pwntools 1.0.1 → 1.1.0

data/lib/pwnlib/util/packing.rb

@@ -71,9 +71,7 @@ module Pwnlib
             end
           else
             if is_all
-              if number < 0
-                raise ArgumentError, "Can't pack negative number with bits='all' and signed=false"
-              end
+              raise ArgumentError, "Can't pack negative number with bits='all' and signed=false" if number < 0
               bits = number.zero? ? 8 : ((number.bit_length - 1) | 7) + 1
             end
 
@@ -136,9 +134,7 @@ module Pwnlib
           signed = context.signed
           bytes = (bits + 7) / 8
 
-          unless data.size == bytes
-            raise ArgumentError, "data.size=#{data.size} does not match with bits=#{bits}"
-          end
+          raise ArgumentError, "data.size=#{data.size} does not match with bits=#{bits}" unless data.size == bytes
 
           data = data.reverse if endian == 'little'
           data = data.unpack('C*')
@@ -200,9 +196,7 @@ module Pwnlib
 
           bytes = bits / 8
 
-          if data.size % bytes != 0
-            raise ArgumentError, "data.size=#{data.size} must be a multiple of bytes=#{bytes}"
-          end
+          raise ArgumentError, "data.size=#{data.size} must be a multiple of bytes=#{bytes}" if data.size % bytes != 0
           ret = []
           (data.size / bytes).times do |idx|
             x1 = idx * bytes

data/lib/pwnlib/version.rb

@@ -2,5 +2,5 @@
 
 module Pwnlib
   # version of pwntools-ruby
-  VERSION = '1.0.1'.freeze
+  VERSION = '1.1.0'.freeze
 end

data/test/asm_test.rb

@@ -10,11 +10,19 @@ class AsmTest < MiniTest::Test
   Asm = ::Pwnlib::Asm
 
   def setup
-    skip 'Not test asm/disasm on Windows' if TTY::Platform.new.windows?
     @shellcraft = ::Pwnlib::Shellcraft::Shellcraft.instance
   end
 
+  def skip_windows
+    skip 'Not test asm/disasm on Windows' if TTY::Platform.new.windows?
+  end
+
+  def linux_only
+    skip 'ELF can only be executed on Linux' unless TTY::Platform.new.linux?
+  end
+
   def test_i386_asm
+    skip_windows
     context.local(arch: 'i386') do
       assert_equal("\x90", Asm.asm('nop'))
       assert_equal("\xeb\xfe", Asm.asm(@shellcraft.infloop))
@@ -26,6 +34,7 @@ class AsmTest < MiniTest::Test
   end
 
   def test_amd64_asm
+    skip_windows
     context.local(arch: 'amd64') do
       assert_equal("\x90", Asm.asm('nop'))
       assert_equal("\xeb\xfe", Asm.asm(@shellcraft.infloop))
@@ -36,6 +45,7 @@ class AsmTest < MiniTest::Test
   end
 
   def test_i386_disasm
+    skip_windows
     context.local(arch: 'i386') do
       str = Asm.disasm("h\x01\x01\x01\x01\x814$ri\x01\x011\xd2"\
                        "Rj\x04Z\x01\xe2R\x89\xe2jhh///sh/binj\x0bX\x89\xe3\x89\xd1\x99\xcd\x80")
@@ -66,6 +76,7 @@ class AsmTest < MiniTest::Test
   end
 
   def test_amd64_disasm
+    skip_windows
     context.local(arch: 'amd64') do
       str = Asm.disasm("hri\x01\x01\x814$\x01\x01\x01\x011\xd2" \
                        "Rj\x08ZH\x01\xe2RH\x89\xe2jhH\xb8/bin///sPj;XH\x89\xe7H\x89\xd6\x99\x0f\x05", vma: 0xfff)
@@ -98,7 +109,79 @@ class AsmTest < MiniTest::Test
 
   # To ensure coverage
   def test_require
-    err = assert_raises(LoadError) { Asm.__send__(:require_message, 'no_such_lib', 'meow') }
+    err = assert_raises(::Pwnlib::Errors::DependencyError) do
+      Asm.__send__(:require_message, 'no_such_lib', 'meow')
+    end
     assert_match(/meow/, err.message)
   end
+
+  def make_elf_file(*args)
+    elf = Asm.make_elf(*args)
+    stream = StringIO.new(elf)
+    [elf, ::ELFTools::ELFFile.new(stream)]
+  end
+
+  def test_make_elf
+    # create ELF and use ELFTools to test it
+    data = 'not important'
+    elf, elf_file = make_elf_file(data)
+    assert_equal('Intel 80386', elf_file.machine)
+    # check entry point contains data
+    assert_equal(data, elf[elf_file.header.e_entry - 0x08048000, data.size])
+    segment = elf_file.segments.first
+    assert(segment.readable? && segment.executable?)
+
+    # test to_file
+    temp_path = Asm.make_elf(data, to_file: true)
+    assert_equal(elf, IO.binread(temp_path))
+    File.unlink(temp_path)
+
+    # test block form
+    temp_path = Asm.make_elf(data) do |path|
+      assert(File.file?(path))
+      path
+    end
+    # check file removed
+    refute(File.exist?(temp_path))
+
+    # test vma
+    custom_base = 0x1234000
+    _, elf_file = make_elf_file(data, vma: custom_base)
+    assert_equal(custom_base, elf_file.segments.first.header.p_vaddr)
+
+    context.local(arch: :arm) do
+      _, elf_file = make_elf_file(data)
+      assert_equal(32, elf_file.header.elf_class)
+      assert_equal('ARM', elf_file.machine)
+      assert_equal(0x8000, elf_file.segments.first.header.p_vaddr)
+    end
+
+    context.local(arch: :vax) do
+      err = assert_raises(::Pwnlib::Errors::UnsupportedArchError) do
+        Asm.make_elf('')
+      end
+      assert_equal('Unknown machine type of architecture "vax".', err.message)
+    end
+  end
+
+  # this test can be removed after method +run_shellcode+ being implemented
+  def test_make_elf_and_run
+    # run the ELF we created to make sure it works.
+    linux_only
+
+    # test supported architecture
+    {
+      i386: /08048000-08049000 r-xp/,
+      amd64: /00400000-00401000 r-xp/
+    }.each do |arch, regexp|
+      context.local(arch: arch) do
+        data = Asm.asm(@shellcraft.cat('/proc/self/maps') + @shellcraft.syscall('SYS_exit', 0))
+        Asm.make_elf(data) do |path|
+          Open3.popen2(path) do |_i, o, _t|
+            assert_match(regexp, o.gets)
+          end
+        end
+      end
+    end
+  end
 end

data/test/constants/constants_test.rb

@@ -15,8 +15,8 @@ class ConstantsTest < MiniTest::Test
       assert_equal('__NR_arch_prctl', Constants.__NR_arch_prctl.to_s)
       assert_equal('Constant("(O_CREAT)", 0x40)', Constants.eval('O_CREAT').inspect)
       assert_equal('Constant("(O_CREAT | O_WRONLY)", 0x41)', Constants.eval('O_CREAT | O_WRONLY').inspect)
-      err = assert_raises(NameError) { Constants.eval('rax') }
-      assert_equal('no value provided for variables: rax', err.message)
+      err = assert_raises(::Pwnlib::Errors::ConstantNotFoundError) { Constants.eval('rax + rbx') }
+      assert_equal('Undefined constant(s): rax, rbx', err.message)
     end
   end
 

data/test/data/echo.rb

@@ -2,14 +2,9 @@
 
 require 'socket'
 
-if ARGV.empty?
-  puts "Usage #{__FILE__} port"
-  exit 1
-end
+server = TCPServer.open('127.0.0.1', 0)
 
-server = TCPServer.open('127.0.0.1', ARGV[0].to_i)
-
-STDOUT.puts 'Start!'
+STDOUT.puts "Start with port #{server.addr[1]}"
 STDOUT.flush
 
 client = server.accept

data/test/elf/elf_test.rb

@@ -6,11 +6,13 @@ require 'pwnlib/elf/elf'
 require 'pwnlib/logger'
 
 class ELFTest < MiniTest::Test
-  include ::Pwnlib::Logger
-
   def setup
     @path_of = ->(file) { File.join(__dir__, '..', 'data', 'elfs', file) }
-    @elf = ::Pwnlib::ELF::ELF.new(@path_of.call('i386.prelro.elf'), checksec: false)
+    @elf = to_elf_silent('i386.prelro.elf')
+  end
+
+  def to_elf_silent(filename)
+    log_null { ::Pwnlib::ELF::ELF.new(@path_of.call(filename), checksec: false) }
   end
 
   # check stdout when loaded
@@ -43,7 +45,7 @@ NX:       NX enabled
 PIE:      No PIE (0x8048000)
     EOS
 
-    nrelro_elf = ::Pwnlib::ELF::ELF.new(@path_of.call('amd64.nrelro.elf'), checksec: false)
+    nrelro_elf = to_elf_silent('amd64.nrelro.elf')
     assert_equal(<<-EOS.strip, nrelro_elf.checksec)
 RELRO:    No RELRO
 Stack:    Canary found
@@ -51,7 +53,7 @@ NX:       NX enabled
 PIE:      No PIE (0x400000)
     EOS
 
-    frelro_elf = ::Pwnlib::ELF::ELF.new(@path_of.call('amd64.frelro.elf'), checksec: false)
+    frelro_elf = to_elf_silent('amd64.frelro.elf')
     assert_equal(<<-EOS.strip, frelro_elf.checksec)
 RELRO:    Full RELRO
 Stack:    Canary found
@@ -78,7 +80,7 @@ PIE:      No PIE (0x400000)
     assert_same(0x80483b0, @elf.plt.printf)
     assert_same(0x80483f0, @elf.plt[:scanf])
 
-    elf = ::Pwnlib::ELF::ELF.new(@path_of.call('amd64.frelro.pie.elf'), checksec: false)
+    elf = to_elf_silent('amd64.frelro.pie.elf')
     assert_nil(elf.plt)
   end
 
@@ -90,7 +92,7 @@ PIE:      No PIE (0x400000)
     @elf.address = new_address
     assert_equal(old_main - old_address + new_address, @elf.symbols.main)
 
-    elf = ::Pwnlib::ELF::ELF.new(@path_of.call('i386.frelro.pie.elf'), checksec: false)
+    elf = to_elf_silent('i386.frelro.pie.elf')
     assert_equal(0, elf.address)
     assert_same(0x6c2, elf.symbols.main)
     elf.address = 0xdeadbeef0000
@@ -99,7 +101,7 @@ PIE:      No PIE (0x400000)
   end
 
   def test_static
-    elf = ::Pwnlib::ELF::ELF.new(@path_of.call('amd64.static.elf'), checksec: false)
+    elf = to_elf_silent('amd64.static.elf')
     assert_equal(<<-EOS.strip, elf.checksec)
 RELRO:    Partial RELRO
 Stack:    Canary found
@@ -124,11 +126,4 @@ PIE:      No PIE (0x400000)
     assert_equal([0x1234001, 0x1392613], elf.search('ELF').to_a)
     assert_equal(0x138d00b, elf.find('/bin/sh').next)
   end
-
-  def log_stdout
-    old = log.instance_variable_get(:@logdev)
-    log.instance_variable_set(:@logdev, $stdout)
-    yield
-    log.instance_variable_set(:@logdev, old)
-  end
 end

data/test/files/use_pwn.rb

@@ -8,12 +8,8 @@ require 'pwn'
 context[arch: 'amd64']
 
 raise 'pack fail' unless pack(1) == "\x01\0\0\0\0\0\0\0"
-unless ::Pwnlib::Util::Fiddling.__send__(:context).object_id == context.object_id
-  raise 'not unique context'
-end
-unless ::Pwnlib::Context.context.object_id == context.object_id
-  raise 'not unique context'
-end
+raise 'not unique context' unless ::Pwnlib::Util::Fiddling.__send__(:context).object_id == context.object_id
+raise 'not unique context' unless ::Pwnlib::Context.context.object_id == context.object_id
 
 # Make sure things aren't polluting Object
 begin

data/test/logger_test.rb

@@ -58,4 +58,42 @@ class LoggerTest < MiniTest::Test
     meowmeowmeow
     EOS
   end
+
+  def test_dump
+    x = 2
+    y = 3
+    assert_equal(<<-EOS, @logger.dump(x + y, x * y))
+[DUMP] (x + y) = 5, (x * y) = 6
+    EOS
+
+    libc = 0x7fc0bdd13000
+    # check if source code parsing works good
+    msg = @logger.dump(
+      libc # comment is ok
+      .to_s(16),
+      libc - libc
+    )
+    assert_equal(<<-EOS, msg)
+[DUMP] libc.to_s(16) = "7fc0bdd13000", (libc - libc) = 0
+    EOS
+
+    libc = 0x7fc0bdd13000
+    assert_equal(<<-EOS, @logger.dump { libc.to_s(16) })
+[DUMP] libc.to_s(16) = "7fc0bdd13000"
+    EOS
+
+    res = @logger.dump do
+      libc = 12_345_678
+      libc <<= 12
+      # comments will be ignored
+      libc.to_s # dummy line
+      libc.to_s(16)
+    end
+    assert_equal(<<-EOS, res)
+[DUMP] libc = 12345678
+       libc = (libc << 12)
+       libc.to_s
+       libc.to_s(16) = "bc614e000"
+    EOS
+  end
 end

data/test/shellcraft/linux/cat_test.rb

@@ -0,0 +1,86 @@
+# encoding: ASCII-8BIT
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/shellcraft/shellcraft'
+
+class CatTest < MiniTest::Test
+  include ::Pwnlib::Context
+
+  def setup
+    @shellcraft = ::Pwnlib::Shellcraft::Shellcraft.instance
+  end
+
+  def test_amd64
+    context.local(arch: 'amd64') do
+      assert_equal(<<-'EOS', @shellcraft.cat('flag'))
+  /* push "flag\x00" */
+  push 0x67616c66
+  /* call open("rsp", "O_RDONLY", 0) */
+  push 2 /* (SYS_open) */
+  pop rax
+  mov rdi, rsp
+  xor esi, esi /* (O_RDONLY) */
+  cdq /* rdx=0 */
+  syscall
+  /* call sendfile(1, "rax", 0, 2147483647) */
+  push 1
+  pop rdi
+  mov rsi, rax
+  push 0x28 /* (SYS_sendfile) */
+  pop rax
+  mov r10d, 0x7fffffff
+  cdq /* rdx=0 */
+  syscall
+      EOS
+      assert_equal(<<-'EOS', @shellcraft.cat('flag', fd: 2))
+  /* push "flag\x00" */
+  push 0x67616c66
+  /* call open("rsp", "O_RDONLY", 0) */
+  push 2 /* (SYS_open) */
+  pop rax
+  mov rdi, rsp
+  xor esi, esi /* (O_RDONLY) */
+  cdq /* rdx=0 */
+  syscall
+  /* call sendfile(2, "rax", 0, 2147483647) */
+  push 2
+  pop rdi
+  mov rsi, rax
+  push 0x28 /* (SYS_sendfile) */
+  pop rax
+  mov r10d, 0x7fffffff
+  cdq /* rdx=0 */
+  syscall
+      EOS
+    end
+  end
+
+  def test_i386
+    context.local(arch: 'i386') do
+      assert_equal(<<-'EOS', @shellcraft.cat('flag'))
+  /* push "flag\x00" */
+  push 1
+  dec byte ptr [esp]
+  push 0x67616c66
+  /* call open("esp", "O_RDONLY", 0) */
+  push 5 /* (SYS_open) */
+  pop eax
+  mov ebx, esp
+  xor ecx, ecx /* (O_RDONLY) */
+  cdq /* edx=0 */
+  int 0x80
+  /* call sendfile(1, "eax", 0, 2147483647) */
+  push 1
+  pop ebx
+  mov ecx, eax
+  xor eax, eax
+  mov al, 0xbb /* (SYS_sendfile) */
+  mov esi, 0x7fffffff
+  cdq /* edx=0 */
+  int 0x80
+      EOS
+    end
+  end
+end

data/test/shellcraft/linux/syscalls/exit_test.rb

@@ -0,0 +1,56 @@
+# encoding: ASCII-8BIT
+
+require 'test_helper'
+
+require 'pwnlib/context'
+require 'pwnlib/shellcraft/shellcraft'
+
+class ExitTest < MiniTest::Test
+  include ::Pwnlib::Context
+
+  def setup
+    @shellcraft = ::Pwnlib::Shellcraft::Shellcraft.instance
+  end
+
+  def test_amd64
+    context.local(arch: 'amd64') do
+      assert_equal(<<-'EOS', @shellcraft.exit)
+  /* call exit(0) */
+  push 0x3c /* (SYS_exit) */
+  pop rax
+  xor edi, edi /* 0 */
+  syscall
+      EOS
+
+      assert_equal(<<-'EOS', @shellcraft.exit(1))
+  /* call exit(1) */
+  push 0x3c /* (SYS_exit) */
+  pop rax
+  push 1
+  pop rdi
+  syscall
+      EOS
+    end
+  end
+
+  def test_i386
+    context.local(arch: 'i386') do
+      assert_equal(<<-'EOS', @shellcraft.exit)
+  /* call exit(0) */
+  push 1 /* (SYS_exit) */
+  pop eax
+  xor ebx, ebx /* 0 */
+  int 0x80
+      EOS
+
+      assert_equal(<<-'EOS', @shellcraft.exit(1))
+  /* call exit(1) */
+  push 1 /* (SYS_exit) */
+  pop eax
+  push 1
+  pop ebx
+  int 0x80
+      EOS
+    end
+  end
+end