public void HSC_x86_FindCallOpcode()
{
Given_Image32(
0x001000,
"E8 03 00 00 00 00 00 00 " +
"C3");
Given_x86_32();
Given_RewriterHost();
mr.ReplayAll();
var hsc = new HeuristicScanner(prog, host, eventListener);
var addr = hsc.FindCallOpcodes(new Address[] {
Address.Ptr32(0x1008)
}).ToList();
Assert.AreEqual(1, addr.Count);
Assert.AreEqual(0x001000, (uint)addr[0].ToLinear());
}
public void HSC_ARM32_Calls()
{
var image = CreateImage(Address.Ptr32(0x1000),
0xE1A0F00E, // mov r15,r14 (return)
0xEBFFFFFD,
0xEBFFFFFC);
prog = new Program
{
Image = image,
Architecture = new Arm32ProcessorArchitecture(),
};
var host = mr.Stub<IRewriterHost>();
mr.ReplayAll();
var hsc = new HeuristicScanner(prog, host);
var linAddrs = hsc.FindCallOpcodes(new Address[] {
Address.Ptr32(0x1000),
}).ToList();
Assert.AreEqual(2, linAddrs.Count);
Assert.IsTrue(linAddrs.Contains(Address.Ptr32(0x1004)));
Assert.IsTrue(linAddrs.Contains(Address.Ptr32(0x1008)));
}
public void HSC_x86_FindCallsToProcedure()
{
#if OLD
var image = new LoadedImage(Address.Ptr32(0x001000), new byte[] {
0xE8, 0x0B, 0x00, 0x00, 0x00, 0xE8, 0x07, 0x00,
0x00, 0x00, 0xC3, 0x00, 0x00, 0x00, 0x00, 0x00,
0xC3, 0xC3 // 1010, 1011
});
prog = new Program
{
Image = image,
ImageMap = image.CreateImageMap(),
Architecture = new IntelArchitecture(ProcessorMode.Protected32),
};
#else
Given_Image32(0x001000,
"E8 0B 00 00 00 E8 07 00 " +
"00 00 C3 00 00 00 00 00 " +
"C3 C3 "); // 1010, 1011
Given_x86_32();
#endif
Given_RewriterHost();
mr.ReplayAll();
Assert.AreEqual(18, prog.Image.Length);
var hsc = new HeuristicScanner(prog, host);
var linAddrs = hsc.FindCallOpcodes(new Address[]{
Address.Ptr32(0x1010),
Address.Ptr32(0x1011)}).ToList();
Assert.AreEqual(2, linAddrs.Count);
Assert.IsTrue(linAddrs.Contains(Address.Ptr32(0x1000)));
Assert.IsTrue(linAddrs.Contains(Address.Ptr32(0x1005)));
}
public void HSC_x86_16bitNearCall()
{
base.Given_ImageSeg(0xC00, 0,
"C3 90 E8 FB FF C3");
base.Given_x86_16();
Given_RewriterHost();
mr.ReplayAll();
var hsc = new HeuristicScanner(prog, host);
var linAddrs = hsc.FindCallOpcodes(new Address[] {
Address.SegPtr(0x0C00, 0)}).ToList();
Assert.AreEqual(1, linAddrs.Count);
Assert.AreEqual("0C00:0002", linAddrs[0].ToString());
}
public void HSC_ARM32_Calls()
{
var mem = CreateMemoryArea(Address.Ptr32(0x1000),
0xE1A0F00E, // mov r15,r14 (return)
0xEBFFFFFD,
0xEBFFFFFC);
this.segment = new ImageSegment(".text", mem, AccessMode.ReadExecute);
var imageMap = new SegmentMap(
mem.BaseAddress,
segment);
program = new Program
{
SegmentMap = imageMap,
Architecture = new Arm32ProcessorArchitecture(),
};
var host = mr.Stub<IRewriterHost>();
mr.ReplayAll();
var hsc = new HeuristicScanner(program, host, eventListener);
var linAddrs = hsc.FindCallOpcodes(segment.MemoryArea, new Address[] {
Address.Ptr32(0x1000),
}).ToList();
Assert.AreEqual(2, linAddrs.Count);
Assert.IsTrue(linAddrs.Contains(Address.Ptr32(0x1004)));
Assert.IsTrue(linAddrs.Contains(Address.Ptr32(0x1008)));
}
public void HSC_x86_16bitFarCall()
{
Given_ImageSeg(0xC00, 0,
"C3 90 9A 00 00 00 0C C3 ");
Given_x86_16();
Given_RewriterHost();
mr.ReplayAll();
var hsc = new HeuristicScanner(program, host, eventListener);
var linAddrs = hsc.FindCallOpcodes(segment.MemoryArea, new Address[] {
Address.SegPtr(0x0C00, 0)}).ToList();
Assert.AreEqual(1, linAddrs.Count);
Assert.AreEqual("0C00:0002", linAddrs[0].ToString());
}