NAME=/r push [imm] refs
FILE=../bins/pe/x.dll
EXPECT=<<EOF
(nofunc); [00] -r-x section size 4096 named .text 0x69681000 [DATA] push dword [0x69682004]
(nofunc) 0x69681006 [DATA] push 0x69682004
(nofunc) 0x6968100b [DATA] mov eax, dword [0x69682004]
(nofunc) 0x69681010 [DATA] mov eax, 0x69682004
EOF
ARGS=
CMDS=<<EOF
/r 0x69682004
EOF
RUN

NAME=/aI infinite loop instructions
FILE=../bins/mach0/ls-osx-x86_64
EXPECT=<<EOF
0x10000166f
0x10000221d
0x1000047ca
0x10000482e
0x100004838
EOF
ARGS=
CMDS=<<EOF
/aI
EOF
RUN

NAME=/ai finding immediates
FILE=../bins/mach0/ls-osx-x86_64
EXPECT=<<EOF
0x1000013e5   # 7: sub rsp, 0x648
0x1000013e6   # 6: sub esp, 0x648
EOF
ARGS=
CMDS=<<EOF
/ai 0x648
EOF
RUN

NAME=/as begin of file
FILE=../bins/pe/a.exe
BROKEN=1
EXPECT=<<EOF
0x00000000 hit0_0 .MZ.
EOF
ARGS=-n
CMDS=<<EOF
s/ MZ
EOF
RUN

NAME=/as in arm32
FILE=../bins/elf/libexploit.so
EXPECT=<<EOF
0x00012434 execve
0x000124d4 gettid
0x000125d4 read
0x000125f4 write
0x00012614 close
0x00012654 getpid
0x00012674 munmap
0x00012744 unlink
0x00012764 chdir
0x00012784 chmod
0x000127f4 fstat64
0x00012894 access
0x00012be4 kill
0x00013604 exit
0x00013624 fork
0x000136a4 open
0x000136cc mmap2
0x000136f4 mprotect
0x00013714 ioctl
0x00013774 fcntl64
0x00013844 munmap
0x00013850 exit
0x00013870 clone
0x000138b4 clone
0x00013904 brk
EOF
ARGS=
CMDS=<<EOF
/as
EOF
RUN

NAME=/j escaped
FILE=../bins/mach0/escaped
EXPECT='[{"offset":8019,"type":"string","data":"]c:\\hello\\worldM"}]
'
CMDS=<<EOF
/j hello
EOF
RUN

NAME=/ search from/to (seek 0)
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x00000001 hit0_0 "ELF"
EOF
CMDS=<<EOF
e io.va = false
s 0
e search.from = 0
e search.to = 0x00000050
/ ELF
EOF
RUN

NAME=/ search from/to (seek beyond data)
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x00000001 hit0_0 "ELF"
EOF
CMDS=<<EOF
e scr.color = false
e io.va = false
s 0x1000
e search.from = 0
e search.to = 0x50
/ ELF
EOF
RUN

NAME=/j search
FILE=malloc://1024
EXPECT='[{"offset":0,"type":"string","data":"foo\\"}]
'
CMDS=<<EOF
wx 666f6f005c
/j foo
EOF
RUN

NAME=/! search
FILE=malloc://1024
EXPECT=<<EOF
0x00000000 hit0_0 "foo"
EOF
CMDS=<<EOF
wx 666f6f00
/! ff
EOF
RUN

NAME=/!x search
FILE=malloc://1024
EXPECT=<<EOF
0x00000000 hit0_0 66
EOF
CMDS=<<EOF
wx 666f6f00
/!x 00
EOF
RUN

NAME=// search
FILE=malloc://1024
EXPECT=<<EOF
0x00000000 hit0_0 66
0x00000000 hit1_0 66
EOF
CMDS=<<EOF
wx 666f6f00
/!x 00
//
EOF
RUN

NAME=// search
FILE=malloc://1024
EXPECT=<<EOF
0x00000000 hit0_0 66
0x00000000 hit1_0 66
EOF
CMDS=<<EOF
wx 666f6f00
/!x 00
//
EOF
RUN

NAME=/a search
FILE=malloc://1024
EXPECT=<<EOF
0x00000000 hit0_0 83c408
EOF
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
"wa add esp,8;pop ebx; pop ebp; ret"
/a add esp, 8
EOF
RUN

NAME=/a search from/to (seek 0)
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x0000003c hit0_0 3480
0x00000040 hit0_1 3480
EOF
ARGS=-n
CMDS=<<EOF
e io.va = false
s 0
e search.from = 0
e search.to = 0x50
/a xor al, 0x80
EOF
RUN

NAME=/a search from/to (seek 0)
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x0000003c hit0_0 3480
0x00000040 hit0_1 3480
EOF
ARGS=-n
CMDS=<<EOF
e io.va = false
s 0
e search.from = 0
e search.to = 0x50
# /a xor al, 0x80
/x 3480
EOF
RUN

NAME=/a push esp
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x08048058 hit0_0 54
0x0804805c hit0_1 54
0x08048060 hit0_2 54
0x08048369 hit0_3 54
EOF
CMDS=<<EOF
/a push esp
EOF
RUN

NAME=/ac mov ebx
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x08048515   # 3: mov ebx, dword [esp]
0x08048527   # 5: mov ebx, obj.__CTOR_LIST
--
--
[{"offset":134513941,"len":3,"code":"mov ebx, dword [esp]"},{"offset":134513959,"len":5,"code":"mov ebx, 0x8049f0c"}]
--
[]
EOF
CMDS=<<EOF
/ac mov ebx
?e --
/ac MoV ebX
?e --
/acj mov ebx
?e --
/acj MoV ebX
EOF
RUN

NAME=/aa mov ebx
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x08048515   # 3: mov ebx, dword [esp]
0x08048527   # 5: mov ebx, obj.__CTOR_LIST
--
0x08048515   # 3: mov ebx, dword [esp]
0x08048527   # 5: mov ebx, obj.__CTOR_LIST
--
[{"offset":134513941,"len":3,"code":"mov ebx, dword [esp]"},{"offset":134513959,"len":5,"code":"mov ebx, 0x8049f0c"}]
--
[{"offset":134513941,"len":3,"code":"mov ebx, dword [esp]"},{"offset":134513959,"len":5,"code":"mov ebx, 0x8049f0c"}]
EOF
CMDS=<<EOF
/aa mov ebx
?e --
/aa MoV ebX
?e --
/aaj mov ebx
?e --
/aaj MoV ebX
EOF
RUN

NAME=/a search from/to (seek beyond data)
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x0000003c hit0_0 3480
0x00000040 hit0_1 3480
EOF
CMDS=<<EOF
e io.va = false
s 0x1000
e search.from = 0
e search.to = 0x00000050
/a xor al, 0x80
EOF
RUN

NAME=/x search from/to (seek beyond data)
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x0000003c hit0_0 3480
0x00000040 hit0_1 3480
EOF
CMDS=<<EOF
e io.va = false
s 0x1000
e search.from = 0
e search.to = 0x00000050
/x 3480
EOF
RUN

NAME=/A search
FILE=malloc://1024
EXPECT=<<EOF
0x00000005 1 ret
EOF
CMDS=<<EOF
e asm.arch = x86
e anal.arch = x86
e asm.bits=32
"wa add esp,8;pop ebx; pop ebp; ret"
/at ret
EOF
RUN

NAME=/A search from/to (seek 0)
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x0000003c 2 xor al, 0x80
0x00000040 2 xor al, 0x80
EOF
CMDS=<<EOF
e io.va = false
s 0
e search.from = 0
e search.to = 0x00000050
/at xor
EOF
RUN

NAME=/A search from/to (seek beyond data)
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x0000003c 2 xor al, 0x80
0x00000040 2 xor al, 0x80
EOF
CMDS=<<EOF
e io.va = false
s 0x1000
e search.from = 0
e search.to = 0x00000050
/at xor
EOF
RUN

NAME=Rop search
FILE=malloc://1024
EXPECT=<<EOF
  0x00000000             83c408  add esp, 8
  0x00000003                 5b  pop ebx
  0x00000004                 5d  pop ebp
  0x00000005                 c3  ret

  0x00000001               c408  les ecx, [eax]
  0x00000003                 5b  pop ebx
  0x00000004                 5d  pop ebp
  0x00000005                 c3  ret

  0x00000002             085b5d  or byte [ebx + 0x5d], bl
  0x00000005                 c3  ret

EOF
CMDS=<<EOF
e asm.arch=x86
e anal.arch=x86
e asm.bits=32
"wa add esp,8;pop ebx; pop ebp; ret"
e scr.color=false
/R
q
EOF
RUN

NAME=Rop search w/ regexp
FILE=malloc://1024
EXPECT=<<EOF
  0x00000002             085b5d  or byte [ebx + 0x5d], bl
  0x00000005                 c3  ret

EOF
CMDS=<<EOF
e asm.arch=x86
e anal.arch=x86
e asm.bits=32
"wa add esp,8;pop ebx; pop ebp; ret"
e scr.color=false
/R/ or.*bl
q
EOF
RUN

NAME=Rop search w/ branch delay (mips)
FILE=malloc://128
BROKEN=1
EXPECT=<<EOF
  0x00000000           1b000000  divu zero, zero, zero
  0x00000004           04000000  sllv zero, zero, zero
  0x00000008           1a000000  div zero, zero, zero
  0x0000000c           4c084100  syscall 0x10421

  0x00000010           18000000  mult zero, zero
  0x00000014           04000000  sllv zero, zero, zero
  0x00000018           08000000  jr zero
  0x0000001c           00000070  madd zero, zero
EOF
CMDS=<<EOF
e asm.bits=32
e asm.arch=mips
e scr.color=false
wx 1b000000040000001a0000004c08410018000000040000000800000000000070
/R
q
EOF
RUN

NAME=/c/ search instructions extended regex
FILE=../bins/pe/standard.exe
EXPECT=<<EOF
0x004019d2   # 2: ror esp, cl
0x004019d5   # 2: ror bh, 1
0x004019da   # 3: ror ebp, 0xe5
EOF
CMDS=<<EOF
e asm.arch = x86
e anal.arch = x86
e asm.bits=32
"/ad/ ror (bh|...), (cl|.)"
q
EOF
RUN

NAME=/m search from/to (seek 0)
FILE=../bins/pe/standard.exe
EXPECT=<<EOF
0x00000000 1 PE  for MS Windows Intel 80386 32-bit
EOF
CMDS=<<EOF
e io.va = false
s 0
e search.from = 0
e search.to = 0x10
/m
EOF
RUN

NAME=/m search from/to (seek beyond data)
FILE=../bins/pe/standard.exe
EXPECT=<<EOF
0x00000000 1 PE  for MS Windows Intel 80386 32-bit
EOF
CMDS=<<EOF
e io.va = false
s 0x1000
e search.from = 0
e search.to = 0x10
/m
EOF
RUN

NAME=/o search offset of instructions backward
FILE=malloc://1024
EXPECT=<<EOF
0x00000002
0x00000001
0x00000000
EOF
ARGS=-a x86 -b 32
CMDS=<<EOF
wx 909089d89090
s 4
/o
/o 2
/o 3
EOF
RUN

NAME=/x search from/to (seek 0)
FILE=malloc://1024
EXPECT=<<EOF
0x00000100 hit0_0 41424344
EOF
CMDS=<<EOF
w ABCD @ 0x100
s 0
e search.from = 0
e search.to = 0x200
/x 41424344
EOF
RUN

NAME=/x search from/to (seek beyond data)
FILE=malloc://1024
EXPECT=<<EOF
0x00000100 hit0_0 41424344
EOF
CMDS=<<EOF
w ABCD @ 0x100
s 0x1000
e search.from = 0
e search.to = 0x200
/x 41424344
EOF
RUN

NAME=/m search seek
FILE=../bins/pe/standard.exe
EXPECT=<<EOF
0x00000000
0x1000
EOF
CMDS=<<EOF
e io.va = false
s 0x1000
/m~[0]
s
/fm
EOF
RUN

NAME=/mj test json output
FILE=../bins/elf/analysis/x86-simple
EXPECT='[{"offset":134512640,"depth":1,"info":"ELF 32-bit LSB executable, Intel 80386, version 1"}]
'
CMDS=<<EOF
/mj
EOF
RUN

NAME=/as search syscall
FILE=../bins/elf/analysis/x86-simple
EXPECT=<<EOF
0x08048070 exit
EOF
CMDS=<<EOF
aeim
aeip
/as
EOF
RUN

NAME=search.from/to for /s
FILE=../bins/elf/analysis/x86-simple
EXPECT=<<EOF
EOF
CMDS=<<EOF
aeim
aeip
e search.in = raw
e search.from = 0x08048060
e search.to = 0x0804806b
/s
EOF
RUN

NAME=/v4 search 4 byte
FILE=-
EXPECT=<<EOF
0x00000000 hit0_0 12345678
0x0000000a hit0_1 12345678
EOF
CMDS=<<EOF
wx 0x12345678aabbccddeeff12345678
/v4 0x78563412
EOF
RUN

NAME=/v4j search 4 byte with json output
FILE=-
EXPECT='[{"offset":0,"type":"hexpair","data":"12345678"},{"offset":10,"type":"hexpair","data":"12345678"}]
'
CMDS=<<EOF
wx 0x12345678aabbccddeeff12345678
/v4j 0x78563412
EOF
RUN

NAME=/v4 search 8 byte
FILE=-
EXPECT=<<EOF
0x00000000 hit0_0 12345678aabbccdd
EOF
CMDS=<<EOF
wx 0x12345678aabbccddeeff12345678
/v4 0x78563412 0xddccbbaa
EOF
RUN

NAME=/V4j search 4 byte with json
FILE=-
EXPECT='[{"offset":0,"value":2018915346},{"offset":10,"value":2018915346}]
'
CMDS=<<EOF
wx 0x12345678aabbccddeeff12345678
/V4j 0x78563412 0x78563420
EOF
RUN

NAME=/x search seek
FILE=../bins/pe/standard.exe
EXPECT=<<EOF
0x1000
EOF
CMDS=<<EOF
e io.va = false
s 0x1000
/x 9090cd80
s
EOF
RUN

NAME=/x hit in the second map
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x08049f2c hit0_0 f8820408
EOF
CMDS=<<EOF
/x f8820408
EOF
RUN

NAME=/x wrong entries
FILE=../bins/elf/analysis/go_stripped
EXPECT=<<EOF
0x0805ae90 hit0_0 653b2530000000724b53b834e7150883ec
0x0805b030 hit0_1 653b2530000000724b53b834e7150883ec
EOF
CMDS=<<EOF
/x 653b2530000000724b53b834e7150883ec188
EOF
RUN

NAME=search range hex
FILE=malloc://1024
EXPECT=<<EOF
0x00000100 hit0_0 41424344
EOF
CMDS=<<EOF
w ABCD @ 0x100
b 0x100
e search.from = 0x50
e search.to = 0x150
/x 41424344
EOF
RUN

NAME=search range hex
FILE=malloc://1024
EXPECT=<<EOF
EOF
CMDS=<<EOF
w ABCD @ 0x100
b 0x100
e search.from = 0x50
e search.to = 0x90
/x 41424344
EOF
RUN

NAME=search range hex
FILE=malloc://1024
EXPECT=<<EOF
0x00000100 hit0_0 41424344
EOF
CMDS=<<EOF
w ABCD @ 0x100
b 0x100
e search.from = 0x100
e search.to = 0x104
/x 41424344
EOF
RUN

NAME=search range hex
FILE=malloc://1024
EXPECT=<<EOF
EOF
CMDS=<<EOF
w ABCD @ 0x100
b 0x100
e search.from = 0x101
e search.to = 0x104
/x 41424344
EOF
RUN

NAME=search range hex
FILE=malloc://1024
EXPECT=<<EOF
EOF
CMDS=<<EOF
w ABCD @ 0x100
b 0x100
e search.from = 0x100
e search.to = 0x103
/x 41424344
EOF
RUN

NAME=search range hex @(A..B)
FILE=malloc://1024
EXPECT=<<EOF
0x00000100 hit0_0 41424344
EOF
CMDS=<<EOF
w ABCD @ 0x100
b 0x100
/x 41424344 @(0x50 0x150)
EOF
RUN

NAME=search range hex @(A..B)
FILE=malloc://1024
EXPECT=<<EOF
EOF
CMDS=<<EOF
w ABCD @ 0x100
b 0x100
/x 41424344 @(0x50 0x90)
EOF
RUN

NAME=backward search hex
FILE=malloc://1024
EXPECT=<<EOF
0x00000100 hit0_0 41424344
EOF
CMDS=<<EOF
w ABCD @ 0x100
e search.from = 0x50
e search.to = 0x150
b 0x100
/bx 41424344
EOF
RUN

NAME=backward search hex
FILE=malloc://1024
EXPECT=<<EOF
EOF
CMDS=<<EOF
w ABCD @ 0x100
e search.from = 0x110
e search.to = 0x150
b 0x100
/bx 41424344
EOF
RUN

NAME=backward search hex
FILE=malloc://1024
EXPECT=<<EOF
0x00000100 hit0_0 41424344
EOF
CMDS=<<EOF
w ABCD @ 0x100
e search.from = 0x100
e search.to = 0x104
b 0x100
/bx 41424344
EOF
RUN

NAME=backward search hex
FILE=malloc://1024
EXPECT=<<EOF
EOF
CMDS=<<EOF
w ABCD @ 0x100
e search.from = 0x100
e search.to = 0x103
b 0x100
/bx 41424344
EOF
RUN

NAME=backward search hex
FILE=malloc://1024
EXPECT=<<EOF
EOF
CMDS=<<EOF
w ABCD @ 0x100
e search.from = 0x101
e search.to = 0x104
b 0x100
/bx 41424344
EOF
RUN

NAME=/x with bin mask
FILE=malloc://1024
EXPECT=<<EOF
0x00000001 hit0_0 aaaabb
EOF
CMDS=<<EOF
wx aaaaaabb
/x aa..bb
EOF
RUN

NAME=/x with bin mask
FILE=malloc://1024
EXPECT=<<EOF
0x00000001 hit0_0 aaaabb
EOF
CMDS=<<EOF
wx aaaaaabb
/x ..aabb
EOF
RUN

NAME=search by whole file
FILE=malloc://64
EXPECT=<<EOF
0x00000010 hit0_0 90
EOF
CMDS=<<EOF
wx 90 @ 0x10
/F ../bins/other/radiff2/radiff2_c_2
EOF
RUN

NAME=search by rest of file
FILE=-
EXPECT=<<EOF
0x00000010 hit0_0 210a
EOF
CMDS=<<EOF
wx 210a @ 0x10
/F ../bins/elf/analysis/hello.raw 48
EOF
RUN

NAME=search by rest of file dec/dec
FILE=-
EXPECT=<<EOF
0x00000010 hit0_0 0e
EOF
CMDS=<<EOF
wx 0e @ 0x10
/F ../bins/elf/analysis/hello.raw 1 1
EOF
RUN

NAME=search by part of file dec/hex
FILE=-
EXPECT=<<EOF
0x00000010 hit0_0 8048
EOF
CMDS=<<EOF
wx 8048 @ 0x10
/F ../bins/elf/analysis/hello.raw 0x1c 0x2
EOF
RUN


NAME='search escaped string'
FILE=../bins/elf/analysis/x86-helloworld-gcc
CMDS=<<EOF
/ \x90\x66~[0]
EOF
EXPECT=<<EOF
0x08048323
0x08048325
0x08048327
0x08048329
0x0804832b
0x0804832d
0x08048335
0x08048337
0x08048339
0x0804833b
0x0804833d
0x0804841d
EOF
RUN

NAME=search range /c in arm
FILE=../bins/arm/elf/hello_world
EXPECT=<<EOF
0x0000050e   # 2: add r7, sp, 0
EOF
CMDS=<<EOF
af @ sym.main
e search.in = raw
e search.from = 0x0000050c
e search.to = 0x00000510
/ac add
EOF
RUN

NAME=search range /ce in arm
FILE=../bins/arm/elf/hello_world
EXPECT=<<EOF
0x00000514   # 0: r3,r0,=
EOF
CMDS=<<EOF
af @ sym.main
e search.in = raw
e search.from = 0x00000512
e search.to = 0x00000516
/ae r3,r0,=
EOF
RUN

NAME=/x search hexpairs ignoring spaces
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x00000581 hit0_0 50617373776f7264
0x0000059e hit0_1 50617373776f7264
0x000005a9 hit0_2 50617373776f7264
EOF
ARGS=-n
CMDS=<<EOF
# Password
/x 50 61 73 73 77 6F 72 64
EOF
RUN

NAME=/x search hexpairs ignoring spaces
FILE=../bins/elf/ioli/crackme0x00
EXPECT=<<EOF
0x00000581 hit0_0 50617373776f7264
0x0000059e hit0_1 50617373776f7264
0x000005a9 hit0_2 50617373776f7264
EOF
ARGS=-n
CMDS=<<EOF
/x 5061 73 73  776F  72 64 # Password
EOF
RUN

NAME=wx and /x with bin mask, both ignoring spaces
FILE=malloc://1024
EXPECT=<<EOF
0x00000001 hit0_0 a5a5bf
EOF
CMDS=<<EOF
wx a5 a5 a5 bf
/x a5 .. bf
EOF
RUN

NAME=wx and /x with bin mask, both ignoring spaces
FILE=malloc://1024
EXPECT=<<EOF
0x00000127 hit0_0 5a5abf
EOF
CMDS=<<EOF
wx 00 cafe 5a5a 5abf affe @ 0x123
/x .. 5a bf
EOF
RUN

NAME=wx and /x with custom bin mask, both ignoring spaces
FILE=malloc://1024
EXPECT=<<EOF
0x00000005 hit0_0 a5a5bf
EOF
CMDS=<<EOF
wx 01020304 a5a5a5 bf
/x a5 e3 bf : ff 81 ff
EOF
RUN
