pwntools 0.1.0 → 1.0.0

data/test/ext_test.rb

@@ -1,13 +1,14 @@
 # encoding: ASCII-8BIT
 
 require 'test_helper'
+
 require 'pwnlib/ext/array'
 require 'pwnlib/ext/integer'
 require 'pwnlib/ext/string'
 
 class ExtTest < MiniTest::Test
-  # Thought that test one method in each module for each type is enough, since it's quite
-  # stupid (and meaningless) to copy the list of proxied functions to here...
+  # Thought that test one method in each module for each type is enough, since it's quite stupid (and meaningless) to
+  # copy the list of proxied functions to here...
   def test_ext_string
     assert_equal(0x4142, 'AB'.u16(endian: 'be'))
     assert_equal([1, 1, 0, 0, 0, 1, 0, 0], "\xC4".bits)

data/test/files/use_pwnlib.rb

@@ -8,7 +8,7 @@ require 'pwnlib/util/packing'
 
 raise 'call from module fail' unless ::Pwnlib::Util::Packing.p8(0x61) == 'a'
 
-include ::Pwnlib::Util::Packing::ClassMethods
+include ::Pwnlib::Util::Packing
 raise 'include module and call fail' unless p8(0x61) == 'a'
 
 begin

data/test/logger_test.rb

@@ -0,0 +1,61 @@
+# encoding: ASCII-8BIT
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/logger'
+
+class LoggerTest < MiniTest::Test
+  include ::Pwnlib::Context
+  include ::Pwnlib::Logger
+
+  def setup
+    @logger = ::Pwnlib::Logger::LoggerType.new
+    class << @logger
+      def add(*args)
+        clear
+        super
+        @logdev.string
+      end
+
+      def indented(*args)
+        clear
+        super(*args)
+        @logdev.string
+      end
+
+      def clear
+        @logdev = StringIO.new
+      end
+    end
+  end
+
+  def test_log
+    str = 'darkhh i4 so s4d'
+    context.local(log_level: DEBUG) do
+      %w(DEBUG INFO WARN ERROR FATAL).each do |type|
+        assert_equal("[#{type}] #{str}\n", @logger.public_send(type.downcase, str))
+        assert_equal("[#{type}] #{str}\n", @logger.public_send(type.downcase) { str })
+      end
+    end
+
+    assert_empty(@logger.debug(str))
+    assert_empty(@logger.debug { str })
+    %w(INFO WARN ERROR FATAL).each do |type|
+      assert_equal("[#{type}] #{str}\n", @logger.public_send(type.downcase, str))
+      assert_equal("[#{type}] #{str}\n", @logger.public_send(type.downcase) { str })
+    end
+  end
+
+  def test_indented
+    assert_silent { log.indented('darkhh', level: DEBUG) }
+    assert_empty(@logger.indented('A', level: DEBUG))
+
+    data = ['meow', 'meow meow', 'meowmeowmeow'].join("\n")
+    assert_equal(<<-EOS, @logger.indented(data, level: INFO))
+    meow
+    meow meow
+    meowmeowmeow
+    EOS
+  end
+end

data/test/memleak_test.rb

@@ -5,44 +5,15 @@ require 'open3'
 require 'tty-platform'
 
 require 'test_helper'
+
 require 'pwnlib/memleak'
 
 class MemLeakTest < MiniTest::Test
   def setup
-    @victim = IO.binread(File.expand_path('../data/victim32', __FILE__))
+    @victim = IO.binread(File.expand_path('data/victim32', __dir__))
     @leak = ::Pwnlib::MemLeak.new { |addr| @victim[addr] }
   end
 
-  def test_find_elf_base_basic
-    assert_equal(0, @leak.find_elf_base(@victim.length * 2 / 3))
-  end
-
-  def test_find_elf_base_running
-    skip 'Only tested on linux' unless TTY::Platform.new.linux?
-    [32, 64].each do |b|
-      # TODO(hh): Use process instead of popen2
-      Open3.popen2(File.expand_path("../data/victim#{b}", __FILE__)) do |i, o, t|
-        main_ra = o.readline[2...-1].to_i(16)
-        realbase = nil
-        IO.readlines("/proc/#{t.pid}/maps").map(&:split).each do |s|
-          st, ed = s[0].split('-').map { |x| x.to_i(16) }
-          next unless main_ra.between?(st, ed)
-          realbase = st
-          break
-        end
-        refute_nil(realbase)
-        mem = open("/proc/#{t.pid}/mem", 'rb')
-        l2 = ::Pwnlib::MemLeak.new do |addr|
-          mem.seek(addr)
-          mem.getc
-        end
-        assert_equal(realbase, l2.find_elf_base(main_ra))
-        mem.close
-        i.write('bye')
-      end
-    end
-  end
-
   def test_n
     assert_equal("\x7fELF", @leak.n(0, 4))
     assert_equal(@victim[0xf0, 0x20], @leak.n(0xf0, 0x20))
@@ -50,8 +21,8 @@ class MemLeakTest < MiniTest::Test
   end
 
   def test_b
-    assert_equal(@victim[0x100], @leak.b(0x100))
-    assert_equal(@victim[514], @leak.b(514))
+    assert_equal(::Pwnlib::Util::Packing.u8(@victim[0x100]), @leak.b(0x100))
+    assert_equal(::Pwnlib::Util::Packing.u8(@victim[514]), @leak.b(514))
   end
 
   def test_w

data/test/reg_sort_test.rb

@@ -1,9 +1,11 @@
 # encoding: ASCII-8BIT
+
 require 'test_helper'
+
 require 'pwnlib/reg_sort'
 
 class RegSortTest < MiniTest::Test
-  include ::Pwnlib::RegSort::ClassMethods
+  include ::Pwnlib::RegSort
 
   def setup
     @regs = %w(a b c d x y z)

data/test/shellcraft/infloop_test.rb

@@ -0,0 +1,26 @@
+# encoding: ASCII-8BIT
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/shellcraft/shellcraft'
+
+class InfloopTest < MiniTest::Test
+  include ::Pwnlib::Context
+
+  def setup
+    @shellcraft = ::Pwnlib::Shellcraft::Shellcraft.instance
+  end
+
+  def test_amd64
+    context.local(arch: 'amd64') do
+      assert_match(/\Ainfloop_\d+:\n  jmp infloop_\d+\n\Z/, @shellcraft.infloop)
+    end
+  end
+
+  def test_i386
+    context.local(arch: 'i386') do
+      assert_match(/\Ainfloop_\d+:\n  jmp infloop_\d+\n\Z/, @shellcraft.infloop)
+    end
+  end
+end

data/test/shellcraft/linux/ls_test.rb

@@ -0,0 +1,108 @@
+# encoding: ASCII-8BIT
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/shellcraft/shellcraft'
+
+class LsTest < MiniTest::Test
+  include ::Pwnlib::Context
+
+  def setup
+    @shellcraft = ::Pwnlib::Shellcraft::Shellcraft.instance
+  end
+
+  def test_amd64
+    context.local(arch: 'amd64') do
+      assert_equal(<<-'EOS', @shellcraft.ls)
+  /* push ".\x00" */
+  push 0x2e
+  /* call open("rsp", 0, 0) */
+  push 2 /* (SYS_open) */
+  pop rax
+  mov rdi, rsp
+  xor esi, esi /* 0 */
+  cdq /* rdx=0 */
+  syscall
+  /* call getdents("rax", "rsp", 4096) */
+  mov rdi, rax
+  push 0x4e /* (SYS_getdents) */
+  pop rax
+  mov rsi, rsp
+  xor edx, edx
+  mov dh, 0x1000 >> 8
+  syscall
+  /* call write(1, "rsp", "rax") */
+  push 1
+  pop rdi
+  mov rsi, rsp
+  mov rdx, rax
+  push 1 /* (SYS_write) */
+  pop rax
+  syscall
+      EOS
+      assert_equal(<<-'EOS', @shellcraft.ls('/usr/bin'))
+  /* push "/usr/bin\x00" */
+  push 1
+  dec byte ptr [rsp]
+  mov rax, 0x6e69622f7273752f
+  push rax
+  /* call open("rsp", 0, 0) */
+  push 2 /* (SYS_open) */
+  pop rax
+  mov rdi, rsp
+  xor esi, esi /* 0 */
+  cdq /* rdx=0 */
+  syscall
+  /* call getdents("rax", "rsp", 4096) */
+  mov rdi, rax
+  push 0x4e /* (SYS_getdents) */
+  pop rax
+  mov rsi, rsp
+  xor edx, edx
+  mov dh, 0x1000 >> 8
+  syscall
+  /* call write(1, "rsp", "rax") */
+  push 1
+  pop rdi
+  mov rsi, rsp
+  mov rdx, rax
+  push 1 /* (SYS_write) */
+  pop rax
+  syscall
+      EOS
+    end
+  end
+
+  def test_i386
+    context.local(arch: 'i386') do
+      assert_equal(<<-'EOS', @shellcraft.ls)
+  /* push ".\x00" */
+  push 0x2e
+  /* call open("esp", 0, 0) */
+  push 5 /* (SYS_open) */
+  pop eax
+  mov ebx, esp
+  xor ecx, ecx /* 0 */
+  cdq /* edx=0 */
+  int 0x80
+  /* call getdents("eax", "esp", 4096) */
+  mov ebx, eax
+  xor eax, eax
+  mov al, 0x8d /* (SYS_getdents) */
+  mov ecx, esp
+  xor edx, edx
+  mov dh, 0x1000 >> 8
+  int 0x80
+  /* call write(1, "esp", "eax") */
+  push 1
+  pop ebx
+  mov ecx, esp
+  mov edx, eax
+  push 4 /* (SYS_write) */
+  pop eax
+  int 0x80
+      EOS
+    end
+  end
+end

data/test/shellcraft/linux/sh_test.rb

@@ -0,0 +1,119 @@
+# encoding: ASCII-8BIT
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/shellcraft/shellcraft'
+
+class ShTest < MiniTest::Test
+  include ::Pwnlib::Context
+
+  def setup
+    @shellcraft = ::Pwnlib::Shellcraft::Shellcraft.instance
+  end
+
+  def test_amd64
+    context.local(arch: 'amd64') do
+      assert_equal(<<-'EOS', @shellcraft.sh)
+  /* push "/bin///sh\x00" */
+  push 0x68
+  mov rax, 0x732f2f2f6e69622f
+  push rax
+
+  /* call execve("rsp", 0, 0) */
+  push 0x3b /* (SYS_execve) */
+  pop rax
+  mov rdi, rsp
+  xor esi, esi /* 0 */
+  cdq /* rdx=0 */
+  syscall
+      EOS
+      assert_equal(<<-'EOS', @shellcraft.sh(argv: true))
+  /* push argument array ["sh\x00"] */
+  /* push "sh\x00" */
+  push 0x1010101 ^ 0x6873
+  xor dword ptr [rsp], 0x1010101
+  xor esi, esi /* 0 */
+  push rsi /* null terminate */
+  push 8
+  pop rsi
+  add rsi, rsp
+  push rsi /* "sh\x00" */
+  mov rsi, rsp
+
+  /* push "/bin///sh\x00" */
+  push 0x68
+  mov rax, 0x732f2f2f6e69622f
+  push rax
+
+  /* call execve("rsp", "rsi", 0) */
+  push 0x3b /* (SYS_execve) */
+  pop rax
+  mov rdi, rsp
+  cdq /* rdx=0 */
+  syscall
+      EOS
+      assert_equal(<<-'EOS', @shellcraft.sh(argv: ['sh', '-c', 'echo pusheen']))
+  /* push argument array ["sh\x00", "-c\x00", "echo pusheen\x00"] */
+  /* push "sh\x00-c\x00echo pusheen\x00" */
+  push 0x1010101 ^ 0x6e65
+  xor dword ptr [rsp], 0x1010101
+  mov rax, 0x6568737570206f68
+  push rax
+  mov rax, 0x101010101010101
+  push rax
+  mov rax, 0x626401622c016972 /* 0x101010101010101 ^ 0x636500632d006873 */
+  xor [rsp], rax
+  xor esi, esi /* 0 */
+  push rsi /* null terminate */
+  push 0xe
+  pop rsi
+  add rsi, rsp
+  push rsi /* "echo pusheen\x00" */
+  push 0x13
+  pop rsi
+  add rsi, rsp
+  push rsi /* "-c\x00" */
+  push 0x18
+  pop rsi
+  add rsi, rsp
+  push rsi /* "sh\x00" */
+  mov rsi, rsp
+
+  /* push "/bin///sh\x00" */
+  push 0x68
+  mov rax, 0x732f2f2f6e69622f
+  push rax
+
+  /* call execve("rsp", "rsi", 0) */
+  push 0x3b /* (SYS_execve) */
+  pop rax
+  mov rdi, rsp
+  cdq /* rdx=0 */
+  syscall
+      EOS
+    end
+  end
+
+  def test_i386
+    context.local(arch: 'i386') do
+      assert_equal(<<-'EOS', @shellcraft.sh)
+  /* push "/bin///sh\x00" */
+  push 0x68
+  push 0x732f2f2f
+  push 0x6e69622f
+
+  /* call execve("esp", 0, 0) */
+  push 0xb /* (SYS_execve) */
+  pop eax
+  mov ebx, esp
+  xor ecx, ecx /* 0 */
+  cdq /* edx=0 */
+  int 0x80
+      EOS
+      assert_equal(@shellcraft.execve('/bin///sh', ['sh'], 0), @shellcraft.sh(argv: true))
+      assert_equal(@shellcraft.execve('/bin///sh', ['sh', '-c', 'echo pusheen'], 0),
+                   @shellcraft.sh(argv: ['sh', '-c', 'echo pusheen']))
+    end
+  end
+end

data/test/shellcraft/linux/syscalls/execve_test.rb

@@ -0,0 +1,136 @@
+# encoding: ASCII-8BIT
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/shellcraft/shellcraft'
+
+class ExecveTest < MiniTest::Test
+  include ::Pwnlib::Context
+
+  def setup
+    @shellcraft = ::Pwnlib::Shellcraft::Shellcraft.instance
+  end
+
+  def test_amd64
+    context.local(arch: 'amd64') do
+      assert_equal(<<-'EOS', @shellcraft.execve('/bin///sh', 0, nil))
+  /* push "/bin///sh\x00" */
+  push 0x68
+  mov rax, 0x732f2f2f6e69622f
+  push rax
+
+  /* call execve("rsp", 0, 0) */
+  push 0x3b /* (SYS_execve) */
+  pop rax
+  mov rdi, rsp
+  xor esi, esi /* 0 */
+  cdq /* rdx=0 */
+  syscall
+      EOS
+      assert_equal(<<-'EOS', @shellcraft.execve('rax', ['sh'], PWD: '.'))
+  /* push argument array ["sh\x00"] */
+  /* push "sh\x00" */
+  push 0x1010101 ^ 0x6873
+  xor dword ptr [rsp], 0x1010101
+  xor esi, esi /* 0 */
+  push rsi /* null terminate */
+  push 8
+  pop rsi
+  add rsi, rsp
+  push rsi /* "sh\x00" */
+  mov rsi, rsp
+
+  /* push argument array ["PWD=.\x00"] */
+  /* push "PWD=.\x00" */
+  mov rax, 0x101010101010101
+  push rax
+  mov rax, 0x101012f3c455651 /* 0x101010101010101 ^ 0x2e3d445750 */
+  xor [rsp], rax
+  xor edx, edx /* 0 */
+  push rdx /* null terminate */
+  push 8
+  pop rdx
+  add rdx, rsp
+  push rdx /* "PWD=.\x00" */
+  mov rdx, rsp
+
+  /* call execve("rax", "rsi", "rdx") */
+  mov rdi, rax
+  push 0x3b /* (SYS_execve) */
+  pop rax
+  syscall
+      EOS
+      assert_equal(<<-'EOS', @shellcraft.execve('rdi', 'rsi', 'rdx'))
+  /* call execve("rdi", "rsi", "rdx") */
+  push 0x3b /* (SYS_execve) */
+  pop rax
+  syscall
+      EOS
+      err = assert_raises(ArgumentError) { @shellcraft.execve('rdi', 'rdi', 'xdd') }
+      assert_match(/not a valid register/, err.message)
+      err = assert_raises(ArgumentError) { @shellcraft.execve('rdi', 'qqpie', 'rdi') }
+      assert_match(/not a valid register/, err.message)
+    end
+  end
+
+  def test_i386
+    context.local(arch: 'i386') do
+      assert_equal(<<-'EOS', @shellcraft.execve('/bin///sh', 0, nil))
+  /* push "/bin///sh\x00" */
+  push 0x68
+  push 0x732f2f2f
+  push 0x6e69622f
+
+  /* call execve("esp", 0, 0) */
+  push 0xb /* (SYS_execve) */
+  pop eax
+  mov ebx, esp
+  xor ecx, ecx /* 0 */
+  cdq /* edx=0 */
+  int 0x80
+      EOS
+      assert_equal(<<-'EOS', @shellcraft.execve('eax', ['sh'], PWD: '.'))
+  /* push argument array ["sh\x00"] */
+  /* push "sh\x00" */
+  push 0x1010101
+  xor dword ptr [esp], 0x1016972 /* 0x1010101 ^ 0x6873 */
+  xor ecx, ecx /* 0 */
+  push ecx /* null terminate */
+  push 4
+  pop ecx
+  add ecx, esp
+  push ecx /* "sh\x00" */
+  mov ecx, esp
+
+  /* push argument array ["PWD=.\x00"] */
+  /* push "PWD=.\x00" */
+  push 0x2e
+  push 0x3d445750
+  xor edx, edx /* 0 */
+  push edx /* null terminate */
+  push 4
+  pop edx
+  add edx, esp
+  push edx /* "PWD=.\x00" */
+  mov edx, esp
+
+  /* call execve("eax", "ecx", "edx") */
+  mov ebx, eax
+  push 0xb /* (SYS_execve) */
+  pop eax
+  int 0x80
+      EOS
+      assert_equal(<<-'EOS', @shellcraft.execve('ebx', 'ecx', 'edx'))
+  /* call execve("ebx", "ecx", "edx") */
+  push 0xb /* (SYS_execve) */
+  pop eax
+  int 0x80
+      EOS
+      err = assert_raises(ArgumentError) { @shellcraft.execve('edi', 'esi', 'xdd') }
+      assert_match(/not a valid register/, err.message)
+      err = assert_raises(ArgumentError) { @shellcraft.execve('edi', 'qqpie', 'edi') }
+      assert_match(/not a valid register/, err.message)
+    end
+  end
+end