From a5cd3309b71e970f5f72b2e2a183ef7cef26b908 Mon Sep 17 00:00:00 2001
From: Dobin Rutishauser <dobin.rutishauser@gmail.com>
Date: Mon, 17 Jun 2024 09:27:02 +0200
Subject: [PATCH] tests: add dll_loader tests

---
 data/binary/shellcodes/createfile.dll | Bin 0 -> 11776 bytes
 data/binary/shellcodes/messagebox.dll | Bin 0 -> 10752 bytes
 tester.py                             |  30 ++++++++++++++++++++++++--
 3 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 data/binary/shellcodes/createfile.dll
 create mode 100644 data/binary/shellcodes/messagebox.dll

diff --git a/data/binary/shellcodes/createfile.dll b/data/binary/shellcodes/createfile.dll
new file mode 100644
index 0000000000000000000000000000000000000000..fb045563daaf4027bd0488ec74f77cecd0d7e39e
GIT binary patch
literal 11776
zcmeHN4|G)3nZJ|dB_S|O&<qYx%L6A8>n0sCLBpTO3`y`(2OA*)DuKzr7npW3GduGJ
z!KF2Hi0kk=XVKQxZvPyCJ+0QRi*8#3-EAj?HHkutxb1?%Htn9e4@2ANT18uZ`}^*D
z6B4Yu=WMrU&u)Ei@Av0^-*><J-Fv@#-@L57b3e;xj1{0524nqz^!P;mpI4XAJahih
zne1EBPA=%T1x_w#-X2QGv3PV_yuC;6Y>z~us@$Q-@nl2}MdXH$ua|qGT}qYRUgEY)
z$NP`}#Z70waV}R@9$0#=8uYL4eEhr#A3MK9&`+GdMZmv3zXI^n2Obyvo6bIdZa(Pi
zw;U4m^;^Di{$@e9oHOC0f?gNu+)jPuM%2{ESl7LUtmss<JI5Pm3+3r~Gb`9t;C$HR
z_Lc#b3cS}wfbcxV3I*#jWW8We5b@-(Hi()^Iq+WE<c!xcHV&Q9rSON8+Zdy`vL?oc
zMTbP-i81yk0Bv4@3fAwc<Z8^_WIYdKuF3QjN>!?|Qw7geii!%2-5Lil@yO`5D&Ezu
zwllV2CRng3WM_-!iOPqrt4uL=9|Z^u1cR~bQ6@b;#<Ep0Q&5bt35_IIF-Zuh5C5y;
ziFhY)5tB9`B=-@NNsmv+Dd8vtDMl14Atwl8n2(RKRXO|vXhwi%q(8lhvB4A8!_xtG
zF;6$UO9SZ!w<`crUcX@@PhIqI?Jb^B-J6ckax$FH%8YUCjDFNGj7IMWPpfV@pbc^D
z1+Env&O_9kI_?Q>-8^9&efZYHl#dTJxM>kFp0O`mz!=DiUXZZU=*@zXsgI*5KEwHm
z`JyA9x@08h8_sngwNp@>14TW6-up=yefc&Ig8dO<F9Dlt&j}_s%CCoxIlv2lhL+r5
z0pU$W>TO$6(mN(us+e$@YXcKFsd=+gNXt@pw`2ZZH~}}7+aIf9ELqA221>i%959Te
zZIBO)lwP<OY1Zto@3gu!^@>fcplUXHS4(n3s2J2&VdsoV`qcoA?_@E8iorD)FW?0S
zI#}D6bv!sANZQvt-AePNx=VR_w_Emaz<^|~y%x}3^^WLI!N}gMWA88&^`#PH`_A0g
z;P&~Rwx#Ok)PU*e`$yD6(lihhMSU-X_GZ<O>-S6p^$aqB{&Q43<6K75kg?wgp#RGZ
z#`?0!8}tRHxQzA^v;8+noO(anhoo;ISJ8I$RU7-B)9)<;w%16m)K37z%HgS6rn<Q{
ztiK@KR9yk>nWLnzM*9KR@&lUvUKsNm&l}Q@DseQCgJXH#EZ17ySdFT?mTSA+9I=r7
zTL+K8D${#W@27dCxQJ!z+xM0xJqZ22>^*i<*#{L*aL^b|OS{pa&&LQwWaLy`9yy)#
z>RyaY|1suFf3lddRQW4NtPI2WK793__U-$jepbxT84*`)aO`WQ0|vPJ_n+X}ah~2J
z2hu)Qx(Rc`i#Kc(ljB>XjcadXdiqW$9ZQ|RMUJ|s$eX?JbC}PpGE$dpclo#`y?!lX
zgb+)aO|~&?r`@2nGZ>Vo?<L3HCm@VqY5$B!>5si*7-+(d!qV9L`N>Tmo@h!Lw&YE)
zR}D4qX;RBW8}EAqi%I|CyR=)RUb9biW=_U%N?`RFs+2PFlPe~Aym`WGUsf%L=IY7b
zmgeLP=QAJ5c|BI>eTlr+25I(oVgh{rt--B>m)9>%mb^y0q`k<sSIsT?CCoTd3S|^5
zh>1zZd<QRl2|i<<MLxlTKkFSaoWXgtu%0uVw*xVpn*=$0bXozUeI##2CI}Eu<hazu
z+9TH>SccOF9tKi$gx2248?eY{V^;LXKyj@Bt1K<O0|w6!p2}joNg1Lw>16_GY2%Hi
zq!0LJu!f|?;83?i(v84q;SNblEUX{viSbWmX*X4p=1_r+dcMrp><W%JxLF|Qm^QB2
z_ve^UJO`h312Nc-k<|_&4kAhW5DCNi^|{d2{*KN}FLHC1XPVt@h@s&urxuKLDNl8|
zYvDn_y`5`l4QRs@77yl*m@y(MD66-+WyAT#9K>lTW#sLCl4j1z>D1_I;o3#a9QLDh
z_y!pNZuP;RRDO|$wR|wC@|04FUe=Zx&evdrYmL|ojpK&%A}B4(7Za|VcxJ83q(_Nv
zbU|&L4~)v(3*6f{&b<Tt2$D1&Sh@~`_i|U<(J+AMSCR`@DNX#%Qy{kziM_ss4u)AD
z1!0tTz&i3n#%=?BArF&*Gf)CPNN0gQb_shSRqWPZMn6FEppWA~w0#%J1;JaOaIK)6
z&M&U<;xUOYA6Cn}*>Uc8(td)H|1Yb}ynWa<_9o>bvU`uITcjUEvKgDBZv&0g_lU_Z
zsLqZR>0bnK*d{t89VGBdEFC292Tgl9TN>o{W|O3JmHru%DAJQa#x73M*E_+{x1zF`
zxxC2JVLC5Vx69geZ&6ahzPq5GLHa_Pn4S8KEjdf%0j{0o+K}OV+ePDTc5l)G2(P&t
z!`KkW!#=o-E%^iJim`rP7*R_R<P*rRG@uJ3;OXB(a4D(j140ymwZ?hGqAwg4$i<4j
zkz~;`QXjN!dW^F0LujzZT&C|ciD`(?JwV4^nHZp%4|?kY&}7=#<hImXw!1#5+aQIR
ztLS?v>4sM~p;ccjcsQvu_FITvV9Hb>s@`r#RJxxAoEkR%-Eog3K>+J%CIFEHL0$v!
zjPz6Nc$;uQ-aL2&#|G2iMkVGQN7_LD+B+HRUMk&>6_wn{JMG7T;K1BNAphAtOX*!C
z8SI~qB+$Lo?@BfYZan6A`i?T5I_Bc}&pV#>7xK)E-aux?vpikqUbFmp)unxGMqv3s
zyhK}7oIem)o{bknx?=1n-qRch3$2W@)ZK3OX~Igd4hsSE#Ike^nlajURv*Js^qxjs
zrtf_zS;YU`Ig|1kWlBq?w=N$Xw(qQ3u=jLwhJF=Bhcj?GKyJXarZUnJhz+L7?IdmH
z^cJ4^rrY-$3~|rJEabJbR<=Fu6jM>4J$LekBbZsHAIDCE-`MW{{!?&CPoN^waGr-S
z*S?}djAtG^LwxNyWHiIMnOflbid-hkjEYtvbUB-0<7aegpnN7W3J{qNi-p2;->~S5
zmUOz0x*<md)8GFv^(yjx-+kogIe5!8Qv=6s8}6x1FyaGjrW9{D-^JUab_Qt^M+FSx
zs>L%%TtK+t96%%GR-fT~0x0%@9lJ~|&hUJFK%Br|cAr9|_@3hwFyt)cS8<1tdFI*_
z9bB2Z-2h`(;dVr0FEpH8G>X(<F<<_Z_yu!U(q5dZyV2Bbx<a?&eRPju@lxMrifEyG
zi^%b%-mG`Taj-!fXwXjk_q-O0C~N$C#v`f{ZqS}<(8j$Z;*RDx*f{+Zvb=xKtG6nV
zWO~c%jnkh`uf3$bm2UZMax+iae{mh6RX)DbaPT4NM<7@)V|Cd=8&fOl+6wcSx}Yvb
zV6Jrdt>5BOB;V!cc<-Qp7_Z~dK%%TclfI7h?oSQd8q(62fsPe{_jw?Ajqq!)Hfm=Z
zwdeh*cZ+r_{*1qfe1})sYj6nu!XdchIQp;C64PNM4@NdZ7Z<SIbNZ1pS%$w&gMAS?
z&@jdO-Dqf7KEC^EGZHUMZp0Dz&O*k%i#&ok8GUz1dJUv`_+JE;NBp#O7O3Oszm+BC
zLFiXQ(#gwB-vgSy_P8l9&yl(j%IL^;iVyru=F?B{bc+nt4>?kAkS(oIUO2dH&><GC
zCVdWiPmQLAi-)9LKxuEKrMrOn-x!e9EvaF7NNNL##f65gz>Yxb6x?17yy3bL`11}N
ztR-ssNU~aVaBSJJ<O0Yn1UF@0gxUwWm(thH0Sf67fUzP7*nl{WzI;t$26r4CccJN5
z3(z+re0Abu6Q+EA?ODHej1OEWEjRE>L+YnRY3ap9Ftul-0@31cKF_bSe;b-SZGQp)
z6S8AEPyO`!pucJw{FyURMh4N(=+%j7083J6ffKFnTDsz!M^Y(nm|O6=CKe^2H@j5Y
z4LKaA6EAT_`2(|PE$$WdUy6EI)JH}AO;JB1>W4-Bl&DSl9l%eVIBXj<%GV1N*^r*g
z?}Nsu$(dSDYA-(sMPCcfL78i>>|2ZA9+$UV*z`88x0Beiz8W05?8z9?M1v{(G>%o1
zhilj?T(fD|y2y8Ujh6!%`+ct(MnG$fX)U<xt!>jUy=hv)wTQHYhIeF7E!IWW@r40x
z0DLTw51v1Q2(&FX2N|*8XDm3o&g6S6*kHjn3x39e4_NSP7OcI+)LUr5Vhg@zwV$)#
zF$?BdFc<2ltp5MXf&okav_<FSzO%x_zG}fX3)WchdJE3A;Abtk+JZSd%%XpJh5fP*
zv0fX5a<FZ_N%vj>b9QdE_&NIbh5LPGe;&UHbN1-%XYy0ema$f*GKKZvXU|sFZVA>$
zli@Czet++bEA6TxcZb4?T%p9{(YRdRbwi0Ix0=|dNSB;Qc6KU>M0YYA-en2+C<uRu
z#~R<2rd^B8@m5&y%64&_zK8h-WYkQJf37Fl^3P+zS_}Ft$Sp|nxo-@4z?)IJYEbYZ
zPEW3F25?*oSwGtPuV}M_zX{4G(01aAHu^dK_j&M+!}5FcdtI=N|15xtc=K^L{1VDx
zlqL9?<TjM)==)t1&pgJSxR$ZMN4fUHjBQ6bf)c|?wja(m;FmzUeB2B80N}dy4eM`T
zG_z@B@S*x|x4lr=_41tabit}$*4mO#;)&L-Xh$g0nusRjol0w5iA58w%}PRT2!~sD
z-c-}NP6;dR2_?tFr-Ke?GX~d0p}y#|#jW+t0s1b{gx^WUcMW$>1Z>s>Kkys(1kdg9
zO!#KX?G)cM==apB5Pg?$FCjgwMOI6C9#3cYHrN4OOmzJ^yaw0%NoLbj-krp2o5EWo
z<hD=c3Axx5UXzg9Ih7~mdZ+N3h1`8pc|vYKcrmP#+_xH<&@T96((WD6u-Zd3t-s?F
za_+nDzPqaf!($aUTjPtXo$fV$(T`^e?@rNA?POlFDd(HQGvzpVkJ`}xPV-w&?ps%t
zV$$@@tBL$GV@^M?GS4z|{aHNx7>kP_@yL!TN6VDax%CE(!Q|2O;u<C1BUtVmR4?da
zT*j+95(#R~eN)SQdtz;{1Gf0a<i<|M(+0-FmwCb`;{R8VZC(MJx9*zQ>^7&zhBueO
zc%H{rU}FWVOij4YW;u(QQ=P_~T}8}UQ^=gvvql-#CWgT-&0=gD7BTG^dY%RTqe--|
zS)JE3tE7OH)D*Llb%im~Er6`!YK#HpE0%5n@Kq?^vFO`?Z<y3h^u|f;)8-bkxit<p
zH$Ho`EOvDp*(HB7koja8d;v{R_^>Xo$>u0z4vfKpF*vHH$86JVY+47}iwjtBydaj}
zhOtu&ssZf<%wAK%?CT1frcpc=!mwq(6Tig$0)@#YwB^}Y9u|bHteBN`p)?n<GW1ba
zT^h4FCB*C~bK3e@A<2k16ta@)LbM^SkayM~u2;<*oe`VfME=v0gC=Fxbbb=njP*zD
z^u9*L1=@qcQDn?Vu6TgQR^vNuDb@$tk|+<MJdHAfat4Jg<*|Ishs3PhRn-*^vz047
z^%m{(-O=dx`!?MPX3bQlztO+J<8!+q0O)&P34h}%tGzoiVf7P!PBt$yyxh-J<WKU7
z_D=5k9Nlp|@OKjL9C-V|<J4w7S-KO^ZkWUy1+O1+@ArIgk2E85<vsF6Rxj>fbkEwz
zKAm@~q6XR%Y9rml82bXN4@VOUZ;y0^6?R+Wy4xEA-fFRMaMA>W^}$3;=?ry;I)mGV
z40OuDPpDl%byrLYh9ce3U>D{(9^DlThiJ}kVLeJuLIJj+eqGD$&1=>+F0S#IHW_r=
zJL76F6zvFhCnKF$vBFv?8tjbr^h6`U9o?~bD57@b#Dw*bsw(jwcJpOCsIZkRm{7I{
zaic_IkXE^iK|RtP+Lnwf!ALs>cUQ1IzHJA7y)ZRH?cvbf6HQ8FM<^bR^e7Q{Su;f<
z8c}wJ)S%klfq<}uEU4^MI+LmroYF8G{gE7F?Xgg0Pona!P^1#$szhKy(aP}R%EguD
zkgsURU!tg?9%Zt`uM5_x;rjNN3g7Fa_%REA5AhE10@3KFlCjl@k{XIe8Y60a7xJxy
zmJOk}nrsiZM9?h`)R(1}h&er7jXOJ)7>Q%P5gf+;T3WBD@7r8W>!Cgwk0TOI@hDxs
z*>R~EArD1xY0t6PqxowR77>lF#(f^XHpP_$1u#}{M^cIJYEt6e(RfdLq!XjSDABq1
zz1G)sv70Axo3~?ec7e%C^5Mz)T?tj`X-0tj30km(v3>b#unf!zTpz#^<4|Fbz@rAG
zBe`vx63=<Ef>vH<3{m>v`M(l@+}FDQuD>U@$fvvi$$TRv8@YE=I#=mlW8NqQBFNu$
z9*fows{fS;l;Tc<Pqd8g>M_7qP?~`=+<9Cmt-zZABPiQR1~6;!3H}&&)G+vG05{>j
zco;ZA`n$OTygU*72b3D%S-{s(HUTF%gcrC5;KP7RXXD)y_zFNBr49IuYZzOELOxUg
zwp(}?;KLS9@NX>qFyI*rC-@5s9|vr5;k1QKg1snYli(LDoZt^E{1o8kIi{bjfUl#3
zYfb2yYw`*DExZ}<%k%KA0~vy6Q2K!r#P3G}cLDwk@5sl&Z^Qk!1LX|xUO>9@j{+x1
zclbx)8$r6i6Hbus;Di%oGXBmD@&sKdpCkN#<gtl&e;3@EYL4!<;_CPwKK{soakSBU
z)BS)~J}Xx4><P;|@RpB5v2M}gD$gQWiF8K0LXmBCi&~mjSJp0)6Dlq@?O`18b&GZ>
ziA5`Kv6rl9Pb8F{j_@uS1|o^NMag(%S)y~h($k)(><M+oqlsv@T8UfBvi3wz)sDrB
zWE_5>Zrp`7Ozw?LeKcna#FY;IvC|&&Zzf#_<O3B4JO^qI@B<GYc;vv&gZmFYd{91A
Wd&qZ)A8I<Z>Chj0p#Fc3|33f}7{6cu

literal 0
HcmV?d00001

diff --git a/data/binary/shellcodes/messagebox.dll b/data/binary/shellcodes/messagebox.dll
new file mode 100644
index 0000000000000000000000000000000000000000..c4517175432ebd1d7df7a0ce6bdb0fdba72ebdc9
GIT binary patch
literal 10752
zcmeHN4RBOdmcE_jB_Yss&@>bA@1dPZP?BxZ5&1DgH%atG8;v1B1_GU?^8&4%?ym0F
z5L~7V(?n?=?K0!I;^=JgGrOg`))emg6JqV!A&f}`b|5-4AT<iJHTWQ~6Wm!r5Z`|1
zz1R6coUPg&YirlNRrh`8oO|xQ=bn4-x%a*9Ma#CaOvYFivZ^xH1*GKEo`3w2YhrBj
zt=*H^YZDGl?=ra$O>bD^kMiM2Xm!Nf#{0a%U`XOuiF_m$<o!Xu`k}>qTc|}WGn?~l
zM$><J%cE}(K9O}cosZ`{clI#&DW7xaex+f~xg#2~b027EI(HQKd=7W+*TBIixU(04
z`!1U`y?vLn&b_Dcm(S{$t?~7K-x})Ut435;!&u9c*{s*|Xlq($nBB%t%$Qul@*%lN
zm+rY9NIYX57`{$tFqTa;QW{wp3^^4kgEd1{uat%_^Sb1431h>klbQj0sB#@+7YUt=
z?a?|U2C12`nSi?6nbsAFu9fm{L)EeMc%!{*DMMB!iR}_lu;4)^Q#Qr{N=rO?FN?Hz
zB`?;C86pVSWaI+mG0BOp%XBrinH*zBhOZcG8k?LLZdq7Y)W!&brk7qMhBCy?vPd-I
z1F!i6zR~o)Z73Mv)bzwa2#Vw*@|C6s-;PaA#ukp{zlpSKFTB9qN$!~`nDnIe6@X(v
zP>Ysh;tw7?D8$c}#4nj*H;pLn(iPv*6jiGOdR?@@g!ulF-h+bN(~D{&$&nhz8uHdw
z%dML<cMJ2)>u+T&mM`@5<hNevQPr5KSLhkYKmBAT89@Da4oY+5XG~HFJ*L7MDQ~n#
z<$kQJAx^mwV0j~@Sy3w=COl1Rcu{A{@@$XB7Q##+(PYaN5|S-nNNlk2t|jPz7vxXe
z@_EOA(v3zor7WBJQBiSmjBPo(x!UG*zG;eAo~PAl>HImKecVYfG-zcjls2WLhm@x#
zfO{tkk8^mylV{MokTf3$C?8H@tTPpxq0G?Ld6akS<$p)zT`2G4wxUtm9?o)g%K_!-
z98jCo*aGE!P=b6^h|gh?O_2MQ<C>XLp<8~Zn<~`G|18LvZrMB=jk(k#D)-m77_%~z
z;YbN`lg%#3l5LJ4Z?FmQ1@BtfyBDo8Wiy`JFe{p09)UCL&MlwGoQV3JsVB^OWhbiG
zJ-upwf^(xlDaHsj&+zfe4{nFiF^4iABU65bIaBuLG8Qk|2RXwq`e3VL(7ELo%1Ld8
zj%t3Ddx!o;Hz0=$*oJkpUq~$F-3e!5q7HK-<Suzcn;d7YJS<<r^mGo!EOV^~Z)WU?
z97pQ(@6dd5p&GwvTIUpG?x%=90$j``mzsuhRqIUf@=;8-z4N$b)6bv`XUV^Yr<9kk
zs49x8QG}^}W^B>qk)pV2ip@rQ<*4Quq-vjhuBt-kr&vtNFTMaNb9TK?X>wXewZ4vU
z*r`ffT+NK#Gt%STBh7ZEq$1S(6lx>Z=BM>k>srWltB0~3$H{uRmu9aW6X0~M^sMY1
zUB5J0e64&@{y>n=(-!5F7qBGVa-aO3Knr4I(lOtj(=Whg%(HW`zTl5J22|^<SayPZ
zK($T=p;`+yw!eEq7NdQ{FGm=dM6!e%dnSH%&fagqS*n#mhJoblrL}ix1{V1#oQ}%N
z-~_oEt1Q7C!ZZm<qT?xSH*N*-GWP~Sf-8nPX*xmQ2~i(sf`q#5<1XK*@2ozKgN*iA
z7uFLK9!t?~x`I-nFUv$dkIH59T_jJqv-q^oB*^CGv=9}y!e&K<54K@sb9&*2CFDS-
zARkk$Y94CK|3GJoL#@G@Pd3<^;X~DW*F=<HtaF8Ui){`paNE`hGD_WYKe@$@xg%ki
zm=Xj|%o(p*-#~+EUtG=D@G8xmXXSE=f>c=8D9C5gG4><ZF%6BsRle(^(&z64HNQ6|
z32`wWy)4RCt*bPnYOoh-hE?lp;N+Ari|9Q%om^C?^X<gf6r$R&&~t(p9H1RF!-Atn
z*sE#@t=|sDG1`@2sqTUIuiStltdu(8!eOvwWD)lIie9+vB;qnwz#V8EwkOR;z@N^*
zWC%&_m!P3zAY!!gF**|Bxi;mLPGq1RIuEGqE$nePak?nTSw(aS5M&{Dh!f`bO9hV9
zuwZ%B{30C!|5~oc?>(lW3*;}V`-EOMN7;p-GjxNp8azVac3qrRo*K$gegI~VN$Zg6
zAdr`0;UJJdtGAbKD-OL)sTftdPFbrnIZ7Ldp|fM^E6X8Kmf&Fsjk&`@4$!$F*$R!#
z_ZbBz?7!2>Q3N-Hi>dL;rq~oM9tiRwLGDwnyKpejl36Od;bwhT2Cy*@kDV|XTk{>%
z)yDda)`*l3XTOLzO9MLH1DW#1MOCHXrtH;J;aFpwuNwU6mox%r<v=Xw9j+0zO-h)e
z@n4|87;}O0eVv&A53K_^bY^6LdR*wJya_d#d@Qy){+VgrqlyVyn7NY9<1rho%BJW)
zLzCgePMRkZe}k@52Cq6=Eg^0$4LIJf{+s0q?w9(8{}4bdA(q+4fOoi8@ib`$@XLGm
z;`m_7B|Nlw$I;f)wP+b*t#i5WVrj+N1)q5<2ppWX1exz{oJ)81n5SzZf<fzCS7EHd
zedj*Qn-3QV@qL9t<`K)Au52MWsl%O|^sbO7u+`2#A{EN_Pjb)iiR8%(b2EF~^HUK7
zwtXc-A2|jE95A#p3gVC3*!PIa!#d0cW@yW@uvhodmSf5gmZD=2ewn!Gcq~VF%K9M%
zG>VvpPDkZ?kgzSsq^wPYu}MlEMu)R76ObM-t*In;1!}$VqTi6V9@`s*<SRDkWejoS
z*%b8UV@A~7qPsauK5%HpUd$|0_G72PZftv3*I}5XJcb9cs<jl#g8UN&YC`haqa>FP
zAhM}eAC<uLd(sgtc|t4Ilt!Z(Hg{5?0*Y%|WC6j`q45EX66DT)tuI>AiB9T<4AF$H
zuI<#T7WX?hlb!Fw+H?&ZyUl&owmK^=H^2r8@T&EnXrM<CK5=BAK{^?d2w)%t)w-TK
zM2vN+)>e?%2WIRtDK{x(Dm~gs{G#nJ>1^Cj4nyohoXypCsF1w*0Xo2vmDPZu>u^h=
zv1hB+N#urjZ>})^qsVD}SJGY_UspRHla+KXj;*V8c8$9Guz0C&Jw!Cp{Y8uQ`Hqxh
zz_P1a?x~gsT^m2~2gO>~#^InO2CC%))$*`oK)cUccGXNgjA-xLc>X>y7)z}9L(Rk^
ziA5LX&k~KF$Ce9m^XquSQj3Ncs1~7*`w6{nbud<$$~G~nq_R0XgGtjX!vxc~J)eD!
z%MriMChRrg7$rXomfbzkf@+ythcNGo_nWE{Tma-y4rD$MHI4z7e7;6LRwEyA#lOhe
zAi9#S9I_o&$)CU=*b9STj-~rwCPXKqkqk6ajJmjpZMdNeF_R^QOElOIPzN=1^)4F<
zs^<@HxL)_fdt(c66#g8q)o)=+FefLz=;OM<lEr=8YoO?`N7UE}($f8LLG(r_{l1TT
zcC_e8kcpeO>Iyen;&-AlIx-y=dVb3b6AufCMjlmfvcx~7w&WWAw%&QY7H#3mTm$O;
z{fT&gZXf3YNqZ~7Edb^Ew1<~g#QXU^t^_O=7Ye=&YA>`7!|chRt8X8GJy&2LBX0gc
ztX%70-@JXX>CicI9h_tSJ)TbJ9Z%eR5+t+-0Yf=Z7yx1EKJ~5WB*D@>T!^AKA#uUO
z*GKOkY0Bx6-*w6Rgr3v+MJnFN<0o?x+}{?Wsf`0A@Ro4lh;Y04ds^G(wE#@W+KEE^
z<l92R+^RSDTWhp{8bm)Qu8&Rt-1PuTU__H`4z4}Mk(7^{<_cU`v_%PYq~>zf(8F=s
zs}?Q8bf`s5+H<A$+@?LhuRSI0`Ly=z(4O_$vs!yTi08qBdrWACqBdfno<`pX)e~vi
zSR7McMC~~nasKgwd}hlcICVe2;&k&RTyMvSdF4S!=(5LSC?f^B^4mC0bs4T<X9U?K
zW6L7WB^qqJJ89m0URB+4O;~QkU2jpd!k|tq;aWtsv>J|qjdQRbQkEa}$UTr_Y5cED
zO{KcoOJ?f0$-wOfzGmQ{fu{_-WZ+bz{#FCm8u+MDey_pX4NN<U$BlPv`k7Ha&yd#}
z7`aOCI-}iB4f!1g|B}J~*ubX^eBZ!s1JixFZ`8lvrE%LWI=|;COzW>R<Z1rDi`(pa
zfA(3%cSNH>?YchZu}F+Yy{kojVW^$2Y4^5;10paSiqJ<oBtZ-WLNobCLXkj=Q81n4
z*Q&S3>km>HrE&FKlH~QR(ds!V?0y}|81L0hU*z@i=T0B*hY`K6%bt-At|Dw-VTWN~
zzJY}X@&=X|NUf#6AtO++2ILkTel3X9l+tCBK-2k62V>V&WoF2iQg}q!!K=#f$>C3$
zsQJu}%#K3zRRP)!B-ukS?f~)$<hH3eO^~bbvN#(@{TgI?<NpJ4BQEhfkk1q1Q{Xlj
zFX63#4$(J&KLpk<u3r3L@#MOJ-sh@bZ+@?|<<t$o$%4FUUQ=UKj6|DSLaY42rf4V@
z@rg|lF&v6EHHcBEIuK}TpIy;ZF9t+!R7}h8sdyD?Gln~)mZ>isPwc*`1~+}L?tqiD
z@7T6BZM}EEj@c+r%WQW0h;6#8oiSejrd;Ny@6fippw6&1*&JY*-R^5$jnCKEA-Tj?
z)#G)p$_0|m882H#GUqs1t)?f8muY%+<79Q3-qP_hO|N;JtU=SG-8yPZgQgdTjLzcp
zw|R!SY=J#GZ(AD*NNvQ^dfY#vXM6nd$6Homc&wz@Xfq=DY_%?}ANx4jGOeFEV`UAx
zo^zZ`*ApPyY(oF-`nUb`ZyRNz&eLxkb!4CJ^Ky_Z{|<fq88QdSN+7!kG-R|)8J!>7
zX$*Q@nqKYqg$_XaH-`>8#)C^`*{W!iikXvMzrY*6HBjfx5Np3F*bs@4njzahD${Ht
z`G1y7StgdXP`|ZKvF0+XG=W)La+tLun_0`JoUmgJ!dzB@&*sk|)83$T2{ebro90cp
zy=Rwa)J@6DVtEz0EU!L0Om(xMy8wDCkq;SlD?mq(PZ|85gMM;MIq^@8DW5Pcn@y{*
zuxXL0Ckn#XH&eTC2m43p{1|uFOW+AL8|pLaOqOhB!5AzUgQa|8*fhb!CagkvZWhap
zWQ8-EGwg=Fc9S`anJe;`xjwsY0{P-LOo!3_3x$joA$HjDjfc>bVPYBZv#B7L6|^8X
z<gfztQBa;AHd#6NteaU)T`Ze)G(Tjsyz*?6!LQJ_R=}^<O+GOxJh6`Kr<6vb>G&k9
z!1^LNy;o4ah<kEAWF@rj@<($s=yqB`Kqtx?k=G$Vhx{^f7c#Y!fvA>+w*VtHm9+!{
zY{3G1mBBlm57)R{&ZWyBtQaqJ)wq_}oi-a3fX=VfaMdg{%3FgYt$x=fP@AIyhu~ro
z;v-qL1A8N#%CINed93j<vJH@JhV1AVSq1J)dmy8Il}<b8{>7)cFXK1$p13K)xJlsx
z=3<SDYw8{4+QcLJdOTI0Xjt_5Tm3%I8gH;AAV#plA&*Ke9%+48^!S6VAx{hDDiT`n
z3HWKwzQfwYwx|edNmYI0gAKKdYGzf~^)_cS)bLA^7-?g7kJ28IEnuFgxW?1!51`OP
zE3c4we4${ge|0P(dV=0aB(%=sjjUdaH($M`-y85hK2jtG*ZL!&V4E03&lTe|LP4?J
zFL@;Is(?s8&U(al(HE0M&$xoA=#TUm^M?JUZPC(o{$QyuB9-FTeaYV@mIh{(&MMUh
z^6y#oQlQEkmS9^|2p>A|oAMQsxkI7HV&QvZL7(Ig1#5y*WIbXVhms}!h!pb%8iQyS
zhtw&qF{rz=rKa5{hDrTiZSai!lv^xHUs+t9ai1tv#Uc@mv@R0z;R4O}a}98*Kj@Xj
zw1~ZwSsOK&P~=|GOSaZU#3(r^ob_-_jI6H{BdwuGn>XmgC@@M)uj9+D*S4^`$4DF2
zL_}{3ge)%;mMmT$mBh9NILH;n07RnLmdsjAvpzwK-B=a^s<0ifs9IbVTfJJ0q%C=%
zrvAYicY4j;Lu<zuhR^;~DgEoif3>|sEBL|I_w^SRY9syXLUEVQJN-tX5gI!-PHWQt
zfBcVnfXA8l5Hj7>I)HzLTnBmwaM+L&X5)^~KzBUgX5{U3w*%7uVa|dkJcoP}&e&m~
ztpH~!Xu=D~GeKVj`f+Km0384pPDQ_<tAQS((M~h)d4qltc-Wu`e`nANFdsifl0IRP
zL6-nGBX2;Pgk6T5@Ss5xX5&6Wb#sBwAd{Ux0?x$UqyaQx9Wu!Y*BkU!;QP~X$A+9R
zAHOf|08NPR2pU}noQ8YPE0Avk{t!6@dJmB9c>SOW=?=FIHW1SNjc7u;gAq+g_oV{p
z6AH)@=&v`Kw0A$aqGNnNboYTB*O22!TPC24?#(|KUrFQcS<v1V;Md|U4*|TgcvhLc
zm=}Y-P>Vmfy0W;j;oj0Y#e7u4;pq+FxT!2&FGh<Oe8-%3k2e|>+g1hE^JpL#tt^g3
zg7c!jHDa4LTH5CKMMBX~t5oU>waxQJ+sf9?D&`TW{jE4_myGR=n)<VJTVSqX<2PEw
z>;I9uxP$G?-I>3$aA(QR_MII&*X-)pwRu<m?vma1-E($3cMH3}(O&vLJNW+qk{BL5

literal 0
HcmV?d00001

diff --git a/tester.py b/tester.py
index 01d40b1..f7d6dbd 100644
--- a/tester.py
+++ b/tester.py
@@ -18,12 +18,38 @@ def main():
         print("{} directory does not exist".format(os.path.dirname(VerifyFilename)))
         return
 
+    test_dll_loader()
     test_exe_code()
     test_exe_data()
     test_dll_code()
     test_dll_data()
 
 
+def test_dll_loader():
+    print("Testing: DLL Loader")
+    settings = Settings("unittest")
+    settings.payload_path = PATH_SHELLCODES + "createfile.dll"
+    settings.verify = True
+    settings.try_start_final_infected_exe = False
+    settings.payload_location = PayloadLocation.CODE  
+
+    print("Test DLL Loader 1/2: procexp, backdoor main, dll loader alloc")
+    settings.carrier_name = "dll_loader_alloc"
+    settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
+    settings.inject_exe_in = PATH_EXES + "procexp64.exe"
+    settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe"
+    if start(settings) != 0:
+        print("Error")
+
+    print("Test DLL Loader 2/2: procexp, backdoor main, dll loader change")
+    settings.carrier_name = "dll_loader_change"
+    settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
+    settings.inject_exe_in = PATH_EXES + "procexp64.exe"
+    settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe"
+    if start(settings) != 0:
+        print("Error")
+
+
 def test_exe_code():
     print("Testing: EXEs: Inject payload into .text")
     settings = Settings("unittest")
@@ -224,6 +250,6 @@ def dll_iat_reuse():
 
 
 if __name__ == "__main__":
-    #setup_logging(level=logging.INFO)
-    setup_logging(level=logging.WARNING)
+    setup_logging(level=logging.INFO)
+    #setup_logging(level=logging.WARNING)
     main()