private void When_DisassembleProcedure()
        {
            var hsc = new HeuristicScanner(program, host, eventListener);

            this.proc = hsc.DisassembleProcedure(
                program.ImageMap.BaseAddress,
                program.ImageMap.BaseAddress + program.SegmentMap.GetExtent());
        }
        private void When_DisassembleProcedure()
        {
            var hsc = new HeuristicScanner(prog, host);

            this.proc = hsc.DisassembleProcedure(
                prog.Image.BaseAddress,
                prog.Image.BaseAddress + prog.Image.Length);
        }
Exemple #3
0
        private void When_DisassembleProcedure()
        {
            var hsc = new HeuristicScanner(null, program, host.Object, eventListener.Object);
            var mem = program.SegmentMap.Segments.Values.First().MemoryArea;

            this.proc = hsc.DisassembleProcedure(
                mem.BaseAddress,
                mem.EndAddress);
        }
Exemple #4
0
        public void HSC_HeuristicDisassembleProc()
        {
            Given_Image32(
                0x10000,
                TrickyProc);
            Given_x86_32();
            Given_RewriterHost();
            host.Stub(h => h.GetImportedProcedure(null, null))
            .IgnoreArguments()
            .Return(null);
            mr.ReplayAll();

            var segment = program.SegmentMap.Segments.Values.First();
            var hsc     = new HeuristicScanner(program, host, eventListener);
            var proc    = hsc.DisassembleProcedure(
                segment.MemoryArea.BaseAddress,
                segment.MemoryArea.BaseAddress + segment.ContentSize);
            var sExp =
                #region Expected
                @"l00010000:  // pred:
    push ebp
l00010001:  // pred: l00010000
    mov ebp,esp
l00010002:  // pred:
    in eax,E8
l00010003:  // pred: l00010001
    call 11750008
l00010004:  // pred: l00010002
    add [eax],al
l00010005:  // pred:
    add [ecx+edx+0A],dh
l00010006:  // pred: l00010004
    jz 00010019
l00010007:  // pred:
    adc [edx],ecx
l00010008:  // pred: l00010006
    or al,[0675003C]
l00010009:  // pred: l00010005 l00010007
    add eax,0675003C
l0001000A:  // pred:
    cmp al,00
l0001000B:  // pred:
    add [ebp+06],dh
l0001000C:  // pred: l0001000A
    jnz 00010014
l0001000D:  // pred:
    push es
l0001000E:  // pred: l00010008 l00010009 l0001000B l0001000C l0001000D
    mov al,00
l0001000F:  // pred:
    add bl,ch
l00010010:  // pred: l0001000E
    jmp 00010019
l00010011:  // pred: l0001000F
    pop es
l00010012:  // pred: l00010011
    or al,[740000A1]
l00010013:  // pred:
    add eax,740000A1
l00010014:  // pred: l0001000C
    mov eax,[01740000]
l00010015:  // pred:
    add [eax],al
l00010016:  // pred:
    add [ecx+eax-77],dh
l00010017:  // pred: l00010015
    jz 0001001A
l00010018:  // pred: l00010012 l00010013
    add [ecx+90C35DEC],ecx
l00010019:  // pred: l00010006 l00010010 l00010014 l00010017
    mov esp,ebp
l0001001A:  // pred: l00010016 l00010017
    in al,dx
l0001001B:  // pred: l00010019 l0001001A
    pop ebp
l0001001C:  // pred: l0001001B
    ret 
l0001001D:  // pred:
    nop 
";

            #endregion
            AssertBlocks(sExp, proc.Cfg);
        }