.':
print ''
print '#'
print '# The program has crashed! Stack exhaustion or bug???'
print '# Now is your turn, have fun! :P'
print '#'
print ''
gdb.execute('quit')
# restore snapshot
gdb.execute("restart 1")
gdb.execute("delete checkpoint 0")
# script ends
print 'No crashes...'
gdb.execute('quit')
# set the register that holds the first argument (amd64 arch) to the address of fuzz_string
gdb.execute('set $rdi=' + str(fuzz_string_addr))
# write fuzz_string to that address
inferior = gdb.inferiors()[0]
inferior.write_memory(fuzz_string_addr, fuzz_string, len(fuzz_string))
print 'string len: ' + str(len(fuzz_string))
gdb.execute("x/s $rdi")
# continue execution until the end of the function
gdb.execute('finish')
# check if the program has crashed
if gdb_utils.execute_output('info checkpoints')[0] == 'No checkpoints.':
print ''
print '#'
print '# The program has crashed! Stack exhaustion or bug???'
print '# Now is your turn, have fun! :P'
print '#'
print ''
gdb.execute('quit')
# restore snapshot
gdb.execute("restart 1")
gdb.execute("delete checkpoint 0")
# script ends
print 'No crashes...'
gdb.execute('quit')
