def test_command_theme(self):
res = gdb_run_command("theme")
self.assertNoException(res)
possible_themes = [
"context_title_line"
"dereference_base_address"
"context_title_message"
"disable_color"
"dereference_code"
"dereference_string"
"default_title_message",
"default_title_line"
"dereference_register_value",
"xinfo_title_message",
]
for t in possible_themes:
# testing command viewing
res = gdb_run_command("theme {}".format(t))
self.assertNoException(res)
# testing command setting
v = "blue blah 10 -1 0xfff bold"
res = gdb_run_command("theme {} {}".format(t, v))
self.assertNoException(res)
return
def test_command_theme(self):
res = gdb_run_command("theme")
self.assertNoException(res)
possible_themes = [
"context_title_line"
"dereference_base_address"
"context_title_message"
"disable_color"
"dereference_code"
"dereference_string"
"default_title_message",
"default_title_line"
"dereference_register_value",
"xinfo_title_message",
]
for t in possible_themes:
# testing command viewing
res = gdb_run_command("theme {}".format(t))
self.assertNoException(res)
# testing command setting
v = "blue blah 10 -1 0xfff bold"
res = gdb_run_command("theme {} {}".format(t, v))
self.assertNoException(res)
return
def test_command_pattern(self):
cmd = "pattern create 32"
target = "tests/binaries/pattern.out"
res = gdb_run_command(cmd, target=target)
self.assertNoException(res)
self.assertTrue(b"aaaaaaaabaaaaaaacaaaaaaadaaaaaaa" in res)
cmd = "pattern search $rbp"
target = "tests/binaries/pattern.out"
res = gdb_run_command(cmd, before=["set args aaaaaaaabaaaaaaacaaaaaaadaaaaaaa", "run"], target=target)
self.assertNoException(res)
self.assertTrue(b"Found at offset" in res)
return
def test_command_pattern(self):
cmd = "pattern create 32"
target = "tests/binaries/pattern.out"
res = gdb_run_command(cmd, target=target)
self.assertNoException(res)
self.assertTrue(b"aaaaaaaabaaaaaaacaaaaaaadaaaaaaa" in res)
cmd = "pattern search $rbp"
target = "tests/binaries/pattern.out"
res = gdb_run_command(cmd, before=["set args aaaaaaaabaaaaaaacaaaaaaadaaaaaaa", "run"], target=target)
self.assertNoException(res)
self.assertTrue(b"Found at offset" in res)
return
def test_command_capstone_disassemble(self):
self.assertFailIfInactiveSession(
gdb_run_command("capstone-disassemble"))
res = gdb_start_silent_command("capstone-disassemble")
self.assertNoException(res)
self.assertTrue(len(res.splitlines()) > 1)
return
def test_command_registers(self):
self.assertFailIfInactiveSession(gdb_run_command("registers"))
res = gdb_start_silent_command("registers")
self.assertNoException(res)
self.assertTrue(b"$rax" in res)
self.assertTrue(b"$eflags" in res)
return
def test_command_canary(self):
self.assertFailIfInactiveSession(gdb_run_command("canary"))
res = gdb_start_silent_command("canary", target="tests/binaries/canary.out")
self.assertNoException(res)
self.assertTrue(b"Found AT_RANDOM at" in res)
self.assertTrue(b"The canary of process " in res)
return
def test_command_registers(self):
self.assertFailIfInactiveSession(gdb_run_command("registers"))
res = gdb_start_silent_command("registers")
self.assertNoException(res)
self.assertTrue(b"$rax" in res)
self.assertTrue(b"$eflags" in res)
return
def test_command_canary(self):
self.assertFailIfInactiveSession(gdb_run_command("canary"))
res = gdb_start_silent_command("canary", target="tests/binaries/canary.out")
self.assertNoException(res)
self.assertTrue(b"Found AT_RANDOM at" in res)
self.assertTrue(b"The canary of process " in res)
return
def test_command_process_status(self):
self.assertFailIfInactiveSession(gdb_run_command("process-status"))
res = gdb_start_silent_command("process-status")
self.assertNoException(res)
self.assertTrue(b"Process Information" in res \
and b"No child process" in res \
and b"No open connections" in res)
return
def test_command_checksec(self):
cmd = "checksec"
res = gdb_run_command(cmd)
self.assertNoException(res)
target = "tests/binaries/checksec-no-canary.out"
res = gdb_run_command(cmd, target=target)
self.assertTrue("Canary : No")
target = "tests/binaries/checksec-no-nx.out"
res = gdb_run_command(cmd, target=target)
self.assertTrue("NX : No")
target = "tests/binaries/checksec-no-pie.out"
res = gdb_run_command(cmd, target=target)
self.assertTrue("PIE : No")
return
def test_command_process_status(self):
self.assertFailIfInactiveSession(gdb_run_command("process-status"))
res = gdb_start_silent_command("process-status")
self.assertNoException(res)
self.assertTrue(b"Process Information" in res \
and b"No child process" in res \
and b"No open connections" in res)
return
def test_command_heap_chunk(self):
cmd = "heap chunk p1"
target = "tests/binaries/heap.out"
self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target))
res = gdb_run_silent_command(cmd, target=target)
self.assertNoException(res)
self.assertTrue(b"NON_MAIN_ARENA flag: " in res)
return
def test_command_heap_arenas(self):
cmd = "heap arenas"
target = "tests/binaries/heap.out"
self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target))
res = gdb_start_silent_command(cmd, target=target)
self.assertNoException(res)
self.assertTrue(b"Arena (base=" in res)
return
def test_command_checksec(self):
cmd = "checksec"
res = gdb_run_command(cmd)
self.assertNoException(res)
target = "tests/binaries/checksec-no-canary.out"
res = gdb_run_command(cmd, target=target)
self.assertTrue("Canary : No")
target = "tests/binaries/checksec-no-nx.out"
res = gdb_run_command(cmd, target=target)
self.assertTrue("NX : No")
target = "tests/binaries/checksec-no-pie.out"
res = gdb_run_command(cmd, target=target)
self.assertTrue("PIE : No")
return
def test_command_heap_set_arena(self):
cmd = "heap set-arena main_arena"
target = "tests/binaries/heap.out"
self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target))
res = gdb_run_silent_command(cmd, target=target, after=["heap arenas",])
self.assertNoException(res)
self.assertTrue(b"Arena (base=" in res)
return
def test_command_heap_arenas(self):
cmd = "heap arenas"
target = "tests/binaries/heap.out"
self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target))
res = gdb_start_silent_command(cmd, target=target)
self.assertNoException(res)
self.assertTrue(b"Arena (base=" in res)
return
def test_command_heap_chunks(self):
cmd = "heap chunks"
target = "tests/binaries/heap.out"
self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target))
res = gdb_run_silent_command(cmd, target=target)
self.assertNoException(res)
self.assertTrue(b"Chunk(addr=" in res and b"top chunk" in res)
return
def test_command_heap_chunk(self):
cmd = "heap chunk p1"
target = "tests/binaries/heap.out"
self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target))
res = gdb_run_silent_command(cmd, target=target)
self.assertNoException(res)
self.assertTrue(b"NON_MAIN_ARENA flag: " in res)
return
def test_command_heap_bins_fast(self):
cmd = "heap bins fast"
target = "tests/binaries/heap-fastbins.out"
self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target))
res = gdb_run_silent_command(cmd, target=target)
self.assertNoException(res)
self.assertTrue(b"Fastbins[idx=0, size=0x10]" in res)
return
def test_command_xinfo(self):
self.assertFailIfInactiveSession(gdb_run_command("xinfo $sp"))
res = gdb_start_silent_command("xinfo")
self.assertTrue(b"At least one valid address must be specified" in res)
res = gdb_start_silent_command("xinfo $sp")
self.assertNoException(res)
self.assertTrue(len(res.splitlines()) >= 7)
return
def test_command_unicorn_emulate(self):
cmd = "emu -n 1"
res = gdb_run_command(cmd)
self.assertFailIfInactiveSession(res)
res = gdb_start_silent_command(cmd)
self.assertNoException(res)
self.assertTrue(b"Final registers" in res)
return
def test_command_unicorn_emulate(self):
cmd = "emu -n 1"
res = gdb_run_command(cmd)
self.assertFailIfInactiveSession(res)
res = gdb_start_silent_command(cmd)
self.assertNoException(res)
self.assertTrue(b"Final registers" in res)
return
def test_command_heap_bins_fast(self):
cmd = "heap bins fast"
target = "tests/binaries/heap-fastbins.out"
self.assertFailIfInactiveSession(gdb_run_command(cmd, target=target))
res = gdb_run_silent_command(cmd, target=target)
self.assertNoException(res)
self.assertTrue(b"Fastbins[idx=0, size=0x10]" in res)
self.assertTrue(b"Chunk(addr=" in res)
return
def test_command_ropper(self):
cmd = "ropper"
self.assertFailIfInactiveSession(gdb_run_command(cmd))
cmd = "ropper --search \"pop %; pop %; ret\""
res = gdb_run_silent_command(cmd)
self.assertNoException(res)
self.assertFalse(b": error:" in res)
self.assertTrue(len(res.splitlines()) > 2)
return
def test_command_xinfo(self):
self.assertFailIfInactiveSession(gdb_run_command("xinfo $sp"))
res = gdb_start_silent_command("xinfo")
self.assertTrue(b"At least one valid address must be specified" in res)
res = gdb_start_silent_command("xinfo $sp")
self.assertNoException(res)
self.assertTrue(len(res.splitlines()) >= 7)
return
def test_command_ropper(self):
cmd = "ropper"
self.assertFailIfInactiveSession(gdb_run_command(cmd))
cmd = "ropper --search \"pop %; pop %; ret\""
res = gdb_run_silent_command(cmd)
self.assertNoException(res)
self.assertFalse(b": error:" in res)
self.assertTrue(len(res.splitlines()) > 2)
return
def test_command_vmmap(self):
self.assertFailIfInactiveSession(gdb_run_command("vmmap"))
res = gdb_start_silent_command("vmmap")
self.assertNoException(res)
self.assertTrue(len(res.splitlines()) > 1)
res = gdb_start_silent_command("vmmap stack")
self.assertNoException(res)
self.assertTrue(len(res.splitlines()) > 1)
return
def test_command_format_string_helper(self):
cmd = "format-string-helper"
target = "tests/binaries/format-string-helper.out"
res = gdb_run_command(cmd,
after=["set args testtest",
"run",],
target=target)
self.assertNoException(res)
self.assertTrue(b"Possible insecure format string:" in res)
return
def test_command_format_string_helper(self):
cmd = "format-string-helper"
target = "tests/binaries/format-string-helper.out"
res = gdb_run_command(cmd,
after=["set args testtest",
"run",],
target=target)
self.assertNoException(res)
self.assertTrue(b"Possible insecure format string:" in res)
return
def test_command_vmmap(self):
self.assertFailIfInactiveSession(gdb_run_command("vmmap"))
res = gdb_start_silent_command("vmmap")
self.assertNoException(res)
self.assertTrue(len(res.splitlines()) > 1)
res = gdb_start_silent_command("vmmap stack")
self.assertNoException(res)
self.assertTrue(len(res.splitlines()) > 1)
return
def test_command_hexdump(self):
self.assertFailIfInactiveSession(gdb_run_command("hexdump $pc"))
res = gdb_start_silent_command("hexdump qword $pc")
self.assertNoException(res)
res = gdb_start_silent_command("hexdump dword $pc l1")
self.assertNoException(res)
res = gdb_start_silent_command("hexdump word $pc l5 down")
self.assertNoException(res)
res = gdb_start_silent_command("hexdump byte $sp l32")
self.assertNoException(res)
return
def test_command_hexdump(self):
self.assertFailIfInactiveSession(gdb_run_command("hexdump $pc"))
res = gdb_start_silent_command("hexdump qword $pc")
self.assertNoException(res)
res = gdb_start_silent_command("hexdump dword $pc l1")
self.assertNoException(res)
res = gdb_start_silent_command("hexdump word $pc l5 down")
self.assertNoException(res)
res = gdb_start_silent_command("hexdump byte $sp l32")
self.assertNoException(res)
return
def test_command_trace_run(self):
cmd = "trace-run"
res = gdb_run_command(cmd)
self.assertFailIfInactiveSession(res)
cmd = "trace-run $pc+1"
res = gdb_start_silent_command(cmd,
before=["gef config trace-run.tracefile_prefix /tmp/gef-trace-"])
self.assertNoException(res)
self.assertTrue(b"Tracing from" in res)
return
def test_command_trace_run(self):
cmd = "trace-run"
res = gdb_run_command(cmd)
self.assertFailIfInactiveSession(res)
cmd = "trace-run $pc+1"
res = gdb_start_silent_command(cmd,
before=["gef config trace-run.tracefile_prefix /tmp/gef-trace-"])
self.assertNoException(res)
self.assertTrue(b"Tracing from" in res)
return
def test_command_dereference(self):
self.assertFailIfInactiveSession(gdb_run_command("dereference"))
res = gdb_start_silent_command("dereference $sp")
self.assertNoException(res)
self.assertTrue(len(res.splitlines()) > 2)
self.assertTrue(b"$rsp" in res)
res = gdb_start_silent_command("dereference 0")
self.assertNoException(res)
self.assertTrue(b"Unmapped address" in res)
return
def test_command_print_format(self):
self.assertFailIfInactiveSession(gdb_run_command("print-format"))
res = gdb_start_silent_command("print-format $rsp")
self.assertNoException(res)
self.assertTrue(b"buf = [" in res)
res = gdb_start_silent_command("print-format -f js $rsp")
self.assertNoException(res)
self.assertTrue(b"var buf = [" in res)
res = gdb_start_silent_command("print-format -f iDontExist $rsp")
self.assertNoException(res)
self.assertTrue(b"Language must be :" in res)
return
def test_command_dereference(self):
self.assertFailIfInactiveSession(gdb_run_command("dereference"))
res = gdb_start_silent_command("dereference $sp")
self.assertNoException(res)
self.assertTrue(len(res.splitlines()) > 2)
self.assertTrue(b"$rsp" in res)
res = gdb_start_silent_command("dereference 0")
self.assertNoException(res)
self.assertTrue(b"Unmapped address" in res)
return
def test_command_xor_memory(self):
cmd = "xor-memory display $sp 0x10 0x41"
self.assertFailIfInactiveSession(gdb_run_command(cmd))
res = gdb_start_silent_command(cmd)
self.assertNoException(res)
self.assertTrue(b"Original block" in res)
self.assertTrue(b"XOR-ed block" in res)
cmd = "xor-memory patch $sp 0x10 0x41"
res = gdb_start_silent_command(cmd)
self.assertNoException(res)
self.assertTrue(b"Patching XOR-ing ")
return
def test_command_xor_memory(self):
cmd = "xor-memory display $sp 0x10 0x41"
self.assertFailIfInactiveSession(gdb_run_command(cmd))
res = gdb_start_silent_command(cmd)
self.assertNoException(res)
self.assertTrue(b"Original block" in res)
self.assertTrue(b"XOR-ed block" in res)
cmd = "xor-memory patch $sp 0x10 0x41"
res = gdb_start_silent_command(cmd)
self.assertNoException(res)
self.assertTrue(b"Patching XOR-ing ")
return
def test_command_set_permission(self):
self.assertFailIfInactiveSession(gdb_run_command("set-permission"))
target = "tests/binaries/set-permission.out"
res = gdb_run_silent_command("set-permission 0x1337000", after=["vmmap",], target=target)
self.assertNoException(res)
line = [ l for l in res.splitlines() if b"0x0000000001337000" in l ][0]
line = line.split()
self.assertEqual(line[0], b"0x0000000001337000")
self.assertEqual(line[1], b"0x0000000001338000")
self.assertEqual(line[2], b"0x0000000000000000")
self.assertEqual(line[3], b"rwx")
res = gdb_run_silent_command("set-permission 0x1338000", target=target)
self.assertNoException(res)
self.assertTrue(b"Unmapped address")
return
def test_command_set_permission(self):
self.assertFailIfInactiveSession(gdb_run_command("set-permission"))
target = "tests/binaries/set-permission.out"
res = gdb_run_silent_command("set-permission 0x1337000", after=["vmmap",], target=target)
self.assertNoException(res)
line = [ l for l in res.splitlines() if b"0x0000000001337000" in l ][0]
line = line.split()
self.assertEqual(line[0], b"0x0000000001337000")
self.assertEqual(line[1], b"0x0000000001338000")
self.assertEqual(line[2], b"0x0000000000000000")
self.assertEqual(line[3], b"rwx")
res = gdb_run_silent_command("set-permission 0x1338000", target=target)
self.assertNoException(res)
self.assertTrue(b"Unmapped address")
return
def test_command_edit_flags(self):
self.assertFailIfInactiveSession(gdb_run_command("edit-flags"))
# force enable flag
res = gdb_start_silent_command_last_line("edit-flags +carry")
self.assertNoException(res)
self.assertTrue(b"CARRY " in res)
# force disable flag
res = gdb_start_silent_command_last_line("edit-flags -carry")
self.assertNoException(res)
self.assertTrue(b"carry " in res)
# toggle flag
before = gdb_start_silent_command_last_line("edit-flags")
self.assertNoException(before)
after = gdb_start_silent_command_last_line("edit-flags ~carry")
self.assertNoException(after)
s = difflib.SequenceMatcher(None, before, after)
self.assertTrue(s.ratio() > 0.90)
return
def test_command_set_permission(self):
self.assertFailIfInactiveSession(gdb_run_command("set-permission"))
target = "tests/binaries/set-permission.out"
res = gdb_run_silent_command("set-permission 0x1337000",
after=[
"vmmap",
],
target=target)
self.assertNoException(res)
self.assertTrue(
b"0x0000000001337000 0x0000000001338000 0x0000000000000000 rwx" in
res)
res = gdb_run_silent_command("set-permission 0x1338000", target=target)
self.assertNoException(res)
self.assertTrue(b"Unmapped address")
return
def test_command_edit_flags(self):
self.assertFailIfInactiveSession(gdb_run_command("edit-flags"))
# force enable flag
res = gdb_start_silent_command_last_line("edit-flags +carry")
self.assertNoException(res)
self.assertTrue(b"CARRY " in res)
# force disable flag
res = gdb_start_silent_command_last_line("edit-flags -carry")
self.assertNoException(res)
self.assertTrue(b"carry " in res)
# toggle flag
before = gdb_start_silent_command_last_line("edit-flags")
self.assertNoException(before)
after = gdb_start_silent_command_last_line("edit-flags ~carry")
self.assertNoException(after)
s = difflib.SequenceMatcher(None, before, after)
self.assertTrue(s.ratio() > 0.90)
return
def test_command_heap_analysis(self):
cmd = "heap-analysis-helper"
self.assertFailIfInactiveSession(gdb_run_command(cmd))
res = gdb_start_silent_command(cmd)
self.assertNoException(res)
return
def test_command_elf_info(self):
res = gdb_run_command("elf-info")
self.assertNoException(res)
self.assertTrue(b"7f 45 4c 46" in res)
return
def test_command_search_pattern(self):
self.assertFailIfInactiveSession(gdb_run_command("grep /bin/sh"))
res = gdb_start_silent_command("grep /bin/sh")
self.assertNoException(res)
self.assertTrue(b"0x" in res)
return
def test_command_patch(self):
self.assertFailIfInactiveSession(gdb_run_command("patch"))
return
def test_command_xfiles(self):
self.assertFailIfInactiveSession(gdb_run_command("xfiles"))
res = gdb_start_silent_command("xfiles")
self.assertNoException(res)
self.assertTrue(len(res.splitlines()) >= 3)
return
def test_command_stub(self):
cmd = "stub printf"
self.assertFailIfInactiveSession(gdb_run_command(cmd))
res = gdb_start_silent_command(cmd)
self.assertNoException(res)
return
def test_command_capstone_disassemble(self):
self.assertFailIfInactiveSession(gdb_run_command("capstone-disassemble"))
res = gdb_start_silent_command("capstone-disassemble")
self.assertNoException(res)
self.assertTrue(len(res.splitlines()) > 1)
return
def test_command_xfiles(self):
self.assertFailIfInactiveSession(gdb_run_command("xfiles"))
res = gdb_start_silent_command("xfiles")
self.assertNoException(res)
self.assertTrue(len(res.splitlines()) >= 3)
return
def test_command_entry_break(self):
res = gdb_run_command("entry-break")
self.assertNoException(res)
return
def test_command_heap_analysis(self):
cmd = "heap-analysis-helper"
self.assertFailIfInactiveSession(gdb_run_command(cmd))
res = gdb_start_silent_command(cmd)
self.assertNoException(res)
return
def test_command_patch(self):
self.assertFailIfInactiveSession(gdb_run_command("patch"))
return
def test_command_stub(self):
cmd = "stub printf"
self.assertFailIfInactiveSession(gdb_run_command(cmd))
res = gdb_start_silent_command(cmd)
self.assertNoException(res)
return
def test_command_search_pattern(self):
self.assertFailIfInactiveSession(gdb_run_command("grep /bin/sh"))
res = gdb_start_silent_command("grep /bin/sh")
self.assertNoException(res)
self.assertTrue(b"0x" in res)
return
