NAME=rop search with maxhits
FILE=../bins/elf/varsub
CMDS=<<EOF
e search.maxhits=1
/Rq pop r15
EOF
EXPECT=<<EOF
0x0000052c: pop r12; pop r13; pop r14; pop r15; ret;
EOF
ARGS=-n
RUN

NAME=rop search without maxhits
FILE=../bins/elf/varsub
CMDS=<<EOF
/Rq pop r15~?
EOF
EXPECT=4
RUN

NAME=rop search without maxhits
FILE=../bins/elf/varsub
CMDS=<<EOF
e search.maxhits=2
/Rq pop r15~?
EOF
EXPECT=2
RUN

NAME=search all rop gadgets
FILE=../bins/elf/analysis/x86-helloworld-phdr
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 1
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b5     80b801000000b9  cmp byte [eax + 1], 0xb9
  0x000000bc               0000  add byte [eax], al
  0x000000be               0000  add byte [eax], al
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b8               0000  add byte [eax], al
  0x000000ba       00b900000000  add byte [ecx], bh
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

EOF
ARGS=-n
CMDS=<<EOF
e asm.nbytes=8
e asm.arch=x86
e asm.bits=32
/R
EOF
RUN

NAME=search rop gadgets with a regexp
FILE=../bins/elf/analysis/x86-helloworld-phdr
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 1
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

EOF
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/R/ mov e[abcd]x
EOF
RUN

NAME=search rop gadgets and show them linearly
FILE=../bins/elf/analysis/x86-helloworld-phdr
EXPECT=<<EOF
0x000000b4: int 0x80; mov eax, 1; mov ecx, 0; int 0x80; ret;
0x000000b5: cmp byte [eax + 1], 0xb9; add byte [eax], al; add byte [eax], al; int 0x80; ret;
0x000000b7: add dword [eax], eax; add byte [eax], al; mov ecx, 0; int 0x80; ret;
0x000000b8: add byte [eax], al; add byte [ecx], bh; int 0x80; ret;
EOF
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/Rq
EOF
RUN

NAME=search rop gadgets with filter
FILE=../bins/elf/analysis/x86-helloworld-phdr
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 1
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b8               0000  add byte [eax], al
  0x000000ba       00b900000000  add byte [ecx], bh
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

EOF
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/R ecx
EOF
RUN

NAME=search rop gadgets with filter and output JSON
FILE=../bins/elf/analysis/x86-helloworld-phdr
EXPECT='[{"opcodes":[{"offset":180,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":182,"size":5,"opcode":"mov eax, 1","type":"mov"},{"offset":187,"size":5,"opcode":"mov ecx, 0","type":"mov"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":15},{"opcodes":[{"offset":183,"size":2,"opcode":"add dword [eax], eax","type":"add"},{"offset":185,"size":2,"opcode":"add byte [eax], al","type":"add"},{"offset":187,"size":5,"opcode":"mov ecx, 0","type":"mov"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":12},{"opcodes":[{"offset":184,"size":2,"opcode":"add byte [eax], al","type":"add"},{"offset":186,"size":6,"opcode":"add byte [ecx], bh","type":"add"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":11}]

'
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/Rj ecx
EOF
RUN

NAME=search rop gadgets with a regex of the form (a|b)
FILE=../bins/elf/analysis/x86-helloworld-phdr
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 1
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b5     80b801000000b9  cmp byte [eax + 1], 0xb9
  0x000000bc               0000  add byte [eax], al
  0x000000be               0000  add byte [eax], al
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

  0x000000b8               0000  add byte [eax], al
  0x000000ba       00b900000000  add byte [ecx], bh
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret

EOF
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
"/R/ (ecx|eax)"
EOF
RUN

NAME=search rop gadgets with another end gadget as part of it.
FILE=../bins/elf/analysis/unoriginal
EXPECT=<<EOF
  0x08048350               fff4  push esp
  0x08048352               6690  nop
  0x08048354               6690  nop
  0x08048356               6690  nop
  0x08048358               6690  nop
  0x0804835a               6690  nop
  0x0804835c               6690  nop
  0x0804835e               6690  nop
  0x08048360             8b1c24  mov ebx, dword [esp]
  0x08048363                 c3  ret

EOF
CMDS=<<EOF
e asm.bits=32
e rop.len=15
e search.from=0x08048340
e search.to=0x08048400
"/R push esp"
EOF
RUN

NAME=search rop with sequence.
FILE=../bins/elf/analysis/x86-helloworld-gcc
EXPECT=<<EOF
  0x08048421                 57  push edi
  0x08048422               31ff  xor edi, edi
  0x08048424                 56  push esi
  0x08048425                 53  push ebx
  0x08048426         e805ffffff  call 0x8048330

EOF
CMDS=<<EOF
"/R push esi;push ebx"
EOF
RUN

NAME=search rop with regex sequence.
FILE=../bins/elf/analysis/x86-helloworld-gcc
EXPECT=<<EOF
  0x08048421                 57  push edi
  0x08048422               31ff  xor edi, edi
  0x08048424                 56  push esi
  0x08048425                 53  push ebx
  0x08048426         e805ffffff  call 0x8048330

EOF
CMDS=<<EOF
e asm.bits=32
"/R/ push esi;push ebx"
EOF
RUN
