ytshih/unixprog2024-hw3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Yi-Ting Shih
2025-04-12 08:26:23 +08:00
commit aa66855054
57 changed files with 1702 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
test/1.ans Normal file
View File

@@ -0,0 +1,24 @@
(sdb) si
** please load a program first.
(sdb) load ./hello
** program './hello' loaded. entry point 0x401000.
401000: f3 0f 1e fa endbr64
401004: 55 push rbp
401005: 48 89 e5 mov rbp, rsp
401008: ba 0e 00 00 00 mov edx, 0xe
40100d: 48 8d 05 ec 0f 00 00 lea rax, [rip + 0xfec]
(sdb) si
401004: 55 push rbp
401005: 48 89 e5 mov rbp, rsp
401008: ba 0e 00 00 00 mov edx, 0xe
40100d: 48 8d 05 ec 0f 00 00 lea rax, [rip + 0xfec]
401014: 48 89 c6 mov rsi, rax
(sdb) si
401005: 48 89 e5 mov rbp, rsp
401008: ba 0e 00 00 00 mov edx, 0xe
40100d: 48 8d 05 ec 0f 00 00 lea rax, [rip + 0xfec]
401014: 48 89 c6 mov rsi, rax
401017: bf 01 00 00 00 mov edi, 1
(sdb) cont
hello world!
** the target program terminated.

6
test/1.in Normal file
View File

@@ -0,0 +1,6 @@
./sdb
si
load ./hello
si
si
cont

44
test/2.ans Normal file
View File

@@ -0,0 +1,44 @@
** program './hello' loaded. entry point 0x401000.
401000: f3 0f 1e fa endbr64
401004: 55 push rbp
401005: 48 89 e5 mov rbp, rsp
401008: ba 0e 00 00 00 mov edx, 0xe
40100d: 48 8d 05 ec 0f 00 00 lea rax, [rip + 0xfec]
(sdb) break 0x401005
** set a breakpoint at 0x401005.
(sdb) break 40102b
** set a breakpoint at 0x40102b.
(sdb) info break
Num Address
0 0x401005
1 0x40102b
(sdb) si
401004: 55 push rbp
401005: 48 89 e5 mov rbp, rsp
401008: ba 0e 00 00 00 mov edx, 0xe
40100d: 48 8d 05 ec 0f 00 00 lea rax, [rip + 0xfec]
401014: 48 89 c6 mov rsi, rax
(sdb) si
** hit a breakpoint at 0x401005.
401005: 48 89 e5 mov rbp, rsp
401008: ba 0e 00 00 00 mov edx, 0xe
40100d: 48 8d 05 ec 0f 00 00 lea rax, [rip + 0xfec]
401014: 48 89 c6 mov rsi, rax
401017: bf 01 00 00 00 mov edi, 1
(sdb) cont
** hit a breakpoint at 0x40102b.
40102b: b8 01 00 00 00 mov eax, 1
401030: 0f 05 syscall
401032: c3 ret
401033: b8 00 00 00 00 mov eax, 0
401038: 0f 05 syscall
(sdb) info reg
$rax 0x0000000000402000 $rbx 0x0000000000000000 $rcx 0x0000000000000000
$rdx 0x000000000000000e $rsi 0x0000000000402000 $rdi 0x0000000000000001
$rbp 0x00007ffe0e5cd5b8 $rsp 0x00007ffe0e5cd5b0 $r8 0x0000000000000000
$r9 0x0000000000000000 $r10 0x0000000000000000 $r11 0x0000000000000000
$r12 0x0000000000000000 $r13 0x0000000000000000 $r14 0x0000000000000000
$r15 0x0000000000000000 $rip 0x000000000040102b $eflags 0x0000000000000202
(sdb) cont
hello world!
** the target program terminated.

9
test/2.in Normal file
View File

@@ -0,0 +1,9 @@
./sdb ./hello
break 0x401005
break 40102b
info break
si
si
cont
info reg
cont

49
test/3.ans Normal file
View File

@@ -0,0 +1,49 @@
** program './guess' loaded. entry point 0x40108b.
40108b: f3 0f 1e fa endbr64
40108f: 55 push rbp
401090: 48 89 e5 mov rbp, rsp
401093: 48 83 ec 10 sub rsp, 0x10
401097: ba 12 00 00 00 mov edx, 0x12
(sdb) break 0x4010de
** set a breakpoint at 0x4010de.
(sdb) cont
guess a number > 1
** hit a breakpoint at 0x4010de.
4010de: 48 89 c7 mov rdi, rax
4010e1: e8 1a ff ff ff call 0x401000
4010e6: 85 c0 test eax, eax
4010e8: 75 1b jne 0x401105
4010ea: ba 06 00 00 00 mov edx, 6
(sdb) patch 0x4010e8 0x9090 2
** patch memory at address 0x4010e8.
(sdb) si
4010e1: e8 1a ff ff ff call 0x401000
4010e6: 85 c0 test eax, eax
4010e8: 90 nop
4010e9: 90 nop
4010ea: ba 06 00 00 00 mov edx, 6
(sdb) info break
Num Address
0 0x4010de
(sdb) delete 0
** delete breakpoint 0.
(sdb) break 0x4010ea
** set a breakpoint at 0x4010ea.
(sdb) delete 0
** breakpoint 0 does not exist.
(sdb) info break
Num Address
1 0x4010ea
(sdb) cont
** hit a breakpoint at 0x4010ea.
4010ea: ba 06 00 00 00 mov edx, 6
4010ef: 48 8d 05 1f 0f 00 00 lea rax, [rip + 0xf1f]
4010f6: 48 89 c6 mov rsi, rax
4010f9: bf 01 00 00 00 mov edi, 1
4010fe: e8 25 00 00 00 call 0x401128
(sdb) patch 0x402015 0x4e49570a 4
** patch memory at address 0x402015.
(sdb) cont
WIN
** the target program terminated.

14
test/3.in Normal file
View File

@@ -0,0 +1,14 @@
./sdb ./guess
break 0x4010de
cont
1
patch 0x4010e8 0x9090 2
si
info break
delete 0
break 0x4010ea
delete 0
info break
cont
patch 0x402015 0x4e49570a 4
cont

45
test/4.ans Normal file
View File

@@ -0,0 +1,45 @@
** program './hello' loaded. entry point 0x401000.
401000: f3 0f 1e fa endbr64
401004: 55 push rbp
401005: 48 89 e5 mov rbp, rsp
401008: ba 0e 00 00 00 mov edx, 0xe
40100d: 48 8d 05 ec 0f 00 00 lea rax, [rip + 0xfec]
(sdb) break 0x401005
** set a breakpoint at 0x401005.
(sdb) break 40102b
** set a breakpoint at 0x40102b.
(sdb) cont
** hit a breakpoint at 0x401005.
401005: 48 89 e5 mov rbp, rsp
401008: ba 0e 00 00 00 mov edx, 0xe
40100d: 48 8d 05 ec 0f 00 00 lea rax, [rip + 0xfec]
401014: 48 89 c6 mov rsi, rax
401017: bf 01 00 00 00 mov edi, 1
(sdb) syscall
** hit a breakpoint at 0x40102b.
40102b: b8 01 00 00 00 mov eax, 1
401030: 0f 05 syscall
401032: c3 ret
401033: b8 00 00 00 00 mov eax, 0
401038: 0f 05 syscall
(sdb) syscall
** enter a syscall(1) at 0x401030.
401030: 0f 05 syscall
401032: c3 ret
401033: b8 00 00 00 00 mov eax, 0
401038: 0f 05 syscall
40103a: c3 ret
(sdb) syscall
hello world!
** leave a syscall(1) = 14 at 0x401030.
401030: 0f 05 syscall
401032: c3 ret
401033: b8 00 00 00 00 mov eax, 0
401038: 0f 05 syscall
40103a: c3 ret
(sdb) syscall
** enter a syscall(60) at 0x401040.
401040: 0f 05 syscall
** the address is out of the range of the text section.
(sdb) syscall
** the target program terminated.

9
test/4.in Normal file
View File

@@ -0,0 +1,9 @@
./sdb ./hello
break 0x401005
break 40102b
cont
syscall
syscall
syscall
syscall
syscall

32
test/5.ans Normal file
View File

@@ -0,0 +1,32 @@
** program './guess' loaded. entry point 0x40108b.
40108b: f3 0f 1e fa endbr64
40108f: 55 push rbp
401090: 48 89 e5 mov rbp, rsp
401093: 48 83 ec 10 sub rsp, 0x10
401097: ba 12 00 00 00 mov edx, 0x12
(sdb) patch 0x4010e8 0x9090 2
** patch memory at address 0x4010e8.
(sdb) break 0x4010e8
** set a breakpoint at 0x4010e8.
(sdb) cont
guess a number > 1
** hit a breakpoint at 0x4010e8.
4010e8: 90 nop
4010e9: 90 nop
4010ea: ba 06 00 00 00 mov edx, 6
4010ef: 48 8d 05 1f 0f 00 00 lea rax, [rip + 0xf1f]
4010f6: 48 89 c6 mov rsi, rax
(sdb) break 4010ea
** set a breakpoint at 0x4010ea.
(sdb) patch 4010ea 0x03ba 4
** patch memory at address 0x4010ea.
(sdb) cont
** hit a breakpoint at 0x4010ea.
4010ea: ba 03 00 00 00 mov edx, 3
4010ef: 48 8d 05 1f 0f 00 00 lea rax, [rip + 0xf1f]
4010f6: 48 89 c6 mov rsi, rax
4010f9: bf 01 00 00 00 mov edi, 1
4010fe: e8 25 00 00 00 call 0x401128
(sdb) cont
ye** the target program terminated.

9
test/5.in Normal file
View File

@@ -0,0 +1,9 @@
./sdb ./guess
patch 0x4010e8 0x9090 2
break 0x4010e8
cont
1
break 4010ea
patch 4010ea 0x03ba 4
cont
cont

27
test/6.ans Normal file
View File

@@ -0,0 +1,27 @@
** program './guess' loaded. entry point 0x40108b.
40108b: f3 0f 1e fa endbr64
40108f: 55 push rbp
401090: 48 89 e5 mov rbp, rsp
401093: 48 83 ec 10 sub rsp, 0x10
401097: ba 12 00 00 00 mov edx, 0x12
(sdb) break 0x401128
** set a breakpoint at 0x401128.
(sdb) cont
** hit a breakpoint at 0x401128.
401128: b8 01 00 00 00 mov eax, 1
40112d: 0f 05 syscall
40112f: c3 ret
401130: b8 00 00 00 00 mov eax, 0
401135: 0f 05 syscall
(sdb) cont
guess a number > 1
** hit a breakpoint at 0x401128.
401128: b8 01 00 00 00 mov eax, 1
40112d: 0f 05 syscall
40112f: c3 ret
401130: b8 00 00 00 00 mov eax, 0
401135: 0f 05 syscall
(sdb) cont
no no no
** the target program terminated.

6
test/6.in Normal file
View File

@@ -0,0 +1,6 @@
./sdb ./guess
break 0x401128
cont
cont
1
cont

35
test/7.ans Normal file
View File

@@ -0,0 +1,35 @@
** program './hello' loaded. entry point 0x401000.
401000: f3 0f 1e fa endbr64
401004: 55 push rbp
401005: 48 89 e5 mov rbp, rsp
401008: ba 0e 00 00 00 mov edx, 0xe
40100d: 48 8d 05 ec 0f 00 00 lea rax, [rip + 0xfec]
(sdb) break 0x401030
** set a breakpoint at 0x401030.
(sdb) break 0x401040
** set a breakpoint at 0x401040.
(sdb) syscall
** hit a breakpoint at 0x401030.
401030: 0f 05 syscall
401032: c3 ret
401033: b8 00 00 00 00 mov eax, 0
401038: 0f 05 syscall
40103a: c3 ret
(sdb) syscall
** enter a syscall(1) at 0x401030.
401030: 0f 05 syscall
401032: c3 ret
401033: b8 00 00 00 00 mov eax, 0
401038: 0f 05 syscall
40103a: c3 ret
(sdb) cont
hello world!
** hit a breakpoint at 0x401040.
401040: 0f 05 syscall
** the address is out of the range of the text section.
(sdb) syscall
** enter a syscall(60) at 0x401040.
401040: 0f 05 syscall
** the address is out of the range of the text section.
(sdb) syscall
** the target program terminated.

8
test/7.in Normal file
View File

@@ -0,0 +1,8 @@
./sdb ./hello
break 0x401030
break 0x401040
syscall
syscall
cont
syscall
syscall

8
test/Makefile Normal file
View File

@@ -0,0 +1,8 @@
all:
chmod +x run_examples.py guess hello
test: all
./run_examples.py
clean:
rm -f *.out diff.txt

BIN
test/guess Executable file
View File

Binary file not shown.

BIN
test/hello Executable file
View File

Binary file not shown.

134
test/run_examples.py Executable file
View File

@@ -0,0 +1,134 @@
#!/usr/bin/env python3
from typing import List
from pwn import process, context
context.log_level = "error"
cases_to_run = ["1", "2", "3", "4", "5", "6", "7"]
TIMEOUT_SECONDS = 0.01
def wrap_recvrepeat(r):
if r.poll() is not None:
return b""
return r.recvrepeat(TIMEOUT_SECONDS)
def recvrepeats(r):
output = wrap_recvrepeat(r)
while output == b"":
if r.poll() is not None:
break
output = wrap_recvrepeat(r)
ret = b""
while output != b"":
ret += output
output = wrap_recvrepeat(r)
return ret
def execute_process(
case: str, command: List[str], stdin: List[str]
) -> tuple[int, bytes]:
"""Returns the exit code and output of the process (including stdin and stderr)"""
print(f"Running case {case} with command: {command}")
try:
r = process(command, shell=False)
output = b""
for line in stdin:
ret = recvrepeats(r)
output += ret
output += line.encode("utf-8")
if r.poll() is None: # Only send if the process is still running
r.send(line.encode("utf-8"))
output += recvrepeats(r)
r.close()
except Exception as e:
print(f"Error: {e}")
return 1, b""
return 0, output
if __name__ == "__main__":
# Clean up the diff file
with open("diff.txt", "w") as f:
f.write("")
for case in cases_to_run:
with open(f"{case}.in", "r") as f:
lines = f.readlines()
run_command: List[str] = lines[0].split()
input = lines[1:]
_, output = execute_process(case, run_command, input)
# Remove the last prompt
if output.endswith(b"(sdb) "):
output = output[:-6]
# Remove null bytes
output = output.replace(b"\x00", b"")
# Write the output to a file
with open(f"{case}.out", "wb") as f:
f.write(output)
diff_command = f"diff -w -B -u {case}.out {case}.ans"
diff_process = process(diff_command, shell=True)
diff_output = diff_process.recvall()
diff_process.close()
diff_lines = diff_output.decode("utf-8").split("\n")
diff_lines = [
line for line in diff_lines if line.startswith("-") or line.startswith("+")
]
diff_lines = [line for line in diff_lines if not line.startswith("---")]
diff_lines = [line for line in diff_lines if not line.startswith("+++")]
i = 0
while True:
if i + 1 >= len(diff_lines):
break
if "-$rbp" in diff_lines[i] and "+$rbp" in diff_lines[i + 1]:
output_line = diff_lines.pop(i)[1:].split()
expected_line = diff_lines.pop(i)[1:].split()
if len(output_line) != 6:
diff_lines.append(f"error")
break
output_rbp = int(output_line[1], 16)
output_rsp = int(output_line[3], 16)
output_r8 = int(output_line[5], 16)
expected_rbp = int(expected_line[1], 16)
expected_rsp = int(expected_line[3], 16)
expected_r8 = int(expected_line[5], 16)
if (
output_rbp - output_rsp != expected_rbp - expected_rsp
or output_r8 != expected_r8
):
diff_lines.append(f"error")
break
continue
i += 1
# Print the diff output if there is a difference
print(f"Case {case}: {'PASS' if len(diff_lines) == 0 else 'FAIL'}", end="\n\n")
# Print the diff output to `diff.txt`
if len(diff_lines) > 0:
with open("diff.txt", "a") as f:
f.write(diff_output.decode("utf-8"))
f.write("\n\n")