NAME=rop search with maxhits
FILE=bins/elf/varsub
CMDS=<<EOF
e search.maxhits=1
/Rq pop r15
EOF
EXPECT=<<EOF
0x0040052c: pop r12; pop r13; pop r14; pop r15; ret;
EOF
RUN

NAME=rop search without maxhits
FILE=bins/elf/varsub
CMDS=/Rq pop r15~?
EXPECT=<<EOF
4
EOF
RUN

NAME=rop search without maxhits
FILE=bins/elf/varsub
CMDS=<<EOF
e search.maxhits=2
/Rq pop r15~?
EOF
EXPECT=<<EOF
2
EOF
RUN

NAME=search all rop gadgets
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.nbytes=8
e asm.arch=x86
e asm.bits=32
/R
EOF
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 1
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b5     80b801000000b9  cmp byte [eax + 1], 0xb9
  0x000000bc               0000  add byte [eax], al
  0x000000be               0000  add byte [eax], al
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b8               0000  add byte [eax], al
  0x000000ba       00b900000000  add byte [ecx], bh
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

EOF
RUN

NAME=search rop gadgets with a regexp
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/R/ mov e[abcd]x
EOF
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 1
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

EOF
RUN

NAME=search rop gadgets and show them linearly
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/Rq
EOF
EXPECT=<<EOF
0x000000b4: int 0x80; mov eax, 1; mov ecx, 0; int 0x80; ret;
0x000000b5: cmp byte [eax + 1], 0xb9; add byte [eax], al; add byte [eax], al; int 0x80; ret;
0x000000b7: add dword [eax], eax; add byte [eax], al; mov ecx, 0; int 0x80; ret;
0x000000b8: add byte [eax], al; add byte [ecx], bh; int 0x80; ret;
EOF
RUN

NAME=search rop gadgets with filter
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/R ecx
EOF
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 1
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b8               0000  add byte [eax], al
  0x000000ba       00b900000000  add byte [ecx], bh
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

EOF
RUN

NAME=search rop gadgets with filter and output JSON
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/Rj ecx
EOF
EXPECT=<<EOF
[{"opcodes":[{"offset":180,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":182,"size":5,"opcode":"mov eax, 1","type":"mov"},{"offset":187,"size":5,"opcode":"mov ecx, 0","type":"mov"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":15},{"opcodes":[{"offset":183,"size":2,"opcode":"add dword [eax], eax","type":"add"},{"offset":185,"size":2,"opcode":"add byte [eax], al","type":"add"},{"offset":187,"size":5,"opcode":"mov ecx, 0","type":"mov"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":12},{"opcodes":[{"offset":184,"size":2,"opcode":"add byte [eax], al","type":"add"},{"offset":186,"size":6,"opcode":"add byte [ecx], bh","type":"add"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":11}]
EOF
RUN

NAME=search rop gadgets with a regex of the form (a|b)
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
"/R/ (ecx|eax)"
EOF
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 1
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b5     80b801000000b9  cmp byte [eax + 1], 0xb9
  0x000000bc               0000  add byte [eax], al
  0x000000be               0000  add byte [eax], al
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b8               0000  add byte [eax], al
  0x000000ba       00b900000000  add byte [ecx], bh
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

EOF
RUN

NAME=search rop gadgets with another end gadget as part of it.
FILE=bins/elf/analysis/unoriginal
CMDS=<<EOF
e asm.bits=32
e rop.len=15
e search.from=0x08048340
e search.to=0x08048400
"/R push esp"
EOF
EXPECT=<<EOF
  0x08048350               fff4  push esp
  0x08048352               6690  nop
  0x08048354               6690  nop
  0x08048356               6690  nop
  0x08048358               6690  nop
  0x0804835a               6690  nop
  0x0804835c               6690  nop
  0x0804835e               6690  nop
  0x08048360             8b1c24  mov ebx, dword [esp]
  0x08048363                 c3  ret

EOF
RUN

NAME=search rop with sequence.
FILE=bins/elf/analysis/x86-helloworld-gcc
CMDS="/R push esi;push ebx"
EXPECT=<<EOF
  0x08048421                 57  push edi
  0x08048422               31ff  xor edi, edi
  0x08048424                 56  push esi
  0x08048425                 53  push ebx
  0x08048426         e805ffffff  call 0x8048330

EOF
RUN

NAME=search rop with regex sequence.
FILE=bins/elf/analysis/x86-helloworld-gcc
CMDS=<<EOF
e asm.bits=32
"/R/ push esi;push ebx"
EOF
EXPECT=<<EOF
  0x08048421                 57  push edi
  0x08048422               31ff  xor edi, edi
  0x08048424                 56  push esi
  0x08048425                 53  push ebx
  0x08048426         e805ffffff  call 0x8048330

EOF
RUN

NAME=search rop for AVR
FILE=malloc://512
CMDS=<<EOF
e asm.arch=avr
e scr.color=false
wx 11241fbecfefd8e0debfcdbf12e0a0e0b1e0e6e3f4e302c005900d92a431b107d9f722e0a4e1b2e001c01d92ae3cb207e1f710e0c2e6d0e004c02197fe010e94041ac136d107c9f70e944f090c9456160c940000ef92ff920f931f93cf93df93cdb7deb7c054d1090fb6f894debf0fbecdbf6ce071e08fe192e00e946b04ce0101967c018e010f5c1f4ffc011192e017f107e1f720e330e0a7016ae08fe192e00e94d8080297f8f0c801d701fd01ee19ff092d91222321f0fc012193cf01f6cfe00ff11f108260e071e0c8010e949816892b49f46de171e08fe192e00e946b0481e090e008c066e471e08fe192e00e946b0480e090e0c05cdf4f0fb6f894debf0fbecdbfdf91cf911f910f91ff90ef9008956de671e08fe192e00e946b0485b1805885b908956fe771e08fe192e00e946b048bb180588bb908956de671e08fe192e00e946b0485b1805885b985b1805885b985b1805885b908956fe771e08fe192e00e946b048bb180588bb98bb180588bb98bb180588bb908950f931f93cf93df93cdb7deb727970fb6f894debf0fbecdbf9c018e010f5f1f4fd801ad01401b510bf90191919f01992311f09d93f6cffa01e00ff11f10826fe871e0c8010e949816892b81f40e948c00892bf9f027960fb6f894debf0fbecdbfdf91cf911f910f910c940f0163e971e0c8010e949816892b61f427960fb6f894debf0fbecdbf
/R ldi
q
EOF
EXPECT=<<EOF
  0x0000000e               a0e0  ldi r26, 0x00
  0x00000010               b1e0  ldi r27, 0x01
  0x00000012               e6e3  ldi r30, 0x36
  0x00000014               f4e3  ldi r31, 0x34
  0x00000016               02c0  rjmp 0x1c

  0x00000020               d9f7  brne 0x18
  0x00000022               22e0  ldi r18, 0x02
  0x00000024               a4e1  ldi r26, 0x14
  0x00000026               b2e0  ldi r27, 0x02
  0x00000028               01c0  rjmp 0x2c

  0x00000030               e1f7  brne 0x2a
  0x00000032               10e0  ldi r17, 0x00
  0x00000034               c2e6  ldi r28, 0x62
  0x00000036               d0e0  ldi r29, 0x00
  0x00000038               04c0  rjmp 0x42

  0x00000072               6ce0  ldi r22, 0x0c
  0x00000074               71e0  ldi r23, 0x01
  0x00000076               8fe1  ldi r24, 0x1f
  0x00000078               92e0  ldi r25, 0x02
  0x0000007a           0e946b04  call 0x8d6

  0x00000098               a701  movw r20, r14
  0x0000009a               6ae0  ldi r22, 0x0a
  0x0000009c               8fe1  ldi r24, 0x1f
  0x0000009e               92e0  ldi r25, 0x02
  0x000000a0           0e94d808  call 0x11b0

  0x000000c4               1082  st Z, r1
  0x000000c6               60e0  ldi r22, 0x00
  0x000000c8               71e0  ldi r23, 0x01
  0x000000ca               c801  movw r24, r16
  0x000000cc           0e949816  call 0x2d30

  0x000000d4               6de1  ldi r22, 0x1d
  0x000000d6               71e0  ldi r23, 0x01
  0x000000d8               8fe1  ldi r24, 0x1f
  0x000000da               92e0  ldi r25, 0x02
  0x000000dc           0e946b04  call 0x8d6

  0x000000de               6b04  cpc r6, r11
  0x000000e0               81e0  ldi r24, 0x01
  0x000000e2               90e0  ldi r25, 0x00
  0x000000e4               08c0  rjmp 0xf6

  0x000000e6               66e4  ldi r22, 0x46
  0x000000e8               71e0  ldi r23, 0x01
  0x000000ea               8fe1  ldi r24, 0x1f
  0x000000ec               92e0  ldi r25, 0x02
  0x000000ee           0e946b04  call 0x8d6

  0x00000112               6de6  ldi r22, 0x6d
  0x00000114               71e0  ldi r23, 0x01
  0x00000116               8fe1  ldi r24, 0x1f
  0x00000118               92e0  ldi r25, 0x02
  0x0000011a           0e946b04  call 0x8d6

  0x00000126               6fe7  ldi r22, 0x7f
  0x00000128               71e0  ldi r23, 0x01
  0x0000012a               8fe1  ldi r24, 0x1f
  0x0000012c               92e0  ldi r25, 0x02
  0x0000012e           0e946b04  call 0x8d6

  0x0000013a               6de6  ldi r22, 0x6d
  0x0000013c               71e0  ldi r23, 0x01
  0x0000013e               8fe1  ldi r24, 0x1f
  0x00000140               92e0  ldi r25, 0x02
  0x00000142           0e946b04  call 0x8d6

  0x0000015a               6fe7  ldi r22, 0x7f
  0x0000015c               71e0  ldi r23, 0x01
  0x0000015e               8fe1  ldi r24, 0x1f
  0x00000160               92e0  ldi r25, 0x02
  0x00000162           0e946b04  call 0x8d6

  0x000001b6               1082  st Z, r1
  0x000001b8               6fe8  ldi r22, 0x8f
  0x000001ba               71e0  ldi r23, 0x01
  0x000001bc               c801  movw r24, r16
  0x000001be           0e949816  call 0x2d30

EOF
EXPECT_ERR=<<EOF
EOF
RUN
