Replace run_to_addr uses with set_breakpoint (#7)

* Replace run_to_addr with set_breakpoint in examples

* Replace run_to_addr in documentation

Author: archived-c

docs/tutorials/02_scripting.md

@@ -141,8 +141,9 @@ def patch_mem():
     z = Zelos("password_check.bin", verbosity=1)
     # The address cmp instr observed above
     target_address = 0x0040107C
-    # run to the target address and stop
-    z.plugins.runner.run_to_addr(target_address)
+    # run to the address of cmp and break
+    z.set_breakpoint(target_address, True)
+    z.start()
 
     # Execution is now STOPPED at address 0x0040107C
 
@@ -176,8 +177,10 @@ def patch_reg():
     z = Zelos("password_check.bin", verbosity=1)
     # The address of the first time eax is used above
     target_address = 0x00401810
-    # run to the target address and stop
-    z.plugins.runner.run_to_addr(target_address)
+    # run to the address of cmp and break
+    z.set_breakpoint(target_address, True)
+    z.start()
+
     # Execution is now STOPPED at address 0x00401810
 
     # Set eax to 0x0
@@ -215,8 +218,9 @@ def patch_code():
     z = Zelos("password_check.bin", verbosity=1)
     # The address of the cmp instr
     target_address = 0x0040107C
-    # run to the address of cmp and stop
-    z.plugins.runner.run_to_addr(target_address)
+    # run to the address of cmp and break
+    z.set_breakpoint(target_address, True)
+    z.start()
 
     # Execution is now STOPPED at address 0x0040107C
 
@@ -321,8 +325,10 @@ def brute():
     z = Zelos("password.bin", verbosity=1)
     # The address of strcmp observed above
     strcmp_address = 0x00400BB6
-    # run to the address of call to strcmp and stop
-    z.plugins.runner.run_to_addr(strcmp_address)
+    # run to the address of cmp and break
+    z.set_breakpoint(strcmp_address, True)
+    z.start()
+
     # Execution is now STOPPED at address 0x00400BB6
 
     # get initial reg values of rdi & rsi before strcmp is called
@@ -386,8 +392,10 @@ def brute():
     z = Zelos("password.bin", verbosity=1)
     # The address of strcmp observed above
     strcmp_address = 0x00400BB6
-    # run to the address of call to strcmp and stop
-    z.plugins.runner.run_to_addr(strcmp_address)
+    # run to the address of cmp and break
+    z.set_breakpoint(strcmp_address, True)
+    z.start()
+
     # Execution is now STOPPED at address 0x00400BB6
 
     # get initial reg values of rdi & rsi before strcmp is called
@@ -402,8 +410,10 @@ def brute():
 
         # Address of the test instr
         test_address = 0x00400BBB
-        # run to the address of test instr and stop
-        z.plugins.runner.run_to_addr(test_address)
+        # run to the address of cmp and break
+        z.set_breakpoint(test_address, True)
+        z.start()
+
         # execute one step, in this case the test instr
         z.step()
 

examples/script_brute/README.md

@@ -71,8 +71,10 @@ def brute():
     z = Zelos("password.bin", verbosity=1)
     # The address of strcmp observed above
     strcmp_address = 0x00400BB6
-    # run to the address of call to strcmp and stop
-    z.plugins.runner.run_to_addr(strcmp_address)
+    # run to the address of call to strcmp and break
+    z.set_breakpoint(strcmp_address, True)
+    z.start()
+
     # Execution is now STOPPED at address 0x00400BB6
 
     # get initial reg values of rdi & rsi before strcmp is called
@@ -136,8 +138,10 @@ def brute():
     z = Zelos("password.bin", verbosity=1)
     # The address of strcmp observed above
     strcmp_address = 0x00400BB6
-    # run to the address of call to strcmp and stop
-    z.plugins.runner.run_to_addr(strcmp_address)
+    # run to the address of call to strcmp and break
+    z.set_breakpoint(strcmp_address, True)
+    z.start()
+
     # Execution is now STOPPED at address 0x00400BB6
 
     # get initial reg values of rdi & rsi before strcmp is called
@@ -152,8 +156,10 @@ def brute():
 
         # Address of the test instr
         test_address = 0x00400BBB
-        # run to the address of test instr and stop
-        z.plugins.runner.run_to_addr(test_address)
+        # run to the address of test instr and break
+        z.set_breakpoint(test_address, True)
+        z.start()
+
         # execute one step, in this case the test instr
         z.step()
 

examples/script_brute/brute.py

@@ -27,8 +27,9 @@ def brute():
     z = Zelos(path.join(DATA_DIR, "password.bin"), verbosity=1)
     # The address of strcmp observed above
     strcmp_address = 0x00400BB6
-    # run to the address of call to strcmp and stop
-    z.plugins.runner.run_to_addr(strcmp_address)
+    # run to the address of call to strcmp and break
+    z.set_breakpoint(strcmp_address, True)
+    z.start()
 
     # Execution is now STOPPED at address 0x00400BB6
 
@@ -44,8 +45,10 @@ def brute():
 
         # Address of the test instr
         test_address = 0x00400BBB
-        # run to the address of test instr and stop
-        z.plugins.runner.run_to_addr(test_address)
+        # run to the address of test instr and break
+        z.set_breakpoint(test_address, True)
+        z.start()
+
         # execute one step, in this case the test instr
         z.step()
 

examples/script_bypass/README.md

@@ -95,8 +95,9 @@ def patch_mem():
     z = Zelos("password_check.bin", verbosity=1)
     # The address cmp instr observed above
     target_address = 0x0040107C
-    # run to the target address and stop
-    z.plugins.runner.run_to_addr(target_address)
+    # run to the address of cmp and break
+    z.set_breakpoint(target_address, True)
+    z.start()
 
     # Execution is now STOPPED at address 0x0040107C
 
@@ -130,8 +131,10 @@ def patch_reg():
     z = Zelos("password_check.bin", verbosity=1)
     # The address of the first time eax is used above
     target_address = 0x00401810
-    # run to the target address and stop
-    z.plugins.runner.run_to_addr(target_address)
+    # run to the address of cmp and break
+    z.set_breakpoint(target_address, True)
+    z.start()
+
     # Execution is now STOPPED at address 0x00401810
 
     # Set eax to 0x0
@@ -169,8 +172,9 @@ def patch_code():
     z = Zelos("password_check.bin", verbosity=1)
     # The address of the cmp instr
     target_address = 0x0040107C
-    # run to the address of cmp and stop
-    z.plugins.runner.run_to_addr(target_address)
+    # run to the address of cmp and break
+    z.set_breakpoint(target_address, True)
+    z.start()
 
     # Execution is now STOPPED at address 0x0040107C
 

examples/script_bypass/bypass.py

@@ -29,8 +29,9 @@ def patch_mem():
     z = Zelos(path.join(DATA_DIR, "password_check.bin"))
     # The address of the cmp instr
     target_address = 0x0040107C
-    # run to the address of cmp and stop
-    z.internal_engine.plugins.runner.run_to_addr(target_address)
+    # run to the address of cmp and break
+    z.set_breakpoint(target_address, True)
+    z.start()
 
     # Execution is now STOPPED at address 0x0040107C
 
@@ -44,8 +45,9 @@ def patch_reg():
     z = Zelos(path.join(DATA_DIR, "password_check.bin"))
     # The address of the first time eax is used above
     target_address = 0x00401810
-    # run to the target address and stop
-    z.internal_engine.plugins.runner.run_to_addr(target_address)
+    # run to the target address and break
+    z.set_breakpoint(target_address, True)
+    z.start()
 
     # Execution is now STOPPED at address 0x00401810
 
@@ -56,21 +58,20 @@ def patch_reg():
 
 
 def patch_code():
-    from keystone import KS_ARCH_X86, KS_MODE_64, Ks
-
     z = Zelos(path.join(DATA_DIR, "password_check.bin"))
     # The address of the cmp instr
     target_address = 0x0040107C
-    # run to the address of cmp and stop
-    z.internal_engine.plugins.runner.run_to_addr(target_address)
+    # run to the address of cmp and break
+    z.set_breakpoint(target_address, True)
+    z.start()
 
     # Execution is now STOPPED at address 0x0040107C
 
-    # Code we want to insert
-    code = b"NOP; NOP; CMP eax, eax"
-    # Assemble with keystone
-    ks = Ks(KS_ARCH_X86, KS_MODE_64)
-    encoding, count = ks.asm(code)
+    # Code we want to insert is:
+    # NOP; NOP; CMP eax, eax;
+    #
+    # The assembled code is:
+    encoding = [144, 144, 57, 192]
 
     # replace the four bytes at this location with our code
     for i in range(len(encoding)):

examples/test_examples.py

@@ -86,15 +86,15 @@ def test_bypass_reg(self):
         )
         self.assertTrue("Correct!" in str(output))
 
-    # def test_bypass_code(self):
-    #     output = subprocess.check_output(
-    #         [
-    #             "python",
-    #             path.join(DATA_DIR, "script_bypass", "bypass.py"),
-    #             "code",
-    #         ]
-    #     )
-    #     self.assertTrue("Correct!" in str(output))
+    def test_bypass_code(self):
+        output = subprocess.check_output(
+            [
+                "python",
+                path.join(DATA_DIR, "script_bypass", "bypass.py"),
+                "code",
+            ]
+        )
+        self.assertTrue("Correct!" in str(output))
 
 
 def main():