From 72f915bf3ec6d2ddaa4b9a3af3bf1022cbbd47ab Mon Sep 17 00:00:00 2001 From: Xusheng Date: Fri, 26 Jun 2026 16:43:51 -0400 Subject: [PATCH] Build some test binaries alongside the debugger; add shared-library debugging test Add opt-in infra to build debugger unit-test binaries alongside the debugger (-DBUILD_DEBUGGER_TEST_BINARIES=ON), so adding a new test no longer requires a separate build. The full, signed, multi-platform set is still produced by the debugger-test-binaries CI. Implements https://github.com/Vector35/debugger/issues/818. The previous test/src sources and test/CMakeLists.txt were unused (binary builds moved to the debugger-test-binaries repo), so remove them and add a fresh, focused CMakeLists that defaults to the host architecture. Add a shared library and a loader executable plus a test that analyzes the library while setting the executable path to the loader. This is the scenario from https://github.com/Vector35/debugger/issues/540 and regresses https://github.com/Vector35/debugger/issues/1104, where the debugger created the LLDB target from the input file (the library) and dyld fell back to launching /bin/sh. The test fails against the pre-fix debugger and passes after e45cd3f. Co-Authored-By: Claude Opus 4.8 (1M context) --- .gitignore | 4 + CMakeLists.txt | 9 + test/CMakeLists.txt | 361 +++---------------- test/README.md | 64 +--- test/binaries/Darwin-arm64/load_shared_lib | Bin 0 -> 33504 bytes test/binaries/Darwin-arm64/shared_lib.dylib | Bin 0 -> 33392 bytes test/binaries/Darwin-x86_64/load_shared_lib | Bin 0 -> 8504 bytes test/binaries/Darwin-x86_64/shared_lib.dylib | Bin 0 -> 8392 bytes test/debugger_test.py | 47 ++- test/src/analysis_propagation_x64-macos.lst | 269 -------------- test/src/analysis_propagation_x64.asm | 256 ------------- test/src/asmtest_aarch64-android.s | 52 --- test/src/asmtest_armv7-android.s | 43 --- test/src/asmtest_x64.asm | 86 ----- test/src/asmtest_x86.asm | 73 ---- test/src/cat.c | 14 - test/src/commandline_test.c | 11 - test/src/do_exception.c | 62 ---- test/src/execute_test.exe.manifest | 11 - test/src/exitcode.c | 9 - test/src/hello_x64.asm | 65 ---- test/src/helloworld.c | 26 -- test/src/helloworld_func.c | 16 - test/src/helloworld_ios | Bin 68784 -> 0 bytes test/src/helloworld_loop.c | 23 -- test/src/helloworld_objc.m | 6 - test/src/helloworld_recursion.c | 22 -- test/src/helloworld_thread.c | 80 ---- test/src/helloworld_virtual.cpp | 30 -- test/src/hh1.asm | 294 --------------- test/src/indirect_calls_x64.asm | 136 ------- test/src/load_shared_lib.c | 19 + test/src/many_stdlib_calls.c | 39 -- test/src/md5/Makefile-linux | 4 - test/src/md5/Makefile-macos | 4 - test/src/md5/global.h | 28 -- test/src/md5/md5.h | 37 -- test/src/md5/md5c.c | 335 ----------------- test/src/md5/md5driver.c | 226 ------------ test/src/missing_switch_case_x64-macos.lst | 138 ------- test/src/missing_switch_case_x64.asm | 138 ------- test/src/nopspeed.c | 131 ------- test/src/read_input.c | 14 - test/src/rm_func_starts.py | 33 -- test/src/shared_lib.c | 19 + test/src/undiscovered_func2_x64.asm | 117 ------ test/src/undiscovered_func_x64.asm | 56 --- 47 files changed, 151 insertions(+), 3256 deletions(-) create mode 100755 test/binaries/Darwin-arm64/load_shared_lib create mode 100755 test/binaries/Darwin-arm64/shared_lib.dylib create mode 100755 test/binaries/Darwin-x86_64/load_shared_lib create mode 100755 test/binaries/Darwin-x86_64/shared_lib.dylib delete mode 100644 test/src/analysis_propagation_x64-macos.lst delete mode 100644 test/src/analysis_propagation_x64.asm delete mode 100644 test/src/asmtest_aarch64-android.s delete mode 100644 test/src/asmtest_armv7-android.s delete mode 100644 test/src/asmtest_x64.asm delete mode 100644 test/src/asmtest_x86.asm delete mode 100644 test/src/cat.c delete mode 100644 test/src/commandline_test.c delete mode 100644 test/src/do_exception.c delete mode 100644 test/src/execute_test.exe.manifest delete mode 100644 test/src/exitcode.c delete mode 100644 test/src/hello_x64.asm delete mode 100644 test/src/helloworld.c delete mode 100644 test/src/helloworld_func.c delete mode 100755 test/src/helloworld_ios delete mode 100644 test/src/helloworld_loop.c delete mode 100644 test/src/helloworld_objc.m delete mode 100644 test/src/helloworld_recursion.c delete mode 100644 test/src/helloworld_thread.c delete mode 100644 test/src/helloworld_virtual.cpp delete mode 100644 test/src/hh1.asm delete mode 100644 test/src/indirect_calls_x64.asm create mode 100644 test/src/load_shared_lib.c delete mode 100644 test/src/many_stdlib_calls.c delete mode 100644 test/src/md5/Makefile-linux delete mode 100644 test/src/md5/Makefile-macos delete mode 100644 test/src/md5/global.h delete mode 100644 test/src/md5/md5.h delete mode 100644 test/src/md5/md5c.c delete mode 100644 test/src/md5/md5driver.c delete mode 100644 test/src/missing_switch_case_x64-macos.lst delete mode 100644 test/src/missing_switch_case_x64.asm delete mode 100644 test/src/nopspeed.c delete mode 100644 test/src/read_input.c delete mode 100755 test/src/rm_func_starts.py create mode 100644 test/src/shared_lib.c delete mode 100644 test/src/undiscovered_func2_x64.asm delete mode 100644 test/src/undiscovered_func_x64.asm diff --git a/.gitignore b/.gitignore index c1525a49..9e8f2aae 100644 --- a/.gitignore +++ b/.gitignore @@ -16,6 +16,10 @@ *.dylib #*.dll +# ...but the committed debugger test binaries include shared libraries +!test/binaries/*/shared_lib.so +!test/binaries/*/shared_lib.dylib + # Fortran module files *.mod *.smod diff --git a/CMakeLists.txt b/CMakeLists.txt index a05d1bd0..08e182ff 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -41,6 +41,15 @@ if (NOT DEMO) add_subdirectory(cli) endif() +# Optionally build the debugger unit-test binaries alongside the debugger. This builds only the +# binaries the host toolchain can produce (no cross-compilation; assembly binaries are skipped when +# nasm is missing), so adding a new test no longer requires a separate build of the test binaries. +# The full, signed, multi-platform set is still produced by the debugger-test-binaries CI. +option(BUILD_DEBUGGER_TEST_BINARIES "Build the debugger unit-test binaries alongside the debugger" OFF) +if (BUILD_DEBUGGER_TEST_BINARIES) + add_subdirectory(test) +endif() + # WinDbg installer CLI (standalone, spawned by debuggercore API) if(WIN32) add_subdirectory(installer) diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index d5ae3bc0..5d109a42 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -1,340 +1,61 @@ cmake_minimum_required(VERSION 3.13 FATAL_ERROR) -# This project builds the test binaries for the debugger unit test. It does not run the test. +# Builds debugger unit-test binaries alongside the debugger so that adding a new test does not +# require a separate build. This is enabled from the top-level build via -DBUILD_DEBUGGER_TEST_BINARIES=ON +# (see ../CMakeLists.txt). It only builds binaries the host toolchain can produce; the full, signed, +# multi-platform set of test binaries is produced by the debugger-test-binaries CI. project(debugger-test-binaries C CXX) -if (ARCH STREQUAL "x86_64") - add_definitions(-DARCH_IS_X64) -elseif(ARCH STREQUAL "x86") - add_definitions(-DARCH_IS_X86) -elseif(ARCH STREQUAL "arm64") - add_definitions(-DARCH_IS_AARCH64) -elseif(ARCH STREQUAL "armv7") - add_definitions(-DARCH_IS_ARMV7) +# An ARCH may be passed explicitly (e.g. -DARCH=arm64); otherwise default to the host architecture. +if (NOT ARCH) + if (CMAKE_SYSTEM_PROCESSOR MATCHES "arm64|aarch64|ARM64") + set(ARCH arm64) + elseif (CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|AMD64|amd64") + set(ARCH x86_64) + elseif (CMAKE_SYSTEM_PROCESSOR MATCHES "i386|i686|x86") + set(ARCH x86) + else() + message(FATAL_ERROR "Could not determine ARCH from CMAKE_SYSTEM_PROCESSOR='${CMAKE_SYSTEM_PROCESSOR}'; pass -DARCH=...") + endif() + message(STATUS "ARCH not specified, defaulting to host architecture: ${ARCH}") endif() if (APPLE) set(CMAKE_OSX_ARCHITECTURES ${ARCH}) -elseif (UNIX) - if (ARCH STREQUAL "x86") - set(CMAKE_C_FLAGS -m32) - set(CMAKE_CXX_FLAGS -m32) - endif() -else() -# TODO: Windows -endif() - -add_executable(helloworld src/helloworld.c) -set_target_properties(helloworld PROPERTIES - POSITION_INDEPENDENT_CODE OFF - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - -add_executable(exitcode src/exitcode.c) -set_target_properties(exitcode PROPERTIES - POSITION_INDEPENDENT_CODE OFF - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - -add_executable(helloworld_thread src/helloworld_thread.c) -set_target_properties(helloworld_thread PROPERTIES - POSITION_INDEPENDENT_CODE OFF - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) -if(UNIX AND NOT APPLE) - target_link_libraries(helloworld_thread pthread) -endif() - -add_executable(helloworld_loop src/helloworld_loop.c) -set_target_properties(helloworld_loop PROPERTIES - POSITION_INDEPENDENT_CODE OFF - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - -add_executable(helloworld_func src/helloworld_func.c) -set_target_properties(helloworld_func PROPERTIES - POSITION_INDEPENDENT_CODE OFF - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - -add_executable(helloworld_recursion src/helloworld_recursion.c) -set_target_properties(helloworld_recursion PROPERTIES - POSITION_INDEPENDENT_CODE OFF - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - -add_executable(helloworld_pie src/helloworld.c) -set_target_properties(helloworld_pie PROPERTIES - POSITION_INDEPENDENT_CODE ON - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - -add_executable(helloworld_thread_pie src/helloworld_thread.c) -set_target_properties(helloworld_thread_pie PROPERTIES - POSITION_INDEPENDENT_CODE ON - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) -if(UNIX AND NOT APPLE) - target_link_libraries(helloworld_thread_pie pthread) endif() -add_executable(helloworld_loop_pie src/helloworld_loop.c) -set_target_properties(helloworld_loop_pie PROPERTIES - POSITION_INDEPENDENT_CODE ON - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) +set(TEST_BINARY_DIR ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH}) -add_executable(helloworld_func_pie src/helloworld_func.c) -set_target_properties(helloworld_func_pie PROPERTIES +# A shared library and an executable that loads it. The debugger tests analyze the shared library +# but set the executable path to the loader, exercising the fix for +# https://github.com/Vector35/debugger/issues/1104 (see issue #540 for the broader scenario). +# The library is emitted without the "lib" prefix so the tests can refer to it as shared_lib.{dylib,so,dll}. +add_library(shared_lib SHARED src/shared_lib.c) +set_target_properties(shared_lib PROPERTIES + PREFIX "" POSITION_INDEPENDENT_CODE ON - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} + LIBRARY_OUTPUT_DIRECTORY ${TEST_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY ${TEST_BINARY_DIR} ) - -add_executable(helloworld_recursion_pie src/helloworld_recursion.c) -set_target_properties(helloworld_recursion_pie PROPERTIES - POSITION_INDEPENDENT_CODE ON - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - -if(APPLE) - add_executable(helloworld_objc src/helloworld_objc.m) - set_target_properties(helloworld_objc PROPERTIES - POSITION_INDEPENDENT_CODE OFF - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} +if (APPLE) + # Record the install name relative to the loader so the executable finds the library when both + # sit in the same binaries directory, regardless of where that directory ends up. + set_target_properties(shared_lib PROPERTIES + INSTALL_NAME_DIR "@loader_path" + BUILD_WITH_INSTALL_NAME_DIR ON ) - target_link_libraries(helloworld_objc - "-framework AppKit" - "-framework Carbon" - "-framework Foundation") endif() -add_executable(helloworld_virtual src/helloworld_virtual.cpp) -set_target_properties(helloworld_virtual PROPERTIES - POSITION_INDEPENDENT_CODE OFF - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - -add_executable(many_stdlib_calls src/many_stdlib_calls.c) -set_target_properties(many_stdlib_calls PROPERTIES - POSITION_INDEPENDENT_CODE OFF - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - -add_executable(read_input src/read_input.c) -set_target_properties(read_input PROPERTIES +add_executable(load_shared_lib src/load_shared_lib.c) +target_link_libraries(load_shared_lib shared_lib) +set_target_properties(load_shared_lib PROPERTIES POSITION_INDEPENDENT_CODE ON - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} + RUNTIME_OUTPUT_DIRECTORY ${TEST_BINARY_DIR} ) - -if (ARCH STREQUAL "x86_64" OR ARCH STREQUAL "x86") - # ASM files - enable_language(ASM_NASM) - # This flag is used to generate different assembly instruction on different OS - if(APPLE) - set(CMAKE_ASM_NASM_FLAGS "-DOS_IS_MACOS") - elseif(WIN32) - set(CMAKE_ASM_NASM_FLAGS "-DOS_IS_WINDOWS") - else() - set(CMAKE_ASM_NASM_FLAGS "-DOS_IS_LINUX") - endif(APPLE) - - if (APPLE) - set(CMAKE_NASM_LINK_EXECUTABLE "ld -macosx_version_min 10.7.0 -L/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/lib -o ") - elseif (WIN32) - set(CMAKE_NASM_LINK_EXECUTABLE "link /ENTRY:WinMain /SUBSYSTEM:CONSOLE /LARGEADDRESSAWARE:NO /DYNAMICBASE:NO /OUT: ") - else() - set(CMAKE_NASM_LINK_EXECUTABLE "ld -o ") - endif() -endif() - -if (ARCH STREQUAL "x86_64") - add_executable(asmtest src/asmtest_x64.asm) - if (APPLE) - target_link_libraries(asmtest System) - elseif (WIN32) - target_link_libraries(asmtest kernel32) - endif (APPLE) - set_target_properties(asmtest PROPERTIES - POSITION_INDEPENDENT_CODE OFF - LINKER_LANGUAGE NASM - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} +if (UNIX AND NOT APPLE) + # Resolve the library next to the executable at runtime. + set_target_properties(load_shared_lib PROPERTIES + BUILD_RPATH "$ORIGIN" + INSTALL_RPATH "$ORIGIN" ) - - add_executable(hello src/hello_x64.asm) - if (APPLE) - target_link_libraries(hello System) - elseif (WIN32) - target_link_libraries(hello kernel32) - endif (APPLE) - set_target_properties(hello PROPERTIES - POSITION_INDEPENDENT_CODE OFF - LINKER_LANGUAGE NASM - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - - if (NOT WIN32) - add_executable(analysis_propagation src/analysis_propagation_x64.asm) - if (APPLE) - target_link_libraries(analysis_propagation System) - elseif (WIN32) - target_link_libraries(analysis_propagation kernel32) - endif (APPLE) - set_target_properties(analysis_propagation PROPERTIES - POSITION_INDEPENDENT_CODE OFF - LINKER_LANGUAGE NASM - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - if(APPLE) - add_custom_command(TARGET analysis_propagation POST_BUILD - COMMAND strip "$" - COMMAND python3 src/rm_func_starts.py "$") - else() - add_custom_command(TARGET analysis_propagation POST_BUILD - COMMAND strip "$") - endif() - endif() - - add_executable(missing_switch_case src/missing_switch_case_x64.asm) - if (APPLE) - target_link_libraries(missing_switch_case System) - elseif (WIN32) - target_link_libraries(missing_switch_case kernel32) - endif (APPLE) - set_target_properties(missing_switch_case PROPERTIES - POSITION_INDEPENDENT_CODE OFF - LINKER_LANGUAGE NASM - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - if(APPLE) - add_custom_command(TARGET missing_switch_case POST_BUILD - COMMAND strip "$" - COMMAND python3 src/rm_func_starts.py "$") - else() - add_custom_command(TARGET missing_switch_case POST_BUILD - COMMAND strip "$") - endif() - - add_executable(undiscovered_func src/undiscovered_func_x64.asm) - if (APPLE) - target_link_libraries(undiscovered_func System) - elseif (WIN32) - target_link_libraries(undiscovered_func kernel32) - endif (APPLE) - set_target_properties(undiscovered_func PROPERTIES - POSITION_INDEPENDENT_CODE OFF - LINKER_LANGUAGE NASM - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - if(APPLE) - add_custom_command(TARGET undiscovered_func POST_BUILD - COMMAND strip "$" - COMMAND python3 src/rm_func_starts.py "$") - else() - add_custom_command(TARGET undiscovered_func POST_BUILD - COMMAND strip "$") - endif() - - if (NOT WIN32) - add_executable(undiscovered_func2 src/undiscovered_func2_x64.asm) - if (APPLE) - target_link_libraries(undiscovered_func2 System) - elseif (WIN32) - target_link_libraries(undiscovered_func2 kernel32) - endif (APPLE) - set_target_properties(undiscovered_func2 PROPERTIES - POSITION_INDEPENDENT_CODE OFF - LINKER_LANGUAGE NASM - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - if (APPLE) - add_custom_command(TARGET undiscovered_func2 POST_BUILD - COMMAND strip "$" - COMMAND python3 src/rm_func_starts.py "$") - else() - add_custom_command(TARGET undiscovered_func2 POST_BUILD - COMMAND strip "$") - endif() - endif() - - add_executable(indirect_calls src/indirect_calls_x64.asm) - if (APPLE) - target_link_libraries(indirect_calls System) - elseif (WIN32) - target_link_libraries(indirect_calls kernel32) - endif (APPLE) - set_target_properties(indirect_calls PROPERTIES - POSITION_INDEPENDENT_CODE OFF - LINKER_LANGUAGE NASM - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - if (APPLE) - add_custom_command(TARGET indirect_calls POST_BUILD - COMMAND strip "$" - COMMAND python3 src/rm_func_starts.py "$") - else() - add_custom_command(TARGET indirect_calls POST_BUILD - COMMAND strip "$") - endif() -endif() - - -if (ARCH STREQUAL "x86") - add_executable(asmtest src/asmtest_x86.asm) - set_target_properties(asmtest PROPERTIES - POSITION_INDEPENDENT_CODE OFF - LINKER_LANGUAGE NASM - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - if (WIN32) - target_link_libraries(asmtest kernel32) - endif() -endif() - - -add_executable(do_exception src/do_exception.c) -set_target_properties(do_exception PROPERTIES - POSITION_INDEPENDENT_CODE OFF - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - -if (NOT WIN32) - add_executable(nopspeed src/nopspeed.c) - set_target_properties(nopspeed PROPERTIES - POSITION_INDEPENDENT_CODE ON - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) - target_compile_options(nopspeed PUBLIC -O3) -endif() - -add_executable(cat src/cat.c) -set_target_properties(cat PROPERTIES - POSITION_INDEPENDENT_CODE ON - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) -if (NOT WIN32) - target_compile_options(cat PUBLIC -O3) -endif() - -add_executable(commandline_test src/commandline_test.c) -set_target_properties(commandline_test PROPERTIES - POSITION_INDEPENDENT_CODE ON - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) -if (NOT WIN32) - target_compile_options(commandline_test PUBLIC -O3) -endif() - -file(GLOB MD5_SOURCES CONFIGURE_DEPENDS - src/md5/*.c - src/md5/*.h - ) -add_executable(md5 ${MD5_SOURCES}) -set_target_properties(md5 PROPERTIES - POSITION_INDEPENDENT_CODE ON - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/binaries/${CMAKE_SYSTEM_NAME}-${ARCH} - ) -if (NOT WIN32) - target_compile_options(md5 PUBLIC -g -DMD=5) -else() - target_compile_options(md5 PUBLIC -DMD=5) endif() diff --git a/test/README.md b/test/README.md index 8258577b..35a663b2 100644 --- a/test/README.md +++ b/test/README.md @@ -1,64 +1,26 @@ # Build and test instructions -The binaries are now build by https://github.com/Vector35/debugger-test-binaries/actions. - -The debugger test binaries are now built by CMake. If you wish to run the unit test, there is no need to build these binaries. One only needs to build it when there are changes to the binaries. +The full, multi-platform set of test binaries is built and signed by the +[debugger-test-binaries CI](https://github.com/Vector35/debugger/actions) and committed under +`binaries/-`. Running the unit tests does not require building any binaries. ## Run unit tests ```zsh cd test python3 debugger_test.py ``` +Pass a keyword to run a subset, e.g. `python3 debugger_test.py shared_library`. -## macOS - -- arm64 -```zsh -cd test -cmake -DARCH=arm64 . -make -``` -Build results are in `binaries/Darwin-arm64`. -- x86_64 -```zsh -cd test -cmake -DARCH=x86_64 . -make -``` -Build results are in `binaries/Darwin-x86_64`. - -## Linux -- x86_64 -```Bash -cd test -cmake -DARCH=x86_64 . -make -``` -Build results are in `binaries/Linux-x86_64`. -- x86 -```Bash -cd test -cmake -DARCH=x86 . -make -``` -Build results are in `binaries/Linux-x86`. +## Building test binaries alongside the debugger -## Windows -- x86_64 +Some test binaries can be built locally alongside the debugger, so that adding a new test does not +require a separate build. Configure the top-level debugger build with: -Open x64 Visual Studio command prompt -```cmd -cd test -cmake -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=Release -DARCH=x86_64 . -nmake -``` - -- x86 -Open x86 Visual Studio command prompt -```cmd -cd test -cmake -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=Release -DARCH=x86 . -nmake +```zsh +cmake -DBUILD_DEBUGGER_TEST_BINARIES=ON ... ``` -[//]: # (force a build) \ No newline at end of file +This builds the binaries defined in `CMakeLists.txt` for the host architecture and places them under +`/binaries/-`. Copy them into `binaries/-` (and, on macOS, into the +codesigned `binaries/--signed` directory the tests load from) to use them. Binaries that +require additional toolchains (e.g. the nasm assembly samples) remain pre-built by the CI. diff --git a/test/binaries/Darwin-arm64/load_shared_lib b/test/binaries/Darwin-arm64/load_shared_lib new file mode 100755 index 0000000000000000000000000000000000000000..d75332e69d2a8cd37abd47b0c3f2ba708a6d1707 GIT binary patch literal 33504 zcmeI5U1(fI6vxlrY(lE3O{=upD!Y+ZqDVKI1bmU+Bn`H-G$GByS}en+yUDI@Hf29Z zVuIc@6k;31Kp%n#U5e-ys{{>pMQj5FAM#>DYXy~1dV$R_RoLT5qXHkVBN$T^b#E>Ki7yJVco;3RCn78orgMmy2M*9 zdT_aGjU{oWxT8|Nox$GnW!jxBzr zGKt|>BCKMG{vmCb$NR&H7j%M%T^Yk^(uJJEEUQwx+j`qnN7sRa_Gy^TCE!v^MOnp8 zQ8}x6R;31pT*vUY@uaU7(;n|wRKpebI!pI#|K0=pI(P3a+!3o{U2Kb7cLvLP^!?FZ zq81`c&uI~ju&>#%N7!y+TZYM5&atiU)CAFUY~Rn?&FU8ETTr*(UH{E0-A%Xu0XF=s za=d{|DjA5!`U2t6c$jUGZLG46+*K=Z<;|vZ(--ax%|WG`&G=9#97(F9p>#BmiiVPru;QidxX0RY z`}ybRDeZx~9UM)iBZE8Ji-UOF6RfhXoW;xJ@=3=Q&LWSoO1sItv-al14FLfV009sH z0TB2f61a1TmR84%v#XOdQ%hD)uEUqVc*&QiYOAM>?F~eyvXj1iZc^oMR?$qOhi);Z zwRuJhFwoaQki(#|Ga-k_&&ibPmo8Y z!s0IFtt4+LlS@%~?~9oFTl&a*td679>qy#P_!Fhn2{jM^0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009uVCj{y(=U;NIdlC*oKmY_l00ck)1V8`;KmY_l00ck)1V8`;KmY_l00ck)1V8`; zKmY_l00ck)1V8`;KmY_l00ck)1V8`;KmY_l00ck)1V8`;KmY_l00ck)1V8`;KmY_l z00ck)1pYGtKac2U4YEr9OLuy1cT!8qC0-C+H#v*DS@787JRHDyoPDa4TwI01VNyqv zu|&GR*xRFMlNd5#6Rv~DmIOVE1G$telqS)}_0k7N?J z=i97pJ7;Ghrze-vP0M!vvR&MgJ)ND4Uh00%T)%c&rKc?{xpFIZWcz!2xo&~Ozr$8x zj)&OCp*>S%Fg-)BCCcrBS7aU0gy}bQs&(7*&tEwj5s##9cddm^p8kB-@{6DSurlR~ zee~<$_l9q@&V9F~;nSwsv1eLWu7CgG>*qcW4t;sEf5H3B($XtNSFrld`26^*$G`pJ zJoBA%=9`({nT7G` z-0gk;ElCKQpb}4Y6xAmVA@+%6?h<3E*3qbx#Y?=!Mpx_~Pi!bu97o+;ooZOhaM`x7 z3aA;J?`xttrl~0$+Xtp|BHbEF846c#4E1*n&bNUcii>Il$JTr+}8jr>*jLFS?QdS4H`U9Hu2Yi)A9P3x7@_AJPj;;5ny89bmhhtQw%*!dx zk+~~Z6q&2xQB!`?(ozbpyuiGoQkGX*mf^SgTr}4x9`k$^8SjYkvZxNeuY9Uf78a~n zz9g?8`i|&of=9I~u2K)lIjng`Qk+dSbx^-&b7hHE7L-*b;fkzKMM1xNHfDExBgg?QpfVP~SUl zb7kbMLo`gciJob3qGxJ?=pmg$qIq@$eWV<2rt!X-+*Zon(BY7eX3_Wl1(N86!^X zIF2Cz0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_< z0uX=z1Rwwb2tWV=5P$##An+dx=>PG(h$du}^zANp@ai%uJOK(!Nla7JC}`OB$0ulMEO zNOk6CTz%E}y!UAR)9yQMlM*Li_;!BRxr^S)8*hCb&c|I{o9rvSao=m(Yj^B>cI9CH zfy^^Q9e?q#d;iBKpW|d^{DRM=X}*sm6C)2koW8$)&&$`1_V)Kf&HuOavzOiUf5|wK gk~+3+Y4MJ;*N(5#Q|4VcHG6Hvy7cT-Ir9nb2l}#D82|tP literal 0 HcmV?d00001 diff --git a/test/binaries/Darwin-x86_64/load_shared_lib b/test/binaries/Darwin-x86_64/load_shared_lib new file mode 100755 index 0000000000000000000000000000000000000000..94a34e24ad2747f3854272110617bf752668ff41 GIT binary patch literal 8504 zcmeHM!An#@7@t)uE32(Tly!JXMtN{6J4hh7>C#G~k_r~Yu=<|v!tN@&Z)v?PNRUJz zo%#>zDAXZ3R8SCf>DHxVMIH*GlSE{{-@JM5>{Gl8^TGFKe&2la&CG9R;bXs#e}4Yk zCq%4S2+;&R3Qe~NaZfnt32_pdhDte>yq>z9x;aW~qr@8Fwuo`=!%@nK)YL?yi<%#A zv8+MPROZ0=f#U-o+Wj0zL>G zgPKC$P))np|K&v9mmWNf7DIy9o2ZmaiF|H4;V$M~V9F^d_c2g-{{6+Hp5)6XU*>K- zoBVtkHU}DUFsSOzQuJ25bsUjCL|`VoJh`b)Rh$Zy0eCNOIq_$;T^A5_-U5Br!tt%@~f8kgRr zm)^ziyxr*RMUu49*@bV(D_8Qq)8}-$2ZCJcG(0J0%dpIw`q5IE+f(}0xBg-7)rK4> zuCp@0AU&(Q*q&uz7c&sA=?7ig#fPw4w+vVYECZGS%YbFTGGH073|Iy%1C{~HfMs9@ z1{{pB_BjRRe`4mJTW0N?wZu?VKaMJ{QHkPpd;(WMVWD3As0{;_h-ZTA|}N# z0xsArR#5+Kl7+1Fs@_b+_hi;%nNsX8WO7A;VmTcsbUzXc7Ug=!6%PK#Bj*2mXz8Zp eEWW@TQW7i|)S}sUP`Tc^tW?W}TaF%uf&K$YWUX`n literal 0 HcmV?d00001 diff --git a/test/binaries/Darwin-x86_64/shared_lib.dylib b/test/binaries/Darwin-x86_64/shared_lib.dylib new file mode 100755 index 0000000000000000000000000000000000000000..a918a9352b369eefcd8b679024158574aa6ee03e GIT binary patch literal 8392 zcmeHM&uddb5T4j-gGP;B)T;0<5i6wue_$_#RvS!dj6ze$MV7QLZ38hWc`w)=gg_At zLGb9&lju$S2R!H@;K7R*{{X>*UZjU0LH%a4n{Gq((u;=~GH-WgXTII{?F%eBAAf%T zH9`~_BBDdkW6(B?M-)eo=nV96gh;7eDxcG?-H%?_j?dT!;b9#%BT9wEjc_My5HB9< zja@e(Y};Jz8m5LB(v4CZ}m#D$B<4P?DVXahIH4%e&S%Y`p zj9c3R9Lmz__|&e?CogOkOs%hMLMdyU3$ zagM@22|W#U{nO=Y!7tX-dLdj(25W^{(O2ct(uBW>Ct|M>HS`o75p#LP*m>CaX-*ll z0fYH{i55RP0=)}$h3B>E`rZC>Z|{9Niy)q-JvYDH`E>2Wi{RBr?Cs|hm*GQ-#w8lX zpJG(^HK)-Z!^AG2R;oLc>NHc^t$Me$*lFF~ zPCuDCh5Xm_^)Q-NYCFC4K7Q{V{Z72Wk!I(BrV74)G2xGU34hF+!V}?qwmN4fcUwN^ z@Ogh4E$c0FHs-!7d}fLPC9aY52t$ep1H!=m7-;M-U9yD%VL%uV2801&Ko}4PgaKhd z7!U@80b$^OXTZY(xrUp8@`ajvsb*`xwnoWyNs6NiY#la-FY(kmD(K+~hfqZAz6>P3 hHbg1;sYbAku5lj6gtq>Fl2e@}*!6fci04j5^an=jlcfLv literal 0 HcmV?d00001 diff --git a/test/debugger_test.py b/test/debugger_test.py index 2bd3b5f9..c49cc5a2 100644 --- a/test/debugger_test.py +++ b/test/debugger_test.py @@ -10,7 +10,7 @@ import subprocess import unittest -from binaryninja import load +from binaryninja import load, Settings try: from debugger import DebuggerController, DebugStopReason, DebugBreakpointType except: @@ -37,6 +37,16 @@ def name_to_fpath(testbin, arch=None, os_str=None): return path +def shared_lib_filename(): + os_str = platform.system() + if os_str == 'Darwin': + return 'shared_lib.dylib' + elif os_str == 'Windows': + return 'shared_lib.dll' + else: + return 'shared_lib.so' + + def is_wow64(fpath): if 'x86' not in fpath: return False @@ -91,6 +101,41 @@ def run_once(): for i in range(n): run_once() + def test_debug_shared_library(self): + # Analyze a shared library, but point the executable path at the program that loads it. + # The debugger must launch the loader, not try to exec the library directly (which on macOS + # made dyld fall back to launching /bin/sh, failing under SIP). + # See https://github.com/Vector35/debugger/issues/540 and + # https://github.com/Vector35/debugger/issues/1104 + lib_path = name_to_fpath(shared_lib_filename(), self.arch) + exec_path = name_to_fpath('load_shared_lib', self.arch) + bv = load(lib_path) + dbg = self.create_debugger(bv) + dbg.executable_path = exec_path + + # The program entry-point breakpoint comes from the analyzed library, which the loader never + # hits, so stop at the system entry point instead to inspect the launched process. + settings = Settings() + previous = settings.get_bool('debugger.stopAtSystemEntryPoint') + settings.set_bool('debugger.stopAtSystemEntryPoint', True) + try: + # The bug either failed to launch (InternalError, SIP enabled) or launched /bin/sh. + self.assertNotIn(dbg.launch_and_wait(), [DebugStopReason.ProcessExited, DebugStopReason.InternalError]) + module_names = [(m.name or '') for m in dbg.modules] + # The loader executable must be the launched program, not the library or /bin/sh. + self.assertTrue(any(os.path.realpath(exec_path) == os.path.realpath(name) for name in module_names), + f"loader executable not among launched modules: {module_names}") + self.assertFalse(any('/bin/sh' in name for name in module_names), + f"debugger incorrectly launched /bin/sh: {module_names}") + # Running to completion exercises loading the dependent library and calling into it; the + # loader returns 0 only if the shared library was actually loaded and invoked. + self.assertEqual(sleep_and_go(dbg), DebugStopReason.ProcessExited) + self.assertEqual(dbg.exit_code, 0) + finally: + settings.set_bool('debugger.stopAtSystemEntryPoint', previous) + if dbg.connected: + dbg.quit_and_wait() + def test_return_code(self): # return code tests fpath = name_to_fpath('exitcode', self.arch) diff --git a/test/src/analysis_propagation_x64-macos.lst b/test/src/analysis_propagation_x64-macos.lst deleted file mode 100644 index dea4ad35..00000000 --- a/test/src/analysis_propagation_x64-macos.lst +++ /dev/null @@ -1,269 +0,0 @@ - 1 ; The point here is to test the ability to pass runtime information to analysis. - 2 ; - 3 ; The simplest case is when a call is encountered in the debugger where the - 4 ; destination is not yet an identified function. Just make a function at this - 5 ; address. - 6 ; - 7 ; The second case is when a branch is encountered whose destination is not - 8 ; in the set of indirect branches picked up by analysis. This is exercised here - 9 ; by having a jump table's check bypassed from another function. Binja picks up - 10 ; the legal values of the jump table, but doesn't see that a side flow of - 11 ; execution can hop over the constraint for the value that indexes the table. - 12 - 13 default rel - 14 - 15 global start - 16 global function_with_indirect_call - 17 global function_with_switch - 18 section .text - 19 - 20 start: - 21 ; call case 4 (illegal) of switch by jumping passed check - 22 00000000 488D1D69000000 lea rbx, [function_with_switch] - 23 00000007 BFAF010000 mov edi, 431 - 24 0000000C E809010000 call mapper ; returns 7 - 25 00000011 4801C3 add rbx, rax - 26 00000014 B904000000 mov rcx, 4 - 27 00000019 FFD3 call rbx - 28 - 29 ; call case0, case1 of switch - 30 0000001B BF00000000 mov rdi, 0 - 31 00000020 E84B000000 call function_with_switch - 32 00000025 BF01000000 mov rdi, 1 - 33 0000002A E841000000 call function_with_switch - 34 0000002F BF02000000 mov rdi, 2 - 35 00000034 E837000000 call function_with_switch - 36 00000039 BF03000000 mov rdi, 3 - 37 0000003E E82D000000 call function_with_switch - 38 - 39 ; call case 5 (illegal) of switch by jumping passed check - 40 00000043 488D1D26000000 lea rbx, [function_with_switch] - 41 0000004A BFAF010000 mov edi, 431 - 42 0000004F E8C6000000 call mapper ; returns 7 - 43 00000054 4801C3 add rbx, rax - 44 00000057 B905000000 mov rcx, 5 - 45 0000005C FFD3 call rbx - 46 - 47 ; make some indirect calls - 48 0000005E E859000000 call function_with_indirect_call - 49 - 50 ; done - 51 00000063 B801000002 mov rax, 0x2000001 ; exit - 52 00000068 BF00000000 mov rdi, 0 - 53 0000006D 0F05 syscall - 54 0000006F C3 ret - 55 - 56 function_with_switch: - 57 ; 00000000: 0x48, 0x89, 0xf9 - 58 00000070 4889F9 mov rcx, rdi ; arg0: 0,1,2,3 - 59 ; 00000003: 0x48, 0x83, 0xe1, 0x03 - 60 00000073 4883E103 and rcx, 0x3 - 61 ; 00000007: <--- jumping here bypasses the constraint - 62 - 63 00000077 488D0526000000 lea rax, [.jump_table] - 64 0000007E 48631488 movsx rdx, dword[rax+rcx*4] - 65 00000082 4801C2 add rdx, rax - 66 00000085 FFE2 jmp rdx - 67 - 68 .case0: - 69 00000087 E8AF000000 call print_00 - 70 0000008C EB15 jmp .switch_end - 71 - 72 .case1: - 73 0000008E E8D6000000 call print_01 - 74 00000093 EB0E jmp .switch_end - 75 - 76 .case2: - 77 00000095 E803010000 call print_02 - 78 0000009A EB07 jmp .switch_end - 79 - 80 .case3: - 81 0000009C E830010000 call print_03 - 82 000000A1 EB00 jmp .switch_end - 83 - 84 .switch_end: - 85 000000A3 C3 ret - 86 - 87 .jump_table: - 88 000000A4 E3FFFFFF dd function_with_switch.case0 - .jump_table - 89 000000A8 EAFFFFFF dd function_with_switch.case1 - .jump_table - 90 000000AC F1FFFFFF dd function_with_switch.case2 - .jump_table - 91 000000B0 F8FFFFFF dd function_with_switch.case3 - .jump_table - 92 ; these entries should be invisible/illegal to binja because of the "and 3" constraint - 93 000000B4 91010000 dd junk + 0x30 - .jump_table - 94 000000B8 EF010000 dd junk + 0x8e - .jump_table - 95 - 96 function_with_indirect_call: - 97 000000BC B904000000 mov rcx, 4 - 98 - 99 .next: - 100 000000C1 51 push rcx - 101 - 102 .test4: - 103 000000C2 4883F904 cmp rcx, 4 - 104 000000C6 7509 jne .test3 - 105 000000C8 488D1D6C000000 lea rbx, [print_00] - 106 000000CF EB43 jmp .dispatch - 107 - 108 .test3: - 109 000000D1 4883F903 cmp rcx, 3 - 110 000000D5 7509 jne .test2 - 111 000000D7 488D1D8B000000 lea rbx, [print_01] - 112 000000DE EB34 jmp .dispatch - 113 - 114 .test2: - 115 000000E0 4883F902 cmp rcx, 2 - 116 000000E4 7516 jne .test1 - 117 000000E6 488D1D18010000 lea rbx, [junk] - 118 000000ED BFC5010000 mov rdi, 453 ; -> 48 - 119 000000F2 E823000000 call mapper - 120 000000F7 4801C3 add rbx, rax - 121 000000FA EB18 jmp .dispatch - 122 - 123 .test1: - 124 000000FC 4883F901 cmp rcx, 1 - 125 00000100 488D1DFE000000 lea rbx, [junk] - 126 00000107 BFA3000000 mov rdi, 163 ; -> 142 - 127 0000010C E809000000 call mapper - 128 00000111 4801C3 add rbx, rax - 129 - 130 .dispatch: - 131 00000114 FFD3 call rbx - 132 - 133 .check: - 134 00000116 59 pop rcx - 135 00000117 E2A8 loop .next - 136 00000119 C3 ret - 137 - 138 ; evade data flow - 139 ; maps {1,2,3,4,5,6,7,8,9,10,...} -> {1,3,9,27,81,243,220,151,453,341,...} - 140 ; forward with pow(3,x,509) - 141 ; reverse with brute force [x for x in range(508) if pow(3,x,509) == y] - 142 mapper: - 143 0000011A 4889F9 mov rcx, rdi ; arg0: number to map - 144 0000011D B801000000 mov rax, 1 - 145 00000122 E316 jrcxz .done - 146 .step: - 147 00000124 486BC003 imul rax, 3 - 148 .reduce: - 149 00000128 483DFD010000 cmp rax, 509 - 150 0000012E 7C08 jl .next - 151 00000130 482DFD010000 sub rax, 509 - 152 00000136 EBF0 jmp .reduce - 153 .next: - 154 00000138 E2EA loop .step - 155 .done: - 156 0000013A C3 ret - 157 - 158 print_00: - 159 0000013B 488D3518000000 lea rsi, [.msg_start] - 160 00000142 488D151F000000 lea rdx, [.done] - 161 00000149 4829F2 sub rdx, rsi - 162 0000014C BF01000000 mov rdi, 1 ; stdout - 163 00000151 B804000002 mov rax, 0x2000004 ; write - 164 00000156 0F05 syscall - 165 00000158 EB0E jmp .done - 166 .msg_start: - 167 0000015A 49276D207072696E74- db "I'm print_00!", 0x0a - 167 00000163 5F3030210A - 168 .done: - 169 00000168 C3 ret - 170 - 171 print_01: - 172 00000169 48BE- mov rsi, .msg_start - 172 0000016B [8E01000000000000] - 173 00000173 48BA- mov rdx, .done - 173 00000175 [9C01000000000000] - 174 0000017D 4829F2 sub rdx, rsi - 175 00000180 BF01000000 mov rdi, 1 ; stdout - 176 00000185 B804000002 mov rax, 0x2000004 ; write - 177 0000018A 0F05 syscall - 178 0000018C EB0E jmp .done - 179 .msg_start: - 180 0000018E 49276D207072696E74- db "I'm print_01!", 0x0a - 180 00000197 5F3031210A - 181 .done: - 182 0000019C C3 ret - 183 - 184 print_02: - 185 0000019D 48BE- mov rsi, .msg_start - 185 0000019F [C201000000000000] - 186 000001A7 48BA- mov rdx, .done - 186 000001A9 [D001000000000000] - 187 000001B1 4829F2 sub rdx, rsi - 188 000001B4 BF01000000 mov rdi, 1 ; stdout - 189 000001B9 B804000002 mov rax, 0x2000004 ; write - 190 000001BE 0F05 syscall - 191 000001C0 EB0E jmp .done - 192 .msg_start: - 193 000001C2 49276D207072696E74- db "I'm print_02!", 0x0a - 193 000001CB 5F3032210A - 194 .done: - 195 000001D0 C3 ret - 196 - 197 print_03: - 198 000001D1 48BE- mov rsi, .msg_start - 198 000001D3 [F601000000000000] - 199 000001DB 48BA- mov rdx, .done - 199 000001DD [0402000000000000] - 200 000001E5 4829F2 sub rdx, rsi - 201 000001E8 BF01000000 mov rdi, 1 ; stdout - 202 000001ED B804000002 mov rax, 0x2000004 ; write - 203 000001F2 0F05 syscall - 204 000001F4 EB0E jmp .done - 205 .msg_start: - 206 000001F6 49276D207072696E74- db "I'm print_03!", 0x0a - 206 000001FF 5F3033210A - 207 .done: - 208 00000204 C3 ret - 209 - 210 junk: - 211 ; junk - 212 00000205 EF3D537CFB803B28 db 0xEF, 0x3D, 0x53, 0x7C, 0xFB, 0x80, 0x3B, 0x28, - 213 0000020D 15D1A2CD5E7EBCE1 db 0x15, 0xD1, 0xA2, 0xCD, 0x5E, 0x7E, 0xBC, 0xE1, - 214 00000215 C61B6305B7D3BA3B db 0xC6, 0x1B, 0x63, 0x05, 0xB7, 0xD3, 0xBA, 0x3B, - 215 0000021D 39CA46A132D98AB5 db 0x39, 0xCA, 0x46, 0xA1, 0x32, 0xD9, 0x8A, 0xB5, - 216 00000225 8FD6FAAE082DD56F db 0x8F, 0xD6, 0xFA, 0xAE, 0x08, 0x2D, 0xD5, 0x6F, - 217 0000022D 1ED6B872A98D86E8 db 0x1E, 0xD6, 0xB8, 0x72, 0xA9, 0x8D, 0x86, 0xE8 - 218 - 219 ; junk + 0x30 - 220 ; hidden function - 221 00000235 488D3518000000 db 0x48, 0x8D, 0x35, 0x18, 0x00, 0x00, 0x00, ; lea rsi, [.msg_start] - 222 0000023C 488D151F000000 db 0x48, 0x8D, 0x15, 0x1F, 0x00, 0x00, 0x00, ; lea rdx, [.done] - 223 00000243 4829F2 db 0x48, 0x29, 0xF2 ; sub rdx, rsi - 224 00000246 BF01000000 db 0xBF, 0x01, 0x00, 0x00, 0x00 ; mov rdi, 1 ; stdout - 225 0000024B B804000002 db 0xB8, 0x04, 0x00, 0x00, 0x02 ; mov rax, 0x2000004 ; write - 226 00000250 0F05 db 0x0F, 0x05 ; syscall - 227 00000252 EB0E db 0xEB, 0x0E ; jmp .done - 228 ; .msg_start: "YOU FOUND ME1" - 229 00000254 594F5520464F554E44- db 0x59, 0x4F, 0x55, 0x20, 0x46, 0x4F, 0x55, 0x4E, 0x44, 0x20, 0x4D, 0x45, 0x31, 0x0a - 229 0000025D 204D45310A - 230 ; .done: - 231 00000262 C3 db 0xC3 ; ret - 232 - 233 ; junk + 0x5e - 234 00000263 B4DEF06B54400846 db 0xB4, 0xDE, 0xF0, 0x6B, 0x54, 0x40, 0x08, 0x46, - 235 0000026B F6ACDD828C742C7F db 0xF6, 0xAC, 0xDD, 0x82, 0x8C, 0x74, 0x2C, 0x7F, - 236 00000273 BD0BC1BA121FD07C db 0xBD, 0x0B, 0xC1, 0xBA, 0x12, 0x1F, 0xD0, 0x7C, - 237 0000027B 44FF435FC685F323 db 0x44, 0xFF, 0x43, 0x5F, 0xC6, 0x85, 0xF3, 0x23, - 238 00000283 6B65412CB44A5E24 db 0x6B, 0x65, 0x41, 0x2C, 0xB4, 0x4A, 0x5E, 0x24, - 239 0000028B 35BA577618ABE051 db 0x35, 0xBA, 0x57, 0x76, 0x18, 0xAB, 0xE0, 0x51 - 240 - 241 ; junk + 0x8e - 242 ; hidden function - 243 00000293 488D3518000000 db 0x48, 0x8D, 0x35, 0x18, 0x00, 0x00, 0x00, ; lea rsi, [.msg_start] - 244 0000029A 488D151F000000 db 0x48, 0x8D, 0x15, 0x1F, 0x00, 0x00, 0x00, ; lea rdx, [.done] - 245 000002A1 4829F2 db 0x48, 0x29, 0xF2 ; sub rdx, rsi - 246 000002A4 BF01000000 db 0xBF, 0x01, 0x00, 0x00, 0x00 ; mov rdi, 1 ; stdout - 247 000002A9 B804000002 db 0xB8, 0x04, 0x00, 0x00, 0x02 ; mov rax, 0x2000004 ; write - 248 000002AE 0F05 db 0x0F, 0x05 ; syscall - 249 000002B0 EB0E db 0xEB, 0x0E ; jmp .done - 250 ; .msg_start: "YOU FOUND ME2" - 251 000002B2 594F5520464F554E44- db 0x59, 0x4F, 0x55, 0x20, 0x46, 0x4F, 0x55, 0x4E, 0x44, 0x20, 0x4D, 0x45, 0x32, 0x0a - 251 000002BB 204D45320A - 252 ; .done: - 253 000002C0 C3 db 0xC3 ; ret - 254 - 255 section .data - 256 00000000 48657265277320736F- db "Here's some data.", 0x0a - 256 00000009 6D6520646174612E0A diff --git a/test/src/analysis_propagation_x64.asm b/test/src/analysis_propagation_x64.asm deleted file mode 100644 index 1cf8e8bb..00000000 --- a/test/src/analysis_propagation_x64.asm +++ /dev/null @@ -1,256 +0,0 @@ -; The point here is to test the ability to pass runtime information to analysis. -; -; The simplest case is when a call is encountered in the debugger where the -; destination is not yet an identified function. Just make a function at this -; address. -; -; The second case is when a branch is encountered whose destination is not -; in the set of indirect branches picked up by analysis. This is exercised here -; by having a jump table's check bypassed from another function. Binja picks up -; the legal values of the jump table, but doesn't see that a side flow of -; execution can hop over the constraint for the value that indexes the table. - -default rel - - global start - global function_with_indirect_call - global function_with_switch - section .text - -start: - ; call case 4 (illegal) of switch by jumping passed check - lea rbx, [function_with_switch] - mov edi, 431 - call mapper ; returns 7 - add rbx, rax - mov rcx, 4 - call rbx - - ; call case0, case1 of switch - mov rdi, 0 - call function_with_switch - mov rdi, 1 - call function_with_switch - mov rdi, 2 - call function_with_switch - mov rdi, 3 - call function_with_switch - - ; call case 5 (illegal) of switch by jumping passed check - lea rbx, [function_with_switch] - mov edi, 431 - call mapper ; returns 7 - add rbx, rax - mov rcx, 5 - call rbx - - ; make some indirect calls - call function_with_indirect_call - - ; done - mov rax, 0x2000001 ; exit - mov rdi, 0 - syscall - ret - -function_with_switch: - ; 00000000: 0x48, 0x89, 0xf9 - mov rcx, rdi ; arg0: 0,1,2,3 - ; 00000003: 0x48, 0x83, 0xe1, 0x03 - and rcx, 0x3 - ; 00000007: <--- jumping here bypasses the constraint - - lea rax, [.jump_table] - movsx rdx, dword[rax+rcx*4] - add rdx, rax - jmp rdx - -.case0: - call print_00 - jmp .switch_end - -.case1: - call print_01 - jmp .switch_end - -.case2: - call print_02 - jmp .switch_end - -.case3: - call print_03 - jmp .switch_end - -.switch_end: - ret - -.jump_table: - dd function_with_switch.case0 - .jump_table - dd function_with_switch.case1 - .jump_table - dd function_with_switch.case2 - .jump_table - dd function_with_switch.case3 - .jump_table - ; these entries should be invisible/illegal to binja because of the "and 3" constraint - dd junk + 0x30 - .jump_table - dd junk + 0x8e - .jump_table - -function_with_indirect_call: - mov rcx, 4 - -.next: - push rcx - -.test4: - cmp rcx, 4 - jne .test3 - lea rbx, [print_00] - jmp .dispatch - -.test3: - cmp rcx, 3 - jne .test2 - lea rbx, [print_01] - jmp .dispatch - -.test2: - cmp rcx, 2 - jne .test1 - lea rbx, [junk] - mov rdi, 453 ; -> 48 - call mapper - add rbx, rax - jmp .dispatch - -.test1: - cmp rcx, 1 - lea rbx, [junk] - mov rdi, 163 ; -> 142 - call mapper - add rbx, rax - -.dispatch: - call rbx - -.check: - pop rcx - loop .next - ret - -; evade data flow -; maps {1,2,3,4,5,6,7,8,9,10,...} -> {1,3,9,27,81,243,220,151,453,341,...} -; forward with pow(3,x,509) -; reverse with brute force [x for x in range(508) if pow(3,x,509) == y] -mapper: - mov rcx, rdi ; arg0: number to map - mov rax, 1 - jrcxz .done -.step: - imul rax, 3 -.reduce: - cmp rax, 509 - jl .next - sub rax, 509 - jmp .reduce -.next: - loop .step -.done: - ret - -print_00: - lea rsi, [.msg_start] - lea rdx, [.done] - sub rdx, rsi - mov rdi, 1 ; stdout - mov rax, 0x2000004 ; write - syscall - jmp .done -.msg_start: - db "I'm print_00!", 0x0a -.done: - ret - -print_01: - mov rsi, .msg_start - mov rdx, .done - sub rdx, rsi - mov rdi, 1 ; stdout - mov rax, 0x2000004 ; write - syscall - jmp .done -.msg_start: - db "I'm print_01!", 0x0a -.done: - ret - -print_02: - mov rsi, .msg_start - mov rdx, .done - sub rdx, rsi - mov rdi, 1 ; stdout - mov rax, 0x2000004 ; write - syscall - jmp .done -.msg_start: - db "I'm print_02!", 0x0a -.done: - ret - -print_03: - mov rsi, .msg_start - mov rdx, .done - sub rdx, rsi - mov rdi, 1 ; stdout - mov rax, 0x2000004 ; write - syscall - jmp .done -.msg_start: - db "I'm print_03!", 0x0a -.done: - ret - -junk: -; junk -db 0xEF, 0x3D, 0x53, 0x7C, 0xFB, 0x80, 0x3B, 0x28, -db 0x15, 0xD1, 0xA2, 0xCD, 0x5E, 0x7E, 0xBC, 0xE1, -db 0xC6, 0x1B, 0x63, 0x05, 0xB7, 0xD3, 0xBA, 0x3B, -db 0x39, 0xCA, 0x46, 0xA1, 0x32, 0xD9, 0x8A, 0xB5, -db 0x8F, 0xD6, 0xFA, 0xAE, 0x08, 0x2D, 0xD5, 0x6F, -db 0x1E, 0xD6, 0xB8, 0x72, 0xA9, 0x8D, 0x86, 0xE8 - -; junk + 0x30 -; hidden function -db 0x48, 0x8D, 0x35, 0x18, 0x00, 0x00, 0x00, ; lea rsi, [.msg_start] -db 0x48, 0x8D, 0x15, 0x1F, 0x00, 0x00, 0x00, ; lea rdx, [.done] -db 0x48, 0x29, 0xF2 ; sub rdx, rsi -db 0xBF, 0x01, 0x00, 0x00, 0x00 ; mov rdi, 1 ; stdout -db 0xB8, 0x04, 0x00, 0x00, 0x02 ; mov rax, 0x2000004 ; write -db 0x0F, 0x05 ; syscall -db 0xEB, 0x0E ; jmp .done -; .msg_start: "YOU FOUND ME1" -db 0x59, 0x4F, 0x55, 0x20, 0x46, 0x4F, 0x55, 0x4E, 0x44, 0x20, 0x4D, 0x45, 0x31, 0x0a -; .done: -db 0xC3 ; ret - -; junk + 0x5e -db 0xB4, 0xDE, 0xF0, 0x6B, 0x54, 0x40, 0x08, 0x46, -db 0xF6, 0xAC, 0xDD, 0x82, 0x8C, 0x74, 0x2C, 0x7F, -db 0xBD, 0x0B, 0xC1, 0xBA, 0x12, 0x1F, 0xD0, 0x7C, -db 0x44, 0xFF, 0x43, 0x5F, 0xC6, 0x85, 0xF3, 0x23, -db 0x6B, 0x65, 0x41, 0x2C, 0xB4, 0x4A, 0x5E, 0x24, -db 0x35, 0xBA, 0x57, 0x76, 0x18, 0xAB, 0xE0, 0x51 - -; junk + 0x8e -; hidden function -db 0x48, 0x8D, 0x35, 0x18, 0x00, 0x00, 0x00, ; lea rsi, [.msg_start] -db 0x48, 0x8D, 0x15, 0x1F, 0x00, 0x00, 0x00, ; lea rdx, [.done] -db 0x48, 0x29, 0xF2 ; sub rdx, rsi -db 0xBF, 0x01, 0x00, 0x00, 0x00 ; mov rdi, 1 ; stdout -db 0xB8, 0x04, 0x00, 0x00, 0x02 ; mov rax, 0x2000004 ; write -db 0x0F, 0x05 ; syscall -db 0xEB, 0x0E ; jmp .done -; .msg_start: "YOU FOUND ME2" -db 0x59, 0x4F, 0x55, 0x20, 0x46, 0x4F, 0x55, 0x4E, 0x44, 0x20, 0x4D, 0x45, 0x32, 0x0a -; .done: -db 0xC3 ; ret - -section .data - db "Here's some data.", 0x0a diff --git a/test/src/asmtest_aarch64-android.s b/test/src/asmtest_aarch64-android.s deleted file mode 100644 index bd0a86f7..00000000 --- a/test/src/asmtest_aarch64-android.s +++ /dev/null @@ -1,52 +0,0 @@ -// NOTES: -// kernel call: syscall number in x8, args in x0, x1, x2, ... -// syscall number lookup /include/uapi/asm-generic/unistd.h -// -.global _start - -.text - -_start: - nop - bl bounce - nop - bl bounce - nop - bl bounce - nop - bl bounce - nop - bl bounce - nop - bl bounce - nop - bl bounce - nop - bl bounce - - mov x2, msglen // arg2: message length - - // TODO: explore in detail why this won't work - //mov x1, msg // arg1: message - adrp x1, msg - add x1, x1, :lo12:msg - - mov x0, #1 // arg0: stdout - - mov x8, #64 // __NR_write - svc #0 - - mov x0, #0 // arg0: status - mov x8, #94 // __NR_exit - svc #0 - -bounce: - ret - -.data - -msg: - .asciz "Hello, world!\n" - -msglen = . - msg - diff --git a/test/src/asmtest_armv7-android.s b/test/src/asmtest_armv7-android.s deleted file mode 100644 index 5385e93a..00000000 --- a/test/src/asmtest_armv7-android.s +++ /dev/null @@ -1,43 +0,0 @@ -.data - -/* Data segment: define our message string and calculate its length. */ -msg: - .ascii "Hello, ARM!\n" -len = . - msg - -.text - -/* Our application's entry point. */ -.globl _start -_start: - nop - bl bounce - nop - bl bounce - nop - bl bounce - nop - bl bounce - nop - bl bounce - nop - bl bounce - nop - bl bounce - nop - bl bounce - - /* syscall write(int fd, const void *buf, size_t count) */ - mov %r0, $1 /* fd := STDOUT_FILENO */ - ldr %r1, =msg /* buf := msg */ - ldr %r2, =len /* count := len */ - mov %r7, $4 /* write is syscall #4 */ - swi $0 /* invoke syscall */ - - /* syscall exit(int status) */ - mov %r0, $0 /* status := 0 */ - mov %r7, $1 /* exit is syscall #1 */ - swi $0 /* invoke syscall */ - -bounce: - bx %lr diff --git a/test/src/asmtest_x64.asm b/test/src/asmtest_x64.asm deleted file mode 100644 index 8624108b..00000000 --- a/test/src/asmtest_x64.asm +++ /dev/null @@ -1,86 +0,0 @@ -default rel - -%ifdef OS_IS_WINDOWS - global WinMain - extern ExitProcess, GetStdHandle, WriteConsoleA - - section .bss - numCharsWritten resd 1 - - section .text - WinMain: -%endif - -%ifdef OS_IS_LINUX - global _start - section .text - _start: -%endif - -%ifdef OS_IS_MACOS - global start - section .text - start: -%endif - - nop - call bounce - nop - call bounce - nop - call bounce - nop - call bounce - nop - call bounce - nop - call bounce - nop - call bounce - nop - call bounce - -%ifdef OS_IS_WINDOWS - mov ecx, -11 ; STD_OUTPUT_HANDLE - call GetStdHandle - - push 0 - mov r9, numCharsWritten - mov r8, msg.len - mov rdx, msg - mov rcx, rax - call WriteConsoleA - add rsp, 0x8 - - mov rcx, 0 - call ExitProcess - -%else - mov rsi, msg - mov rdx, msg.len - mov rdi, 1 ; stdout -%endif - -%ifdef OS_IS_LINUX - mov rax, 1 ; write - syscall - mov rdi, 0 ; arg0: status - mov rax, 60 ; __NR_exit - syscall -%endif - -%ifdef OS_IS_MACOS - mov rax, 0x2000004 ; write - syscall - mov rax, 0x2000001 ; exit - mov rdi, 0 - syscall -%endif - -bounce: - retn - -section .data -msg: - db "Hello, world!", 0x0a - .len: equ $ - msg diff --git a/test/src/asmtest_x86.asm b/test/src/asmtest_x86.asm deleted file mode 100644 index cc483ea1..00000000 --- a/test/src/asmtest_x86.asm +++ /dev/null @@ -1,73 +0,0 @@ -default rel - -%ifdef OS_IS_WINDOWS - global WinMain - - extern _GetStdHandle@4 - extern _WriteConsoleA@20 - extern _ExitProcess@4 - - section .bss - numCharsWritten resd 1 - - section .text - WinMain: -%endif - -%ifdef OS_IS_LINUX - global _start - section .text - _start: -%endif - - nop - call bounce - nop - call bounce - nop - call bounce - nop - call bounce - nop - call bounce - nop - call bounce - nop - call bounce - nop - call bounce - -%ifdef OS_IS_WINDOWS - push -11 ; STD_OUTPUT_HANDLE - call _GetStdHandle@4 - - push 0 - push numCharsWritten - push msglen - push msg - push eax - call _WriteConsoleA@20 - add esp, 0x8 - - push 0 - call _ExitProcess@4 -%endif - -%ifdef OS_IS_LINUX - mov edx, msglen ; arg2: message length - mov ecx, msg ; arg1: message - mov ebx, 1 ; arg0: stdout - mov eax, 4 ; __NR_write - int 0x80 - - mov ebx, 0 ; arg0: status - mov eax, 1 ; __NR_exit - int 0x80 -%endif - -bounce: - ret - - section .data -msg: db "Hello, world!", 0x0a, 0 -msglen: equ $ - msg diff --git a/test/src/cat.c b/test/src/cat.c deleted file mode 100644 index 45e15a19..00000000 --- a/test/src/cat.c +++ /dev/null @@ -1,14 +0,0 @@ -#include - -int main(int ac, char **av) -{ - while (1) { - int ch = fgetc(stdin); - if (ch == EOF && (feof(stdin) || ferror(stdin))) { - break; - } - fputc(ch, stdout); - } - - return 0; -} diff --git a/test/src/commandline_test.c b/test/src/commandline_test.c deleted file mode 100644 index ba75d8f5..00000000 --- a/test/src/commandline_test.c +++ /dev/null @@ -1,11 +0,0 @@ -#include - -int main(int ac, char **av) -{ - printf("Arguments: \n"); - for (int i = 0; i < ac; i ++) { - printf("%s\n", av[i]); - } - - return 0; -} diff --git a/test/src/do_exception.c b/test/src/do_exception.c deleted file mode 100644 index b069a39a..00000000 --- a/test/src/do_exception.c +++ /dev/null @@ -1,62 +0,0 @@ -#include -#include -#include - -typedef int (*PFOO)(void); - -int main(int ac, char **av) -{ - printf("start\n"); - - if(!strcmp(av[1], "segfault")) { - printf("accessing from 0xDEADBEEF\n"); - return *(int *)0xDEADBEEF; - } - - if(!strcmp(av[1], "illegalinstr")) { - #if defined(ARCH_IS_X64) - printf("X64 bad instruction\n"); - unsigned char buf[] = { - 0x66, 0x06, // push es on x86, invalid in x64 - 0x0f, 0xb9, // ud2b - 0x0f, 0x0b, // ud2 - 0xfe, 0xf0, - 0x90, - 0x90 - #elif defined(ARCH_IS_X86) - printf("X86 bad instruction\n"); - unsigned char buf[] = { - 0x0f, 0x0b // ud2 - #elif defined(ARCH_IS_ARMV7) - printf("ARMV7 bad instruction\n"); - unsigned char buf[] = { - 0xf0, 0xde, 0xf0, 0xe7, // little endian 0xe7f0def0 - 0xe7, 0xf0, 0xde, 0xf0 // big endian - #elif defined(ARCH_IS_AARCH64) - printf("AARCH64 bad instruction\n"); - unsigned char buf[] = { - // https://developer.arm.com/docs/ddi0596/a/a64-base-instructions-alphabetic-order/udf-permanently-undefined - 0x00, 0x00, 0x00, 0x00 - #endif - }; - - PFOO bar = (PFOO)buf; - return bar(); - } - - if(!strcmp(av[1], "divzero")) { - printf("dividing by zero\n"); - int foo = 31337; - float result = 0; - int i = 9; - while(i >= 0) { - printf("dividing by %d\n", i); - result = foo/i; - i -= 1; - printf("result is: %f\n", result); - } - } - - printf("end\n"); - return 0; -} diff --git a/test/src/execute_test.exe.manifest b/test/src/execute_test.exe.manifest deleted file mode 100644 index f3a3be74..00000000 --- a/test/src/execute_test.exe.manifest +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - diff --git a/test/src/exitcode.c b/test/src/exitcode.c deleted file mode 100644 index c752f07c..00000000 --- a/test/src/exitcode.c +++ /dev/null @@ -1,9 +0,0 @@ -#include -#include - -int main(int ac, char **av) -{ - int rc = atoi(av[1]); - printf("returning %d\n", rc); - return rc; -} diff --git a/test/src/hello_x64.asm b/test/src/hello_x64.asm deleted file mode 100644 index 4ba3d78f..00000000 --- a/test/src/hello_x64.asm +++ /dev/null @@ -1,65 +0,0 @@ -default rel - -%ifdef OS_IS_WINDOWS - global WinMain - extern ExitProcess, GetStdHandle, WriteConsoleA - - section .bss - numCharsWritten resd 1 - - section .text - WinMain: -%endif - -%ifdef OS_IS_LINUX - global _start - section .text - _start: -%endif - -%ifdef OS_IS_MACOS - global start - section .text - start: -%endif - -%ifdef OS_IS_WINDOWS - mov ecx, -11 ; STD_OUTPUT_HANDLE - call GetStdHandle - - push 0 - mov r9, numCharsWritten - mov r8, msg.len - mov rdx, msg - mov rcx, rax - call WriteConsoleA - add rsp, 0x8 - - mov rcx, 0 - call ExitProcess - -%else - lea rsi, [msg] - mov rdx, msg.len - mov rdi, 1 ; stdout -%endif - -%ifdef OS_IS_LINUX - mov rax, 1 ; write - syscall - mov rdi, 0 ; arg0: status - mov rax, 60 ; __NR_exit - syscall -%endif - -%ifdef OS_IS_MACOS - mov rax, 0x2000004 ; write - syscall - mov rax, 0x2000001 ; exit - mov rdi, 0 - syscall -%endif - -msg: - db "Hello, world!", 0x0a - .len: equ $ - msg diff --git a/test/src/helloworld.c b/test/src/helloworld.c deleted file mode 100644 index 63208d65..00000000 --- a/test/src/helloworld.c +++ /dev/null @@ -1,26 +0,0 @@ -// tests: cmdline arguments, process return value, stdout - -#include -#include - -int main(int argc, char **argv) -{ - int i; - char path[1024] = {}; - - printf("Hello, world!\n"); - if (getcwd(path, sizeof(path))) - { - printf("cwd: %s\n", path); - } - else - { - printf("fail to get cwd\n"); - } - - printf("argc: %d\n", argc); - for(i=0; i - -int hello(int a) -{ - printf("Hello, world! %d\n", a); - return a; -} - -int main(int ac, char **av) -{ - hello(0); - hello(1); - hello(2); - hello(3); - return 0; -} diff --git a/test/src/helloworld_ios b/test/src/helloworld_ios deleted file mode 100755 index e96f294b26533b429182e1276e3160a8b205efca..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 68784 zcmeI*eM}r>9tZGe7HBD@h4#E+ech^k(Ux88QVK1_MT$Ztl(ZN*8-1MJ9bn3`i@QSs ztvb=7)|W&Sqlx}utf{41LmG{eT$OUMm)swBZFBKFbLFT;1z-NTcnOQN`1{QabQfDS zF(zuhzvS8H{h4PzGv&WN^N)$I&t?mu2nrXa#gvNEh3FP;DhaWaQWYgB>&kDgyuEVU zR&GrVYjSGS_iDV(qcl*;`pSm-)NX6Onc60tdImLfqAgh=rJ;2iPKC1B>t)|>-%PQy zDX#N<%|!b2%65yCaicvDpXr{x-sT7F^$MI3Tu)vv(^-!Ut&lPpH)49EX{MffzlO73 zxzo?}z7hG=@jkUtG=Q}kqhYHirl-tg|XEoKe zw^VMfo_ zSn~&;|LKkYKC8Ddq)?IVg_v|*N59tnS#=@E*W`8hJx`7`RN;2v zcM_K=ct6FIxR0-)bY4lfr<~g(?Q?rq+|XJ*H+pEldVmH|tf0i#{cuo-Ovg>pI zIVJ8tP97s$xCH?L2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV= z5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHaf zKmY;|fB*y_009U<00Izz00e&f0+Z2q`_9~}^qr{?JyU6mPSAIr`!h5AiA=?xIPlOF z<5TO!z=%%_oX!)8kxxX=NRCJ-rg`%8e37_Oh+YzSN*v$RQ%U91^ZkjD9Dm{lD!Uc& zCVj*DBC9{UtY<7u^o-K{RfA}v9y{jq4~(YGJ7~=@>^VH%L;X`L z#Q={PUFjd-ahb}zmMtz(Ki&34TIRvgJbz+rr8$tW(hUc z6r?V@v}?!m&>i+bx*@u*pnI?)Ip=SB^S8k1JLp!bbiOaob^eBUHqFenW?SFuc0R$L zYw~*3V)A^>?eC4}n$7^zYQ_%)AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV= zznFlVR<5HIqC{sgIHv(~CV%KkY*nCBY#3;~4>5KvZ7s-bi{rJd9$ zrHmVDutf%&TO^-yklNDJuEs(_2JX>fQ6cH{13LUb$hMdsF&bx9S0wGtC0m=N)~N;C z4NW#{YDkNTWv!|n5zG1Df^_l3qcq%fyPDb0M& zg>}k>)T8nIbrgjqg@tPyi`N#fEAkZvulMfcto(|qr*m+Z?QKe>K? zUPa>JA6w^<`sGU^r>cvteLpdA^%mokfyveB_boena!LQ5l{JC?4IO&m^}`L(V`Ghj z>Hj)$qQ$kfA!BOyo4fDn{^-c#ReRUG`fKk$wSK(xFQ2}A=b~euFSx&GxG8;T=;gzE zOG>_ZLF>?u#P0gKd9q?>?}D@6=JoEa?q2#>@!Oukqx(Pn_>I#2M^CEN-M{qxEq!Ch zoLg((>-}Qij*kvq{h!Ds#e#3`Hp<6n*KfT-vjG?pBTRTZYsZ9+7{O1 zhI^M5i|f(IrmL>^6kJu7RT|QRMp>4dqO?WpDhoziJ!)H9So6f`Z&XY-x;*sfEZYdTJiQ)O|Mn~u%AOHafKmY;| zfB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U< p00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafK;ZW#@Eu>1%vk^c diff --git a/test/src/helloworld_loop.c b/test/src/helloworld_loop.c deleted file mode 100644 index 283b4c60..00000000 --- a/test/src/helloworld_loop.c +++ /dev/null @@ -1,23 +0,0 @@ -#include - -#if defined(_WIN32) || defined(_WIN64) -#include -#define PIDFUNC _getpid -#else -#include -#define PIDFUNC getpid -#endif - -int main(int ac, char **av) -{ - int i; - for(i=0; 1; i++) { - int process_id = PIDFUNC(); - - printf("Hello, world! pid:%d i:%d\n", process_id, i); - int j; - for(j=0; j<100000000; ++j) - i = i*7; - } - return 11; -} diff --git a/test/src/helloworld_objc.m b/test/src/helloworld_objc.m deleted file mode 100644 index 5f0c11e0..00000000 --- a/test/src/helloworld_objc.m +++ /dev/null @@ -1,6 +0,0 @@ -#import - -int main() { - NSLog(@"Hello, world!"); - return 0; -} diff --git a/test/src/helloworld_recursion.c b/test/src/helloworld_recursion.c deleted file mode 100644 index f6786915..00000000 --- a/test/src/helloworld_recursion.c +++ /dev/null @@ -1,22 +0,0 @@ -#include -#include - -int fib(int a) -{ - if (a == 0 || a == 1) { - return 1; - } - return fib(a - 1) + fib(a - 2); -} - -int main(int ac, char **av) -{ - if (ac == 1) { - for (int i = 0; i < 50; i ++) { - printf("The %dth fibonacci number is %d\n", i, fib(i)); - } - } else { - printf("The %dth fibonacci number is %d\n", atoi(av[1]), fib(atoi(av[1]))); - } - return 0; -} diff --git a/test/src/helloworld_thread.c b/test/src/helloworld_thread.c deleted file mode 100644 index c36298d8..00000000 --- a/test/src/helloworld_thread.c +++ /dev/null @@ -1,80 +0,0 @@ -#include -#include - -#if defined(_WIN32) || defined(_WIN64) -#define OS_IS_WINDOWS -#endif - -#if defined(OS_IS_WINDOWS) -#include -#else -#include -#include -#include -#endif - -#if defined(OS_IS_WINDOWS) -DWORD WINAPI ThreadFunc(void* vargp) -#define SLEEP1SEC Sleep(1000) -#else -void *thread_func(void *vargp) -//#define SLEEP1SEC sleep(1) -#define SLEEP1SEC for(int i=0; i<99999999; ++i) { foo *= 3; } -#endif - -{ - int i; - int myid = *(int *)vargp; - srand(myid); - for(i=0; i<1000; ++i) { - printf("I'm thread %d.\n", myid); - int foo = 7; - /* stop at random rip, visible in debugger */ - switch(rand()%10) { - case 0: printf("rolled 0\n"); SLEEP1SEC; break; - case 1: printf("rolled 1\n"); SLEEP1SEC; break; - case 2: printf("rolled 2\n"); SLEEP1SEC; break; - case 3: printf("rolled 3\n"); SLEEP1SEC; break; - case 4: printf("rolled 4\n"); SLEEP1SEC; break; - case 5: printf("rolled 5\n"); SLEEP1SEC; break; - case 6: printf("rolled 6\n"); SLEEP1SEC; break; - case 7: printf("rolled 7\n"); SLEEP1SEC; break; - case 8: printf("rolled 8\n"); SLEEP1SEC; break; - case 9: printf("rolled 9\n"); SLEEP1SEC; break; - } - } - -#if defined(OS_IS_WINDOWS) - return 0; -#else - return NULL; -#endif -} - -int main(int ac, char **av) -{ - printf("Before Thread\n"); - -#if defined(OS_IS_WINDOWS) - DWORD ids[4] = {0, 1, 2, 3}; - HANDLE hThreadArray[4]; - hThreadArray[0] = CreateThread(NULL, 0, ThreadFunc, (void *)(ids+0), 0, NULL); - hThreadArray[1] = CreateThread(NULL, 0, ThreadFunc, (void *)(ids+1), 0, NULL); - hThreadArray[2] = CreateThread(NULL, 0, ThreadFunc, (void *)(ids+2), 0, NULL); - hThreadArray[3] = CreateThread(NULL, 0, ThreadFunc, (void *)(ids+3), 0, NULL); - WaitForMultipleObjects(4, hThreadArray, TRUE, INFINITE); -#else - int ids[4] = {0, 1, 2, 3}; - pthread_t thread_id[4]; - pthread_create(&thread_id[0], NULL, thread_func, (void *)(ids+0)); - pthread_create(&thread_id[1], NULL, thread_func, (void *)(ids+1)); - pthread_create(&thread_id[2], NULL, thread_func, (void *)(ids+2)); - pthread_create(&thread_id[3], NULL, thread_func, (void *)(ids+3)); - pthread_join(thread_id[0], NULL); - pthread_join(thread_id[1], NULL); - pthread_join(thread_id[2], NULL); - pthread_join(thread_id[3], NULL); -#endif - - return 12; -} diff --git a/test/src/helloworld_virtual.cpp b/test/src/helloworld_virtual.cpp deleted file mode 100644 index c39d1071..00000000 --- a/test/src/helloworld_virtual.cpp +++ /dev/null @@ -1,30 +0,0 @@ -#include -#include - -class Foo { -public: - virtual ~Foo() {} - virtual void bar() = 0; -}; - -class Bar : public Foo { -public: - virtual void bar() { - printf("Bar!\n"); - } -}; - -class Baz : public Bar { -public: - virtual void bar() { - printf("Baz!\n"); - } -}; - -int main(int ac, char **av) -{ - Foo* foo = new Baz(); - foo->bar(); - delete foo; - return 0; -} diff --git a/test/src/hh1.asm b/test/src/hh1.asm deleted file mode 100644 index 339b79fb..00000000 --- a/test/src/hh1.asm +++ /dev/null @@ -1,294 +0,0 @@ -; -; hh1.nasm: 664-byte, tiny hello-world Win32 PE .exe -; by pts@fazekas.hu at Sat Jan 13 11:53:58 CET 2018 -; -; How to compile hh1.exe: -; -; $ nasm -f bin -o hh1.exe hh1.nasm -; $ chmod 755 hh1.exe # For QEMU Samba server. -; $ ndisasm -b 32 -e 0x200 -o 0x403000 hh1.exe -; -; hh1.asm was inspired by the 268-byte .exe on -; https://www.codejuggle.dj/creating-the-smallest-possible-windows-executable-using-assembly-language/ -; . The fundamental difference is that hh1.exe works on Windows XP ... Windows -; 10, while the program above doesn't work on Windows XP. -; -; The generated hh1.exe works on: -; -; * Wine 1.6.2 on Linux. -; * Windows XP SP3, 32-bit: Microsoft Windows XP [Version 5.1.2600] -; * Windows 10 64-bit: Microsoft Windows [Version 10.0.16299.192] -; -; Output .exe file size in bytes (approximately): -; -; len(text_bytes) + len(data_bytes) + len(rodata_bytes) + -; + 384 -; + sum(len(name) for name in imported_names) + 2 * len(imported_names) - 1 -; + 8 * len(imported_names) + 6 -; + sum(len(name) for name in library_names) + len(library_names) -; + 20 * len(library_names) -; -; Assumptions: -; -; * len(imported_names) >= 1: ['ExitProcess'] -; * len(library_names) >= 1: ['kernel32'] -; -bits 32 -imagebase equ 0x400000 ; Default base since Windows 95. -textbase equ imagebase + 0x3000 -file_alignment equ 0x200 -bits 32 -org 0 ; Can be anything, this file doesn't depend on it. - -_filestart: -;_text: - -IMAGE_DOS_HEADER: ; Truncated, breaks file(1) etc. -db 'MZ' -times 10 db 'x' - -IMAGE_NT_HEADERS: -Signature: dw 'PE', 0 - -IMAGE_FILE_HEADER: -Machine: dw 0x14c ; IMAGE_FILE_MACHINE_I386 -NumberOfSections: dw (_headers_end - _sechead) / 40 ; Windows XP needs >= 3. -TimeDateStamp: dd 0x00000000 -PointerToSymbolTable: dd 0x00000000 -NumberOfSymbols: dd 0x00000000 -SizeOfOptionalHeader: dw _datadir_end - _opthd ; Windows XP needs >= 0x78. -Characteristics: dw 0x030f -_opthd: -IMAGE_OPTIONAL_HEADER32: -Magic: dw 0x10b ; IMAGE_NT_OPTIONAL_HDR32_MAGIC -MajorLinkerVersion: db 0 -MinorLinkerVersion: db 0 -SizeOfCode: dd 0x00000000 -SizeOfInitializedData: dd 0x00000000 -SizeOfUninitializedData: dd 0x00000000 -AddressOfEntryPoint: dd (textbase - imagebase) + (_entry - _text) -BaseOfCode: dd 0x00000000 -BaseOfData: dd (IMAGE_NT_HEADERS - _filestart) ; Overlaps with: IMAGE_DOS_HEADER.e_lfanew. -ImageBase: dd imagebase -SectionAlignment: dd 0x1000 ; Minimum value for Windows XP. -%if file_alignment == 0 || file_alignment & (file_alignment - 1) -%fatal Invalid file_alignment, must be a power of 2. -%endif -%if file_alignment < 0x200 -%fatal Windows XP needs file_alignment >= 0x200 -%endif -FileAlignment: dd file_alignment ; Minimum value for Windows XP. -MajorOperatingSystemVersion: dw 4 -MinorOperatingSystemVersion: dw 0 -MajorImageVersion: dw 1 -MinorImageVersion: dw 0 -MajorSubsystemVersion: dw 4 -MinorSubsystemVersion: dw 0 -Win32VersionValue: dd 0 -SizeOfImage: dd (textbase - imagebase) + (_eof + bss_size - _text) ; Wine rounds it up to a multiple of 0x1000, and loads and maps that much. -SizeOfHeaders: dd _headers_end - _filestart ; Windows XP needs > 0. -CheckSum: dd 0 -Subsystem: dw 3 ; IMAGE_SUBSYSTEM_WINDOWS_CUI; gcc -mconsole -DllCharacteristics: dw 0 -SizeOfStackReserve: dd 0x00100000 -SizeOfStackCommit: dd 0x00001000 -SizeOfHeapReserve: dd 0 -SizeOfHeapCommit: dd 0 -LoaderFlags: dd 0 -; If we hardcode 2 here, on Windows XP we can put arbitrary bytes to -; IMAGE_DIRECTORY_ENTRY_RESOURCE.VirtualAddress and .Size. If we put -; 3 here (autogenerated), then the values must be 0. -;NumberOfRvaAndSizes: dd (_datadir_end - _datadir) / 8 ; Number of IMAGE_DATA_DIRECTORY entries below. -NumberOfRvaAndSizes: dd 2 - -_datadir: -DataDirectory: -IMAGE_DIRECTORY_ENTRY_EXPORT: -.VirtualAddress: dd 0x00000000 -.Size: dd 0x00000000 -IMAGE_DIRECTORY_ENTRY_IMPORT: -.VirtualAddress: dd (textbase - imagebase) + (_idescs - _text) -.Size: dd _idata_data_end - _idata -IMAGE_DIRECTORY_ENTRY_RESOURCE: -.VirtualAddress_AndSize: db 'tiny.exe' -%if 0 -; Changing all 0x78787878 to 0 below may fix startup errors. -IMAGE_DIRECTORY_ENTRY_EXCEPTION: -.VirtualAddress: dd 0x78787878 -.Size: dd 0x78787878 -IMAGE_DIRECTORY_ENTRY_SECURITY: -.VirtualAddress: dd 0x78787878 -.Size: dd 0x78787878 -IMAGE_DIRECTORY_ENTRY_BASERELOC: -.VirtualAddress: dd 0x78787878 -.Size: dd 0x78787878 -IMAGE_DIRECTORY_ENTRY_DEBUG: -.VirtualAddress: dd 0x78787878 -.Size: dd 0x00000000 -IMAGE_DIRECTORY_ENTRY_ARCHITECTURE: -.VirtualAddress: dd 0x00000000 -.Size: dd 0x00000000 -IMAGE_DIRECTORY_ENTRY_GLOBALPTR: -.VirtualAddress: dd 0x00000000 -.Size: dd 0x78787878 -IMAGE_DIRECTORY_ENTRY_TLS: -.VirtualAddress: dd 0x78787878 -.Size: dd 0x78787878 -IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG: -.VirtualAddress: dd 0x78787878 -.Size: dd 0x78787878 -IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT: -.VirtualAddress: dd 0x78787878 -.Size: dd 0x78787878 -IMAGE_DIRECTORY_ENTRY_IAT: -.VirtualAddress: dd 0x78787878 -.Size: dd 0x78787878 -IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT: -.VirtualAddress: dd 0x78787878 -.Size: dd 0x78787878 - Missing: -IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR: -.VirtualAddress: dd 0x78787878 -.Size: dd 0x78787878 -IMAGE_DIRECTORY_ENTRY_RESERVED: -.VirtualAddress: dd 0x78787878 -.Size: dd 0x78787878 -%endif -_datadir_end: - -_sechead: - -IMAGE_SECTION_HEADER__0: -.Name: db '.dummy1', 0 -.VirtualSize: dd 0x000000001 ; Must be positive for Windows XP. -.VirtualAddress: dd 0x1000 ; Must be positive and divisible by 0x1000 for Windows XP. -.SizeOfRawData: dd 0x00000000 -.PointerToRawData: dd 0x00000000 -.PointerToRelocations: dd 0 -.PointerToLineNumbers: dd 0 -.NumberOfRelocations: dw 0 -.NumberOfLineNumbers: dw 0 -.Characteristics: dd 0xc0300040 - -IMAGE_SECTION_HEADER__1: -.Name: db '.dummy2', 0 -.VirtualSize: dd 0x00000001 ; Must be positive for Windows XP. -.VirtualAddress: dd 0x2000 ; Must be positive, divisible by 0x1000, and larger then the prev .VirtualAddress for Windows XP. -.SizeOfRawData: dd 0x00000000 -.PointerToRawData: dd 0x00000000 -.PointerToRelocations: dd 0 -.PointerToLineNumbers: dd 0 -.NumberOfRelocations: dw 0 -.NumberOfLineNumbers: dw 0 -.Characteristics: dd 0xc0300040 - -IMAGE_SECTION_HEADER__2: -.Name: db '.text', 0, 0, 0 -.VirtualSize: dd (_eof - _text) + bss_size -%if (textbase - imagebase) & 0xfff -%fatal _text doesn't start at page boundary, needed by Windows XP. -%endif -%if (textbase - imagebase) <= 0x2000 -%fatal _text doesn't start later than the previous sections, needed by Windows XP. -%endif -.VirtualAddress: dd textbase - imagebase -.SizeOfRawData: dd _eof - _text -.PointerToRawData: dd _text - _filestart -.PointerToRelocations: dd 0 -.PointerToLineNumbers: dd 0 -.NumberOfRelocations: dw 0 -.NumberOfLineNumbers: dw 0 -.Characteristics: dd 0xe0300020 - -_headers_end: -; We can check it only this late, when _headers_end is defined. -%if (_headers_end - _sechead) % 40 != 0 -%fatal Multiples of IMAGE_SECTION_HEADER needed. -%endif -%if (_headers_end - _sechead) / 40 < 3 -%fatal Windows XP needs at least 3 sections. -%endif - -times 0x200 - ($-$$) db 'x' - -;times 0x100 db 'y' ; Doesn't work, _text is not aligned properly. -;times 0x200 db 'y' ; Works, making the .exe larger. - -_text: - -_entry: -; Arguments pushed in reverse order, popped by the callee. -; WINBASEAPI HANDLE WINAPI GetStdHandle (DWORD nStdHandle); -; HANDLE hfile = GetStdHandle(STD_OUTPUT_HANDLE); -push byte -11 ; STD_OUTPUT_HANDLE -call [textbase + (__imp__GetStdHandle@4 - _text)] -; Arguments pushed in reverse order, popped by the callee. -; WINBASEAPI WINBOOL WINAPI WriteFile (HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped); -; DWORD bw; -push eax ; Value does't matter. -mov ecx, esp -push byte 0 ; lpOverlapped -push ecx ; lpNumberOfBytesWritten = &dw -push byte (_msg_end - _msg) ; nNumberOfBytesToWrite -push textbase + (_msg - _text) ; lpBuffer -push eax ; hFile = hfile -call [textbase + (__imp__WriteFile@20 - _text)] -;pop eax ; This would pop dw. Needed for cleanup. -; Arguments pushed in reverse order, popped by the callee. -; WINBASEAPI DECLSPEC_NORETURN VOID WINAPI ExitProcess(UINT uExitCode); -push byte 0 ; uExitCode -call [textbase + (__imp__ExitProcess@4 - _text)] - -_data: -_msg: -db 'Hello, World!', 13, 10 -_msg_end: - -; This can be before of after _entry, it doesn't matter. -_idata: ; Relocations, IMAGE_DIRECTORY_ENTRY_IMPORT data. -_hintnames: -dd (textbase - imagebase) + (IMAGE_IMPORT_BY_NAME_ExitProcess - _text) -dd (textbase - imagebase) + (IMAGE_IMPORT_BY_NAME_GetStdHandle - _text) -dd (textbase - imagebase) + (IMAGE_IMPORT_BY_NAME_WriteFile - _text) -dd 0 ; Marks end-of-list. -_iat: ; Modified by the PE loader before jumping to _entry. -__imp__ExitProcess@4: dd (textbase - imagebase) + (IMAGE_IMPORT_BY_NAME_ExitProcess - _text) -__imp__GetStdHandle@4: dd (textbase - imagebase) + (IMAGE_IMPORT_BY_NAME_GetStdHandle - _text) -__imp__WriteFile@20: dd (textbase - imagebase) + (IMAGE_IMPORT_BY_NAME_WriteFile - _text) -dd 0 ; Marks end-of-list. -IMAGE_IMPORT_BY_NAME_ExitProcess: -.Hint: dw 0 -.Name: db 'ExitProcess' ; Terminated by the subsequent .Hint. -IMAGE_IMPORT_BY_NAME_GetStdHandle: -.Hint: dw 0 -.Name: db 'GetStdHandle' ; Terminated by the subsequent .Hint. -IMAGE_IMPORT_BY_NAME_WriteFile: -.Hint: dw 0 -.Name: db 'WriteFile' ; Terminated below. -db 0 ; Terminates last .Name. - -_KERNEL32_str: db 'kernel32', 0 ; 'KERNEL32' and 'KERNEL32.dll' also work. -_idescs: -IMAGE_IMPORT_DESCRIPTOR__0: -.OriginalFirstThunk: dd (textbase - imagebase) + (_hintnames - _text) -.TimeDateStamp: dd 0 -.ForwarderChain: dd 0 -.Name: dd (textbase - imagebase) + (_KERNEL32_str - _text) -.FirstThunk: dd (textbase - imagebase) + (_iat - _text) - -_idata_data_end: -_eof: -;bss_size equ 0 -;IMAGE_IMPORT_DESCRIPTOR__1: ; Empty, marks end-of-list. -;.OriginalFirstThunk: dd 0 -;.TimeDateStamp: dd 0 -;.ForwarderChain: dd 0 -;.Name: dd 0 -;.FirstThunk: dd 0 -;_idata_end: -bss_size equ 20 ; _idata_end - _eof - -%if (_text - _filestart) & (file_alignment - 1) -%fatal _text is not aligned to file_alignment, needed by Windows XP. -%endif - diff --git a/test/src/indirect_calls_x64.asm b/test/src/indirect_calls_x64.asm deleted file mode 100644 index 4a6915e3..00000000 --- a/test/src/indirect_calls_x64.asm +++ /dev/null @@ -1,136 +0,0 @@ -; The point here is to test the ability to pass runtime information to analysis. -; -; The same `call ebx` is executed 4 times, see label ".dispatch". -; The first two times are with functions identified by analysis. -; The second two times evade analysis and require runtime information. -; Binja should make functions in the second two cases and add comments of runtime -; annotation option is enabled. - -default rel - -%ifdef OS_IS_LINUX - global _start - section .text - _start: -%endif - -%ifdef OS_IS_MACOS - global start, junk, mapper - section .text - start: -%endif - -%ifdef OS_IS_WINDOWS - global WinMain - extern ExitProcess, GetStdHandle, WriteConsoleA - section .text - WinMain: -%endif - - mov rcx, 4 ; <------- LOOP VAR - -.next: - push rcx - -.test4: - cmp rcx, 4 - jne .test3 - lea rbx, [sub_00] - jmp .dispatch - -.test3: - cmp rcx, 3 - jne .test2 - lea rbx, [sub_01] - jmp .dispatch - -.test2: - cmp rcx, 2 - jne .test1 - lea rbx, [junk] - mov rdi, 0x60 ; -> 0x30 - call mapper - add rbx, rax - jmp .dispatch - -.test1: - cmp rcx, 1 - lea rbx, [junk] - mov rdi, 0xC6 ; -> 0x63 - call mapper - add rbx, rax - -.dispatch: - call rbx ; <-------- HERE - -.check: - pop rcx - loop .next - -; exit - -%ifdef OS_IS_LINUX - mov rdi, 0 ; arg0: status - mov rax, 60 ; __NR_exit - syscall -%endif - -%ifdef OS_IS_MACOS - mov rax, 0x2000001 ; exit - mov rdi, 0 - syscall -%endif - -%ifdef OS_IS_WINDOWS - mov rcx, 0 - call ExitProcess -%endif - - ret - -sub_00: - ret - -sub_01: - nop - ret - -junk: -; junk -db 0xEF, 0x3D, 0x53, 0x7C, 0xFB, 0x80, 0x3B, 0x28 -db 0x15, 0xD1, 0xA2, 0xCD, 0x5E, 0x7E, 0xBC, 0xE1 -db 0xC6, 0x1B, 0x63, 0x05, 0xB7, 0xD3, 0xBA, 0x3B -db 0x39, 0xCA, 0x46, 0xA1, 0x32, 0xD9, 0x8A, 0xB5 -db 0x8F, 0xD6, 0xFA, 0xAE, 0x08, 0x2D, 0xD5, 0x6F -db 0x1E, 0xD6, 0xB8, 0x72, 0xA9, 0x8D, 0x86, 0xE8 - -; junk + 0x30 -; hidden function ; sub_02() -db 0x90 ; nop -db 0x90 ; nop -db 0xC3 ; ret - -; junk + 0x33 -db 0xB4, 0xDE, 0xF0, 0x6B, 0x54, 0x40, 0x08, 0x46 -db 0xF6, 0xAC, 0xDD, 0x82, 0x8C, 0x74, 0x2C, 0x7F -db 0xBD, 0x0B, 0xC1, 0xBA, 0x12, 0x1F, 0xD0, 0x7C -db 0x44, 0xFF, 0x43, 0x5F, 0xC6, 0x85, 0xF3, 0x23 -db 0x6B, 0x65, 0x41, 0x2C, 0xB4, 0x4A, 0x5E, 0x24 -db 0x35, 0xBA, 0x57, 0x76, 0x18, 0xAB, 0xE0, 0x51 - -; junk + 0x63 -; hidden function ; sub_03() -db 0x90 ; nop -db 0x90 ; nop -db 0x90 ; nop -db 0xC3 ; ret - -db 0xB9, 0x57, 0x18, 0x13, 0x61, 0xB0, 0x86, 0xBF -db 0x1F, 0x6B, 0xB7, 0x72, 0x07, 0x35, 0xB1, 0x02 -db 0x7E, 0x6A, 0x2E, 0x1B, 0x7A, 0x0B, 0xEB, 0xDA -db 0x05, 0xCF, 0xC9, 0xBD, 0x9E, 0xB6, 0x07, 0xBF - -mapper: - mov rax, rdi ; arg0: number to map - shr rax, 1 - ret diff --git a/test/src/load_shared_lib.c b/test/src/load_shared_lib.c new file mode 100644 index 00000000..85c98f46 --- /dev/null +++ b/test/src/load_shared_lib.c @@ -0,0 +1,19 @@ +// A small executable that links against shared_lib and calls into it, so the dynamic loader maps +// the shared library at startup. The debugger tests analyze shared_lib but set the executable path +// to this program. See https://github.com/Vector35/debugger/issues/540. +#include + +#ifdef _WIN32 +#define SHARED_LIB_IMPORT __declspec(dllimport) +#else +#define SHARED_LIB_IMPORT +#endif + +SHARED_LIB_IMPORT int shared_lib_add(int a, int b); + +int main() +{ + int result = shared_lib_add(40, 2); + printf("result = %d\n", result); + return 0; +} diff --git a/test/src/many_stdlib_calls.c b/test/src/many_stdlib_calls.c deleted file mode 100644 index a90c0a78..00000000 --- a/test/src/many_stdlib_calls.c +++ /dev/null @@ -1,39 +0,0 @@ -#include - -int main(int ac, char **av) { - for (int i = 0; i < 10; i ++) { - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - printf("\n"); - } - return 0; -} diff --git a/test/src/md5/Makefile-linux b/test/src/md5/Makefile-linux deleted file mode 100644 index 2fa1757c..00000000 --- a/test/src/md5/Makefile-linux +++ /dev/null @@ -1,4 +0,0 @@ -all: md5_x64-linux - -md5_x64-linux: md5driver.c md5c.c global.h md5.h - gcc -g -DMD=5 md5driver.c md5c.c -o md5_x64-linux diff --git a/test/src/md5/Makefile-macos b/test/src/md5/Makefile-macos deleted file mode 100644 index ba6d820d..00000000 --- a/test/src/md5/Makefile-macos +++ /dev/null @@ -1,4 +0,0 @@ -all: md5_x64-macos - -md5_x64-macos: md5driver.c md5c.c global.h md5.h - gcc -DMD=5 md5driver.c md5c.c -o md5_x64-macos diff --git a/test/src/md5/global.h b/test/src/md5/global.h deleted file mode 100644 index cfc36ced..00000000 --- a/test/src/md5/global.h +++ /dev/null @@ -1,28 +0,0 @@ -/* GLOBAL.H - RSAREF types and constants - */ - -#ifndef PROTOTYPES -#define PROTOTYPES 0 -#endif - -#include - -/* POINTER defines a generic pointer type */ -typedef uint8_t *POINTER; - -/* UINT2 defines a two byte word */ -typedef uint16_t UINT2; - -/* UINT4 defines a four byte word */ -typedef uint32_t UINT4; - -/* PROTO_LIST is defined depending on how PROTOTYPES is defined above. -If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it - returns an empty list. - */ -#if PROTOTYPES -#define PROTO_LIST(list) list -#else -#define PROTO_LIST(list) () -#endif - diff --git a/test/src/md5/md5.h b/test/src/md5/md5.h deleted file mode 100644 index ac32d2ff..00000000 --- a/test/src/md5/md5.h +++ /dev/null @@ -1,37 +0,0 @@ -/* MD5.H - header file for MD5C.C -*/ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All -rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. -*/ - -/* MD5 context. */ -typedef struct { - UINT4 state[4]; /* state (ABCD) */ - UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ - unsigned char buffer[64]; /* input buffer */ -} MD5_CTX; - -void MD5Init PROTO_LIST ((MD5_CTX *)); -void MD5Update PROTO_LIST - ((MD5_CTX *, unsigned char *, unsigned int)); -void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); - diff --git a/test/src/md5/md5c.c b/test/src/md5/md5c.c deleted file mode 100644 index 8b2e3f93..00000000 --- a/test/src/md5/md5c.c +++ /dev/null @@ -1,335 +0,0 @@ -/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm -*/ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All -rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. -*/ - -#include "global.h" -#include "md5.h" - -/* Constants for MD5Transform routine. -*/ - -#define S11 7 -#define S12 12 -#define S13 17 -#define S14 22 -#define S21 5 -#define S22 9 -#define S23 14 -#define S24 20 -#define S31 4 -#define S32 11 -#define S33 16 -#define S34 23 -#define S41 6 -#define S42 10 -#define S43 15 -#define S44 21 - -static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64])); -static void Encode PROTO_LIST - ((unsigned char *, UINT4 *, unsigned int)); -static void Decode PROTO_LIST - ((UINT4 *, unsigned char *, unsigned int)); -static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); -static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int)); - -static unsigned char PADDING[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* F, G, H and I are basic MD5 functions. -*/ -#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define I(x, y, z) ((y) ^ ((x) | (~z))) - -/* ROTATE_LEFT rotates x left n bits. -*/ -#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) - -/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. -Rotation is separate from addition to prevent recomputation. -*/ -#define FF(a, b, c, d, x, s, ac) { \ - (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define GG(a, b, c, d, x, s, ac) { \ - (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define HH(a, b, c, d, x, s, ac) { \ - (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define II(a, b, c, d, x, s, ac) { \ - (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } - -/* MD5 initialization. Begins an MD5 operation, writing a new context. -*/ -void MD5Init (context) -MD5_CTX *context; /* context */ -{ - context->count[0] = context->count[1] = 0; - /* Load magic initialization constants. -*/ - context->state[0] = 0x67452301; - context->state[1] = 0xefcdab89; - context->state[2] = 0x98badcfe; - context->state[3] = 0x10325476; -} - -/* MD5 block update operation. Continues an MD5 message-digest - operation, processing another message block, and updating the - context. -*/ -void MD5Update (context, input, inputLen) -MD5_CTX *context; /* context */ -unsigned char *input; /* input block */ -unsigned int inputLen; /* length of input block */ -{ - unsigned int i, index, partLen; - - /* Compute number of bytes mod 64 */ - index = (unsigned int)((context->count[0] >> 3) & 0x3F); - - /* Update number of bits */ - if ((context->count[0] += ((UINT4)inputLen << 3)) - < ((UINT4)inputLen << 3)) - context->count[1]++; - context->count[1] += ((UINT4)inputLen >> 29); - - partLen = 64 - index; - - /* Transform as many times as possible. -*/ - if (inputLen >= partLen) { - MD5_memcpy - ((POINTER)&context->buffer[index], (POINTER)input, partLen); - MD5Transform (context->state, context->buffer); - - for (i = partLen; i + 63 < inputLen; i += 64) - MD5Transform (context->state, &input[i]); - - index = 0; - } - else - i = 0; - - /* Buffer remaining input */ - MD5_memcpy - ((POINTER)&context->buffer[index], (POINTER)&input[i], - inputLen-i); -} - -/* MD5 finalization. Ends an MD5 message-digest operation, writing the - the message digest and zeroizing the context. -*/ -void MD5Final (digest, context) -unsigned char digest[16]; /* message digest */ -MD5_CTX *context; /* context */ -{ - unsigned char bits[8]; - unsigned int index, padLen; - - /* Save number of bits */ - Encode (bits, context->count, 8); - - /* Pad out to 56 mod 64. -*/ - index = (unsigned int)((context->count[0] >> 3) & 0x3f); - padLen = (index < 56) ? (56 - index) : (120 - index); - MD5Update (context, PADDING, padLen); - - /* Append length (before padding) */ - MD5Update (context, bits, 8); - /* Store state in digest */ - Encode (digest, context->state, 16); - - /* Zeroize sensitive information. -*/ - MD5_memset ((POINTER)context, 0, sizeof (*context)); -} - -/* MD5 basic transformation. Transforms state based on block. -*/ -static void MD5Transform (state, block) -UINT4 state[4]; -unsigned char block[64]; -{ - UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; - - Decode (x, block, 64); - - /* Round 1 */ - FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ - FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ - FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ - FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ - FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ - FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ - FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ - FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ - FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ - FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ - FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ - FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ - FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ - FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ - FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ - FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ - - /* Round 2 */ - GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ - GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ - GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ - GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ - GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ - GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ - GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ - GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ - GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ - GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ - GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ - GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ - GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ - GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ - GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ - GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ - - /* Round 3 */ - HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ - HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ - HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ - HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ - HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ - HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ - HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ - HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ - HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ - HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ - HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ - HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ - HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ - HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ - HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ - HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ - - /* Round 4 */ - II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ - II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ - II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ - II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ - II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ - II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ - II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ - II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ - II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ - II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ - II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ - II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ - II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ - II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ - II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ - II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ - - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - - /* Zeroize sensitive information. -*/ - MD5_memset ((POINTER)x, 0, sizeof (x)); -} - -/* Encodes input (UINT4) into output (unsigned char). Assumes len is - a multiple of 4. -*/ -static void Encode (output, input, len) -unsigned char *output; -UINT4 *input; -unsigned int len; -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = (unsigned char)(input[i] & 0xff); - output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); - output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); - output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); - } -} - -/* Decodes input (unsigned char) into output (UINT4). Assumes len is - a multiple of 4. -*/ -static void Decode (output, input, len) -UINT4 *output; -unsigned char *input; -unsigned int len; -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) - output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | - (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); -} - -/* Note: Replace "for loop" with standard memcpy if possible. -*/ - -static void MD5_memcpy (output, input, len) -POINTER output; -POINTER input; -unsigned int len; -{ - unsigned int i; - - for (i = 0; i < len; i++) - output[i] = input[i]; -} - -/* Note: Replace "for loop" with standard memset if possible. -*/ -static void MD5_memset (output, value, len) -POINTER output; -int value; -unsigned int len; -{ - unsigned int i; - - for (i = 0; i < len; i++) - ((char *)output)[i] = (char)value; -} - diff --git a/test/src/md5/md5driver.c b/test/src/md5/md5driver.c deleted file mode 100644 index d506c8a4..00000000 --- a/test/src/md5/md5driver.c +++ /dev/null @@ -1,226 +0,0 @@ -/* MDDRIVER.C - test driver for MD2, MD4 and MD5 -*/ - -/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All -rights reserved. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. -*/ - -/* The following makes MD default to MD5 if it has not already been - defined with C compiler flags. -*/ -#ifndef MD -#define MD MD5 -#endif - -#include -#include -#include -#include "global.h" - -#if MD == 2 -#include "md2.h" -#endif -#if MD == 4 -#include "md4.h" -#endif -#if MD == 5 -#include "md5.h" -#endif - -/* Length of test block, number of test blocks. -*/ -#define TEST_BLOCK_LEN 1000 -#define TEST_BLOCK_COUNT 1000 - -static void MDString PROTO_LIST ((char *)); -static void MDTimeTrial PROTO_LIST ((void)); -static void MDTestSuite PROTO_LIST ((void)); -static void MDFile PROTO_LIST ((char *)); -static void MDFilter PROTO_LIST ((void)); -static void MDPrint PROTO_LIST ((unsigned char [16])); - -#if MD == 2 -#define MD_CTX MD2_CTX -#define MDInit MD2Init -#define MDUpdate MD2Update -#define MDFinal MD2Final -#endif -#if MD == 4 -#define MD_CTX MD4_CTX -#define MDInit MD4Init -#define MDUpdate MD4Update -#define MDFinal MD4Final -#endif -#if MD == 5 -#define MD_CTX MD5_CTX -#define MDInit MD5Init -#define MDUpdate MD5Update -#define MDFinal MD5Final -#endif - -/* Main driver. - -Arguments (may be any combination): - -sstring - digests string - -t - runs time trial - -x - runs test script - filename - digests file - (none) - digests standard input -*/ -int main (argc, argv) -int argc; -char *argv[]; -{ - int i; - - if (argc > 1) - for (i = 1; i < argc; i++) - if (argv[i][0] == '-' && argv[i][1] == 's') - MDString (argv[i] + 2); - else if (strcmp (argv[i], "-t") == 0) - MDTimeTrial (); - else if (strcmp (argv[i], "-x") == 0) - MDTestSuite (); - else - MDFile (argv[i]); - else - MDFilter (); - - return (0); -} - -/* Digests a string and prints the result. -*/ -static void MDString (string) -char *string; -{ - MD_CTX context; - unsigned char digest[16]; - unsigned int len = strlen (string); - - MDInit (&context); - MDUpdate (&context, string, len); - MDFinal (digest, &context); - - printf ("MD%d (\"%s\") = ", MD, string); - MDPrint (digest); - printf ("\n"); -} - -/* Measures the time to digest TEST_BLOCK_COUNT TEST_BLOCK_LEN-byte - blocks. -*/ -static void MDTimeTrial () -{ - MD_CTX context; - time_t endTime, startTime; - unsigned char block[TEST_BLOCK_LEN], digest[16]; - unsigned int i; - printf - ("MD%d time trial. Digesting %d %d-byte blocks ...", MD, - TEST_BLOCK_LEN, TEST_BLOCK_COUNT); - - /* Initialize block */ - for (i = 0; i < TEST_BLOCK_LEN; i++) - block[i] = (unsigned char)(i & 0xff); - - /* Start timer */ - time (&startTime); - - /* Digest blocks */ - MDInit (&context); - for (i = 0; i < TEST_BLOCK_COUNT; i++) - MDUpdate (&context, block, TEST_BLOCK_LEN); - MDFinal (digest, &context); - - /* Stop timer */ - time (&endTime); - - printf (" done\n"); - printf ("Digest = "); - MDPrint (digest); - printf ("\nTime = %ld seconds\n", (long)(endTime-startTime)); - printf - ("Speed = %ld bytes/second\n", - (long)TEST_BLOCK_LEN * (long)TEST_BLOCK_COUNT/(endTime-startTime)); -} - -/* Digests a reference suite of strings and prints the results. -*/ -static void MDTestSuite () -{ - printf ("MD%d test suite:\n", MD); - - MDString (""); - MDString ("a"); - MDString ("abc"); - MDString ("message digest"); - MDString ("abcdefghijklmnopqrstuvwxyz"); - MDString - ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"); - MDString - ("1234567890123456789012345678901234567890\ -1234567890123456789012345678901234567890"); -} - -/* Digests a file and prints the result. */ -static void MDFile (filename) -char *filename; -{ - FILE *file; - MD_CTX context; - int len; - unsigned char buffer[1024], digest[16]; - - if ((file = fopen (filename, "rb")) == NULL) - printf ("%s can't be opened\n", filename); - - else { - MDInit (&context); - while ((len = fread (buffer, 1, 1024, file))) - MDUpdate (&context, buffer, len); - MDFinal (digest, &context); - - fclose (file); - - printf ("MD%d (%s) = ", MD, filename); - MDPrint (digest); - printf ("\n"); - } -} - -/* Digests the standard input and prints the result. -*/ -static void MDFilter () -{ - MD_CTX context; - int len; - unsigned char buffer[16], digest[16]; - - MDInit (&context); - while ((len = fread (buffer, 1, 16, stdin))) - MDUpdate (&context, buffer, len); - MDFinal (digest, &context); - - MDPrint (digest); - printf ("\n"); -} - -/* Prints a message digest in hexadecimal. -*/ -static void MDPrint (digest) -unsigned char digest[16]; -{ - unsigned int i; - for (i = 0; i < 16; i++) - printf ("%02x", digest[i]); -} - diff --git a/test/src/missing_switch_case_x64-macos.lst b/test/src/missing_switch_case_x64-macos.lst deleted file mode 100644 index 40dc1019..00000000 --- a/test/src/missing_switch_case_x64-macos.lst +++ /dev/null @@ -1,138 +0,0 @@ - 1 ; Demonstrate runtime information informing analysis. - 2 ; - 3 ; The switch statement has 4 legitimate cases and 4 secret cases. - 4 ; Analysis will statically find the 4 legitimate. - 5 ; Analysis will learn the other 4 while stepping through the table dispatch at runtime. - 6 - 7 default rel - 8 - 9 %ifdef OS_IS_LINUX - 10 global _start - 11 section .text - 12 _start: - 13 %endif - 14 - 15 %ifdef OS_IS_MACOS - 16 global start - 17 section .text - 18 start: - 19 %endif - 20 - 21 %ifdef OS_IS_WINDOWS - 22 global WinMain - 23 extern ExitProcess, GetStdHandle, WriteConsoleA - 24 section .text - 25 WinMain: - 26 %endif - 27 - 28 start: - 29 ; get pointer past switch constraint (which binja static analyzed) - 30 00000000 488D1D5E000000 lea rbx, [function_with_switch] - 31 00000007 BF0E000000 mov edi, 14 - 32 0000000C E8C4000000 call mapper ; returns 7 - 33 00000011 4801C3 add rbx, rax ; skip over switch constraint - 34 - 35 ; call secret cases - 36 00000014 B904000000 mov rcx, 4 - 37 00000019 FFD3 call rbx - 38 0000001B B905000000 mov rcx, 5 - 39 00000020 FFD3 call rbx - 40 00000022 B906000000 mov rcx, 6 - 41 00000027 FFD3 call rbx - 42 00000029 B907000000 mov rcx, 7 - 43 0000002E FFD3 call rbx - 44 - 45 ; call legit cases - 46 00000030 BF00000000 mov rdi, 0 - 47 00000035 E82B000000 call function_with_switch - 48 0000003A BF01000000 mov rdi, 1 - 49 0000003F E821000000 call function_with_switch - 50 00000044 BF02000000 mov rdi, 2 - 51 00000049 E817000000 call function_with_switch - 52 0000004E BF03000000 mov rdi, 3 - 53 00000053 E80D000000 call function_with_switch - 54 - 55 %ifdef OS_IS_LINUX - 56 mov rdi, 0 ; arg0: status - 57 mov rax, 60 ; __NR_exit - 58 syscall - 59 %endif - 60 - 61 %ifdef OS_IS_MACOS - 62 00000058 B801000002 mov rax, 0x2000001 ; exit - 63 0000005D BF00000000 mov rdi, 0 - 64 00000062 0F05 syscall - 65 %endif - 66 - 67 %ifdef OS_IS_WINDOWS - 68 mov rcx, 0 - 69 call ExitProcess - 70 %endif - 71 - 72 ; exit (so Binja knows end-of-function) - 73 00000064 C3 ret - 74 - 75 function_with_switch: - 76 ; 00000000: 0x48, 0x89, 0xf9 - 77 00000065 4889F9 mov rcx, rdi ; arg0: 0,1,2,3 - 78 ; 00000003: 0x48, 0x83, 0xe1, 0x03 - 79 00000068 4883E103 and rcx, 0x3 - 80 ; 00000007: <--- jumping here bypasses the constraint - 81 - 82 0000006C 488D0542000000 lea rax, [.jump_table] - 83 00000073 48631488 movsx rdx, dword[rax+rcx*4] - 84 00000077 4801C2 add rdx, rax - 85 0000007A FFE2 jmp rdx - 86 - 87 .case0: - 88 0000007C B800000000 mov rax, 0 - 89 00000081 EB31 jmp .switch_end - 90 - 91 .case1: - 92 00000083 B801000000 mov rax, 1 - 93 00000088 EB2A jmp .switch_end - 94 - 95 .case2: - 96 0000008A B802000000 mov rax, 2 - 97 0000008F EB23 jmp .switch_end - 98 - 99 .case3: - 100 00000091 B803000000 mov rax, 3 - 101 00000096 EB1C jmp .switch_end - 102 - 103 .case4: - 104 00000098 B804000000 mov rax, 4 - 105 0000009D EB15 jmp .switch_end - 106 - 107 .case5: - 108 0000009F B805000000 mov rax, 5 - 109 000000A4 EB0E jmp .switch_end - 110 - 111 .case6: - 112 000000A6 B806000000 mov rax, 6 - 113 000000AB EB07 jmp .switch_end - 114 - 115 .case7: - 116 000000AD B807000000 mov rax, 7 - 117 000000B2 EB00 jmp .switch_end - 118 - 119 .switch_end: - 120 000000B4 C3 ret - 121 - 122 .jump_table: - 123 000000B5 C7FFFFFF dd function_with_switch.case0 - .jump_table - 124 000000B9 CEFFFFFF dd function_with_switch.case1 - .jump_table - 125 000000BD D5FFFFFF dd function_with_switch.case2 - .jump_table - 126 000000C1 DCFFFFFF dd function_with_switch.case3 - .jump_table - 127 ; these entries should be invisible/illegal to binja because of the "and 3" constraint - 128 000000C5 E3FFFFFF dd function_with_switch.case4 - .jump_table - 129 000000C9 EAFFFFFF dd function_with_switch.case5 - .jump_table - 130 000000CD F1FFFFFF dd function_with_switch.case6 - .jump_table - 131 000000D1 F8FFFFFF dd function_with_switch.case7 - .jump_table - 132 - 133 ; evade data flow: return given number integer divided by 2 - 134 mapper: - 135 000000D5 4889F8 mov rax, rdi - 136 000000D8 48D1E8 shr rax, 1 - 137 000000DB C3 ret - 138 diff --git a/test/src/missing_switch_case_x64.asm b/test/src/missing_switch_case_x64.asm deleted file mode 100644 index 1a1a12e6..00000000 --- a/test/src/missing_switch_case_x64.asm +++ /dev/null @@ -1,138 +0,0 @@ -; Demonstrate runtime information informing analysis. -; -; The switch statement has 4 legitimate cases and 4 secret cases. -; Analysis will statically find the 4 legitimate. -; Analysis will learn the other 4 while stepping through the table dispatch at runtime. - -default rel - -%ifdef OS_IS_LINUX - global _start - section .text - _start: -%endif - -%ifdef OS_IS_MACOS - global start - section .text - start: -%endif - -%ifdef OS_IS_WINDOWS - global WinMain - extern ExitProcess, GetStdHandle, WriteConsoleA - section .text - WinMain: -%endif - -start: - ; get pointer past switch constraint (which binja static analyzed) - lea rbx, [function_with_switch] - mov edi, 14 - call mapper ; returns 7 - add rbx, rax ; skip over switch constraint - - ; call secret cases - mov rcx, 4 - call rbx - mov rcx, 5 - call rbx - mov rcx, 6 - call rbx - mov rcx, 7 - call rbx - - ; call legit cases - mov rdi, 0 - call function_with_switch - mov rdi, 1 - call function_with_switch - mov rdi, 2 - call function_with_switch - mov rdi, 3 - call function_with_switch - -%ifdef OS_IS_LINUX - mov rdi, 0 ; arg0: status - mov rax, 60 ; __NR_exit - syscall -%endif - -%ifdef OS_IS_MACOS - mov rax, 0x2000001 ; exit - mov rdi, 0 - syscall -%endif - -%ifdef OS_IS_WINDOWS - mov rcx, 0 - call ExitProcess -%endif - -; exit (so Binja knows end-of-function) - ret - -function_with_switch: - ; 00000000: 0x48, 0x89, 0xf9 - mov rcx, rdi ; arg0: 0,1,2,3 - ; 00000003: 0x48, 0x83, 0xe1, 0x03 - and rcx, 0x3 - ; 00000007: <--- jumping here bypasses the constraint - - lea rax, [.jump_table] - movsx rdx, dword[rax+rcx*4] - add rdx, rax - jmp rdx - -.case0: - mov rax, 0 - jmp .switch_end - -.case1: - mov rax, 1 - jmp .switch_end - -.case2: - mov rax, 2 - jmp .switch_end - -.case3: - mov rax, 3 - jmp .switch_end - -.case4: - mov rax, 4 - jmp .switch_end - -.case5: - mov rax, 5 - jmp .switch_end - -.case6: - mov rax, 6 - jmp .switch_end - -.case7: - mov rax, 7 - jmp .switch_end - -.switch_end: - ret - -.jump_table: - dd function_with_switch.case0 - .jump_table - dd function_with_switch.case1 - .jump_table - dd function_with_switch.case2 - .jump_table - dd function_with_switch.case3 - .jump_table - ; these entries should be invisible/illegal to binja because of the "and 3" constraint - dd function_with_switch.case4 - .jump_table - dd function_with_switch.case5 - .jump_table - dd function_with_switch.case6 - .jump_table - dd function_with_switch.case7 - .jump_table - -; evade data flow: return given number integer divided by 2 -mapper: - mov rax, rdi - shr rax, 1 - ret - diff --git a/test/src/nopspeed.c b/test/src/nopspeed.c deleted file mode 100644 index 3e609208..00000000 --- a/test/src/nopspeed.c +++ /dev/null @@ -1,131 +0,0 @@ -#include -#include -#include -#include -#include - -typedef uint64_t (*sc_fn)(); - -sc_fn gen_sc_fn(unsigned char *nops, uint64_t nop_len, uint64_t total_nop_bytes) { - unsigned char *sc = malloc(total_nop_bytes + 0x100); - uint64_t size = 0; - - // mfence - sc[size++] = 0x0f; - sc[size++] = 0xae; - sc[size++] = 0xf0; - - // lfence - sc[size++] = 0x0f; - sc[size++] = 0xae; - sc[size++] = 0xe8; - - // rdtsc - sc[size++] = 0x0f; - sc[size++] = 0x31; - - // push rax - sc[size++] = 0x50; - // push rdx - sc[size++] = 0x52; - - while (size < total_nop_bytes) { - for (int i = 0; i < nop_len; i ++) { - sc[size++] = nops[i]; - } - } - - // rdtsc - sc[size++] = 0x0f; - sc[size++] = 0x31; - - // shl rdx, 0x20 - sc[size++] = 0x48; - sc[size++] = 0xc1; - sc[size++] = 0xe2; - sc[size++] = 0x20; - - // xor rdx, rax - sc[size++] = 0x48; - sc[size++] = 0x31; - sc[size++] = 0xc2; - - // pop rcx - sc[size++] = 0x59; - // pop rax - sc[size++] = 0x58; - - // shl rcx, 0x20 - sc[size++] = 0x48; - sc[size++] = 0xc1; - sc[size++] = 0xe1; - sc[size++] = 0x20; - - // xor rcx, rax - sc[size++] = 0x48; - sc[size++] = 0x31; - sc[size++] = 0xc1; - - // sub rdx, rcx - sc[size++] = 0x48; - sc[size++] = 0x29; - sc[size++] = 0xca; - - // mov rax, rcx - sc[size++] = 0x48; - sc[size++] = 0x89; - sc[size++] = 0xd0; - - // ret - sc[size++] = 0xc3; - - void *ptr = mmap(0, size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE, 0, 0); - - if (ptr == MAP_FAILED) { - perror("mmap"); - exit(1); - } - - memcpy(ptr, sc, size); - - free(sc); - - return ptr; -} - -int main() { - unsigned char nops[16][15] = { - {0x90} - , {0x66,0x90} - , {0x0f,0x1f,0x00} - , {0x0f,0x1f,0x40,0x00} - , {0x0f,0x1f,0x44,0x00,0x00} - , {0x66,0x0f,0x1f,0x44,0x00,0x00} - , {0x0f,0x1f,0x80,0x00,0x00,0x00,0x00} - , {0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00} - , {0x66,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00} - , {0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00} - , {0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00} - , {0x66,0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00} - , {0x66,0x66,0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00} - , {0x66,0x66,0x66,0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00} - , {0x66,0x66,0x66,0x66,0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00} - }; - - int total_nop_bytes = 0x800000; - - for (int i = 0; i < 15; i++) { - sc_fn ptr = gen_sc_fn(nops[i], i + 1, total_nop_bytes); - - uint64_t sum = 0; - uint64_t runs = 0; - - for (int j = 0; j < 1000; j ++) { - uint64_t time = ptr(); - sum += time; - runs ++; - } - double avg = (double)sum / (double)runs; - printf("0x%x bytes of nops of length %d took %f cycles on avg\n", total_nop_bytes, i + 1, avg); - } -} diff --git a/test/src/read_input.c b/test/src/read_input.c deleted file mode 100644 index ee687bd7..00000000 --- a/test/src/read_input.c +++ /dev/null @@ -1,14 +0,0 @@ -#include -#include - -int main() -{ - char buffer[20]; - // Disable the buffering so we can see the output immediately - setvbuf(stdout, NULL, _IONBF, 0); - printf("Please type an integer:\n"); - fgets(buffer, sizeof(buffer), stdin); - int result = atoi(buffer); - printf("You typed: %d\n", result); - return 0; -} \ No newline at end of file diff --git a/test/src/rm_func_starts.py b/test/src/rm_func_starts.py deleted file mode 100755 index da281cd7..00000000 --- a/test/src/rm_func_starts.py +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/bin/env python3 - -# remove mach-o function starts by setting the size of the LUT in the load command to size 0 -# offs+0: cmd (0x26 == LC_FUNCTION_STARTS) -# offs+4: cmdsize (0x10) -# offs+8: LUT offset -# offs+C: LUT size <---- HERE - -import sys -from struct import unpack - -data = None -with open(sys.argv[1], 'rb') as fp: - data = fp.read() - -assert data[0:4] == b'\xCF\xFA\xED\xFE' -assert data[4:8] == b'\x07\x00\x00\x01' # CPU_TYPE_X86_X64 -ncmds = unpack(' + +#ifdef _WIN32 +#define SHARED_LIB_EXPORT __declspec(dllexport) +#else +#define SHARED_LIB_EXPORT __attribute__((visibility("default"))) +#endif + +SHARED_LIB_EXPORT int shared_lib_add(int a, int b) +{ + int result = a + b; + printf("shared_lib_add(%d, %d) = %d\n", a, b, result); + return result; +} diff --git a/test/src/undiscovered_func2_x64.asm b/test/src/undiscovered_func2_x64.asm deleted file mode 100644 index 03068d7f..00000000 --- a/test/src/undiscovered_func2_x64.asm +++ /dev/null @@ -1,117 +0,0 @@ -; Demonstrate runtime information informing analysis. -; -; There are four functions here, 2 legitimate and 2 secret. -; Analysis will statically find the 2 legitimate. -; Analysis will learn the other 2 while stepping through the call instructions at runtime. - -default rel -global start -section .text - -start: - mov rcx, 4 - - ; call legit function - lea rbx, [print_00] - call rbx - - ; call legit function - lea rbx, [print_01] - call rbx - - ; call secret function #1 - lea rbx, [junk] - mov rdi, 96 ; -> 48 - call mapper - add rbx, rax - call rbx - - ; calls ecret function #2 - lea rbx, [junk] - mov rdi, 284 ; -> 142 - call mapper - add rbx, rax - call rbx - - ; done, exit - mov rax, 0x2000001 ; exit - mov rdi, 0 - syscall - ret - -print_00: - lea rsi, [.msg_start] - lea rdx, [.done] - sub rdx, rsi - mov rdi, 1 ; stdout - mov rax, 0x2000004 ; write - syscall - jmp .done -.msg_start: - db "I'm print_00!", 0x0a -.done: - ret - -print_01: - mov rsi, .msg_start - mov rdx, .done - sub rdx, rsi - mov rdi, 1 ; stdout - mov rax, 0x2000004 ; write - syscall - jmp .done -.msg_start: - db "I'm print_01!", 0x0a -.done: - ret - -junk: -; junk -db 0xEF, 0x3D, 0x53, 0x7C, 0xFB, 0x80, 0x3B, 0x28, -db 0x15, 0xD1, 0xA2, 0xCD, 0x5E, 0x7E, 0xBC, 0xE1, -db 0xC6, 0x1B, 0x63, 0x05, 0xB7, 0xD3, 0xBA, 0x3B, -db 0x39, 0xCA, 0x46, 0xA1, 0x32, 0xD9, 0x8A, 0xB5, -db 0x8F, 0xD6, 0xFA, 0xAE, 0x08, 0x2D, 0xD5, 0x6F, -db 0x1E, 0xD6, 0xB8, 0x72, 0xA9, 0x8D, 0x86, 0xE8 - -; junk + 0x30 -; hidden function -db 0x48, 0x8D, 0x35, 0x18, 0x00, 0x00, 0x00, ; lea rsi, [.msg_start] -db 0x48, 0x8D, 0x15, 0x1F, 0x00, 0x00, 0x00, ; lea rdx, [.done] -db 0x48, 0x29, 0xF2 ; sub rdx, rsi -db 0xBF, 0x01, 0x00, 0x00, 0x00 ; mov rdi, 1 ; stdout -db 0xB8, 0x04, 0x00, 0x00, 0x02 ; mov rax, 0x2000004 ; write -db 0x0F, 0x05 ; syscall -db 0xEB, 0x0E ; jmp .done -; .msg_start: "YOU FOUND ME1" -db 0x59, 0x4F, 0x55, 0x20, 0x46, 0x4F, 0x55, 0x4E, 0x44, 0x20, 0x4D, 0x45, 0x31, 0x0a -; .done: -db 0xC3 ; ret - -; junk + 0x5e -db 0xB4, 0xDE, 0xF0, 0x6B, 0x54, 0x40, 0x08, 0x46, -db 0xF6, 0xAC, 0xDD, 0x82, 0x8C, 0x74, 0x2C, 0x7F, -db 0xBD, 0x0B, 0xC1, 0xBA, 0x12, 0x1F, 0xD0, 0x7C, -db 0x44, 0xFF, 0x43, 0x5F, 0xC6, 0x85, 0xF3, 0x23, -db 0x6B, 0x65, 0x41, 0x2C, 0xB4, 0x4A, 0x5E, 0x24, -db 0x35, 0xBA, 0x57, 0x76, 0x18, 0xAB, 0xE0, 0x51 - -; junk + 0x8e -; hidden function -db 0x48, 0x8D, 0x35, 0x18, 0x00, 0x00, 0x00, ; lea rsi, [.msg_start] -db 0x48, 0x8D, 0x15, 0x1F, 0x00, 0x00, 0x00, ; lea rdx, [.done] -db 0x48, 0x29, 0xF2 ; sub rdx, rsi -db 0xBF, 0x01, 0x00, 0x00, 0x00 ; mov rdi, 1 ; stdout -db 0xB8, 0x04, 0x00, 0x00, 0x02 ; mov rax, 0x2000004 ; write -db 0x0F, 0x05 ; syscall -db 0xEB, 0x0E ; jmp .done -; .msg_start: "YOU FOUND ME2" -db 0x59, 0x4F, 0x55, 0x20, 0x46, 0x4F, 0x55, 0x4E, 0x44, 0x20, 0x4D, 0x45, 0x32, 0x0a -; .done: -db 0xC3 ; ret - -; evade data flow: return given number integer divided by 2 -mapper: - mov rax, rdi ; arg0: number to map - shr rax, 1 - ret diff --git a/test/src/undiscovered_func_x64.asm b/test/src/undiscovered_func_x64.asm deleted file mode 100644 index c4f1f251..00000000 --- a/test/src/undiscovered_func_x64.asm +++ /dev/null @@ -1,56 +0,0 @@ -default rel - -%ifdef OS_IS_WINDOWS - global WinMain - extern ExitProcess - - section .text - WinMain: -%endif - -%ifdef OS_IS_LINUX - global _start - section .text - _start: -%endif - -%ifdef OS_IS_MACOS - global start - section .text - start: -%endif - - call undiscovered - -%ifdef OS_IS_WINDOWS - mov rcx, 0 - call ExitProcess -%endif - -%ifdef OS_IS_LINUX - mov rdi, 0 ; arg0: status - mov rax, 60 ; __NR_exit - syscall -%endif - -%ifdef OS_IS_MACOS - mov rax, 0x2000001 ; exit - mov rdi, 0 - syscall -%endif - - retn - -undiscovered: - ; lea rax, [rip] - db 0x48, 0x8d, 0x05, 0x00, 0x00, 0x00, 0x00 - add rax, 6 - ; Fake call to rax - push rax - retn - ; Unlabelled code that binja does not discover automatically - mov rax, 0x1234 - mov rbx, 0x5678 - retn - -section .data