From 4d7580e94ee6c4c4f36e52eee285cfb7bb2fc791 Mon Sep 17 00:00:00 2001
From: Nick Andry <nicholas.andry33@gmail.com>
Date: Wed, 27 Dec 2023 12:24:35 -0500
Subject: [PATCH] implemented x86_64 with tests

---
 src/patcherex2/targets/__init__.py            |   2 +
 src/patcherex2/targets/elf_x86_64_linux.py    |  69 ++++++
 tests/test_binaries/x86_64/printf_nopie       | Bin 0 -> 15904 bytes
 .../x86_64/replace_function_patch             | Bin 0 -> 16168 bytes
 tests/test_x86_64.py                          | 209 ++++++++++++++++++
 5 files changed, 280 insertions(+)
 create mode 100644 src/patcherex2/targets/elf_x86_64_linux.py
 create mode 100755 tests/test_binaries/x86_64/printf_nopie
 create mode 100755 tests/test_binaries/x86_64/replace_function_patch
 create mode 100644 tests/test_x86_64.py

diff --git a/src/patcherex2/targets/__init__.py b/src/patcherex2/targets/__init__.py
index f9ccc9f..25fd2b1 100644
--- a/src/patcherex2/targets/__init__.py
+++ b/src/patcherex2/targets/__init__.py
@@ -2,6 +2,7 @@
 from .elf_arm_linux import ElfArmLinux
 from .elf_arm_mimxrt1052 import ElfArmMimxrt1052
 from .elf_leon3_bare import ElfLeon3Bare
+from .elf_x86_64_linux import ElfX8664Linux
 from .ihex_ppc_bare import IHexPPCBare
 from .target import Target
 
@@ -10,6 +11,7 @@
     "ElfArmLinux",
     "ElfArmMimxrt1052",
     "ElfLeon3Bare",
+    "ElfX8664Linux",
     "IHexPPCBare",
     "Target",
 ]
diff --git a/src/patcherex2/targets/elf_x86_64_linux.py b/src/patcherex2/targets/elf_x86_64_linux.py
new file mode 100644
index 0000000..33e825b
--- /dev/null
+++ b/src/patcherex2/targets/elf_x86_64_linux.py
@@ -0,0 +1,69 @@
+from ..components.allocation_managers.allocation_manager import AllocationManager
+from ..components.assemblers.keystone import Keystone, keystone
+from ..components.binary_analyzers.angr import Angr
+from ..components.binfmt_tools.elf import ELF
+from ..components.compilers.clang import Clang
+from ..components.disassemblers.capstone import Capstone, capstone
+from ..components.utils.utils import Utils
+from .target import Target
+
+
+class ElfX8664Linux(Target):
+    NOP_BYTES = b"\x90"
+    NOP_SIZE = 1
+    JMP_ASM = "jmp {dst}"
+    JMP_SIZE = 6
+
+    @staticmethod
+    def detect_target(binary_path):
+        with open(binary_path, "rb") as f:
+            magic = f.read(0x14)
+            if magic.startswith(b"\x7fELF") and magic.startswith(
+                b"\x3e\x00", 0x12
+            ):  # EM_X86_64
+                return True
+        return False
+    
+    def get_assembler(self, assembler):
+            assembler = assembler or "keystone"
+            if assembler == "keystone":
+                return Keystone(
+                    self.p, keystone.KS_ARCH_X86, keystone.KS_MODE_LITTLE_ENDIAN + keystone.KS_MODE_64
+                )
+            raise NotImplementedError()
+
+    def get_allocation_manager(self, allocation_manager):
+        allocation_manager = allocation_manager or "default"
+        if allocation_manager == "default":
+            return AllocationManager(self.p)
+        raise NotImplementedError()
+
+    def get_compiler(self, compiler):
+        compiler = compiler or "clang"
+        if compiler == "clang":
+            return Clang(self.p)
+        raise NotImplementedError()
+
+    def get_disassembler(self, disassembler):
+        disassembler = disassembler or "capstone"
+        if disassembler == "capstone":
+            return Capstone(capstone.CS_ARCH_X86, capstone.CS_MODE_LITTLE_ENDIAN + capstone.CS_MODE_64)
+        raise NotImplementedError()
+
+    def get_binfmt_tool(self, binfmt_tool):
+        binfmt_tool = binfmt_tool or "pyelftools"
+        if binfmt_tool == "pyelftools":
+            return ELF(self.p, self.binary_path)
+        raise NotImplementedError()
+
+    def get_binary_analyzer(self, binary_analyzer):
+        binary_analyzer = binary_analyzer or "angr"
+        if binary_analyzer == "angr":
+            return Angr(self.binary_path)
+        raise NotImplementedError()
+
+    def get_utils(self, utils):
+        utils = utils or "default"
+        if utils == "default":
+            return Utils(self.p, self.binary_path)
+        raise NotImplementedError()
diff --git a/tests/test_binaries/x86_64/printf_nopie b/tests/test_binaries/x86_64/printf_nopie
new file mode 100755
index 0000000000000000000000000000000000000000..3031babae423bfc0b42ef379d238aaddff84208a
GIT binary patch
literal 15904
zcmeHOU2Ggz6~4PpVwX7a#%_x9Lp_wH3Pql*osF?lB^m!_T{($K9U+9uWbGY$7wwO`
zI}3Iyl~e&*Ln|2}Xdc=JqzWXSB2<ut5KZMO5fVslpFl#QlvHy0DQ;;|g+!L`+&O1G
znL1JhQeU{on)&WI_k8ExId|4`cjw-(jf{`RV=*NXSH~4;6A4F~g0oWR`?Sioezik6
zs!QFiw!yLmhofr<gOcEH<3WXB3;Q(ziPuR5jm|B&Uu#MUN)HK%w;>J}8Mm@3m<V*@
zX%p*;uTSt1Za`3lc)C4{<62HoV7$R*!7z_<lduDa#BoO#1TD_XK}O+`N<52s7V`vG
zxu1fPPwFEb{hZJKCI=en0VcJklwg#XV_uH^1&5g@NNtcj^oF1PZ`zw+UaO_Us8-IS
zU@9;xL22)E;89*atjI8*<@Rnj4(psxK~~kFLVl_*b*PZ-F62wK`R@7tzV5!1T`k+a
zx(n1V3kTg(Cr_VK7`Llr<20)H#Xy&MRCg!WlYeuy=O^F$?6Li?KK}ELiQirR^Yu^O
z^Bnn5zllRWBot3>5z?tn4$?oY5T|_;=Z@RhAAsH3#9z5CGBfQ~{Y=Goi<x{$%~kRx
ze@2m+^3$hIj*krvxxIF;eWX!7oC0&USS~TsMeI1Pj`~FsgSHna<5t_7zk{y+UbemP
zo$q7#<Bj`w{e**>;IkqzNPj<Mm$4vwr{fT)W*p&sYNI)s444d<444d<444d<444d<
z4E&#D;2&*w|0{jzuPy0sZ+-KSQt5A8_2c!`^re?uR&)mHM_z~do%(@40ouA0`RAzS
zoj3njuh*AIN9}KP?Xc4IJ%1ZpeC12&#n;o9ZmdsCj`UpZ`BnP*^}bz>s_%Xjp6|}s
zZCzj2@rl2(p)M^aF;Pz+qqE<!OfJ-=J6<G1{k55;m6;9awk}8gQu{ytmWIXk^h<A@
zNWb)cQ#y7n{mM;$S0h3*M~L#N{foyApi`>WaW1|1#@Yp3*0rr2u*4o-`9OQ*|Cevk
znVi#4Z+&qmy0~}^rDa{ZuA5xDakF06rH5B^PIQhNS=E<rP9_5;1119|1119|1119|
z1119|1119|1119>SqA96TRN`}RMBE=U(*Bhewf~A-nm|{`@j_NS>P~m9Owhj1Mh#k
zUVi~d?=(qb7tX5Kd?L25wYg;pFXZSw-hLeGf3Mf?BZuMU1lcHlD`Lp&d3wKxpAFPy
z_*p=;Gcmfe^TD?5Uv0UlPV7B;|KWS@Av3j8z_A2BiX%d8&@Txk#Ox;H$j-z!<3l^P
zWziARjhGCW444d<444d<444d<444d<444d<3~ZW#Bwo^LVU)F%v^JBZH2{3Ub98A3
z>sj{S!@8_<-p9Ip7n3-h#~ocm-`_~2{=J*^GU->E9D-oYHZZxxAyu!9CS2wEkC6g-
zFaWikv6FE(qd;R#DBdTN#Pu2LLmB1!EUgnI`FH?ojoTOdGV9WB`d&+dMXOpQ9$o|M
z>v@v>@p4(~l2?3f)%pdlXZlA5vaUSZU{cn{M=DMZ4IQ-(o|~$b{F>F%W2fw7cTY{L
zJ&*PF+R4<X*&HE8RJ#5x>g{^OtnY&uYM$cpwb+5yE^p@l3E1PRO)W+G+r{>)5qmG&
zmE7mhNzyoCSb<FI2uNgnCUtqYlKWLx;`AsEYPa!u;fg1KG5lH~_dlD}4^h~x|F^rY
zpXxXr>NU%e5DnZc4z1RRsk>BkJb$fO?TvNz666osA9pEVuh`#1f%+7c6cS>oJ<5vs
zx5J)*UGgTpJ+QaO6H5Lsh`o#KqJ*%Q<3!`1fZYoDN%1u7yW)G)!AO6;NOt_8quO-~
z6TS?40^{2s@h`*P9&b|@6M?_{F4a$VjIZp2xsT&K!EvJ3`(5^@MJ^=zw<zFc*r}gU
z|L4g+j{m0It|rlGy5jfPWh|D@OyylaGfRf5U&FGOX_fUV-fX_=dllC&y3>Vn$*aOM
zTXts)<*7`;&HCj^)y>rA)pWTySMYo<YbQ7NaA)$Ryql?1G7GL(@+%8!rjjXoZnjn|
zE`So!TzLAoxCTr9-BNij@1b9=J9>8D)QCHBdf0W9JN$*y1E<D@V8$*6cO=cV>EW}=
zJvn}6aA4d$GdlXv$fP?tFgQK}Ms!bsBU=b)+kltN_!*`9%X<wP)wII^*N^&OTLF|?
z_86e9T6S}pQnuhJckB$jviXu*t9n_)E#Z_cxD~HZp3e9lh4Ay!F0Ki2rm9trsW&;e
z?&PT<xj@Q?Qg(Hr=x3&YekH)1l&~SftIR38RQ5f4wp6p{D&;w^;xB|uQ?)#Hm*lf-
z8W<ewrs3A^xlA>u?Ce4bO$6vyf|{>*m1@3Rx<zqOhl|J%flG4*U)j2wHi~xDn^v~(
z&BI8;4yUqCs_o@?pmSLS5iOtwBOWlMj21G*Jc7-Z5ep{@j~>zp*+`kPapM(nKQ->>
z|FJ;x2YggEp3_Z^jwt)aWd5LyIFWByJ_RMb=R@{G$v!E0ZVN}A=c3cLw=iG!Mah0C
z`u#dA^8ZF`V<?3A@?3k0CnA<OGDi8Ihy9<JBgDC0=0#VSFW0|~>!bb8z)o`_;mf>f
zmHFqHM}4H+318+fdDzHR_%aVmaz|y}1s5&R{67LK&3S|`^PCIJm-eLp;wShR_%w$S
zUFK0wGGE3o+W(+8N<EDNxe8zAZOak9v@iXU>wkv%gB(!ifosecKjKq4%KrguloN^H
z_<zqYF=T!W7cCrCRP`)MVZO!B3yb+y!!szbS-*cF%a3q``400Pb`<}BP0z?c1g}K+
z@;sbihYkuJ65)yIXDEc*m-#>zk7yG4{t#%vSV@`i7dVJ7<0sE`Wx)uM`G25&kpD6&
z!hG3h*lGogln@!C`F|DmFyFBp?dez=)bjx}&NBXD_&o|(7pgx)WRrQJ>_?3Hi!QhZ
zPFsjC^UzM-A1Zznn?!WMcVVM@k3a5>`JwDDU8ReI(C3FlcruRvhK*c=FZ=G+50UrA
z{Ss&!e2EhWIm~a&H<JOw5+bAU1h+@{GC#DKFa4A-!V`TL_+*p*%RDT}{HQ<mH7s{=
z`|RGR68>izmY^W~FgEVpkned8nB<Pp_n3AZ(jWQ1Lf<E)?;*NcIvi*}mWH@8qS8!w
QQ~uE-0fFY@VTq{fKMOmSEC2ui

literal 0
HcmV?d00001

diff --git a/tests/test_binaries/x86_64/replace_function_patch b/tests/test_binaries/x86_64/replace_function_patch
new file mode 100755
index 0000000000000000000000000000000000000000..87ec8378d6db9b36b4a19c594e12973dca30c142
GIT binary patch
literal 16168
zcmeHOYitzP6~10xrUASV2nIsfwxkLrUTiQ91QFK2!aBm>f~_W1(_!pg+gt4`yR*Sg
z193%Lb>*PCQkAx8`=h^T)Q9*{RkVtN6H*>h6M<Aws<aYCrQNi&HS{5;HEh3g=bYK`
zU=u0opSE+Q+3%k3Jno%y@9fU(-1~fV&#pjCjgm4$J*G%H7_^xPEBYVd3Lv63srmR^
zr5;eTA<xvDt&i9Mtz9k$CSxu0Gl1k*Pn9X~ew$W;(nCV>o31=W9YPUQd>-UCixez-
z@fP<}Q1niFA#z3u=}!lLMFuE>Za?bE$p)=fC$~<<C%C<XjN(Tk`JH3GbL=NL#_b78
zJ}D=3Y~p-+u@O2df?mIV_VeOS+f4~l8&nQlv*Pcky$<%P4e2n-i*cJ)g3{i{;KxJD
z7Iz03=Kb8>bmI`?{0nk=)w)!&yQO(uD&CMvW{Lw11DjeJTAIU!Y<RtHnEDmML33*N
z-Y$hOqr`C<Rba@LB_8P(v!3k7?qB=jqR~~G9y|Z71ueIZ|32_W{~WTRev=Q`P@#A-
zMM#$UK{j?iK1(#$mAaUCE3JuXJ}Ca8DRhs63r)d)2;5Zmz0=qir{Sr;6zh&+7(D}~
z(VNVespPW>Wf(|&k5RD9yk(@#WJcxk$&A&jh^F+nsNH+ow(l_3hu4QUI`s|B%4q9s
zH{ywWqAyvn68X;d9jR<4(P?(4C~99io8hR2Z91hPx)(tHXW*bu8jFBh1C;qxT%Mdu
zqq2dyAAb2o3`0O|gG@!PbGg1E3vGUsuVdjA^R*FMFTBW?IUtQO<xa{K7w?`IWfxEL
zNXnRt*WZ7v7<cjZJhBxRn4bet=CZ`{(a(UN0Y3wN2K)^88SpdUXW+j-1Anc1;GeOh
z*K1?Lvwpcwso3X7tw7~M?C2Y{r}fEIHogS<X63<e0P0pLvhOF&&3ArNsZ>TthW7hf
zyHjaB<f2<{`cqr!;-_MztFfcM9qZ_fHjOr&j~(0kF79h9OAf&DZ@uBVRiD%Cfgc1D
zJ2op%uzB2Cg08ht9bKDSxl*@khzw6N!oE%0Z`@9>=60+!7JKc_+hVVc&xqBWiCw&H
zEk=M@9H6#xrMGSs`YHa@|Dmm<R>ielv7=kBhEa``u37V9!&`p`p}Y*|S&rl5%&cES
zu6YW+ll<Q~1SJLPf?w(IM5#DF+%+*A9k03Y)M*bNomd+kud+yeed+M^Qn7qCI!@;`
z94(ik6MtMi9G!TT?)yt;%RfPMaKl~K5wdg%%!p>jj~<>-&tC$0-f5*8Z#a6r6dgYs
zouH_Q*HsqpPut$E79!k2w7exce&pxSR3pmyjDy|$dR_bLlR6)g&fCqbq*l*h@Lrxz
zNj!U!8ZVb`RVqiL6E%piC0c&&?U9jccyu`UDm}=YqO&dk=r*0}xXs`}OO;>I49=bs
zs?UCuZRm046uFi=r2iA8Gp9a4%=J6GcEg6-)$`q%;V}1$p8-Dueg^yu_!;ms;Ag<k
zfS&<B1AYen4>CaSw;qh+sdmMTEdX^7j{31m<!iuAz)@ffcp3Nva0u9Xqf!|IJ_!us
zu`LU11fBwR02kh@RC2(Ffg`{i@C1+wy#u9E^Xz_AGZ3s<F>g*S*$_|f`Y-&YQuzoO
z?3|-txvfUE8OH$l5Kt`$?pjd)c-=jRYKPRe<&S=J!)pCnk^Dc2BL_QqS4ZZ=TR8eX
zJhk-#jy9ZAJy1m#1iuj2F@N?xbO<8pzlWn0`ul*6zP+md8R$o#?{Mn_yR`xNU&ql0
z{r*Y%Hb*}X=lyl)SGe{2tMMO({wvVq?}}>spQ-BiKz|bY0k=MowGD{#i=P2M1AYel
z4EP!FGvH^y&w!r+KLh_08IW~_vW^gs0=m#zMJn@ba277&eVi_1yqI$t%d%ckKZAgi
zb%@JZFY6ZRd4`JU|9-oYCHVv|5|p)tLo<o3u1CGhdU`8I<x4i`=S-^VXD{Fq<^^Q!
z;YnVPC~F<Xo}TNd&^kpbOKng=Ud$+b2X{>RJ<4|UZjp+_d%zZ*^ZQrDK0oADyW)MK
zKHm_>!`nnHOWyGqrsW{(-(^|OgTw#FK-PnM12(!Je!a@O$g=Kq_l_Nph92tbE@rG^
zsHrL39ByoADr&Lm$olo+#^yCl-z6ASl$V+6M#XDId9Q)y1x`$e4ekX_Wl!T0!0Ou(
z&v}s_@uMD|*5wi}*9Amf+VEMUmaAaImSx;%m357}Psu#DwMspQ3dM1*Ggf?2+b?m}
z`HKB<RHo|xbmujy<1AK}KPVBZI8~gtwEa@$9rs^ow|kv+^b+L{+P+@N^&>nD%v9^S
zSAq{YM%79|^Z2%iR5_|`)^UQWjn^^Db+ncFL(F%u+b-}ywam%CL~CdJvuv;bD}l0;
z_`pIX-&bP)32iS@71JDN8K0bdpFItp+V%GT2>4Ld-KiY|zc8>&$@L(Lmx!m#u@isI
zsh7bAF|X<)Vrk<c@Qa{1$n#VGrv=pym~ZBO>i>4Yzrt~X5!+ur&$0ag+YhkfP3BF`
zoBodqx=Y}x|K2!P!G|QM3n#$qKhRtpRhQxmcToVpBA)9@9q7qhP2nt-)SKN&!!r96
zh=Nt@?G5*+>hgQTN*g`20KWjsc-H7kWxLIk5x27Wf?*a1R8KaYOC_vCJlr_71?>q)
z8fHFk4jPG!l^;~Sc{80b;>C1&5H2psfTcCbG@r<&%$|hNTg>!WNi6-(nO09fdT1EC
z_P4f2jp*K;1~vlhd~$DVd)p4s*l=M)W2}ws+^>w?d-iQ_-DB+Awd+8%)97s7z9$L~
z@BV~{Y)5#HEeK{juF}PnmCU8k`$XKdOchT)lZ<0`0-Y)Eb8y1Z?uN8EfCkCb-nsx`
z@;(M5UdS5#W+qO19NPB5DxS<3#X=&ECNgn5rjaqMWLghIccH+M^wx?(vD?a<Jr?3(
zyM*L~_EAi^Ib!lwjY&P#BcN2cFqpQ?ZlIO7v0rM~#F5D7R5+8h65+l~F`Ub1bBVk)
z=%TudNo=@D#+ho}-qt`9Oq=(cg?<%|4`$GWjaJ^)Jd?;5FvODt1G;=7Ws(Eeaw$uN
zX`-kws^PvYR|<(96}A!s5cN2O^I1JO;Y2^rvHm!siDbvHC!6gdbu?wBlL%(JBiAa7
zS)Rt^^;}%<L!|FBT&nm@vWs`$oZO$WTH8vU@WVLho=E(s+aE@@ROEiimXvBi#qICi
zC$?G)8Rh#?X!`wi`^)dYU`PxZz5X8u{}0?#N&n@(Q&8HMy)54ToA9T18{#kbrGnq#
zcBzk)XYrTcwIn#YWfA`&?x3LD*TO^>is3F#L!f&`@t6BV!3AtA{TDmIBhb@5sK|03
zD%i;W-u^SKj-f(b7Js=f793?mY2SPPUuFO8Y$x~Gf|4ilr@Ghw+u$fC65sh<;olee
zy@rV{-tqq?Shs(O{TyUJ0r}YyJnr$2utHGmrt?4H@$X;<!T0k2vB&=)I|z=*z;Fk=
z@lJXC<-SNzp6}RQkG0eZe~N?h=QI<7KqaI<o#!Z9vgeA_3E#xw_OA^Qi*XKVaQ183
z(w+WqL*e$%v7cayl&&K4N2qJ4&^02@Q}Wy@`#Qb$A`9MtZ=K6u?)OI<K%$79EmdXV
zZ$UwGSK62RaM`Cj#{H-3kBa!oIDQu#nTWsKm!Dim)_BKigYzl=g0tc5_E!-$ZM0F^
zkpSW+GQDdgPTH6I!yx;6?WrwyS;+0PxuX*QwGLxf#NUn1+;iDRIN%s}Y$bGbt1JDH
k@0GdWr0*_w)!1xHD?P!bU9nv_jek4+u%RsXICw<$Zvp595&!@I

literal 0
HcmV?d00001

diff --git a/tests/test_x86_64.py b/tests/test_x86_64.py
new file mode 100644
index 0000000..e419523
--- /dev/null
+++ b/tests/test_x86_64.py
@@ -0,0 +1,209 @@
+#!/usr/bin/env python
+
+# ruff: noqa
+import logging
+import os
+import shutil
+import subprocess
+import tempfile
+import unittest
+
+from patcherex2 import *
+
+logging.getLogger("patcherex2").setLevel("DEBUG")
+
+
+class Tests(unittest.TestCase):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.bin_location = str(
+            os.path.join(
+                os.path.dirname(os.path.realpath(__file__)),
+                "./test_binaries/x86_64",
+            )
+        )
+
+    def test_raw_file_patch(self):
+        self.run_one(
+            "printf_nopie",
+            [ModifyRawBytesPatch(0x2004, b"No", addr_type="raw")],
+            expected_output=b"No",
+            expected_returnCode=0,
+        )
+
+    def test_raw_mem_patch(self):
+        self.run_one(
+            "printf_nopie",
+            [ModifyRawBytesPatch(0x402004, b"No")],
+            expected_output=b"No",
+            expected_returnCode=0,
+        )
+
+    def test_modify_instruction_patch(self):
+        self.run_one(
+            "printf_nopie",
+            [
+                ModifyInstructionPatch(0x40113e, "lea rax, [0x402007]"),
+                ModifyInstructionPatch(0x401145, "mov rsi, rax"),
+            ],
+            expected_output=b"%s",
+            expected_returnCode=0,
+        )
+    
+    def test_insert_instruction_patch(self):
+        instrs = """
+            mov rax, 0x1
+            mov rdi, 0x1
+            lea rsi, [0x402004]
+            mov rdx, 0x3
+            syscall
+        """
+        self.run_one(
+            "printf_nopie",
+            [InsertInstructionPatch(0x40115c, instrs)],
+            expected_output=b"Hi\x00Hi",
+            expected_returnCode=0,
+        )
+
+    def test_insert_instruction_patch_2(self):
+        instrs = """
+            mov rax, 0x32
+            leave
+            ret
+        """
+        self.run_one(
+            "printf_nopie",
+            [
+                InsertInstructionPatch("return_0x32", instrs),
+                ModifyInstructionPatch(0x40115c, "jmp {return_0x32}"),
+            ],
+            expected_returnCode=0x32,
+        )
+
+    def test_remove_instruction_patch(self):
+        self.run_one(
+            "printf_nopie",
+            [
+                RemoveInstructionPatch(0x402005, num_bytes=1),
+            ],
+            expected_output=b"H\x90",
+            expected_returnCode=0,
+        )
+
+    def test_modify_data_patch(self):
+        self.run_one(
+            "printf_nopie",
+            [ModifyDataPatch(0x402004, b"No")],
+            expected_output=b"No",
+            expected_returnCode=0,
+        )
+
+    def test_insert_data_patch(self, tlen=5):
+        p1 = InsertDataPatch("added_data", b"A" * tlen)
+        instrs = """
+            mov rax, 1
+            mov rdi, 1
+            lea rsi, [{added_data}]
+            mov rdx, %s
+            syscall
+        """ % hex(tlen)
+        p2 = InsertInstructionPatch(0x40115c, instrs)
+        self.run_one(
+            "printf_nopie",
+            [p1, p2],
+            expected_output=b"A" * tlen + b"Hi",
+            expected_returnCode=0,
+        )
+
+    def test_remove_data_patch(self):
+        self.run_one(
+            "printf_nopie",
+            [RemoveDataPatch(0x402005, 1)],
+            expected_output=b"H",
+            expected_returnCode=0,
+        )
+
+    def test_replace_function_patch(self):
+        code = """
+        int add(int a, int b){ for(;; b--, a+=2) if(b <= 0) return a; }
+        """
+        self.run_one(
+            "replace_function_patch",
+            [ModifyFunctionPatch(0x1149, code)],
+            expected_output=b"70707070",
+            expected_returnCode=0,
+        )
+
+    def test_replace_function_patch_with_function_reference(self):
+        code = """
+        extern int add(int, int);
+        extern int subtract(int, int);
+        int multiply(int a, int b){ for(int c = 0;; b = subtract(b, 1), c = subtract(c, a)) if(b <= 0) return c; }
+        """
+        self.run_one(
+            "replace_function_patch",
+            [ModifyFunctionPatch(0x1177, code)],
+            expected_output=b"-21-21",
+            expected_returnCode=0,
+        )
+
+    def test_replace_function_patch_with_function_reference_and_rodata(self):
+        code = """
+        extern int printf(const char *format, ...);
+        int multiply(int a, int b){ printf("%sWorld %s %s %s %d\\n", "Hello ", "Hello ", "Hello ", "Hello ", a * b);printf("%sWorld\\n", "Hello "); return a * b; }
+        """
+        self.run_one(
+            "replace_function_patch",
+            [ModifyFunctionPatch(0x1177, code)],
+            expected_output=b"Hello World Hello  Hello  Hello  21\nHello World\n2121",
+            expected_returnCode=0,
+        )
+
+    def run_one(
+            self,
+            filename,
+            patches,
+            set_oep=None,
+            inputvalue=None,
+            expected_output=None,
+            expected_returnCode=None,
+        ):
+            filepath = os.path.join(self.bin_location, filename)
+            pipe = subprocess.PIPE
+
+            with tempfile.TemporaryDirectory() as td:
+                tmp_file = os.path.join(td, "patched")
+                p = Patcherex(filepath)
+                for patch in patches:
+                    p.patches.append(patch)
+                p.apply_patches()
+                p.binfmt_tool.save_binary(tmp_file)
+                # os.system(f"readelf -hlS {tmp_file}")
+
+                p = subprocess.Popen(
+                    [tmp_file],
+                    stdin=pipe,
+                    stdout=pipe,
+                    stderr=pipe,
+                )
+                res = p.communicate(inputvalue)
+                if expected_output:
+                    if res[0] != expected_output:
+                        self.fail(
+                            f"AssertionError: {res[0]} != {expected_output}, binary dumped: {self.dump_file(tmp_file)}"
+                        )
+                    # self.assertEqual(res[0], expected_output)
+                if expected_returnCode:
+                    if p.returncode != expected_returnCode:
+                        self.fail(
+                            f"AssertionError: {p.returncode} != {expected_returnCode}, binary dumped: {self.dump_file(tmp_file)}"
+                        )
+                    # self.assertEqual(p.returncode, expected_returnCode)
+
+    def dump_file(self, file):
+        shutil.copy(file, "/tmp/patcherex_failed_binary")
+        return "/tmp/patcherex_failed_binary"
+
+
+if __name__ == "__main__":
+    unittest.main()