public void DoublePushEAXThenPopEAX()
{
var pushCode = new Byte[] { 0x50 };
var popCode = new Byte[] { 0x58 };
var two = new AbstractValue(2);
state.Registers[RegisterName.EAX] = one;
state = X86Emulator.Run(reportItems, state, pushCode);
state.Registers[RegisterName.EAX] = two;
state = X86Emulator.Run(reportItems, state, pushCode);
state.Registers[RegisterName.EAX] = null;
state = X86Emulator.Run(reportItems, state, popCode);
Assert.AreEqual(two, state.Registers[RegisterName.EAX]);
state = X86Emulator.Run(reportItems, state, popCode);
Assert.AreEqual(one, state.Registers[RegisterName.EAX]);
}
public void MovIntoAssignedEaxOutOfBounds()
{
const byte VALUE = 0x01;
const byte INDEX = 0x10;
var buffer = AbstractValue.GetNewBuffer(INDEX);
var pointer = new AbstractValue(buffer);
state.ReturnValue = pointer;
var nopCode = new Byte[] { 0x90 };
code = new Byte[] { 0xc6, 0x40, INDEX, VALUE };
state = X86Emulator.Run(reportItems, state, nopCode);
state = X86Emulator.Run(reportItems, state, code);
Assert.AreEqual(1, reportItems.Count);
Assert.AreEqual(nopCode.Length, reportItems[0].InstructionPointer);
Assert.IsFalse(reportItems[0].IsTainted);
}
public void LeaEaxFromEdxPlusEax()
{
// lea eax,[edx+eax]
code = new Byte[] { 0x8d, 0x04, 0x02 };
var zero = new AbstractValue(0);
var two = new AbstractValue(2);
var values = new[] { zero, two };
var buffer = new AbstractBuffer(values);
state.Registers[RegisterName.EDX] = new AbstractValue(buffer);
state.Registers[RegisterName.EAX] = new AbstractValue(1);
state = X86Emulator.Run(reportItems, state, code);
var eax = state.Registers[RegisterName.EAX];
Assert.AreEqual(two.Value, eax.PointsTo[0].Value);
}
public void LeaEdxFromEaxPlus16()
{
// lea edx,[eax+index]
const byte INDEX = 0x1;
code = new Byte[] { 0x8d, 0x50, INDEX };
var zero = new AbstractValue(0);
var values = new[] { zero, one };
var buffer = new AbstractBuffer(values);
state.Registers[RegisterName.EAX] = new AbstractValue(buffer);
state = X86Emulator.Run(reportItems, state, code);
var edx = state.Registers[RegisterName.EDX];
Assert.IsNotNull(edx);
Assert.AreEqual(one, edx.PointsTo[0]);
}
public void CmpEbpPlusEight0()
{
// cmp DWORD PTR [ebp+8],0x0
code = new Byte[] { 0x83, 0x7d, 0x08, 0x0 };
var buffer = AbstractValue.GetNewBuffer(16);
var pointer = new AbstractValue(buffer);
state.Registers[RegisterName.EBP] = pointer;
state.Registers[RegisterName.EBP].PointsTo[8] = new AbstractValue(1);
state = X86Emulator.Run(reportItems, state, code);
Assert.AreEqual(0x4, state.InstructionPointer);
Assert.IsFalse(state.ZeroFlag);
state.Registers[RegisterName.EBP].PointsTo[8] = new AbstractValue(0);
state = X86Emulator.Run(reportItems, state, code);
Assert.AreEqual(0x8, state.InstructionPointer);
Assert.IsTrue(state.ZeroFlag);
}
public void JnzPlus6()
{
// cmp eax, 0
var cmpCode = new Byte[] { 0x83, 0xf8, 0x0 };
state.Registers[RegisterName.EAX] = new AbstractValue(0);
state = X86Emulator.Run(reportItems, state, cmpCode);
const byte OFFSET = 0x06;
var jnzCode = new Byte[] { 0x75, OFFSET };
var oldEIP = state.InstructionPointer;
state = X86Emulator.Run(reportItems, state, jnzCode);
Assert.AreEqual(jnzCode.Length, state.InstructionPointer - oldEIP);
state.Registers[RegisterName.EAX] = new AbstractValue(1);
state = X86Emulator.Run(reportItems, state, cmpCode);
oldEIP = state.InstructionPointer;
state = X86Emulator.Run(reportItems, state, jnzCode);
Assert.AreEqual(jnzCode.Length + OFFSET, state.InstructionPointer - oldEIP);
}
public void InvalidOpcode()
{
// int3 -- not really invalid, but we probably won't see it in any program we care about
code = new Byte[] { 0xcc };
state = X86Emulator.Run(reportItems, state, code);
}
public void EmptyCodeArray()
{
code = new Byte[] {};
state = X86Emulator.Run(reportItems, state, code);
}
protected virtual MachineState RunCode(MachineState _machineState, Byte[] code)
{
return(X86Emulator.Run(reportItems, _machineState, code));
}