class ManticoreTest(unittest.TestCase):
def setUp(self):
self.m = Manticore('tests/binaries/arguments_linux_amd64')
def test_add_hook(self):
def tmp(state):
pass
entry = 0x00400e40
self.m.add_hook(entry, tmp)
self.assertTrue(tmp in self.m._hooks[entry])
def test_hook_dec(self):
entry = 0x00400e40
@self.m.hook(entry)
def tmp(state):
pass
self.assertTrue(tmp in self.m._hooks[entry])
def test_hook(self):
self.m.context['x'] = 0
@self.m.hook(None)
def tmp(state):
self.m.context['x'] = 1
self.m.terminate()
self.m.run()
self.assertEqual(self.m.context['x'], 1)
def test_hook_dec_err(self):
with self.assertRaises(TypeError):
@self.m.hook('0x00400e40')
def tmp(state):
pass
@unittest.skip(
'TODO(mark): (#52) activating this test breaks something z3 related for following tests'
)
def test_integration_basic_stdin(self):
import os, struct
self.m = Manticore('tests/binaries/basic_linux_amd64')
self.m.run()
workspace = os.path.join(os.getcwd(), self.m.workspace)
with open(os.path.join(workspace, 'test_00000001.stdin')) as f:
a = struct.unpack('<I', f.read())[0]
with open(os.path.join(workspace, 'test_00000002.stdin')) as f:
b = struct.unpack('<I', f.read())[0]
if a > 0x41:
self.assertTrue(a > 0x41)
self.assertTrue(b <= 0x41)
else:
self.assertTrue(a <= 0x41)
self.assertTrue(b > 0x41)
class ManticoreTest(unittest.TestCase):
_multiprocess_can_split_ = True
def setUp(self):
self.m = Manticore('tests/binaries/arguments_linux_amd64')
def test_add_hook(self):
def tmp(state):
pass
entry = 0x00400e40
self.m.add_hook(entry, tmp)
self.assertTrue(tmp in self.m._hooks[entry])
def test_hook_dec(self):
entry = 0x00400e40
@self.m.hook(entry)
def tmp(state):
pass
self.assertTrue(tmp in self.m._hooks[entry])
def test_hook(self):
self.m.context['x'] = 0
@self.m.hook(None)
def tmp(state):
self.m.context['x'] = 1
self.m.terminate()
self.m.run()
self.assertEqual(self.m.context['x'], 1)
def test_hook_dec_err(self):
with self.assertRaises(TypeError):
@self.m.hook('0x00400e40')
def tmp(state):
pass
def test_integration_basic_stdin(self):
import os, struct
self.m = Manticore('tests/binaries/basic_linux_amd64')
self.m.run()
workspace = self.m._output.uri # os.path.join(os.getcwd(), self.m.workspace)
with open(os.path.join(workspace, 'test_00000000.stdin')) as f:
a = struct.unpack('<I', f.read())[0]
with open(os.path.join(workspace, 'test_00000001.stdin')) as f:
b = struct.unpack('<I', f.read())[0]
if a > 0x41:
self.assertTrue(a > 0x41)
self.assertTrue(b <= 0x41)
else:
self.assertTrue(a <= 0x41)
self.assertTrue(b > 0x41)
class ManticoreTest(unittest.TestCase):
_multiprocess_can_split_ = True
def setUp(self):
self.m = Manticore('tests/binaries/arguments_linux_amd64')
def test_add_hook(self):
def tmp(state):
pass
entry = 0x00400e40
self.m.add_hook(entry, tmp)
self.assertTrue(tmp in self.m._hooks[entry])
def test_hook_dec(self):
entry = 0x00400e40
@self.m.hook(entry)
def tmp(state):
pass
self.assertTrue(tmp in self.m._hooks[entry])
def test_hook(self):
self.m.context['x'] = 0
@self.m.hook(None)
def tmp(state):
self.m.context['x'] = 1
self.m.terminate()
self.m.run()
self.assertEqual(self.m.context['x'], 1)
def test_hook_dec_err(self):
with self.assertRaises(TypeError):
@self.m.hook('0x00400e40')
def tmp(state):
pass
def test_integration_basic_stdin(self):
import os, struct
self.m = Manticore('tests/binaries/basic_linux_amd64')
self.m.run()
workspace = self.m._output.uri# os.path.join(os.getcwd(), self.m.workspace)
with open(os.path.join(workspace, 'test_00000000.stdin')) as f:
a = struct.unpack('<I', f.read())[0]
with open(os.path.join(workspace, 'test_00000001.stdin')) as f:
b = struct.unpack('<I', f.read())[0]
if a > 0x41:
self.assertTrue(a > 0x41)
self.assertTrue(b <= 0x41)
else:
self.assertTrue(a <= 0x41)
self.assertTrue(b > 0x41)
@m.hook(0x4009c8)
def hook(state):
""" Inject symbolic buffer instead of fgets """
global buff_addr
buff_addr = state.cpu.RDI
buffer = state.new_symbolic_buffer(12)
state.cpu.write_bytes(buff_addr, buffer)
@m.hook(0x400981)
def hook(state):
""" Finish all the checks, solve for the solution """
buffer = state.cpu.read_bytes(buff_addr, 12)
res = ''.join(chr(state.solve_one(x)) for x in buffer)
print(res) # =MANTICORE==
state.abandon() # Be sure to abandon and not continue execution
def exit_hook(state):
""" Abandon hook for each exit call """
state.abandon()
"""
For each exit that we found in each of the checks,
add the exit_hook to that call
"""
for index, exit in enumerate(get_exits()):
m.add_hook(exit, exit_hook)
m.verbosity = 0
m.workers = 1
m.run()
class ManticoreTest(unittest.TestCase):
_multiprocess_can_split_ = True
def setUp(self):
dirname = os.path.dirname(__file__)
self.m = Manticore(
os.path.join(dirname, 'binaries', 'arguments_linux_amd64'))
def test_profiling_data(self):
self.m.run(should_profile=True)
profile_path = os.path.join(self.m.workspace, 'profiling.bin')
self.assertTrue(os.path.exists(profile_path))
self.assertTrue(os.path.getsize(profile_path) > 0)
def test_add_hook(self):
def tmp(state):
pass
entry = 0x00400e40
self.m.add_hook(entry, tmp)
self.assertTrue(tmp in self.m._hooks[entry])
def test_hook_dec(self):
entry = 0x00400e40
@self.m.hook(entry)
def tmp(state):
pass
self.assertTrue(tmp in self.m._hooks[entry])
def test_hook(self):
self.m.context['x'] = 0
@self.m.hook(None)
def tmp(state):
self.m.context['x'] = 1
self.m.terminate()
self.m.run()
self.assertEqual(self.m.context['x'], 1)
def test_init_hook(self):
self.m.context['x'] = 0
@self.m.init
def tmp(state):
self.m.context['x'] = 1
self.m.terminate()
self.m.run()
self.assertEqual(self.m.context['x'], 1)
def test_hook_dec_err(self):
with self.assertRaises(TypeError):
@self.m.hook('0x00400e40')
def tmp(state):
pass
def test_integration_basic_stdin(self):
import struct
dirname = os.path.dirname(__file__)
self.m = Manticore(
os.path.join(dirname, 'binaries', 'basic_linux_amd64'))
self.m.run()
workspace = self.m._output.store.uri
with open(os.path.join(workspace, 'test_00000000.stdin'), 'rb') as f:
a = struct.unpack('<I', f.read())[0]
with open(os.path.join(workspace, 'test_00000001.stdin'), 'rb') as f:
b = struct.unpack('<I', f.read())[0]
if a > 0x41:
self.assertTrue(a > 0x41)
self.assertTrue(b <= 0x41)
else:
self.assertTrue(a <= 0x41)
self.assertTrue(b > 0x41)
"""
"""
def je_hook(state):
# print("je HOOK: Here: {}".format(hex(state.cpu.EIP)))
print('constra', state.constraints)
res = state.solve_one(state.cpu.read_register('EDI'))
# res = state.solve_one(state.cpu.EDI)
print(chr(res), res)
state.cpu.BL = res
"""
def exit_hook(state):
# print("EXIT HOOK: Here: {}".format(hex(state.cpu.EIP)))
state.abandon()
for index, items in enumerate(addrs):
entry, je_statement, exit_call = items
# m.add_hook(je_statement, je_hook)
m.add_hook(exit_call, exit_hook)
"""
def print_ip(state):
if 0x400000 < state.cpu.RIP < 0x500000:
print(hex(state.cpu.RIP))
"""
m.verbosity = 0
m.workers = 1
m.run()