pwntools 0.1.0 → 1.2.1

data/test/ext_test.rb

@@ -1,13 +1,15 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'test_helper'
+
 require 'pwnlib/ext/array'
 require 'pwnlib/ext/integer'
 require 'pwnlib/ext/string'
 
 class ExtTest < MiniTest::Test
-  # Thought that test one method in each module for each type is enough, since it's quite
-  # stupid (and meaningless) to copy the list of proxied functions to here...
+  # Thought that test one method in each module for each type is enough, since it's quite stupid (and meaningless) to
+  # copy the list of proxied functions to here...
   def test_ext_string
     assert_equal(0x4142, 'AB'.u16(endian: 'be'))
     assert_equal([1, 1, 0, 0, 0, 1, 0, 0], "\xC4".bits)

data/test/files/use_pwn.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 # Make sure we're using local copy for local testing.
 $LOAD_PATH.unshift File.expand_path(File.join(__FILE__, '..', '..', '..', 'lib'))
@@ -8,12 +9,8 @@ require 'pwn'
 context[arch: 'amd64']
 
 raise 'pack fail' unless pack(1) == "\x01\0\0\0\0\0\0\0"
-unless ::Pwnlib::Util::Fiddling.__send__(:context).object_id == context.object_id
-  raise 'not unique context'
-end
-unless ::Pwnlib::Context.context.object_id == context.object_id
-  raise 'not unique context'
-end
+raise 'not unique context' unless ::Pwnlib::Util::Fiddling.__send__(:context).equal?(context)
+raise 'not unique context' unless ::Pwnlib::Context.context.equal?(context)
 
 # Make sure things aren't polluting Object
 begin

data/test/files/use_pwnlib.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 # Make sure we're using local copy for local testing.
 $LOAD_PATH.unshift File.expand_path(File.join(__FILE__, '..', '..', '..', 'lib'))
@@ -8,7 +9,7 @@ require 'pwnlib/util/packing'
 
 raise 'call from module fail' unless ::Pwnlib::Util::Packing.p8(0x61) == 'a'
 
-include ::Pwnlib::Util::Packing::ClassMethods
+include ::Pwnlib::Util::Packing
 raise 'include module and call fail' unless p8(0x61) == 'a'
 
 begin

data/test/full_file_test.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'open3'
 
@@ -13,4 +14,9 @@ class FullFileTest < MiniTest::Test
       assert(status.success?, stderr)
     end
   end
+
+  def test_ruby_cli
+    _, stderr, status = Open3.capture3('ruby', '-e', 'require "pwn"', binmode: true)
+    assert(status.success?, stderr)
+  end
 end

data/test/logger_test.rb

@@ -0,0 +1,120 @@
+# encoding: ASCII-8BIT
+# frozen_string_literal: true
+
+require 'open3'
+require 'tempfile'
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/logger'
+
+class LoggerTest < MiniTest::Test
+  include ::Pwnlib::Context
+  include ::Pwnlib::Logger
+
+  def setup
+    @logger = ::Pwnlib::Logger::LoggerType.new
+    class << @logger
+      def add(*)
+        clear
+        super
+        @logdev.string
+      end
+
+      def indented(*, **)
+        clear
+        super
+        @logdev.string
+      end
+
+      def clear
+        @logdev = StringIO.new
+      end
+    end
+  end
+
+  def test_log
+    str = 'darkhh i4 so s4d'
+    context.local(log_level: DEBUG) do
+      %w(DEBUG INFO WARN ERROR FATAL).each do |type|
+        assert_equal("[#{type}] #{str}\n", @logger.public_send(type.downcase, str))
+        assert_equal("[#{type}] #{str}\n", @logger.public_send(type.downcase) { str })
+      end
+    end
+
+    assert_empty(@logger.debug(str))
+    assert_empty(@logger.debug { str })
+    %w(INFO WARN ERROR FATAL).each do |type|
+      assert_equal("[#{type}] #{str}\n", @logger.public_send(type.downcase, str))
+      assert_equal("[#{type}] #{str}\n", @logger.public_send(type.downcase) { str })
+    end
+  end
+
+  def test_indented
+    assert_silent { log.indented('darkhh', level: DEBUG) }
+    assert_empty(@logger.indented('A', level: DEBUG))
+
+    data = ['meow', 'meow meow', 'meowmeowmeow'].join("\n")
+    assert_equal(<<-EOS, @logger.indented(data, level: INFO))
+    meow
+    meow meow
+    meowmeowmeow
+    EOS
+  end
+
+  def test_dump
+    x = 2
+    y = 3
+    assert_equal(<<-EOS, @logger.dump(x + y, x * y))
+[DUMP] (x + y) = 5, (x * y) = 6
+    EOS
+
+    libc = 0x7fc0bdd13000
+    # check if source code parsing works good
+    msg = @logger.dump(
+      libc # comment is ok
+      .to_s(16),
+      libc - libc * 1
+    )
+    assert_equal(<<-EOS, msg)
+[DUMP] libc.to_s(16) = "7fc0bdd13000", (libc - (libc * 1)) = 0
+    EOS
+
+    libc = 0x7fc0bdd13000
+    assert_equal(<<-EOS, @logger.dump { libc.to_s(16) })
+[DUMP] libc.to_s(16) = "7fc0bdd13000"
+    EOS
+
+    res = @logger.dump do
+      libc = 12_345_678
+      libc <<= 12
+      # comments will be ignored
+      libc.to_s # dummy line
+      libc.to_s(16)
+    end
+    assert_equal(<<-EOS, res)
+[DUMP] libc = 12345678
+       libc = (libc << 12)
+       libc.to_s
+       libc.to_s(16) = "bc614e000"
+    EOS
+
+    lib_path = File.expand_path(File.join(__dir__, '..', 'lib'))
+    f = Tempfile.new(['dump', '.rb'])
+    begin
+      f.write <<~EOS
+        $LOAD_PATH.unshift #{lib_path.inspect}
+        require 'pwn'
+        FileUtils.remove(__FILE__)
+        log.dump 1337
+      EOS
+      f.close
+      _, stderr, status = Open3.capture3('ruby', f.path, binmode: true)
+      assert(status.success?, stderr)
+    ensure
+      f.close
+      f.unlink
+    end
+  end
+end

data/test/memleak_test.rb

@@ -1,48 +1,20 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'open3'
 
 require 'tty-platform'
 
 require 'test_helper'
+
 require 'pwnlib/memleak'
 
 class MemLeakTest < MiniTest::Test
   def setup
-    @victim = IO.binread(File.expand_path('../data/victim32', __FILE__))
+    @victim = IO.binread(File.expand_path('data/victim32', __dir__))
     @leak = ::Pwnlib::MemLeak.new { |addr| @victim[addr] }
   end
 
-  def test_find_elf_base_basic
-    assert_equal(0, @leak.find_elf_base(@victim.length * 2 / 3))
-  end
-
-  def test_find_elf_base_running
-    skip 'Only tested on linux' unless TTY::Platform.new.linux?
-    [32, 64].each do |b|
-      # TODO(hh): Use process instead of popen2
-      Open3.popen2(File.expand_path("../data/victim#{b}", __FILE__)) do |i, o, t|
-        main_ra = o.readline[2...-1].to_i(16)
-        realbase = nil
-        IO.readlines("/proc/#{t.pid}/maps").map(&:split).each do |s|
-          st, ed = s[0].split('-').map { |x| x.to_i(16) }
-          next unless main_ra.between?(st, ed)
-          realbase = st
-          break
-        end
-        refute_nil(realbase)
-        mem = open("/proc/#{t.pid}/mem", 'rb')
-        l2 = ::Pwnlib::MemLeak.new do |addr|
-          mem.seek(addr)
-          mem.getc
-        end
-        assert_equal(realbase, l2.find_elf_base(main_ra))
-        mem.close
-        i.write('bye')
-      end
-    end
-  end
-
   def test_n
     assert_equal("\x7fELF", @leak.n(0, 4))
     assert_equal(@victim[0xf0, 0x20], @leak.n(0xf0, 0x20))
@@ -50,8 +22,8 @@ class MemLeakTest < MiniTest::Test
   end
 
   def test_b
-    assert_equal(@victim[0x100], @leak.b(0x100))
-    assert_equal(@victim[514], @leak.b(514))
+    assert_equal(::Pwnlib::Util::Packing.u8(@victim[0x100]), @leak.b(0x100))
+    assert_equal(::Pwnlib::Util::Packing.u8(@victim[514]), @leak.b(514))
   end
 
   def test_w

data/test/reg_sort_test.rb

@@ -1,9 +1,12 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
+
 require 'test_helper'
+
 require 'pwnlib/reg_sort'
 
 class RegSortTest < MiniTest::Test
-  include ::Pwnlib::RegSort::ClassMethods
+  include ::Pwnlib::RegSort
 
   def setup
     @regs = %w(a b c d x y z)

data/test/runner_test.rb

@@ -0,0 +1,32 @@
+# encoding: ASCII-8BIT
+# frozen_string_literal: true
+
+require 'test_helper'
+
+require 'pwnlib/runner'
+require 'pwnlib/shellcraft/shellcraft'
+
+class RunnerTest < MiniTest::Test
+  include ::Pwnlib::Context
+
+  def setup
+    linux_only 'Runner can only be used on Linux'
+  end
+
+  def shellcraft
+    ::Pwnlib::Shellcraft::Shellcraft.instance
+  end
+
+  def test_i386_run_assembly
+    context.local(arch: 'i386') do
+      r = ::Pwnlib::Runner.run_assembly(
+        shellcraft.pushstr('run_assembly') +
+        shellcraft.syscall('SYS_write', 1, 'esp', 12) +
+        shellcraft.exit(0)
+      )
+      assert_equal('run_assembly', r.recvn(12))
+      # Test if reach EOF
+      assert_raises(::Pwnlib::Errors::EndOfTubeError) { r.recv }
+    end
+  end
+end

data/test/shellcraft/infloop_test.rb

@@ -0,0 +1,27 @@
+# encoding: ASCII-8BIT
+# frozen_string_literal: true
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/shellcraft/shellcraft'
+
+class InfloopTest < MiniTest::Test
+  include ::Pwnlib::Context
+
+  def setup
+    @shellcraft = ::Pwnlib::Shellcraft::Shellcraft.instance
+  end
+
+  def test_amd64
+    context.local(arch: 'amd64') do
+      assert_match(/\Ainfloop_\d+:\n  jmp infloop_\d+\n\Z/, @shellcraft.infloop)
+    end
+  end
+
+  def test_i386
+    context.local(arch: 'i386') do
+      assert_match(/\Ainfloop_\d+:\n  jmp infloop_\d+\n\Z/, @shellcraft.infloop)
+    end
+  end
+end

data/test/shellcraft/linux/cat_test.rb

@@ -0,0 +1,87 @@
+# encoding: ASCII-8BIT
+# frozen_string_literal: true
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/shellcraft/shellcraft'
+
+class CatTest < MiniTest::Test
+  include ::Pwnlib::Context
+
+  def setup
+    @shellcraft = ::Pwnlib::Shellcraft::Shellcraft.instance
+  end
+
+  def test_amd64
+    context.local(arch: 'amd64') do
+      assert_equal(<<-'EOS', @shellcraft.cat('flag'))
+  /* push "flag\x00" */
+  push 0x67616c66
+  /* call open("rsp", "O_RDONLY", 0) */
+  push 2 /* (SYS_open) */
+  pop rax
+  mov rdi, rsp
+  xor esi, esi /* (O_RDONLY) */
+  cdq /* rdx=0 */
+  syscall
+  /* call sendfile(1, "rax", 0, 2147483647) */
+  push 1
+  pop rdi
+  mov rsi, rax
+  push 0x28 /* (SYS_sendfile) */
+  pop rax
+  mov r10d, 0x7fffffff
+  cdq /* rdx=0 */
+  syscall
+      EOS
+      assert_equal(<<-'EOS', @shellcraft.cat('flag', fd: 2))
+  /* push "flag\x00" */
+  push 0x67616c66
+  /* call open("rsp", "O_RDONLY", 0) */
+  push 2 /* (SYS_open) */
+  pop rax
+  mov rdi, rsp
+  xor esi, esi /* (O_RDONLY) */
+  cdq /* rdx=0 */
+  syscall
+  /* call sendfile(2, "rax", 0, 2147483647) */
+  push 2
+  pop rdi
+  mov rsi, rax
+  push 0x28 /* (SYS_sendfile) */
+  pop rax
+  mov r10d, 0x7fffffff
+  cdq /* rdx=0 */
+  syscall
+      EOS
+    end
+  end
+
+  def test_i386
+    context.local(arch: 'i386') do
+      assert_equal(<<-'EOS', @shellcraft.cat('flag'))
+  /* push "flag\x00" */
+  push 1
+  dec byte ptr [esp]
+  push 0x67616c66
+  /* call open("esp", "O_RDONLY", 0) */
+  push 5 /* (SYS_open) */
+  pop eax
+  mov ebx, esp
+  xor ecx, ecx /* (O_RDONLY) */
+  cdq /* edx=0 */
+  int 0x80
+  /* call sendfile(1, "eax", 0, 2147483647) */
+  push 1
+  pop ebx
+  mov ecx, eax
+  xor eax, eax
+  mov al, 0xbb /* (SYS_sendfile) */
+  mov esi, 0x7fffffff
+  cdq /* edx=0 */
+  int 0x80
+      EOS
+    end
+  end
+end

data/test/shellcraft/linux/ls_test.rb

@@ -0,0 +1,109 @@
+# encoding: ASCII-8BIT
+# frozen_string_literal: true
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/shellcraft/shellcraft'
+
+class LsTest < MiniTest::Test
+  include ::Pwnlib::Context
+
+  def setup
+    @shellcraft = ::Pwnlib::Shellcraft::Shellcraft.instance
+  end
+
+  def test_amd64
+    context.local(arch: 'amd64') do
+      assert_equal(<<-'EOS', @shellcraft.ls)
+  /* push ".\x00" */
+  push 0x2e
+  /* call open("rsp", 0, 0) */
+  push 2 /* (SYS_open) */
+  pop rax
+  mov rdi, rsp
+  xor esi, esi /* 0 */
+  cdq /* rdx=0 */
+  syscall
+  /* call getdents("rax", "rsp", 4096) */
+  mov rdi, rax
+  push 0x4e /* (SYS_getdents) */
+  pop rax
+  mov rsi, rsp
+  xor edx, edx
+  mov dh, 0x1000 >> 8
+  syscall
+  /* call write(1, "rsp", "rax") */
+  push 1
+  pop rdi
+  mov rsi, rsp
+  mov rdx, rax
+  push 1 /* (SYS_write) */
+  pop rax
+  syscall
+      EOS
+      assert_equal(<<-'EOS', @shellcraft.ls('/usr/bin'))
+  /* push "/usr/bin\x00" */
+  push 1
+  dec byte ptr [rsp]
+  mov rax, 0x6e69622f7273752f
+  push rax
+  /* call open("rsp", 0, 0) */
+  push 2 /* (SYS_open) */
+  pop rax
+  mov rdi, rsp
+  xor esi, esi /* 0 */
+  cdq /* rdx=0 */
+  syscall
+  /* call getdents("rax", "rsp", 4096) */
+  mov rdi, rax
+  push 0x4e /* (SYS_getdents) */
+  pop rax
+  mov rsi, rsp
+  xor edx, edx
+  mov dh, 0x1000 >> 8
+  syscall
+  /* call write(1, "rsp", "rax") */
+  push 1
+  pop rdi
+  mov rsi, rsp
+  mov rdx, rax
+  push 1 /* (SYS_write) */
+  pop rax
+  syscall
+      EOS
+    end
+  end
+
+  def test_i386
+    context.local(arch: 'i386') do
+      assert_equal(<<-'EOS', @shellcraft.ls)
+  /* push ".\x00" */
+  push 0x2e
+  /* call open("esp", 0, 0) */
+  push 5 /* (SYS_open) */
+  pop eax
+  mov ebx, esp
+  xor ecx, ecx /* 0 */
+  cdq /* edx=0 */
+  int 0x80
+  /* call getdents("eax", "esp", 4096) */
+  mov ebx, eax
+  xor eax, eax
+  mov al, 0x8d /* (SYS_getdents) */
+  mov ecx, esp
+  xor edx, edx
+  mov dh, 0x1000 >> 8
+  int 0x80
+  /* call write(1, "esp", "eax") */
+  push 1
+  pop ebx
+  mov ecx, esp
+  mov edx, eax
+  push 4 /* (SYS_write) */
+  pop eax
+  int 0x80
+      EOS
+    end
+  end
+end