1. Advisor
  2. archr
  3. functions
  4. archr.targets.LocalTarget
View all archr analysis

How to use the archr.targets.LocalTarget function in archr

To help you get started, we’ve selected a few archr examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github angr / archr / tests / test_shellcode_hook.py View on Github external
def test_local_hook(self):
        # copy out /bin/false, because we can't overwrite it obviously
        tf = tempfile.mktemp()
        shutil.copy("/bin/false", tf)
        with archr.targets.LocalTarget([tf]).build().start() as t:
            assert t.run_command().wait() == 1
            with t.shellcode_context(asm_code="mov rax, 0x3c; mov rdi, 0x2a; syscall") as p:
                assert p.wait() == 42
            assert t.run_command().wait() == 1
        os.unlink(tf)
github angr / archr / tests / test_localtarget_simple.py View on Github external
def test_local_true(self):
        with archr.targets.LocalTarget(["/bin/true"]).build().start() as t:
            p = t.run_command()
            p.wait()
            assert p.returncode == 0
github angr / rex / tests / test_rex.py View on Github external
def test_reconstraining():
    # Test our ability to reconstrain

    inp = b'3\x89111'+b'0'+b'A'*190+b'1'
    path = os.path.join(bin_location, "tests/cgc/PIZZA_00003")

    with archr.targets.LocalTarget([path], target_os='cgc') as target:
        crash = rex.Crash(target, inp, fast_mode=True, rop_cache_path=os.path.join(cache_location, 'PIZZA_00003'))

        ptfi = list(crash.point_to_flag())
        nose.tools.assert_true(len(ptfi) >= 2)

        # test point to flag #1
        cg = colorguard.ColorGuard(path, ptfi[0])
        x = cg.attempt_exploit()
        nose.tools.assert_not_equal(x, None)
        nose.tools.assert_true(_do_pov_test(x))

        # test point to flag #2
        cg = colorguard.ColorGuard(path, ptfi[1])
        x = cg.attempt_exploit()
        nose.tools.assert_not_equal(x, None)
        nose.tools.assert_true(_do_pov_test(x))
github angr / rex / tests / test_rex.py View on Github external
def test_cromu71():
    inp = b'3&\x1b\x17/\x12\x1b\x1e]]]]]]]]]]]]]]]]]]]]\n\x1e\x7f\xffC^\n'
    path = os.path.join(bin_location, "tests/cgc/simplified_CROMU_00071")

    # create format info for atoi
    format_infos = []
    format_infos.append(FormatInfoStrToInt(0x804C500, "based_atoi_signed_10", str_arg_num=0, base=10,
                                           base_arg=None, allows_negative=True))

    with archr.targets.LocalTarget([path], target_os='cgc') as target:
        crash = rex.Crash(target, inp, fast_mode=True, rop_cache_path=os.path.join(cache_location, 'simplified_CROMU_00071'))

        # let's generate some exploits for it
        arsenal = crash.exploit(blacklist_techniques={'rop_set_register', 'rop_leak_memory'})
        crash.project.loader.close()

        # make sure it works
        nose.tools.assert_true(_do_pov_test(arsenal.best_type1))
github angr / rex / tests / test_explore.py View on Github external
def test_write_what_where_shadowstack():

    # Test that our write what where exploit can leak, and works in the presence of a shadowstack
    inp = b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
    path = os.path.join(bin_location, "tests/cgc/write_what_where_shadow_stack")

    with archr.targets.LocalTarget([path], target_os='cgc') as target:
        crash = rex.Crash(target, inp, rop_cache_path=os.path.join(cache_location, "write_what_where_shadow_stack"))
        arsenal = crash.exploit()
        crash.project.loader.close()

        exploit = arsenal.best_type2
        nose.tools.assert_true(exploit.test_binary())
github angr / archr / tests / test_localtarget_simple.py View on Github external
def test_local_crasher(self):
        with archr.targets.LocalTarget([os.path.join(os.path.dirname(__file__), "dockers", "crasher", "crasher")]).build().start() as t:
            p = t.run_command()
            p.wait()
            assert p.returncode == -11
github angr / archr / tests / test_bow_angr.py View on Github external
def test_env_angr_local(self):
        tf = tempfile.mktemp()
        shutil.copy("/usr/bin/env", tf)
        with archr.targets.LocalTarget([tf], target_env=["ARCHR=YES"]).build().start() as t:
            self.angr_checks(t)
        os.unlink(tf)
github angr / archr / tests / test_angr_tracing.py View on Github external
def test_angr_tracing(self):
        target = archr.targets.LocalTarget(os.path.join(test_location, '../../binaries/tests/x86_64/true'))
        dsb = archr.arsenal.DataScoutBow(target)
        apb = archr.arsenal.angrProjectBow(target, dsb)
        asb = archr.arsenal.angrStateBow(target, apb)
        qtb = archr.arsenal.QEMUTracerBow(target)

        trace = qtb.fire()
        p = apb.fire()
        s = asb.fire()
        tech = trace.tracer_technique()
        simgr = p.factory.simulation_manager(s)
        simgr.use_technique(tech)
        simgr.run()

        assert len(simgr.traced) == 1
github angr / archr / tests / test_bow_gdbserver.py View on Github external
def test_cat_local(self):
        with archr.targets.LocalTarget(["/bin/false"]).build().start() as t:
            self.check_gdb_cat(t)

archr

Target-centric program analysis.

GitHub
BSD-2-Clause
Latest version published 2 days ago

Package Health Score

75 / 100
Full package analysis

Popular archr functions

Similar packages