diff --git a/tests/test_asmparser.py b/tests/test_asmparser.py index 2ca00ec..1a77c89 100644 --- a/tests/test_asmparser.py +++ b/tests/test_asmparser.py @@ -3,11 +3,12 @@ import unittest import logging from model.defs import * -from model.carrier import Carrier +from model.carrier import Carrier, DataReuseEntry from observer import observer from helper import * from phases.asmtextparser import parse_asm_text_file from phases.masmshc import masm_shc +from model.settings import Settings def print_lines(data): @@ -25,27 +26,36 @@ class AsmTest(unittest.TestCase): asm_in: FilePath = "tests/data/peb_walk_pre_fixup.asm" asm_text = file_readall_text(asm_in) carrier = Carrier("fake.exe") - asm_text_lines = parse_asm_text_file(carrier, asm_text) + carrier.add_datareuse_fixup(DataReuseEntry("supermega_payload")) + settings: Settings = Settings() + settings.payload_location = PayloadLocation.DATA + asm_text_lines = parse_asm_text_file(carrier, asm_text, settings) # cmp DWORD PTR n$1[rsp], 11223344 ; 00ab4130H # cmp DWORD PTR n$1[rsp], 272 ; 00ab4130H #self.assertTrue(", 272" in lines[192-1]) #self.assertTrue("11223344" not in lines[192-1]) - # mov r8, QWORD PTR supermega_payload - # lea r8, [shcstart] - self.assertTrue("lea r8, [shcstart]" in asm_text_lines[198-1]) - self.assertTrue("supermega_payload" not in asm_text_lines[198-1]) + # Original: + # mov r8, QWORD PTR supermega_payload + # New: + # lea r8, [shcstart] + #self.assertTrue("lea r8, [shcstart]" in asm_text_lines[198-1-1]) + self.assertTrue("DB 0" in asm_text_lines[198-1-1]) + self.assertTrue("supermega_payload" not in asm_text_lines[198-1-1]) # shcstart: - self.assertTrue("shcstart:" in asm_text_lines[213-1]) + self.assertTrue("shcstart:" in asm_text_lines[213-1-1]) def test_asm_iat_request(self): asm_in: FilePath = "tests/data/iat_reuse_pre_fixup.asm" asm_text = file_readall_text(asm_in) carrier = Carrier("fake.exe") - asm_text_lines = parse_asm_text_file(carrier, asm_text) + carrier.add_datareuse_fixup(DataReuseEntry("supermega_payload")) + settings: Settings = Settings() + settings.payload_location = PayloadLocation.DATA + asm_text_lines = parse_asm_text_file(carrier, asm_text, settings) self.assertEqual(len(carrier.iat_requests), 2) @@ -63,41 +73,48 @@ class AsmTest(unittest.TestCase): # call QWORD PTR __imp_GetEnvironmentVariableW # DB 044H, 0aeH, 06cH, 0b6H, 072H, 07cH - self.assertTrue(asm_text_lines[124-1].startswith(" DB ")) + self.assertTrue(asm_text_lines[124-1-1].startswith(" DB ")) # call QWORD PTR __imp_VirtualAlloc # DB 0c7H, 0b6H, 0feH, 0dcH, 0b2H, 0c6H - self.assertTrue(asm_text_lines[148-1].startswith(" DB ")) + self.assertTrue(asm_text_lines[148-1-1].startswith(" DB ")) def test_data_reuse_entries(self): asm_in = "tests/data/data_reuse_pre_fixup.asm" asm_text = file_readall_text(asm_in) carrier = Carrier("fake.exe") - asm_text_lines = parse_asm_text_file(carrier, asm_text) + carrier.add_datareuse_fixup(DataReuseEntry("supermega_payload")) + settings: Settings = Settings() + settings.payload_location = PayloadLocation.DATA + asm_text_lines = parse_asm_text_file(carrier, asm_text, settings) asm_text = masm_shc(asm_text_lines) # optional here data_reuse_entries = carrier.get_all_reusedata_fixups() - self.assertEqual(2, len(data_reuse_entries)) + self.assertEqual(2+1, len(data_reuse_entries)) - entry = data_reuse_entries[0] + entry = data_reuse_entries[0+1] self.assertTrue('$SG72513' in entry.string_ref) self.assertTrue('rcx' in entry.register) self.assertEqual(entry.data, b"U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00\x00\x00") self.assertEqual(entry.addr, 0) self.assertEqual(7, len(entry.randbytes)) # needs to be 7! - entry = data_reuse_entries[1] + entry = data_reuse_entries[1+1] self.assertTrue('$SG72514' in entry.string_ref) def test_data_reuse_fixup(self): asm_in = "tests/data/data_reuse_pre_fixup.asm" asm_text = file_readall_text(asm_in) - - carrier = Carrier("fake.exe") - asm_text_lines = parse_asm_text_file(carrier, asm_text) - - self.assertTrue("\tDB " in asm_text_lines[108-1]) - self.assertFalse("OFFSET FLAT:$SG" in asm_text_lines[108-1]) + + carrier = Carrier("fake.exe") + carrier.add_datareuse_fixup(DataReuseEntry("supermega_payload")) + settings: Settings = Settings() + settings.payload_location = PayloadLocation.DATA + asm_text_lines = parse_asm_text_file(carrier, asm_text, settings) + + # why -1 -1?? + self.assertTrue("\tDB " in asm_text_lines[108-1-1]) + self.assertFalse("OFFSET FLAT:$SG" in asm_text_lines[108-1-1]) diff --git a/tests/test_datareuse.py b/tests/test_datareuse.py index 37c4db4..316c55d 100644 --- a/tests/test_datareuse.py +++ b/tests/test_datareuse.py @@ -29,6 +29,12 @@ class DataReuseTest(unittest.TestCase): self.assertEqual(40, largest) + def test_rangemanager_2(self): + rm = RangeManager(0, 100) + rm.add_range(0, 90) + hole = rm.find_hole(5) + self.assertIsNotNone(hole) + def test_relocation_list(self): superpe = SuperPe(PATH_EXES + "7z.exe") relocs = superpe.get_relocations_for_section(".rdata") diff --git a/tests/test_derbackdoorer.py b/tests/test_derbackdoorer.py index fa22bce..45ea0ff 100644 --- a/tests/test_derbackdoorer.py +++ b/tests/test_derbackdoorer.py @@ -22,16 +22,6 @@ class DerBackdoorerTest(unittest.TestCase): addr = function_backdoorer.find_suitable_instruction_addr(superpe.get_entrypoint()) self.assertEqual(addr, 0x1304) - trampoline_compiled, _, trampoline_reloc_offset = function_backdoorer.get_trampoline(addr, 0x11223344) - self.assertEqual(trampoline_compiled[0], 0x48) - self.assertEqual(trampoline_compiled[2], 0x44) - self.assertEqual(trampoline_compiled[3], 0x33) - self.assertEqual(trampoline_compiled[4], 0x22) - self.assertEqual(trampoline_compiled[5], 0x51) - self.assertEqual(trampoline_compiled[6], 0x01) - self.assertEqual(trampoline_compiled[10], 0xff) - self.assertEqual(trampoline_reloc_offset, 2) - def test_function_backdoorer_dll(self): superpe = SuperPe(PATH_EXES + "libbz2-1.dll") @@ -39,11 +29,3 @@ class DerBackdoorerTest(unittest.TestCase): addr = function_backdoorer.find_suitable_instruction_addr(superpe.get_entrypoint()) self.assertEqual(addr, 0x135D) - - trampoline_compiled, _, trampoline_reloc_offset = function_backdoorer.get_trampoline(addr, 0x11223344) - self.assertEqual(trampoline_compiled[0], 0x48) - self.assertEqual(trampoline_compiled[2], 0x44) - self.assertEqual(trampoline_compiled[3], 0x33) - self.assertEqual(trampoline_compiled[6], 0x02) - self.assertEqual(trampoline_compiled[10], 0xff) - self.assertEqual(trampoline_reloc_offset, 2) \ No newline at end of file diff --git a/tests/test_dllresolver.py b/tests/test_dllresolver.py index d40038c..2bc5efb 100644 --- a/tests/test_dllresolver.py +++ b/tests/test_dllresolver.py @@ -20,5 +20,3 @@ class DllResolverTest(unittest.TestCase): dlls = unresolved_dlls(superpe) self.assertEqual(len(dlls), 0) - - diff --git a/tests/test_superpe.py b/tests/test_superpe.py index 70b22a5..244ed47 100644 --- a/tests/test_superpe.py +++ b/tests/test_superpe.py @@ -2,8 +2,8 @@ from typing import List, Dict import unittest import pefile -from pe.superpe import SuperPe, PeSection from model.defs import * +from pe.superpe import SuperPe, PeSection class SuperPeTest(unittest.TestCase): @@ -14,7 +14,7 @@ class SuperPeTest(unittest.TestCase): # Properties self.assertFalse(superpe.is_dll()) - self.assertTrue(superpe.is_64()) + self.assertTrue(superpe.is_64()) self.assertFalse(superpe.is_dotnet()) self.assertEqual(superpe.get_entrypoint(), 0xE1D78) self.assertIsNone(superpe.get_rwx_section()) @@ -55,8 +55,8 @@ class SuperPeTest(unittest.TestCase): self.assertEqual(entry.iat_vaddr, 0x14011D528) self.assertEqual(superpe.get_vaddr_of_iatentry("FileTimeToLocalFileTime"), 0x14011D528) - self.assertEqual(superpe.get_replacement_iat_for( - "kernel32.dll", "GetEnvironmentStringsW"), "FileTimeToLocalFileTime") + self.assertNotEqual(superpe.get_replacement_iat_for( + "kernel32.dll", "GetEnvironmentStringsW"), "GetEnvironmentStringsW") # Exports exports = superpe.get_exports_full()