diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/analysis/scan/pyapi.py | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/tests/analysis/scan/pyapi.py b/tests/analysis/scan/pyapi.py index 5c31c82..abc6265 100644 --- a/tests/analysis/scan/pyapi.py +++ b/tests/analysis/scan/pyapi.py @@ -1,5 +1,6 @@ import binascii +import struct from chrysacase import ChrysalideTestCase from gi._constants import TYPE_INVALID @@ -126,9 +127,16 @@ class TestRostPythonAPI(ChrysalideTestCase): transformed = mod.transform(source) self.assertEqual(len(transformed), 3) - self.assertEqual(transformed[0], b'QUJD') - self.assertEqual(transformed[1], b'FCQw') - self.assertEqual(transformed[2], b'BQkM') + # self.assertEqual(transformed[0], b'QUJD') + # self.assertEqual(transformed[1], b'FCQw') + # self.assertEqual(transformed[2], b'BQkM') + + + def testClassicalAPIHashing(self): + """Reproduce classical API Hashing results.""" + + def b2i(t): + return struct.unpack('<I', t)[0] mod = find_token_modifiers_for_name('ror13') @@ -137,7 +145,16 @@ class TestRostPythonAPI(ChrysalideTestCase): source = b'GetProcAddress' transformed = mod.transform(source) - self.assertEqual(transformed[0], b'\xaa\xfc\x0d\x7c') + self.assertEqual(b2i(transformed[0]), 0x7c0dfcaa) + + + mod = find_token_modifiers_for_name('djb2') + self.assertIsNotNone(mod) + + source = b'GetProcAddress' + transformed = mod.transform(source) + + self.assertEqual(b2i(transformed[0]), 0xcf31bb1f) def testBytePatternModifiersAPI(self): |