RubyGems - heapinfo - Versions diffs - 0.0.5 → 0.1.0 - Mend

heapinfo 0.0.5 → 0.1.0

Files changed (35) hide show

checksums.yaml +4 -4
data/README.md +1 -0
data/lib/heapinfo.rb +8 -8
data/lib/heapinfo/arena.rb +47 -45
data/lib/heapinfo/cache.rb +12 -13
data/lib/heapinfo/chunk.rb +23 -23
data/lib/heapinfo/chunks.rb +16 -5
data/lib/heapinfo/dumper.rb +55 -44
data/lib/heapinfo/ext/string.rb +2 -2
data/lib/heapinfo/glibc/error.rb +2 -1
data/lib/heapinfo/glibc/free.rb +29 -16
data/lib/heapinfo/glibc/glibc.rb +5 -1
data/lib/heapinfo/glibc/helper.rb +9 -6
data/lib/heapinfo/helper.rb +22 -26
data/lib/heapinfo/libc.rb +18 -17
data/lib/heapinfo/nil.rb +14 -8
data/lib/heapinfo/process.rb +34 -25
data/lib/heapinfo/process_info.rb +15 -14
data/lib/heapinfo/segment.rb +10 -9
data/lib/heapinfo/tools/get_arena.c +0 -1
data/lib/heapinfo/version.rb +1 -1
metadata +75 -31
data/spec/cache_spec.rb +0 -46
data/spec/chunk_spec.rb +0 -40
data/spec/chunks_spec.rb +0 -25
data/spec/dumper_spec.rb +0 -105
data/spec/files/32bit_maps +0 -23
data/spec/files/64bit_maps +0 -29
data/spec/files/victim.cpp +0 -33
data/spec/helper_spec.rb +0 -73
data/spec/libc_spec.rb +0 -75
data/spec/nil_spec.rb +0 -15
data/spec/process_spec.rb +0 -201
data/spec/spec_helper.rb +0 -98
data/spec/string_spec.rb +0 -18

data/spec/cache_spec.rb DELETED Viewed

@@ -1,46 +0,0 @@
-# encoding: ascii-8bit
-require 'heapinfo'
-describe HeapInfo::Cache do
-  before(:all) do
-    @prefix = 'testcx1dd/'
-  end
-  after(:each) do
-    FileUtils.rm_rf File.join(HeapInfo::Cache::CACHE_DIR, @prefix)
-  end
-  it 'handle unwritable' do
-    org = HeapInfo::Cache::CACHE_DIR
-    HeapInfo::Cache.send :remove_const, :CACHE_DIR
-    no = '/tmp/no_permission'
-    FileUtils.mkdir_p no
-    File.chmod 0444, no # no write permission
-    HeapInfo::Cache.const_set :CACHE_DIR, no + '/.cache'
-    HeapInfo::Cache.send :load
-    expect(HeapInfo::Cache::CACHE_DIR).to eq HeapInfo::TMP_DIR + '/.cache/heapinfo'
-    HeapInfo::Cache.send :remove_const, :CACHE_DIR
-    HeapInfo::Cache.const_set :CACHE_DIR, org
-    FileUtils.rm_rf no
-  end
-  it 'write' do
-    expect(HeapInfo::Cache::write @prefix + '123', {a: 1}).to be true
-  end
-  it 'read' do
-    expect(HeapInfo::Cache::read @prefix + 'z/zzz').to be nil
-  end
-  it 'write and read' do
-    key = @prefix + 'fefw/z/zz/xdddd'
-    object = {a: {b: 'string', array: [3, '1', 2]}, 'd' => 3}
-    expect(HeapInfo::Cache::read key).to be nil
-    expect(HeapInfo::Cache::write key, object).to be true
-    expect(HeapInfo::Cache::read key).to eq object
-  end
-  it 'file corrupted' do
-    key = @prefix + 'corrupted'
-    HeapInfo::Cache::write key, 'ok'
-    IO.binwrite(File.join(HeapInfo::Cache::CACHE_DIR, key), 'not ok')
-    expect(HeapInfo::Cache::read key).to be nil
-  end
-end

data/spec/chunk_spec.rb DELETED Viewed

@@ -1,40 +0,0 @@
-# encoding: ascii-8bit
-require 'heapinfo'
-describe HeapInfo::Chunk do
-  describe '32bit' do
-    before(:all) do
-      @fast = [0, 0x47, 0x1337].pack("L*").to_chunk(bits: 32)
-      @small = [0, 0x48, 0xabcdef].pack("L*").to_chunk(bits: 32)
-    end
-    it 'basic' do
-      expect(@fast.size_t).to be 4
-      expect(@fast.size).to be 0x40
-      expect(@fast.flags).to eq [:non_main_arena, :mmapped, :prev_inuse]
-      expect(@fast.bintype).to eq :fast
-      expect(@fast.data).to eq [0x1337].pack("L*")
-      expect(@small.bintype).to eq :small
-    end
-    it 'to_s' do
-      expect(@small.to_s).to eq "\e[38;5;155m#<HeapInfo::Chunk:0>\n\e[0mflags = []\nsize = \e[38;5;12m0x48\e[0m (small)\nprev_size = \e[38;5;12m0\e[0m\ndata = \e[38;5;1m\"\\xEF\\xCD\\xAB\\x00\"\e[0m...\n"
-    end
-  end
-  describe '64bit' do
-    before(:all) do
-      @fast = [0, 0x87, 0x1337].pack("Q*").to_chunk # default 64bits
-      @small = [0, 0x90, 0xdead].pack("Q*").to_chunk
-    end
-    it 'basic' do
-      expect(@fast.size_t).to be 8
-      expect(@fast.size).to be 0x80
-      expect(@fast.flags).to eq [:non_main_arena, :mmapped, :prev_inuse]
-      expect(@fast.bintype).to eq :fast
-      expect(@fast.data).to eq [0x1337].pack("Q*")
-      expect(@small.bintype).to eq :small
-    end
-    it 'to_s' do
-      expect(@small.to_s).to eq "\e[38;5;155m#<HeapInfo::Chunk:0>\n\e[0mflags = []\nsize = \e[38;5;12m0x90\e[0m (small)\nprev_size = \e[38;5;12m0\e[0m\ndata = \e[38;5;1m\"\\xAD\\xDE\\x00\\x00\\x00\\x00\\x00\\x00\"\e[0m...\n"
-    end
-  end
-end

data/spec/chunks_spec.rb DELETED Viewed

@@ -1,25 +0,0 @@
-# encoding: ascii-8bit
-require 'heapinfo'
-describe HeapInfo::Chunks do
-  before(:each) do
-    @chunks = HeapInfo::Chunks.new
-    @chunks << 0; @chunks << 1; @chunks << 2
-  end
-  it '<<' do
-    expect(@chunks.size).to be 3
-    @chunks << ("\x00"*16).to_chunk
-    expect(@chunks.size).to be 4
-  end
-  it 'each' do
-    @chunks.each_with_index{|c, idx|
-      expect(c).to be idx
-    }
-  end
-  it 'to_s' do
-    expect(@chunks.to_s).to eq @chunks.instance_variable_get(:@chunks).map(&:to_s).join("\n")
-  end
-  it 'size' do
-    expect(@chunks.size).to eq @chunks.instance_variable_get(:@chunks).size
-    expect(@chunks.length).to eq @chunks.instance_variable_get(:@chunks).length
-  end
-end

data/spec/dumper_spec.rb DELETED Viewed

@@ -1,105 +0,0 @@
-# encoding: ascii-8bit
-require 'heapinfo'
-describe HeapInfo::Dumper do
-  before(:all) do
-    @self_maps = IO.binread('/proc/self/maps').lines.map do |seg|
-      s = seg.split(/\s/)
-      s[0] = s[0].split('-').map { |addr| addr.to_i(16) }
-      [s[0][0], s[0][1], s[1], s[-1]] # start, end, perm, name
-    end
-    @get_elf_base = ->() do
-      exe = File.readlink('/proc/self/exe')
-      @self_maps.find { |arr| arr[3] == exe }[0]
-    end
-  end
-  describe 'dump' do
-    before(:each) do
-      @mem_filename = '/proc/self/mem'
-      @elf_base = @get_elf_base.call
-    end
-    it 'simple' do
-      dumper = HeapInfo::Dumper.new(nil, @mem_filename)
-      expect(dumper.dump(@elf_base, 4)).to eq "\x7fELF"
-    end
-    it 'segment' do
-      class S;def initialize(base);@base = base;end; def elf; HeapInfo::Segment.new(@base, 'elf'); end; end
-      dumper = HeapInfo::Dumper.new(S.new(@elf_base), @mem_filename)
-      expect(dumper.dump(:elf, 4)).to eq "\x7fELF"
-    end
-    it 'invalid' do
-      dumper = HeapInfo::Dumper.new(HeapInfo::Nil.new, @mem_filename)
-      expect {dumper.dump(:zzz, 1)}.to raise_error ArgumentError
-      expect(dumper.dump(0x12345, 1)).to be nil
-    end
-  end
-  it 'dumpable?' do
-    dumper = HeapInfo::Dumper.new(HeapInfo::Nil.new, '/proc/self/mem')
-    expect(dumper.send(:dumpable?)).to be true
-    # a little hack
-    dumper.instance_variable_set(:@filename, '/proc/1/mem')
-    expect(dumper.send(:dumpable?)).to be false
-    expect(dumper.dump).to be nil # show need permission
-    dumper.instance_variable_set(:@filename, '/proc/-1/mem')
-    expect {dumper.send(:dumpable?)}.to raise_error ArgumentError
-  end
-  describe 'find' do
-    before(:all) do
-      @elf_base = @get_elf_base.call
-      class S; def bits; 64; end; end
-      @dumper = HeapInfo::Dumper.new(S.new(@elf_base), '/proc/self/mem')
-      @end_of_maps = ->() do
-        @self_maps.find.with_index do |seg, i|
-          seg[2].include?('r') and seg[1] != @self_maps[i][0] # incontinuously segment
-        end[1]
-      end
-    end
-    it 'simple' do
-      expect(@dumper.find("ELF", :elf, 4)).to eq @elf_base + 1
-      expect(@dumper.find("ELF", :elf, 3)).to be nil
-    end
-    it 'regexp' do
-      addr = @dumper.find(/lin.x/, :elf, 0x1000)
-      expect(@dumper.dump(addr, 5) =~ /lin.x/).to eq 0
-    end
-    it 'invalid' do
-      expect(@dumper.find(nil, :elf, 1)).to be nil
-    end
-    it 'parser' do
-      expect(@dumper.find("ELF", ':elf + 1', 3)).to eq @elf_base + 1
-    end
-    it 'reach end' do
-      mem = @end_of_maps.call
-      # check dumper won't return nil when remain readable memory less than one page
-      expect(@dumper.find("\x00", mem - 0xff0, 0x1000).nil?).to be false
-    end
-  end
-  describe 'parse_cmd' do
-    it 'normal' do
-      expect(HeapInfo::Dumper.parse_cmd [0x30]).to eq [0x30, 0, 8]
-      expect(HeapInfo::Dumper.parse_cmd [0x30, 3]).to eq [0x30, 0, 3]
-      expect(HeapInfo::Dumper.parse_cmd [0x30, 2, 3]).to eq [0x30, 2, 3]
-    end
-    it 'symbol' do
-      expect(HeapInfo::Dumper.parse_cmd [:heap]).to eq [:heap,0 , 8]
-      expect(HeapInfo::Dumper.parse_cmd [:heap, 10]).to eq [:heap,0 , 10]
-      expect(HeapInfo::Dumper.parse_cmd [:heap, 3, 10]).to eq [:heap,3 , 10]
-    end
-    it 'string' do
-      expect(HeapInfo::Dumper.parse_cmd ['heap']).to eq [:heap, 0, 8]
-      expect(HeapInfo::Dumper.parse_cmd ['heap, 10']).to eq [:heap, 0, 10]
-      expect(HeapInfo::Dumper.parse_cmd ['heap, 0x33, 10']).to eq [:heap, 51, 10]
-      expect(HeapInfo::Dumper.parse_cmd ['heap+0x15, 10']).to eq [:heap, 0x15, 10]
-      expect(HeapInfo::Dumper.parse_cmd ['heap + 0x15, 10']).to eq [:heap, 0x15, 10]
-      expect(HeapInfo::Dumper.parse_cmd ['heap +  0x15']).to eq [:heap, 0x15, 8]
-    end
-    it 'mixed' do
-      expect(HeapInfo::Dumper.parse_cmd ['heap+ 0x10', 10]).to eq [:heap, 0x10, 10]
-      expect(HeapInfo::Dumper.parse_cmd ['heap', 10]).to eq [:heap, 0, 10]
-    end
-  end
-end

data/spec/files/32bit_maps DELETED Viewed

@@ -1,23 +0,0 @@
-08048000-08049000 r-xp 00000000 ca:01 464143                             /home/heapinfo/examples/uaf/uaf
-08049000-0804a000 r--p 00000000 ca:01 464143                             /home/heapinfo/examples/uaf/uaf
-0804a000-0804b000 rw-p 00001000 ca:01 464143                             /home/heapinfo/examples/uaf/uaf
-f73d4000-f73d7000 rw-p 00000000 00:00 0
-f73d7000-f73f3000 r-xp 00000000 ca:01 160460                             /usr/lib32/libgcc_s.so.1
-f73f3000-f73f4000 rw-p 0001b000 ca:01 160460                             /usr/lib32/libgcc_s.so.1
-f73f4000-f7438000 r-xp 00000000 ca:01 402366                             /lib32/libm-2.19.so
-f7438000-f7439000 r--p 00043000 ca:01 402366                             /lib32/libm-2.19.so
-f7439000-f743a000 rw-p 00044000 ca:01 402366                             /lib32/libm-2.19.so
-f743a000-f75df000 r-xp 00000000 ca:01 463662                             /lib32/libc-2.19.so
-f75df000-f75e1000 r--p 001a5000 ca:01 463662                             /lib32/libc-2.19.so
-f75e1000-f75e2000 rw-p 001a7000 ca:01 463662                             /lib32/libc-2.19.so
-f75e2000-f75e5000 rw-p 00000000 00:00 0
-f75e5000-f76c1000 r-xp 00000000 ca:01 137147                             /usr/lib32/libstdc++.so.6.0.19
-f76c1000-f76c5000 r--p 000dc000 ca:01 137147                             /usr/lib32/libstdc++.so.6.0.19
-f76c5000-f76c6000 rw-p 000e0000 ca:01 137147                             /usr/lib32/libstdc++.so.6.0.19
-f76c6000-f76ce000 rw-p 00000000 00:00 0
-f76db000-f76dd000 rw-p 00000000 00:00 0
-f76dd000-f76de000 r-xp 00000000 00:00 0                                  [vdso]
-f76de000-f76fe000 r-xp 00000000 ca:01 463655                             /lib32/ld-2.19.so
-f76fe000-f76ff000 r--p 0001f000 ca:01 463655                             /lib32/ld-2.19.so
-f76ff000-f7700000 rw-p 00020000 ca:01 463655                             /lib32/ld-2.19.so
-ffdd7000-ffdf8000 rw-p 00000000 00:00 0                                  [stack]

data/spec/files/64bit_maps DELETED Viewed

@@ -1,29 +0,0 @@
-00400000-00401000 r-xp 00000000 ca:01 464143                             /home/heapinfo/examples/uaf/uaf
-00600000-00601000 r--p 00000000 ca:01 464143                             /home/heapinfo/examples/uaf/uaf
-00601000-00602000 rw-p 00001000 ca:01 464143                             /home/heapinfo/examples/uaf/uaf
-7f65ac7b8000-7f65ac7ce000 r-xp 00000000 ca:01 402137                     /lib/x86_64-linux-gnu/libgcc_s.so.1
-7f65ac7ce000-7f65ac9cd000 ---p 00016000 ca:01 402137                     /lib/x86_64-linux-gnu/libgcc_s.so.1
-7f65ac9cd000-7f65ac9ce000 rw-p 00015000 ca:01 402137                     /lib/x86_64-linux-gnu/libgcc_s.so.1
-7f65ac9ce000-7f65acad3000 r-xp 00000000 ca:01 401788                     /lib/x86_64-linux-gnu/libm-2.19.so
-7f65acad3000-7f65accd2000 ---p 00105000 ca:01 401788                     /lib/x86_64-linux-gnu/libm-2.19.so
-7f65accd2000-7f65accd3000 r--p 00104000 ca:01 401788                     /lib/x86_64-linux-gnu/libm-2.19.so
-7f65accd3000-7f65accd4000 rw-p 00105000 ca:01 401788                     /lib/x86_64-linux-gnu/libm-2.19.so
-7f65accd4000-7f65ace8f000 r-xp 00000000 ca:01 402326                     /lib/x86_64-linux-gnu/libc-2.19.so
-7f65ace8f000-7f65ad08e000 ---p 001bb000 ca:01 402326                     /lib/x86_64-linux-gnu/libc-2.19.so
-7f65ad08e000-7f65ad092000 r--p 001ba000 ca:01 402326                     /lib/x86_64-linux-gnu/libc-2.19.so
-7f65ad092000-7f65ad094000 rw-p 001be000 ca:01 402326                     /lib/x86_64-linux-gnu/libc-2.19.so
-7f65ad094000-7f65ad099000 rw-p 00000000 00:00 0
-7f65ad099000-7f65ad17f000 r-xp 00000000 ca:01 13857                      /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
-7f65ad17f000-7f65ad37e000 ---p 000e6000 ca:01 13857                      /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
-7f65ad37e000-7f65ad386000 r--p 000e5000 ca:01 13857                      /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
-7f65ad386000-7f65ad388000 rw-p 000ed000 ca:01 13857                      /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
-7f65ad388000-7f65ad39d000 rw-p 00000000 00:00 0
-7f65ad39d000-7f65ad3c0000 r-xp 00000000 ca:01 402319                     /lib/x86_64-linux-gnu/ld-2.19.so
-7f65ad5aa000-7f65ad5af000 rw-p 00000000 00:00 0
-7f65ad5bc000-7f65ad5bf000 rw-p 00000000 00:00 0
-7f65ad5bf000-7f65ad5c0000 r--p 00022000 ca:01 402319                     /lib/x86_64-linux-gnu/ld-2.19.so
-7f65ad5c0000-7f65ad5c1000 rw-p 00023000 ca:01 402319                     /lib/x86_64-linux-gnu/ld-2.19.so
-7f65ad5c1000-7f65ad5c2000 rw-p 00000000 00:00 0
-7fff3d1e8000-7fff3d209000 rw-p 00000000 00:00 0                          [stack]
-7fff3d309000-7fff3d30b000 r-xp 00000000 00:00 0                          [vdso]
-ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

data/spec/files/victim.cpp DELETED Viewed

@@ -1,33 +0,0 @@
-#include <cstdlib>
-#include <cstdio>
-#include <unistd.h>
-int main(int argc, char **argv) {
-  if(argc <= 1) alarm(10);
-  void *v, *u;
-  int *i, *j;
-  void *mmap = malloc(0x20000);
-  // normal
-  v = malloc(24); u = malloc(24);
-  free(v); free(u);
-  // invalid fd
-  i = (int*)malloc(40);
-  free(i);
-  *i = 0xdeadbeef;
-  // loop
-  v = malloc(56); u = malloc(56);
-  free(v); free(u); free(v);
-  v = malloc(136);
-  void** others = (void**)malloc(72); // also prevent small bin merge with top_chunk
-  *others = mmap; // hack for test can get address of mmap
-  free(v);
-  v = malloc(152); // let 136 put into smallbin
-  malloc(200); // to prevent merge with top_chunk
-  free(v); // put into unsorted bin
-  char dummy;
-  read(0, &dummy, 1); // function which not use heap
-}

data/spec/helper_spec.rb DELETED Viewed

@@ -1,73 +0,0 @@
-# encoding: ascii-8bit
-require 'heapinfo'
-describe HeapInfo::Helper do
-  describe 'unpack' do
-    it '32bit' do
-      expect(HeapInfo::Helper.unpack(4, "\x15\xCD\x5b\x07")).to eq 123456789
-    end
-    it '64bit' do
-      expect(HeapInfo::Helper.unpack(8, "\xEF\xCD\xAB\xEF\xBE\xAD\xDE\x00")).to eq 0xdeadbeefabcdef
-    end
-  end
-  it 'proc' do
-    expect { HeapInfo::Helper.exe_of 0 }.to raise_error ArgumentError
-  end
-  describe 'parse_maps' do
-    before(:all) do
-      @files_dir = File.expand_path('../files', __FILE__)
-    end
-    it '32bit' do
-      maps = IO.binread(@files_dir + '/32bit_maps')
-      expect(HeapInfo::Helper.parse_maps maps).to eq [
-        [0x8048000, 0x8049000, 'r-xp', '/home/heapinfo/examples/uaf/uaf'],
-        [0x8049000, 0x804a000, 'r--p', '/home/heapinfo/examples/uaf/uaf'],
-        [0x804a000, 0x804b000, 'rw-p', '/home/heapinfo/examples/uaf/uaf'],
-        [0xf73d7000, 0xf73f3000, 'r-xp', '/usr/lib32/libgcc_s.so.1'],
-        [0xf73f3000, 0xf73f4000, 'rw-p', '/usr/lib32/libgcc_s.so.1'],
-        [0xf73f4000, 0xf7438000, 'r-xp', '/lib32/libm-2.19.so'],
-        [0xf7438000, 0xf7439000, 'r--p', '/lib32/libm-2.19.so'],
-        [0xf7439000, 0xf743a000, 'rw-p', '/lib32/libm-2.19.so'],
-        [0xf743a000, 0xf75df000, 'r-xp', '/lib32/libc-2.19.so'],
-        [0xf75df000, 0xf75e1000, 'r--p', '/lib32/libc-2.19.so'],
-        [0xf75e1000, 0xf75e2000, 'rw-p', '/lib32/libc-2.19.so'],
-        [0xf75e5000, 0xf76c1000, 'r-xp', '/usr/lib32/libstdc++.so.6.0.19'],
-        [0xf76c1000, 0xf76c5000, 'r--p', '/usr/lib32/libstdc++.so.6.0.19'],
-        [0xf76c5000, 0xf76c6000, 'rw-p', '/usr/lib32/libstdc++.so.6.0.19'],
-        [0xf76dd000, 0xf76de000, 'r-xp', '[vdso]'],
-        [0xf76de000, 0xf76fe000, 'r-xp', '/lib32/ld-2.19.so'],
-        [0xf76fe000, 0xf76ff000, 'r--p', '/lib32/ld-2.19.so'],
-        [0xf76ff000, 0xf7700000, 'rw-p', '/lib32/ld-2.19.so'],
-        [0xffdd7000, 0xffdf8000, 'rw-p', '[stack]']]
-    end
-    it '64bit' do
-      maps = IO.binread(@files_dir + '/64bit_maps')
-      expect(HeapInfo::Helper.parse_maps maps).to eq [
-        [0x400000, 0x401000, 'r-xp', '/home/heapinfo/examples/uaf/uaf'],
-        [0x600000, 0x601000, 'r--p', '/home/heapinfo/examples/uaf/uaf'],
-        [0x601000, 0x602000, 'rw-p', '/home/heapinfo/examples/uaf/uaf'],
-        [0x7f65ac7b8000, 0x7f65ac7ce000, 'r-xp', '/lib/x86_64-linux-gnu/libgcc_s.so.1'],
-        [0x7f65ac7ce000, 0x7f65ac9cd000, '---p', '/lib/x86_64-linux-gnu/libgcc_s.so.1'],
-        [0x7f65ac9cd000, 0x7f65ac9ce000, 'rw-p', '/lib/x86_64-linux-gnu/libgcc_s.so.1'],
-        [0x7f65ac9ce000, 0x7f65acad3000, 'r-xp', '/lib/x86_64-linux-gnu/libm-2.19.so'],
-        [0x7f65acad3000, 0x7f65accd2000, '---p', '/lib/x86_64-linux-gnu/libm-2.19.so'],
-        [0x7f65accd2000, 0x7f65accd3000, 'r--p', '/lib/x86_64-linux-gnu/libm-2.19.so'],
-        [0x7f65accd3000, 0x7f65accd4000, 'rw-p', '/lib/x86_64-linux-gnu/libm-2.19.so'],
-        [0x7f65accd4000, 0x7f65ace8f000, 'r-xp', '/lib/x86_64-linux-gnu/libc-2.19.so'],
-        [0x7f65ace8f000, 0x7f65ad08e000, '---p', '/lib/x86_64-linux-gnu/libc-2.19.so'],
-        [0x7f65ad08e000, 0x7f65ad092000, 'r--p', '/lib/x86_64-linux-gnu/libc-2.19.so'],
-        [0x7f65ad092000, 0x7f65ad094000, 'rw-p', '/lib/x86_64-linux-gnu/libc-2.19.so'],
-        [0x7f65ad099000, 0x7f65ad17f000, 'r-xp', '/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19'],
-        [0x7f65ad17f000, 0x7f65ad37e000, '---p', '/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19'],
-        [0x7f65ad37e000, 0x7f65ad386000, 'r--p', '/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19'],
-        [0x7f65ad386000, 0x7f65ad388000, 'rw-p', '/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19'],
-        [0x7f65ad39d000, 0x7f65ad3c0000, 'r-xp', '/lib/x86_64-linux-gnu/ld-2.19.so'],
-        [0x7f65ad5bf000, 0x7f65ad5c0000, 'r--p', '/lib/x86_64-linux-gnu/ld-2.19.so'],
-        [0x7f65ad5c0000, 0x7f65ad5c1000, 'rw-p', '/lib/x86_64-linux-gnu/ld-2.19.so'],
-        [0x7fff3d1e8000, 0x7fff3d209000, 'rw-p', '[stack]'],
-        [0x7fff3d309000, 0x7fff3d30b000, 'r-xp', '[vdso]'],
-        [0xffffffffff600000, 0xffffffffff601000, 'r-xp', '[vsyscall]']]
-    end
-  end
-end

data/spec/libc_spec.rb DELETED Viewed

@@ -1,75 +0,0 @@
-# encoding: ascii-8bit
-require 'heapinfo'
-describe HeapInfo::Libc do
-  describe 'free' do
-    before(:all) do
-      HeapInfo::Cache.send :clear_all # force cache miss, to make sure coverage
-      @victim = HeapInfo::TMP_DIR + '/victim'
-      %x(g++ #{File.expand_path('../files/victim.cpp', __FILE__)} -o #{@victim} 2>&1 > /dev/null)
-      pid = fork
-      # run without ASLR
-      exec "setarch `uname -m` -R /bin/sh -c #{@victim}" if pid.nil?
-      loop until `pidof #{@victim}` != ''
-      @h = HeapInfo::Process.new(@victim, ld: '/ld')
-      @fake_mem = 0x13371000
-      @set_memory = ->(str) do
-        @h.libc.send(:dumper=, ->(ptr, len){
-          if ptr.between?(@fake_mem, @fake_mem + 0x1000)
-            str[ptr - @fake_mem, len]
-          else
-            @h.dump(ptr, len)
-          end
-        })
-      end
-    end
-    after(:all) do
-      `killall #{@victim}`
-      FileUtils.rm(@victim)
-    end
-    describe 'invalid' do
-      it 'invalid pointer' do
-        @set_memory.call [0, 0x21, 0x21, 0x0, 0x0].pack("Q*")
-        expect {@h.libc.free(@fake_mem + 24)}.to raise_error "free(): invalid pointer\nptr(#{HeapInfo::Helper.hex(@fake_mem + 8)}) % 16 != 0"
-        expect {@h.libc.free(@fake_mem + 32)}.to raise_error "free(): invalid pointer\nptr(#{HeapInfo::Helper.hex(@fake_mem + 16)}) > -size(0x0)"
-      end
-      it 'invalid size' do
-        @set_memory.call [0, 0x11].pack("Q*")
-        expect {@h.libc.free(@fake_mem + 16)}.to raise_error "free(): invalid size\nsize(0x10) < min_chunk_size(0x20)"
-        @set_memory.call [0, 0x38].pack("Q*")
-        expect {@h.libc.free(@fake_mem + 16)}.to raise_error "free(): invalid size\nalignment error: size(0x38) % 0x10 != 0"
-      end
-    end
-    describe 'fast' do
-      it 'invalid next size' do
-        @set_memory.call [0, 0x21, 0, 0, 0, 0xf].pack("Q*")
-        expect {@h.libc.free(@fake_mem + 16)}.to raise_error "free(): invalid next size (fast)\nnext chunk(#{HeapInfo::Helper.hex(@fake_mem + 32)}) has size(8) <=  2 * 8"
-        @set_memory.call [0, 0x21, 0, 0, 0, 0x21000].pack("Q*")
-        expect {@h.libc.free(@fake_mem + 16)}.to raise_error "free(): invalid next size (fast)\nnext chunk(#{HeapInfo::Helper.hex(@fake_mem + 32)}) has size(0x21000) >= av.system_mem(0x21000)"
-      end
-      it 'double free (fastop)' do
-        expect { @h.libc.free(@h.heap.base + 0x30) }.to raise_error "double free or corruption (fasttop)\ntop of fastbin[0x20]: 0x602020=0x602020"
-      end
-      it 'success' do
-        expect(@h.libc.free(@h.heap.base + 0x10)).to be true
-      end
-    end
-    describe 'munmap' do
-      it 'success' do
-        mmap_addr = HeapInfo::Helper.unpack(8, @h.dump(:heap, 0x190, 8)) # backdoor of victim.cpp
-        expect(@h.libc.free(mmap_addr)).to be true
-      end
-    end
-    describe 'small' do
-      it 'success' do
-        expect(@h.libc.free(@h.heap.base + 0x280)).to be true
-      end
-    end
-  end
-end