rizinorg / rizin

UNIX-like reverse engineering framework and command-line toolset.
https://rizin.re
GNU Lesser General Public License v3.0
2.71k stars 363 forks source link

Add Windows and Jemalloc heap parsing tests #158

Open XVilka opened 3 years ago

XVilka commented 3 years ago

Currently only glibc heap is tested with

NAME=dmh/dmha with memory dump
FILE=bins/heap/linux_glibc-2.30_x64.bin
ARGS=-n
CMDS=<<EOF
#re-map arena and [heap]
om 3 0x7ffff7f8a000 0x898 0x0 rw- arena
om 3 0x555555559000 0x3200 0x898 rw- [heap]

dmha~?0x7ffff7f8a000
e dbg.glibc.tcache=0
dmh~?allocated
e dbg.glibc.tcache=1
dmh~?allocated
EOF
EXPECT=<<EOF
1
3
2
EOF
RUN

Note, that this static test probably should be moved under a separate category heap, since not really dependent from the operating system.

We need add this static tests for Windows heap parser and jemalloc too.

cc @GustavoLCR @meowmeowxw

meowmeowxw commented 3 years ago

I'm the author of https://github.com/rizinorg/rizin/blob/dev/test/db/archos/linux-x64/dbg_dmht, every binary inside bins/elf/ has a patchef interpreter/linker. Example:

$ patchelf --print-interpreter bins/elf/glibc-heap-2.27
bins/elf/ld-2.27.so

Now I'm particularly busy to continue working on this

XVilka commented 3 years ago

@PulakIIIT regarding this. Currently heap parsing is running only on Linux. But the heap parsing is untied to the debugger. What about making existing heap parsing tests static? So they will be runned on all supported platforms - e.g. Linux glibc binary heap would be parsed even on Windows, MacOS, FreeBSD.

MalhotraPulak commented 3 years ago

Can you elaborate more or provide some relevant links? I am a bit confused, I do not understand how Glibc binary can be run on a platform like MacOS.

XVilka commented 3 years ago

@PulakIIIT idea is not to run these binaries. Idea is to:

  1. Run the binary on Linux with desired configuration
  2. Save the required memory maps in files
  3. Add them in rizin-testbins
  4. Open them as om
  5. Then run heap parsing without any actual debugging

This way we will preserve old versions support easier, since these snapshots will not be touched since.

Just see the issue description - it doesn't use any debugging, so it can be moved into platform-independent tests directory.

MalhotraPulak commented 3 years ago

Thanks this was helpful. One more thing, as mentioned in #157 the heap parsing code currently compiled as per the OS. So currently when we save the memory map on Linux with glibc binary, it will be interpreted by Jemalloc on macOS, right? Will this cause any issues?

XVilka commented 3 years ago

@PulakIIIT right, so this should be fixed first. I think it's better to do a minor refactoring, to just allow it to be built on all platforms, without doing major changes. This would allow us to create static tests that in turn would help us with further, cleaner refactoring of the heap parsing code. What do you think about this approach?

MalhotraPulak commented 3 years ago

Yeah this approach sounds good to me. I will start working on the minor refactor.

XVilka commented 2 years ago

@GustavoLCR could you please also address this when you have some time?