LIEF/tests/elf/add_section.py

#!/usr/bin/env python
import unittest
import logging
import os
import sys
import stat
import re
import subprocess
import tempfile
import shutil
from subprocess import Popen

import lief
from lief.ELF import Section

from unittest import TestCase
from utils import get_sample, has_recent_glibc

CURRENT_DIRECTORY = os.path.dirname(os.path.abspath(__file__))
STUB = lief.parse(os.path.join(CURRENT_DIRECTORY, "hello_lief.bin"))

class TestAddSection(TestCase):
    def setUp(self):
        self.logger = logging.getLogger(__name__)
        self.tmp_dir = tempfile.mkdtemp(suffix='_lief_test_section')
        self.logger.debug("temp dir: {}".format(self.tmp_dir))


    @unittest.skipUnless(sys.platform.startswith("linux"), "requires Linux")
    @unittest.skipUnless(has_recent_glibc(), "Need a recent GLIBC version")
    def test_simple(self):
        sample_path = get_sample('ELF/ELF64_x86-64_binary_ls.bin')
        output      = os.path.join(self.tmp_dir, "ls.section")

        ls = lief.parse(sample_path)
        for i in range(10):
            section = Section(".test.{:d}".format(i), lief.ELF.SECTION_TYPES.PROGBITS)
            section += lief.ELF.SECTION_FLAGS.EXECINSTR
            section += lief.ELF.SECTION_FLAGS.WRITE
            section.content   = STUB.segments[0].content # First LOAD segment which holds payload
            if i % 2 == 0:
                section = ls.add(section, loaded=True)
                ls.header.entrypoint = section.virtual_address + STUB.header.entrypoint
            else:
                section = ls.add(section, loaded=False)

        ls.write(output)

        st = os.stat(output)
        os.chmod(output, st.st_mode | stat.S_IEXEC)

        p = Popen(output, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
        stdout, _ = p.communicate()
        self.logger.debug(stdout.decode("utf8"))
        self.assertIsNotNone(re.search(r'LIEF is Working', stdout.decode("utf8")))


    @unittest.skipUnless(sys.platform.startswith("linux"), "requires Linux")
    @unittest.skipUnless(has_recent_glibc(), "Need a recent GLIBC version")
    def test_gcc(self):
        sample_path = get_sample('ELF/ELF64_x86-64_binary_gcc.bin')
        output      = os.path.join(self.tmp_dir, "gcc.section")

        gcc = lief.parse(sample_path)
        for i in range(10):
            section = Section(".test.{:d}".format(i), lief.ELF.SECTION_TYPES.PROGBITS)
            section.type     = lief.ELF.SECTION_TYPES.PROGBITS
            section         += lief.ELF.SECTION_FLAGS.EXECINSTR
            section         += lief.ELF.SECTION_FLAGS.WRITE
            section.content  = STUB.segments[0].content # First LOAD segment which holds payload

            if i % 2 == 0:
                section = gcc.add(section, loaded=True)
                gcc.header.entrypoint = section.virtual_address + STUB.header.entrypoint
            else:
                section = gcc.add(section, loaded=False)

        gcc.write(output)

        st = os.stat(output)
        os.chmod(output, st.st_mode | stat.S_IEXEC)

        p = Popen(output, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
        stdout, _ = p.communicate()
        self.logger.debug(stdout.decode("utf8"))
        self.assertIsNotNone(re.search(r'LIEF is Working', stdout.decode("utf8")))


    def tearDown(self):
        # Delete it
        if os.path.isdir(self.tmp_dir):
            shutil.rmtree(self.tmp_dir)

if __name__ == '__main__':

    root_logger = logging.getLogger()
    root_logger.setLevel(logging.DEBUG)

    ch = logging.StreamHandler()
    ch.setLevel(logging.DEBUG)
    root_logger.addHandler(ch)

    unittest.main(verbosity=2)
First public release 2017-03-30 16:56:49 +02:00			`#!/usr/bin/env python`
			`import unittest`
			`import logging`
			`import os`
			`import sys`
			`import stat`
			`import re`
			`import subprocess`
			`import tempfile`
			`import shutil`
			`from subprocess import Popen`

			`import lief`
			`from lief.ELF import Section`

			`from unittest import TestCase`
Build manylinux1-compliant wheels in Travis * Temporarily disable Melkor in test suite The Makefile uses the -executable flag which doesn't work on RHEL5. Disabling until I find a workaround for this. * Patch Makefile in Melkor fuzzer This replaces the `-executable` flag which is not supported by `find` on CentOS 5. * Respect CC environment variable Several tests hard coded /usr/bin/cc which might not exist in some environments. We first check the CC environment variable and fall back to the hard coded path if CC is unset. * Skip tests on GLIBC < 2.17 Some test binaries were linked against GLIBC 2.17. Skip tests which use this binary if the platform does not have the required GLIBC version. * Enable ccache in Docker in Travis builds * Run `auditwheel repair` on the produced wheels This will vendor the needed external shared libraries into the wheel and tag it as manylinux1. * Install ccache in Docker image * Avoid using bind mount volume in Docker build The bind mount volume wrote files as 'root' which causes issues with the deploy script in Travis. Copying the source code into the image and retrieving the built wheels instead of mounting the source tree fixes this issue. * Fix missing build folder when building with Docker After finishing the build inside Docker we need the build directory from the container to be able to deploy the built artifacts with deploy.sh. * Use the right Python interpreter for Linux builds The Dockerized .travis.yml builds attempt to invoke the interpreter in the PYTHON_BINARY environment variable, which is only valid inside the Docker image. To fix this, override the variable on Linux for tasks which require the host's Python interpreter. * Fix missing pip installation in Travis The Ubuntu image in Travis does not come with `pip` preinstalled for Python 3. * Remove .git directory from .dockerignore As `setup.py` uses `git` to determine the version number we need to copy the contents of `.git` into the image. 2019-08-22 22:05:53 +01:00			`from utils import get_sample, has_recent_glibc`
First public release 2017-03-30 16:56:49 +02:00
			`CURRENT_DIRECTORY = os.path.dirname(os.path.abspath(__file__))`
			`STUB = lief.parse(os.path.join(CURRENT_DIRECTORY, "hello_lief.bin"))`

			`class TestAddSection(TestCase):`
			`def setUp(self):`
			`self.logger = logging.getLogger(__name__)`
			`self.tmp_dir = tempfile.mkdtemp(suffix='_lief_test_section')`
			`self.logger.debug("temp dir: {}".format(self.tmp_dir))`


			`@unittest.skipUnless(sys.platform.startswith("linux"), "requires Linux")`
Build manylinux1-compliant wheels in Travis * Temporarily disable Melkor in test suite The Makefile uses the -executable flag which doesn't work on RHEL5. Disabling until I find a workaround for this. * Patch Makefile in Melkor fuzzer This replaces the `-executable` flag which is not supported by `find` on CentOS 5. * Respect CC environment variable Several tests hard coded /usr/bin/cc which might not exist in some environments. We first check the CC environment variable and fall back to the hard coded path if CC is unset. * Skip tests on GLIBC < 2.17 Some test binaries were linked against GLIBC 2.17. Skip tests which use this binary if the platform does not have the required GLIBC version. * Enable ccache in Docker in Travis builds * Run `auditwheel repair` on the produced wheels This will vendor the needed external shared libraries into the wheel and tag it as manylinux1. * Install ccache in Docker image * Avoid using bind mount volume in Docker build The bind mount volume wrote files as 'root' which causes issues with the deploy script in Travis. Copying the source code into the image and retrieving the built wheels instead of mounting the source tree fixes this issue. * Fix missing build folder when building with Docker After finishing the build inside Docker we need the build directory from the container to be able to deploy the built artifacts with deploy.sh. * Use the right Python interpreter for Linux builds The Dockerized .travis.yml builds attempt to invoke the interpreter in the PYTHON_BINARY environment variable, which is only valid inside the Docker image. To fix this, override the variable on Linux for tasks which require the host's Python interpreter. * Fix missing pip installation in Travis The Ubuntu image in Travis does not come with `pip` preinstalled for Python 3. * Remove .git directory from .dockerignore As `setup.py` uses `git` to determine the version number we need to copy the contents of `.git` into the image. 2019-08-22 22:05:53 +01:00			`@unittest.skipUnless(has_recent_glibc(), "Need a recent GLIBC version")`
First public release 2017-03-30 16:56:49 +02:00			`def test_simple(self):`
			`sample_path = get_sample('ELF/ELF64_x86-64_binary_ls.bin')`
			`output = os.path.join(self.tmp_dir, "ls.section")`

			`ls = lief.parse(sample_path)`
Improve the ELF part of LIEF Major changes (features): * Enable adding multiple sections/segments - Executable (PIE or not), Library * Enable adding multiple dynamic entries (DT_NEEDED, DT_INIT etc) * Enable adding multiple relocations * Enable adding multiple dynamic symbols * Enable segment replacement Major changes (API): * Getters Binary::get_name() has been renamed to "name()" * Binary::add(const DynamicEntry& entry) - To add an entry in the dynamic table * Section& Binary::add(const Section& section, bool loaded = true) - To add a section(s) * Segment& Binary::add(const Segment& segment, uint64_t base = 0) - To add segments * Segment& replace(const Segment& new_segment, const Segment& original_segment, uint64_t base = 0) * Binary's last_offset_section(), last_offset_segment(), next_virtual_address() to have information about offset * Binary's add_library(), get_library(), has_library() to handle DT_NEEDED entries Other changes: * Binary::insert_content() - Use add(const Section&) or add(const Segment&) instead * ELF's DataHandler has been cleaned * Through LIEF::Section one can look for integers, strings, data within the section (see LIEF::Section::search, LIEF::Section::search_all) * Through LIEF::Binary one can get xref of a number (or address) see LIEF::Binary::xref function * To access to the Abstract binary in Python, one can now use the 'abstract' attribute. (e.g. binary.abstract.header.is_32) Resolve: #83 Resolve: #66 Resolve: #48 2017-09-02 08:54:54 +02:00			`for i in range(10):`
			`section = Section(".test.{:d}".format(i), lief.ELF.SECTION_TYPES.PROGBITS)`
			`section += lief.ELF.SECTION_FLAGS.EXECINSTR`
			`section += lief.ELF.SECTION_FLAGS.WRITE`
			`section.content = STUB.segments[0].content # First LOAD segment which holds payload`
			`if i % 2 == 0:`
			`section = ls.add(section, loaded=True)`
			`ls.header.entrypoint = section.virtual_address + STUB.header.entrypoint`
			`else:`
			`section = ls.add(section, loaded=False)`
First public release 2017-03-30 16:56:49 +02:00
			`ls.write(output)`

			`st = os.stat(output)`
			`os.chmod(output, st.st_mode \| stat.S_IEXEC)`

			`p = Popen(output, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)`
			`stdout, _ = p.communicate()`
			`self.logger.debug(stdout.decode("utf8"))`
			`self.assertIsNotNone(re.search(r'LIEF is Working', stdout.decode("utf8")))`


			`@unittest.skipUnless(sys.platform.startswith("linux"), "requires Linux")`
Build manylinux1-compliant wheels in Travis * Temporarily disable Melkor in test suite The Makefile uses the -executable flag which doesn't work on RHEL5. Disabling until I find a workaround for this. * Patch Makefile in Melkor fuzzer This replaces the `-executable` flag which is not supported by `find` on CentOS 5. * Respect CC environment variable Several tests hard coded /usr/bin/cc which might not exist in some environments. We first check the CC environment variable and fall back to the hard coded path if CC is unset. * Skip tests on GLIBC < 2.17 Some test binaries were linked against GLIBC 2.17. Skip tests which use this binary if the platform does not have the required GLIBC version. * Enable ccache in Docker in Travis builds * Run `auditwheel repair` on the produced wheels This will vendor the needed external shared libraries into the wheel and tag it as manylinux1. * Install ccache in Docker image * Avoid using bind mount volume in Docker build The bind mount volume wrote files as 'root' which causes issues with the deploy script in Travis. Copying the source code into the image and retrieving the built wheels instead of mounting the source tree fixes this issue. * Fix missing build folder when building with Docker After finishing the build inside Docker we need the build directory from the container to be able to deploy the built artifacts with deploy.sh. * Use the right Python interpreter for Linux builds The Dockerized .travis.yml builds attempt to invoke the interpreter in the PYTHON_BINARY environment variable, which is only valid inside the Docker image. To fix this, override the variable on Linux for tasks which require the host's Python interpreter. * Fix missing pip installation in Travis The Ubuntu image in Travis does not come with `pip` preinstalled for Python 3. * Remove .git directory from .dockerignore As `setup.py` uses `git` to determine the version number we need to copy the contents of `.git` into the image. 2019-08-22 22:05:53 +01:00			`@unittest.skipUnless(has_recent_glibc(), "Need a recent GLIBC version")`
First public release 2017-03-30 16:56:49 +02:00			`def test_gcc(self):`
			`sample_path = get_sample('ELF/ELF64_x86-64_binary_gcc.bin')`
			`output = os.path.join(self.tmp_dir, "gcc.section")`

			`gcc = lief.parse(sample_path)`
Improve the ELF part of LIEF Major changes (features): * Enable adding multiple sections/segments - Executable (PIE or not), Library * Enable adding multiple dynamic entries (DT_NEEDED, DT_INIT etc) * Enable adding multiple relocations * Enable adding multiple dynamic symbols * Enable segment replacement Major changes (API): * Getters Binary::get_name() has been renamed to "name()" * Binary::add(const DynamicEntry& entry) - To add an entry in the dynamic table * Section& Binary::add(const Section& section, bool loaded = true) - To add a section(s) * Segment& Binary::add(const Segment& segment, uint64_t base = 0) - To add segments * Segment& replace(const Segment& new_segment, const Segment& original_segment, uint64_t base = 0) * Binary's last_offset_section(), last_offset_segment(), next_virtual_address() to have information about offset * Binary's add_library(), get_library(), has_library() to handle DT_NEEDED entries Other changes: * Binary::insert_content() - Use add(const Section&) or add(const Segment&) instead * ELF's DataHandler has been cleaned * Through LIEF::Section one can look for integers, strings, data within the section (see LIEF::Section::search, LIEF::Section::search_all) * Through LIEF::Binary one can get xref of a number (or address) see LIEF::Binary::xref function * To access to the Abstract binary in Python, one can now use the 'abstract' attribute. (e.g. binary.abstract.header.is_32) Resolve: #83 Resolve: #66 Resolve: #48 2017-09-02 08:54:54 +02:00			`for i in range(10):`
			`section = Section(".test.{:d}".format(i), lief.ELF.SECTION_TYPES.PROGBITS)`
			`section.type = lief.ELF.SECTION_TYPES.PROGBITS`
			`section += lief.ELF.SECTION_FLAGS.EXECINSTR`
			`section += lief.ELF.SECTION_FLAGS.WRITE`
			`section.content = STUB.segments[0].content # First LOAD segment which holds payload`

			`if i % 2 == 0:`
			`section = gcc.add(section, loaded=True)`
			`gcc.header.entrypoint = section.virtual_address + STUB.header.entrypoint`
			`else:`
			`section = gcc.add(section, loaded=False)`
First public release 2017-03-30 16:56:49 +02:00
			`gcc.write(output)`

			`st = os.stat(output)`
			`os.chmod(output, st.st_mode \| stat.S_IEXEC)`

			`p = Popen(output, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)`
			`stdout, _ = p.communicate()`
			`self.logger.debug(stdout.decode("utf8"))`
			`self.assertIsNotNone(re.search(r'LIEF is Working', stdout.decode("utf8")))`


			`def tearDown(self):`
			`# Delete it`
			`if os.path.isdir(self.tmp_dir):`
			`shutil.rmtree(self.tmp_dir)`

			`if __name__ == '__main__':`

			`root_logger = logging.getLogger()`
			`root_logger.setLevel(logging.DEBUG)`

			`ch = logging.StreamHandler()`
			`ch.setLevel(logging.DEBUG)`
			`root_logger.addHandler(ch)`

			`unittest.main(verbosity=2)`