Beispiel #1
0
        public void HSC_x86_FindCallsToProcedure()
        {
#if OLD
            var image = new LoadedImage(Address.Ptr32(0x001000), new byte[] {
                0xE8, 0x0B, 0x00, 0x00,  0x00, 0xE8, 0x07, 0x00,
                0x00, 0x00, 0xC3, 0x00,  0x00, 0x00, 0x00, 0x00,
                0xC3, 0xC3                                      // 1010, 1011
            });
            prog = new Program
            {
                Image = image,
                ImageMap = image.CreateImageMap(),
                Architecture = new IntelArchitecture(ProcessorMode.Protected32),
            };
#else
            Given_Image32(0x001000, 
                "E8 0B 00 00 00 E8 07 00 " +
                "00 00 C3 00 00 00 00 00 " +
                "C3 C3 ");                                     // 1010, 1011
            Given_x86_32();
#endif
            Given_RewriterHost();
            mr.ReplayAll();

            Assert.AreEqual(18, prog.Image.Length);

            var hsc = new HeuristicScanner(prog, host);
            var linAddrs = hsc.FindCallOpcodes(new Address[]{
                Address.Ptr32(0x1010),
                Address.Ptr32(0x1011)}).ToList();

            Assert.AreEqual(2, linAddrs.Count);
            Assert.IsTrue(linAddrs.Contains(Address.Ptr32(0x1000)));
            Assert.IsTrue(linAddrs.Contains(Address.Ptr32(0x1005)));
        }
Beispiel #2
0
        public void Setup()
        {
            mr = new MockRepository();
            prog = new Program();
            proc = new Procedure("testProc", new Frame(PrimitiveType.Word32));
            block = proc.AddBlock("l00100000");
            trace = new RtlTrace(0x00100000);
            r0 = new Identifier("r0", PrimitiveType.Word32, new RegisterStorage("r0", 0, PrimitiveType.Word32));
            r1 = new Identifier("r1", PrimitiveType.Word32, new RegisterStorage("r1", 0, PrimitiveType.Word32));
            r2 = new Identifier("r2", PrimitiveType.Word32, new RegisterStorage("r2", 0, PrimitiveType.Word32));
            grf = proc.Frame.EnsureFlagGroup(3, "SCZ", PrimitiveType.Byte);

            scanner = mr.StrictMock<IScanner>();
            arch = mr.DynamicMock<IProcessorArchitecture>();
            arch.Stub(s => s.PointerType).Return(PrimitiveType.Pointer32);
            arch.Stub(s => s.CreateRegisterBitset()).Return(new BitSet(32));
            prog.Architecture = arch;
            arch.Replay();
            prog.Platform = new DefaultPlatform(null, arch);
            arch.BackToRecord();
        }
Beispiel #3
0
        public void HSC_ARM32_Calls()
        {
            var image = CreateImage(Address.Ptr32(0x1000),
                0xE1A0F00E,     // mov r15,r14 (return)
                0xEBFFFFFD,
                0xEBFFFFFC);
            prog = new Program
            {
                Image = image,
                Architecture = new ArmProcessorArchitecture(),
            };
            var host = mr.Stub<IRewriterHost>();
            mr.ReplayAll();

            var hsc = new HeuristicScanner(prog, host);
            var linAddrs = hsc.FindCallOpcodes(new Address[] {
                Address.Ptr32(0x1000),
            }).ToList();

            Assert.AreEqual(2, linAddrs.Count);
            Assert.IsTrue(linAddrs.Contains(Address.Ptr32(0x1004)));
            Assert.IsTrue(linAddrs.Contains(Address.Ptr32(0x1008)));
        }