|
3 | 3 | # Cross Platform and Multi Architecture Advanced Binary Emulation Framework |
4 | 4 | # |
5 | 5 |
|
6 | | -import sys, subprocess, threading, unittest, socket, time |
7 | | -from binascii import unhexlify |
| 6 | +import sys, threading, unittest, socket, time |
8 | 7 |
|
9 | 8 | sys.path.append("..") |
10 | | -from qiling import * |
11 | | -from qiling.exception import * |
| 9 | +from qiling import Qiling |
12 | 10 | from qiling.const import QL_VERBOSE |
13 | 11 |
|
14 | | -DELAY = 1 |
15 | | - |
16 | | -def checksum(data): |
17 | | - checksum = 0 |
18 | | - for c in data: |
19 | | - if type(c) == str: |
20 | | - checksum += (ord(c)) |
21 | | - else: |
22 | | - checksum += c |
23 | | - return checksum & 0xff |
24 | | - |
25 | | -def send_raw(netout, r): |
26 | | - netout.write(r) |
27 | | - netout.flush() |
28 | | - |
29 | | -def send(netout, msg): |
30 | | - time.sleep(DELAY) |
31 | | - send_raw(netout, '$%s#%.2x' % (msg, checksum(msg))) |
| 12 | +class SimpleGdbClient: |
| 13 | + DELAY = 0.6 |
| 14 | + |
| 15 | + def __init__(self, host: str, port: int): |
| 16 | + sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM) |
| 17 | + txtf = sock.makefile('w') |
| 18 | + |
| 19 | + sock.connect((host, port)) |
| 20 | + |
| 21 | + self.__sock = sock |
| 22 | + self.__file = txtf |
| 23 | + |
| 24 | + def __enter__(self): |
| 25 | + return self |
| 26 | + |
| 27 | + def __exit__(self, ex_type, ex_value, ex_traceback): |
| 28 | + self.__sock.close() |
| 29 | + |
| 30 | + @staticmethod |
| 31 | + def checksum(data: str) -> int: |
| 32 | + return sum(ord(c) for c in data) & 0xff |
| 33 | + |
| 34 | + def send(self, msg: str): |
| 35 | + time.sleep(SimpleGdbClient.DELAY) |
| 36 | + |
| 37 | + self.__file.write(f'${msg}#{SimpleGdbClient.checksum(msg):02x}') |
| 38 | + self.__file.flush() |
32 | 39 |
|
33 | 40 | class DebuggerTest(unittest.TestCase): |
34 | | - |
| 41 | + |
35 | 42 | def test_gdbdebug_file_server(self): |
36 | 43 | ql = Qiling(["../examples/rootfs/x8664_linux/bin/x8664_hello"], "../examples/rootfs/x8664_linux", verbose=QL_VERBOSE.DEBUG) |
37 | 44 | ql.debugger = True |
38 | 45 |
|
39 | 46 | # some random command test just to make sure we covered most of the command |
40 | 47 | def gdb_test_client(): |
41 | | - time.sleep(DELAY * 2) |
42 | | - gdb_client = socket.socket(socket.AF_INET,socket.SOCK_STREAM) |
43 | | - netout = gdb_client.makefile('w') |
44 | | - gdb_client.connect(('127.0.0.1',9999)) |
45 | | - time.sleep(DELAY) |
46 | | - send(netout, "qSupported:multiprocess+;swbreak+;hwbreak+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+;xmlRegisters=i386") |
47 | | - time.sleep(DELAY) |
48 | | - send(netout, "vMustReplyEmpty") |
49 | | - time.sleep(DELAY) |
50 | | - send(netout, "QStartNoAckMode") |
51 | | - time.sleep(DELAY) |
52 | | - send(netout, "Hgp0.0") |
53 | | - time.sleep(DELAY) |
54 | | - send(netout, "qXfer:auxv:read::0, 1000") |
55 | | - time.sleep(DELAY) |
56 | | - send(netout, "?") |
57 | | - time.sleep(DELAY) |
58 | | - send(netout, "qXfer:threads:read::0,fff") |
59 | | - time.sleep(DELAY) |
60 | | - send(netout, "qAttached:"+ str(ql.os.pid)) |
61 | | - time.sleep(DELAY) |
62 | | - send(netout, "qC") |
63 | | - time.sleep(DELAY) |
64 | | - send(netout, "g") |
65 | | - time.sleep(DELAY) |
66 | | - send(netout, "m555555554040, 1f8") |
67 | | - time.sleep(DELAY) |
68 | | - send(netout, "m555555554000, 100") |
69 | | - time.sleep(DELAY) |
70 | | - send(netout, "m200, 100") |
71 | | - time.sleep(DELAY) |
72 | | - send(netout, "p10") |
73 | | - time.sleep(DELAY) |
74 | | - send(netout, "Z0,555555554ada, 1") |
75 | | - time.sleep(DELAY) |
76 | | - send(netout, "c") |
77 | | - time.sleep(DELAY) |
78 | | - send(netout, "k") |
79 | | - time.sleep(DELAY) |
80 | | - gdb_client.close() |
81 | | - |
82 | | - debugger_file_therad = threading.Thread(target=gdb_test_client, daemon=True) |
83 | | - debugger_file_therad.start() |
84 | | - |
| 48 | + # yield to allow ql to launch its gdbserver |
| 49 | + time.sleep(1.337 * 2) |
| 50 | + |
| 51 | + with SimpleGdbClient('127.0.0.1', 9999) as client: |
| 52 | + client.send('qSupported:multiprocess+;swbreak+;hwbreak+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+;xmlRegisters=i386') |
| 53 | + client.send('vMustReplyEmpty') |
| 54 | + client.send('QStartNoAckMode') |
| 55 | + client.send('Hgp0.0') |
| 56 | + client.send('qXfer:auxv:read::0, 1000') |
| 57 | + client.send('?') |
| 58 | + client.send('qXfer:threads:read::0,fff') |
| 59 | + client.send(f'qAttached:{ql.os.pid}') |
| 60 | + client.send('qC') |
| 61 | + client.send('g') |
| 62 | + client.send('m555555554040, 1f8') |
| 63 | + client.send('m555555554000, 100') |
| 64 | + client.send('m200, 100') |
| 65 | + client.send('p10') |
| 66 | + client.send('Z0,555555554ada, 1') |
| 67 | + client.send('c') |
| 68 | + client.send('k') |
| 69 | + |
| 70 | + # yield to make sure ql gdbserver has enough time to receive our last command |
| 71 | + time.sleep(1.337) |
| 72 | + |
| 73 | + threading.Thread(target=gdb_test_client, daemon=True).start() |
| 74 | + |
85 | 75 | ql.run() |
86 | 76 | del ql |
87 | 77 |
|
88 | 78 | def test_gdbdebug_shellcode_server(self): |
89 | | - X8664_LIN = unhexlify('31c048bbd19d9691d08c97ff48f7db53545f995257545eb03b0f05') |
90 | | - ql = Qiling(code = X8664_LIN, archtype = "x8664", ostype = "linux") |
91 | | - ql.debugger = "gdb:127.0.0.1:9998" |
| 79 | + X8664_LIN = bytes.fromhex('31c048bbd19d9691d08c97ff48f7db53545f995257545eb03b0f05') |
| 80 | + |
| 81 | + ql = Qiling(code=X8664_LIN, archtype='x8664', ostype='linux') |
| 82 | + ql.debugger = 'gdb:127.0.0.1:9998' |
92 | 83 |
|
93 | 84 | def gdb_test_client(): |
94 | | - time.sleep(DELAY * 2) |
95 | | - gdb_client = socket.socket(socket.AF_INET,socket.SOCK_STREAM) |
96 | | - netout = gdb_client.makefile('w') |
97 | | - gdb_client.connect(('127.0.0.1',9998)) |
98 | | - time.sleep(DELAY) |
99 | | - send(netout, "qSupported:multiprocess+;swbreak+;hwbreak+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+;xmlRegisters=i386") |
100 | | - send(netout, "vMustReplyEmpty") |
101 | | - time.sleep(DELAY) |
102 | | - send(netout, "QStartNoAckMode") |
103 | | - time.sleep(DELAY) |
104 | | - send(netout, "Hgp0.0") |
105 | | - time.sleep(DELAY) |
106 | | - send(netout, "?") |
107 | | - time.sleep(DELAY) |
108 | | - send(netout, "qC") |
109 | | - time.sleep(DELAY) |
110 | | - send(netout, "g") |
111 | | - time.sleep(DELAY) |
112 | | - send(netout, "p10") |
113 | | - time.sleep(DELAY) |
114 | | - send(netout, "c") |
115 | | - time.sleep(DELAY) |
116 | | - send(netout, "k") |
117 | | - time.sleep(DELAY) |
118 | | - gdb_client.close() |
119 | | - |
120 | | - debugger_shellcode_therad = threading.Thread(target=gdb_test_client, daemon=True) |
121 | | - debugger_shellcode_therad.start() |
| 85 | + # yield to allow ql to launch its gdbserver |
| 86 | + time.sleep(1.337 * 2) |
| 87 | + |
| 88 | + with SimpleGdbClient('127.0.0.1', 9998) as client: |
| 89 | + client.send('qSupported:multiprocess+;swbreak+;hwbreak+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+;xmlRegisters=i386') |
| 90 | + client.send('vMustReplyEmpty') |
| 91 | + client.send('QStartNoAckMode') |
| 92 | + client.send('Hgp0.0') |
| 93 | + client.send('?') |
| 94 | + client.send('qC') |
| 95 | + client.send('g') |
| 96 | + client.send('p10') |
| 97 | + client.send('c') |
| 98 | + client.send('k') |
| 99 | + |
| 100 | + # yield to make sure ql gdbserver has enough time to receive our last command |
| 101 | + time.sleep(1.337) |
| 102 | + |
| 103 | + threading.Thread(target=gdb_test_client, daemon=True).start() |
122 | 104 |
|
123 | 105 | ql.run() |
124 | 106 | del ql |
|
0 commit comments