diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2019-02-11 00:52:04 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2019-02-11 00:52:04 (GMT) |
commit | 7fc86b4051b91adbd0b99f41c19d866ae0760586 (patch) | |
tree | 856f2583e349acb1144e035289ef71c2da2967b5 /tests/analysis | |
parent | 5863af232b8fc57de210702afe659a7383bb8840 (diff) |
Improved the loop detection.
Diffstat (limited to 'tests/analysis')
-rw-r--r-- | tests/analysis/disass/block.py | 53 | ||||
-rw-r--r-- | tests/analysis/disass/sub_a1bc.bin | bin | 0 -> 416 bytes |
2 files changed, 50 insertions, 3 deletions
diff --git a/tests/analysis/disass/block.py b/tests/analysis/disass/block.py index 9b9d529..0907542 100644 --- a/tests/analysis/disass/block.py +++ b/tests/analysis/disass/block.py @@ -192,14 +192,14 @@ class TestBasicBlocks(ChrysalideTestCase): def testOtherLoops(self): """Check situation with some binary codes old troubles.""" - # Malwre e8e1bc048ef123a9757a9b27d1bf53c092352a26bdbf9fbdc10109415b5cadac - # Fonction jinit_color_converter de lib/armeabi/libgame.so - fullname = sys.modules[self.__class__.__module__].__file__ filename = os.path.basename(fullname) baselen = len(fullname) - len(filename) + # Malware e8e1bc048ef123a9757a9b27d1bf53c092352a26bdbf9fbdc10109415b5cadac + # Fonction jinit_color_converter de lib/armeabi/libgame.so + cnt = FileContent(fullname[:baselen] + 'jinit_color_converter.bin') self.assertIsNotNone(cnt) @@ -243,3 +243,50 @@ class TestBasicBlocks(ChrysalideTestCase): loop_count += 1 self.assertEqual(loop_count, 3) + + # Malware 6e4b64ede44bf4cfb36da04aacc9a22ba73e11be2deac339e275d3bde3b31311 + # Fonction sub_a1bc de lib/armeabi-v7a/liblamelib.so + + cnt = FileContent(fullname[:baselen] + 'sub_a1bc.bin') + self.assertIsNotNone(cnt) + + fmt = FlatFormat(cnt) + + fmt.set_machine('armv7') + + base = vmpa(0, 0xa1bc) + + p = BinPortion(BinPortion.BPC_CODE, base, cnt.size) + p.rights = BinPortion.PAC_READ | BinPortion.PAC_EXEC + + fmt.register_user_portion(p) + + fmt.register_code_point(base.virt + 1, True) + + sym = BinRoutine() + sym.range = p.range + + fmt.add_symbol(sym) + + binary = LoadedBinary(fmt) + + status = binary.analyze_and_wait() + self.assertTrue(status) + + loop_count = 0 + + for blk in sym.basic_blocks: + for _, dt in blk.destinations: + if dt == ArchInstruction.ILT_LOOP: + loop_count += 1 + + self.assertEqual(loop_count, 8) + + loop_count = 0 + + for ins in binary.processor.instrs: + for _, dt in ins.destinations: + if dt == ArchInstruction.ILT_LOOP: + loop_count += 1 + + self.assertEqual(loop_count, 8) diff --git a/tests/analysis/disass/sub_a1bc.bin b/tests/analysis/disass/sub_a1bc.bin Binary files differnew file mode 100644 index 0000000..dc18852 --- /dev/null +++ b/tests/analysis/disass/sub_a1bc.bin |