refactor: remove recursion from DerBackdoorer

tests/test_derbackdoorer.py

@@ -1,15 +1,11 @@
-import shutil
 from typing import List
 import unittest
-import logging
 
-from model.exehost import ExeHost
 from model.defs import *
-from pe.pehelper import extract_code_from_exe_file
 from utils import hexdump
 from observer import observer
 from model.defs import *
-from pe.derbackdoorer import FunctionBackdoorer
+from pe.derbackdoorer import FunctionBackdoorer, DEPTH_OPTIONS
 from pe.superpe import SuperPe
 
 
@@ -20,40 +16,36 @@ class DerBackdoorerTest(unittest.TestCase):
 
 
     def test_function_backdoorer_exe(self):
-        shellcode = b"\x90" * 200
         superpe = SuperPe(PATH_EXES + "iattest-full.exe")
-        function_backdoorer = FunctionBackdoorer(superpe, shellcode)
+        function_backdoorer = FunctionBackdoorer(superpe, depth_option=DEPTH_OPTIONS.LEVEL1)
 
-        instr = function_backdoorer.find_suitable_instruction_addr(superpe.get_entrypoint(), 128, 5)
-        self.assertIsNotNone(instr)
-        self.assertEqual(instr.mnemonic, "jne")
-        self.assertEqual(instr.address, 0x1701)
+        addr = function_backdoorer.find_suitable_instruction_addr(superpe.get_entrypoint())
+        self.assertEqual(addr, 0x1304)
 
-        trampoline_compiled, trampoline_reloc_offset = function_backdoorer.get_trampoline(instr)
-        print(hexdump(trampoline_compiled))
+        trampoline_compiled, trampline_text, trampoline_reloc_offset = function_backdoorer.get_trampoline(addr, 0x11223344)
         self.assertEqual(trampoline_compiled[0], 0x48)
-        self.assertEqual(trampoline_compiled[2], 0x00)
-        self.assertEqual(trampoline_compiled[5], 0x40)
+        self.assertEqual(trampoline_compiled[2], 0x44)
+        self.assertEqual(trampoline_compiled[3], 0x33)
+        self.assertEqual(trampoline_compiled[4], 0x22)
+        self.assertEqual(trampoline_compiled[5], 0x51)
         self.assertEqual(trampoline_compiled[6], 0x01)
         self.assertEqual(trampoline_compiled[10], 0xff)
         self.assertEqual(trampoline_reloc_offset, 2)
 
 
     def test_function_backdoorer_dll(self):
-        shellcode = b"\x90" * 200
         superpe = SuperPe(PATH_EXES + "libbz2-1.dll")
-        function_backdoorer = FunctionBackdoorer(superpe, shellcode)
+        function_backdoorer = FunctionBackdoorer(superpe)
 
-        instr = function_backdoorer.find_suitable_instruction_addr(superpe.get_entrypoint(), 128, 5)
-        self.assertIsNotNone(instr)
-        self.assertEqual(instr.mnemonic, "jne")
-        self.assertEqual(instr.address, 0x1220)
+        addr = function_backdoorer.find_suitable_instruction_addr(superpe.get_entrypoint())
+        self.assertEqual(addr, 0x135D)
 
-        trampoline_compiled, trampoline_reloc_offset = function_backdoorer.get_trampoline(instr)
-        print(hexdump(trampoline_compiled))
+        trampoline_compiled, trampoline_reloc_offset = function_backdoorer.get_trampoline(addr, 0x11223344)
         self.assertEqual(trampoline_compiled[0], 0x48)
-        self.assertEqual(trampoline_compiled[2], 0x00)
-        self.assertEqual(trampoline_compiled[5], 0xf1)
+        self.assertEqual(trampoline_compiled[2], 0x44)
+        self.assertEqual(trampoline_compiled[3], 0x33)
+        self.assertEqual(trampoline_compiled[4], 0x22)
+        self.assertEqual(trampoline_compiled[5], 0x51)
         self.assertEqual(trampoline_compiled[6], 0x01)
         self.assertEqual(trampoline_compiled[10], 0xff)
         self.assertEqual(trampoline_reloc_offset, 2)

tests/test_superpe.py

@@ -64,5 +64,5 @@ class SuperPeTest(unittest.TestCase):
         self.assertEqual(export["size"], 416)
 
         # VRA/Virt to Phys/Raw
-        raw = superpe.get_physical_address(0xD690)  # BZ2_bzdopen export
+        raw = superpe.get_offset_from_rva(0xD690)  # BZ2_bzdopen export
         self.assertEqual(raw, 0xCA90)