From d861c241290d9d027a0ca9b42fc579d969826d88 Mon Sep 17 00:00:00 2001
From: Dobin <dobin.rutishauser@gmail.com>
Date: Mon, 19 Feb 2024 19:30:28 +0000
Subject: [PATCH] add: test data

---
 tests/data/iat_reuse_pre_fixup.asm.test | 214 +++++++++++++++++++++++
 tests/data/peb_walk_pre_fixup.asm.test  | 215 ++++++++++++++++++++++++
 2 files changed, 429 insertions(+)
 create mode 100644 tests/data/iat_reuse_pre_fixup.asm.test
 create mode 100644 tests/data/peb_walk_pre_fixup.asm.test

diff --git a/tests/data/iat_reuse_pre_fixup.asm.test b/tests/data/iat_reuse_pre_fixup.asm.test
new file mode 100644
index 0000000..a0d7521
--- /dev/null
+++ b/tests/data/iat_reuse_pre_fixup.asm.test
@@ -0,0 +1,214 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.37.32822.0 
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+_DATA	SEGMENT
+COMM	supermega_payload:QWORD
+_DATA	ENDS
+PUBLIC	main
+PUBLIC	mystrcmp
+EXTRN	__imp_GetEnvironmentVariableW:PROC
+EXTRN	__imp_VirtualAlloc:PROC
+pdata	SEGMENT
+$pdata$main DD	imagerel $LN8
+	DD	imagerel $LN8+453
+	DD	imagerel $unwind$main
+$pdata$mystrcmp DD imagerel $LN6
+	DD	imagerel $LN6+109
+	DD	imagerel $unwind$mystrcmp
+pdata	ENDS
+xdata	SEGMENT
+$unwind$main DD	020701H
+	DD	010f0107H
+$unwind$mystrcmp DD 010e01H
+	DD	0220eH
+xdata	ENDS
+; Function compile flags: /Odtp
+_TEXT	SEGMENT
+i$ = 0
+str1$ = 32
+str2$ = 40
+mystrcmp PROC
+; File C:\Users\hacker\source\repos\supermega\build\main.c
+; Line 37
+$LN6:
+	mov	QWORD PTR [rsp+16], rdx
+	mov	QWORD PTR [rsp+8], rcx
+	sub	rsp, 24
+; Line 38
+	mov	DWORD PTR i$[rsp], 0
+$LN2@mystrcmp:
+; Line 39
+	movsxd	rax, DWORD PTR i$[rsp]
+	mov	rcx, QWORD PTR str1$[rsp]
+	movzx	eax, WORD PTR [rcx+rax*2]
+	test	eax, eax
+	je	SHORT $LN3@mystrcmp
+	movsxd	rax, DWORD PTR i$[rsp]
+	mov	rcx, QWORD PTR str2$[rsp]
+	movzx	eax, WORD PTR [rcx+rax*2]
+	test	eax, eax
+	je	SHORT $LN3@mystrcmp
+; Line 40
+	movsxd	rax, DWORD PTR i$[rsp]
+	mov	rcx, QWORD PTR str1$[rsp]
+	movzx	eax, WORD PTR [rcx+rax*2]
+	movsxd	rcx, DWORD PTR i$[rsp]
+	mov	rdx, QWORD PTR str2$[rsp]
+	movzx	ecx, WORD PTR [rdx+rcx*2]
+	cmp	eax, ecx
+	je	SHORT $LN4@mystrcmp
+; Line 41
+	mov	eax, 1
+	jmp	SHORT $LN1@mystrcmp
+$LN4@mystrcmp:
+; Line 43
+	mov	eax, DWORD PTR i$[rsp]
+	inc	eax
+	mov	DWORD PTR i$[rsp], eax
+; Line 44
+	jmp	SHORT $LN2@mystrcmp
+$LN3@mystrcmp:
+; Line 45
+	xor	eax, eax
+$LN1@mystrcmp:
+; Line 46
+	add	rsp, 24
+	ret	0
+mystrcmp ENDP
+_TEXT	ENDS
+; Function compile flags: /Odtp
+_TEXT	SEGMENT
+n$1 = 32
+envVarName$ = 40
+tocheck$ = 64
+result$ = 96
+dest$ = 104
+buffer$ = 112
+main	PROC
+; File C:\Users\hacker\source\repos\supermega\build\main.c
+; Line 6
+$LN8:
+	sub	rsp, 2168				; 00000878H
+; Line 8
+	mov	eax, 85					; 00000055H
+	mov	WORD PTR envVarName$[rsp], ax
+	mov	eax, 83					; 00000053H
+	mov	WORD PTR envVarName$[rsp+2], ax
+	mov	eax, 69					; 00000045H
+	mov	WORD PTR envVarName$[rsp+4], ax
+	mov	eax, 82					; 00000052H
+	mov	WORD PTR envVarName$[rsp+6], ax
+	mov	eax, 80					; 00000050H
+	mov	WORD PTR envVarName$[rsp+8], ax
+	mov	eax, 82					; 00000052H
+	mov	WORD PTR envVarName$[rsp+10], ax
+	mov	eax, 79					; 0000004fH
+	mov	WORD PTR envVarName$[rsp+12], ax
+	mov	eax, 70					; 00000046H
+	mov	WORD PTR envVarName$[rsp+14], ax
+	mov	eax, 73					; 00000049H
+	mov	WORD PTR envVarName$[rsp+16], ax
+	mov	eax, 76					; 0000004cH
+	mov	WORD PTR envVarName$[rsp+18], ax
+	mov	eax, 69					; 00000045H
+	mov	WORD PTR envVarName$[rsp+20], ax
+	xor	eax, eax
+	mov	WORD PTR envVarName$[rsp+22], ax
+; Line 9
+	mov	eax, 67					; 00000043H
+	mov	WORD PTR tocheck$[rsp], ax
+	mov	eax, 58					; 0000003aH
+	mov	WORD PTR tocheck$[rsp+2], ax
+	mov	eax, 92					; 0000005cH
+	mov	WORD PTR tocheck$[rsp+4], ax
+	mov	eax, 85					; 00000055H
+	mov	WORD PTR tocheck$[rsp+6], ax
+	mov	eax, 115				; 00000073H
+	mov	WORD PTR tocheck$[rsp+8], ax
+	mov	eax, 101				; 00000065H
+	mov	WORD PTR tocheck$[rsp+10], ax
+	mov	eax, 114				; 00000072H
+	mov	WORD PTR tocheck$[rsp+12], ax
+	mov	eax, 115				; 00000073H
+	mov	WORD PTR tocheck$[rsp+14], ax
+	mov	eax, 92					; 0000005cH
+	mov	WORD PTR tocheck$[rsp+16], ax
+	mov	eax, 104				; 00000068H
+	mov	WORD PTR tocheck$[rsp+18], ax
+	mov	eax, 97					; 00000061H
+	mov	WORD PTR tocheck$[rsp+20], ax
+	mov	eax, 99					; 00000063H
+	mov	WORD PTR tocheck$[rsp+22], ax
+	mov	eax, 107				; 0000006bH
+	mov	WORD PTR tocheck$[rsp+24], ax
+	mov	eax, 101				; 00000065H
+	mov	WORD PTR tocheck$[rsp+26], ax
+	mov	eax, 114				; 00000072H
+	mov	WORD PTR tocheck$[rsp+28], ax
+	xor	eax, eax
+	mov	WORD PTR tocheck$[rsp+30], ax
+; Line 11
+	mov	r8d, 1024				; 00000400H
+	lea	rdx, QWORD PTR buffer$[rsp]
+	lea	rcx, QWORD PTR envVarName$[rsp]
+	DB 0a0H, 093H, 061H, 037H, 05bH, 070H

+	mov	DWORD PTR result$[rsp], eax
+; Line 12
+	cmp	DWORD PTR result$[rsp], 0
+	jne	SHORT $LN5@main
+; Line 13
+	mov	eax, 6
+	jmp	SHORT $LN1@main
+$LN5@main:
+; Line 15
+	lea	rdx, QWORD PTR tocheck$[rsp]
+	lea	rcx, QWORD PTR buffer$[rsp]
+	call	mystrcmp
+	test	eax, eax
+	je	SHORT $LN6@main
+; Line 16
+	mov	eax, 6
+	jmp	SHORT $LN1@main
+$LN6@main:
+; Line 21
+	mov	r9d, 64					; 00000040H
+	mov	r8d, 12288				; 00003000H
+	mov	edx, 4096				; 00001000H
+	xor	ecx, ecx
+	DB 0b0H, 008H, 001H, 07eH, 0dfH, 06aH

+	mov	QWORD PTR dest$[rsp], rax
+; Line 27
+	mov	DWORD PTR n$1[rsp], 0
+	jmp	SHORT $LN4@main
+$LN2@main:
+	mov	eax, DWORD PTR n$1[rsp]
+	inc	eax
+	mov	DWORD PTR n$1[rsp], eax
+$LN4@main:
+	cmp	DWORD PTR n$1[rsp], 11223344		; 00ab4130H
+	jge	SHORT $LN3@main
+; Line 28
+	movsxd	rax, DWORD PTR n$1[rsp]
+	movsxd	rcx, DWORD PTR n$1[rsp]
+	mov	rdx, QWORD PTR dest$[rsp]
+	mov	r8, QWORD PTR supermega_payload
+	movzx	eax, BYTE PTR [r8+rax]
+	mov	BYTE PTR [rdx+rcx], al
+; Line 29
+	jmp	SHORT $LN2@main
+$LN3@main:
+; Line 32
+	call	QWORD PTR dest$[rsp]
+; Line 34
+	xor	eax, eax
+$LN1@main:
+; Line 35
+	add	rsp, 2168				; 00000878H
+	ret	0
+main	ENDP
+_TEXT	ENDS
+END
diff --git a/tests/data/peb_walk_pre_fixup.asm.test b/tests/data/peb_walk_pre_fixup.asm.test
new file mode 100644
index 0000000..22c18fe
--- /dev/null
+++ b/tests/data/peb_walk_pre_fixup.asm.test
@@ -0,0 +1,215 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.37.32822.0 
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+_DATA	SEGMENT
+COMM	supermega_payload:QWORD
+_DATA	ENDS
+PUBLIC	main
+PUBLIC	mystrcmp
+; EXTRN	__imp_GetEnvironmentVariableW:PROC
+; EXTRN	__imp_VirtualAlloc:PROC
+pdata	SEGMENT
+$pdata$main DD	imagerel $LN8
+	DD	imagerel $LN8+453
+	DD	imagerel $unwind$main
+$pdata$mystrcmp DD imagerel $LN6
+	DD	imagerel $LN6+109
+	DD	imagerel $unwind$mystrcmp
+pdata	ENDS
+xdata	SEGMENT
+$unwind$main DD	020701H
+	DD	010f0107H
+$unwind$mystrcmp DD 010e01H
+	DD	0220eH
+xdata	ENDS
+; Function compile flags: /Odtp
+_TEXT	SEGMENT
+i$ = 0
+str1$ = 32
+str2$ = 40
+mystrcmp PROC
+; File C:\Users\hacker\source\repos\supermega\build\main.c
+; Line 37
+$LN6:
+	mov	QWORD PTR [rsp+16], rdx
+	mov	QWORD PTR [rsp+8], rcx
+	sub	rsp, 24
+; Line 38
+	mov	DWORD PTR i$[rsp], 0
+$LN2@mystrcmp:
+; Line 39
+	movsxd	rax, DWORD PTR i$[rsp]
+	mov	rcx, QWORD PTR str1$[rsp]
+	movzx	eax, WORD PTR [rcx+rax*2]
+	test	eax, eax
+	je	SHORT $LN3@mystrcmp
+	movsxd	rax, DWORD PTR i$[rsp]
+	mov	rcx, QWORD PTR str2$[rsp]
+	movzx	eax, WORD PTR [rcx+rax*2]
+	test	eax, eax
+	je	SHORT $LN3@mystrcmp
+; Line 40
+	movsxd	rax, DWORD PTR i$[rsp]
+	mov	rcx, QWORD PTR str1$[rsp]
+	movzx	eax, WORD PTR [rcx+rax*2]
+	movsxd	rcx, DWORD PTR i$[rsp]
+	mov	rdx, QWORD PTR str2$[rsp]
+	movzx	ecx, WORD PTR [rdx+rcx*2]
+	cmp	eax, ecx
+	je	SHORT $LN4@mystrcmp
+; Line 41
+	mov	eax, 1
+	jmp	SHORT $LN1@mystrcmp
+$LN4@mystrcmp:
+; Line 43
+	mov	eax, DWORD PTR i$[rsp]
+	inc	eax
+	mov	DWORD PTR i$[rsp], eax
+; Line 44
+	jmp	SHORT $LN2@mystrcmp
+$LN3@mystrcmp:
+; Line 45
+	xor	eax, eax
+$LN1@mystrcmp:
+; Line 46
+	add	rsp, 24
+	ret	0
+mystrcmp ENDP
+_TEXT	ENDS
+; Function compile flags: /Odtp
+_TEXT	SEGMENT
+n$1 = 32
+envVarName$ = 40
+tocheck$ = 64
+result$ = 96
+dest$ = 104
+buffer$ = 112
+main	PROC
+; File C:\Users\hacker\source\repos\supermega\build\main.c
+; Line 6
+$LN8:
+	sub	rsp, 2168				; 00000878H
+; Line 8
+	mov	eax, 85					; 00000055H
+	mov	WORD PTR envVarName$[rsp], ax
+	mov	eax, 83					; 00000053H
+	mov	WORD PTR envVarName$[rsp+2], ax
+	mov	eax, 69					; 00000045H
+	mov	WORD PTR envVarName$[rsp+4], ax
+	mov	eax, 82					; 00000052H
+	mov	WORD PTR envVarName$[rsp+6], ax
+	mov	eax, 80					; 00000050H
+	mov	WORD PTR envVarName$[rsp+8], ax
+	mov	eax, 82					; 00000052H
+	mov	WORD PTR envVarName$[rsp+10], ax
+	mov	eax, 79					; 0000004fH
+	mov	WORD PTR envVarName$[rsp+12], ax
+	mov	eax, 70					; 00000046H
+	mov	WORD PTR envVarName$[rsp+14], ax
+	mov	eax, 73					; 00000049H
+	mov	WORD PTR envVarName$[rsp+16], ax
+	mov	eax, 76					; 0000004cH
+	mov	WORD PTR envVarName$[rsp+18], ax
+	mov	eax, 69					; 00000045H
+	mov	WORD PTR envVarName$[rsp+20], ax
+	xor	eax, eax
+	mov	WORD PTR envVarName$[rsp+22], ax
+; Line 9
+	mov	eax, 67					; 00000043H
+	mov	WORD PTR tocheck$[rsp], ax
+	mov	eax, 58					; 0000003aH
+	mov	WORD PTR tocheck$[rsp+2], ax
+	mov	eax, 92					; 0000005cH
+	mov	WORD PTR tocheck$[rsp+4], ax
+	mov	eax, 85					; 00000055H
+	mov	WORD PTR tocheck$[rsp+6], ax
+	mov	eax, 115				; 00000073H
+	mov	WORD PTR tocheck$[rsp+8], ax
+	mov	eax, 101				; 00000065H
+	mov	WORD PTR tocheck$[rsp+10], ax
+	mov	eax, 114				; 00000072H
+	mov	WORD PTR tocheck$[rsp+12], ax
+	mov	eax, 115				; 00000073H
+	mov	WORD PTR tocheck$[rsp+14], ax
+	mov	eax, 92					; 0000005cH
+	mov	WORD PTR tocheck$[rsp+16], ax
+	mov	eax, 104				; 00000068H
+	mov	WORD PTR tocheck$[rsp+18], ax
+	mov	eax, 97					; 00000061H
+	mov	WORD PTR tocheck$[rsp+20], ax
+	mov	eax, 99					; 00000063H
+	mov	WORD PTR tocheck$[rsp+22], ax
+	mov	eax, 107				; 0000006bH
+	mov	WORD PTR tocheck$[rsp+24], ax
+	mov	eax, 101				; 00000065H
+	mov	WORD PTR tocheck$[rsp+26], ax
+	mov	eax, 114				; 00000072H
+	mov	WORD PTR tocheck$[rsp+28], ax
+	xor	eax, eax
+	mov	WORD PTR tocheck$[rsp+30], ax
+; Line 11
+	mov	r8d, 1024				; 00000400H
+	lea	rdx, QWORD PTR buffer$[rsp]
+	lea	rcx, QWORD PTR envVarName$[rsp]
+	call	QWORD PTR __imp_GetEnvironmentVariableW
+	mov	DWORD PTR result$[rsp], eax
+; Line 12
+	cmp	DWORD PTR result$[rsp], 0
+	jne	SHORT $LN5@main
+; Line 13
+	mov	eax, 6
+	jmp	SHORT $LN1@main
+$LN5@main:
+; Line 15
+	lea	rdx, QWORD PTR tocheck$[rsp]
+	lea	rcx, QWORD PTR buffer$[rsp]
+	call	mystrcmp
+	test	eax, eax
+	je	SHORT $LN6@main
+; Line 16
+	mov	eax, 6
+	jmp	SHORT $LN1@main
+$LN6@main:
+; Line 21
+	mov	r9d, 64					; 00000040H
+	mov	r8d, 12288				; 00003000H
+	mov	edx, 4096				; 00001000H
+	xor	ecx, ecx
+	call	QWORD PTR __imp_VirtualAlloc
+	mov	QWORD PTR dest$[rsp], rax
+; Line 27
+	mov	DWORD PTR n$1[rsp], 0
+	jmp	SHORT $LN4@main
+$LN2@main:
+	mov	eax, DWORD PTR n$1[rsp]
+	inc	eax
+	mov	DWORD PTR n$1[rsp], eax
+$LN4@main:
+	cmp	DWORD PTR n$1[rsp], 11223344		; 00ab4130H
+	jge	SHORT $LN3@main
+; Line 28
+	movsxd	rax, DWORD PTR n$1[rsp]
+	movsxd	rcx, DWORD PTR n$1[rsp]
+	mov	rdx, QWORD PTR dest$[rsp]
+	lea	r8, [shcstart]
+	movzx	eax, BYTE PTR [r8+rax]
+	mov	BYTE PTR [rdx+rcx], al
+; Line 29
+	jmp	SHORT $LN2@main
+$LN3@main:
+; Line 32
+	call	QWORD PTR dest$[rsp]
+; Line 34
+	xor	eax, eax
+$LN1@main:
+; Line 35
+	add	rsp, 2168				; 00000878H
+	ret	0
+main	ENDP
+shcstart:

+_TEXT	ENDS
+END