From 015ec55975d9686f7f67ae373dbc352564735e6a Mon Sep 17 00:00:00 2001
From: Dobin Rutishauser <dobin.rutishauser@gmail.com>
Date: Sun, 8 Jun 2025 19:03:57 +0200
Subject: [PATCH] fix: dlls test issue #5

---
 model/defs.py               |  1 +
 tests/test_derbackdoorer.py |  4 +--
 tests/test_superpe.py       | 50 ++++++++++++++++++++-----------------
 3 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/model/defs.py b/model/defs.py
index 5516d6a..65f61c1 100644
--- a/model/defs.py
+++ b/model/defs.py
@@ -10,6 +10,7 @@ VerifyFilename: FilePath = FilePath("C:\\Temp\\a")
 # Directory structure
 PATH_EXES = "data/binary/exes/"
 PATH_EXES_MORE = "data/binary/exes_more/"
+PATH_DLLS = "data/binary/dlls/"
 PATH_SHELLCODES = "data/binary/shellcodes/"
 PATH_CARRIER = "data/source/carrier/"
 PATH_PAYLOAD = "data/source/payload/"
diff --git a/tests/test_derbackdoorer.py b/tests/test_derbackdoorer.py
index 45ea0ff..06e0380 100644
--- a/tests/test_derbackdoorer.py
+++ b/tests/test_derbackdoorer.py
@@ -24,8 +24,8 @@ class DerBackdoorerTest(unittest.TestCase):
 
 
     def test_function_backdoorer_dll(self):
-        superpe = SuperPe(PATH_EXES + "libbz2-1.dll")
+        superpe = SuperPe(PATH_DLLS + "TestDLL.dll")
         function_backdoorer = FunctionBackdoorer(superpe)
 
         addr = function_backdoorer.find_suitable_instruction_addr(superpe.get_entrypoint())
-        self.assertEqual(addr, 0x135D)
+        self.assertEqual(addr, 0x13CA)
diff --git a/tests/test_superpe.py b/tests/test_superpe.py
index 8b2ecec..03ab1f6 100644
--- a/tests/test_superpe.py
+++ b/tests/test_superpe.py
@@ -69,64 +69,68 @@ class SuperPeTest(unittest.TestCase):
 
 
     def test_dll(self):
-        dll_filepath = PATH_EXES + "libbz2-1.dll"
+        dll_filepath = PATH_DLLS + "TestDLL.dll"
         superpe = SuperPe(dll_filepath)
 
         # Properties
         self.assertTrue(superpe.is_dll())
         self.assertTrue(superpe.is_64())
         self.assertFalse(superpe.is_dotnet())
-        self.assertEqual(superpe.get_entrypoint(), 0x1350)
+        self.assertEqual(superpe.get_entrypoint(), 0x13B0)
         self.assertIsNone(superpe.get_rwx_section())
 
-        self.assertEqual(superpe.get_image_base(), 0x1F13C0000)
+        self.assertEqual(superpe.get_image_base(), 0x180000000)
         self.assertEqual(superpe.is_dynamic_base(), True)
 
         # Text Section 1 (pefile SectionStructure)
         code_sect: pefile.SectionStructure = superpe.get_code_section()
         self.assertEqual(code_sect.Name.decode(), ".text\x00\x00\x00")
         self.assertEqual(code_sect.VirtualAddress, 0x1000)
-        self.assertEqual(code_sect.Misc_VirtualSize, 0x12D08)
+        self.assertEqual(code_sect.Misc_VirtualSize, 3912)
 
         # Text Section 2 (PeSection)
         code_pesect: PeSection = superpe.get_section_by_name(".text")
         self.assertIsNotNone(code_pesect)
         self.assertEqual(code_pesect.name, ".text")
         self.assertEqual(code_pesect.virt_addr, 0x1000)
-        self.assertEqual(code_pesect.virt_size, 0x12D08)
+        self.assertEqual(code_pesect.virt_size, 3912)
 
         # Relocations
         base_relocs: List[PeRelocEntry] = superpe.get_base_relocs()
-        self.assertEqual(len(base_relocs), 54)
+        self.assertEqual(len(base_relocs), 17)
         base_reloc = base_relocs[0]
-        self.assertEqual(base_reloc.rva, 0x13CE8)
-        self.assertEqual(base_reloc.base_rva, 0x13000)
-        self.assertEqual(base_reloc.offset, 0xCE8)
+        self.assertEqual(base_reloc.rva, 0x20F8)
+        self.assertEqual(base_reloc.base_rva, 0x2000)
+        self.assertEqual(base_reloc.offset, 0xF8)
 
         # IAT
         iat_entries: Dict[str, List[IatEntry]] = superpe.get_iat_entries()
-        self.assertEqual(len(iat_entries), 2)
+        self.assertEqual(len(iat_entries), 4)
         self.assertTrue("kernel32.dll" in iat_entries)
-        self.assertTrue("msvcrt.dll" in iat_entries)
+        self.assertTrue("vcruntime140.dll" in iat_entries)
+        
         kernel32_entries = iat_entries["kernel32.dll"]
-        self.assertEqual(len(kernel32_entries), 12)
+        self.assertEqual(len(kernel32_entries), 14)
         entry = kernel32_entries[0]
         self.assertEqual(entry.dll_name, "kernel32.dll")
-        self.assertEqual(entry.func_name, "DeleteCriticalSection")
-        self.assertEqual(entry.iat_vaddr, 0x1f13db1c4)
+        self.assertEqual(entry.func_name, "GetSystemTimeAsFileTime")
+        self.assertEqual(entry.iat_vaddr, 0x180002000)
 
-        self.assertEqual(superpe.get_vaddr_of_iatentry("DeleteCriticalSection"), 0x1F13DB1C4)
-        self.assertEqual(superpe.get_replacement_iat_for(
-            "kernel32.dll", "GetEnvironmentStringsW"), "InitializeCriticalSection")
+        self.assertIsNone(superpe.get_vaddr_of_iatentry("asdf"))
+        self.assertEqual(superpe.get_vaddr_of_iatentry("RtlCaptureContext"), 0x180002008)
+        
+        # bad test, but result is random
+        self.assertNotEqual(superpe.get_replacement_iat_for(
+            "kernel32.dll", "GetEnvironmentStringsW"), "GetEnvironmentStringsW")
 
         # Exports
         exports = superpe.get_exports_full()
-        self.assertEqual(len(exports), 35)
+        self.assertEqual(len(exports), 6)
         export = exports[0]
-        self.assertEqual(export["name"], "BZ2_blockSort")
-        self.assertEqual(export["addr"], 0x2FC0)
-        self.assertEqual(export["size"], 416)
+        self.assertEqual(export["name"], "test")
+        self.assertEqual(export["addr"], 0x1000)
+        self.assertEqual(export["size"], 80)
 
         # VRA/Virt to Phys/Raw
-        raw = superpe.get_offset_from_rva(0xD690)  # BZ2_bzdopen export
-        self.assertEqual(raw, 0xCA90)
+        raw = superpe.get_offset_from_rva(0x1000)  # test export
+        self.assertEqual(raw, 0x400)