Skip to content

Commit

Permalink
Fixed RETDEC-74 and RETDEC-61 (#107)
Browse files Browse the repository at this point in the history 
* regression tests succeeded

* Fixed tests related to import directory

* Fixed review comments

Co-authored-by: Ladislav Zezula <ladislav.zezula@avast.com>
  • Loading branch information
@ladislav-zezula
ladislav-zezula and Ladislav Zezula authored Aug 24, 2021
1 parent 18f30c7 commit 2fa0388
Show file tree
Hide file tree
Showing 5 changed files with 89 additions and 5 deletions.
Binary file added tools/fileinfo/features/imports-name-vs-ordinal/Test32.exe_
View file
Binary file not shown.
Binary file added tools/fileinfo/features/imports-name-vs-ordinal/Test64.exe_
View file
Binary file not shown.
87 changes: 87 additions & 0 deletions tools/fileinfo/features/imports-name-vs-ordinal/test.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
from regression_tests import *

class PeTest32(Test):
settings = TestSettings(
tool='fileinfo',
input='Test32.exe_',
args='--verbose --json'
)

def test_correctly_analyzes_imports_and_exports(self):
assert self.fileinfo.succeeded

self.assertEqual(self.fileinfo.output['declaredNumberOfDataDirectories'], '16')
self.assertEqual(self.fileinfo.output['endianness'], 'Little endian')
self.assertEqual(self.fileinfo.output['fileFormat'], 'PE')
self.assertEqual(self.fileinfo.output['fileType'], 'Executable file')
self.assertEqual(self.fileinfo.output['importTable']['numberOfImports'], '37')

self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['name'], 'RegOpenKeyExW')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['libraryName'], 'ADVAPI32.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][1]['name'], 'CreateFileW')
self.assertEqual(self.fileinfo.output['importTable']['imports'][1]['libraryName'], 'KERNEL32.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][15]['name'], '_cexit')
self.assertEqual(self.fileinfo.output['importTable']['imports'][15]['libraryName'], 'msvcrt.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][30]['name'], 'MessageBeep')
self.assertEqual(self.fileinfo.output['importTable']['imports'][30]['libraryName'], 'USER32.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][32]['name'], 'MessageBoxA')
self.assertEqual(self.fileinfo.output['importTable']['imports'][32]['libraryName'], 'USER32.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][33]['ordinalNumber'], '19')
self.assertEqual(self.fileinfo.output['importTable']['imports'][33]['name'], 'send')
self.assertEqual(self.fileinfo.output['importTable']['imports'][33]['libraryName'], 'WS2_32.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][34]['ordinalNumber'], '4')
self.assertEqual(self.fileinfo.output['importTable']['imports'][34]['name'], 'connect')
self.assertEqual(self.fileinfo.output['importTable']['imports'][34]['libraryName'], 'WS2_32.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][36]['ordinalNumber'], '115')
self.assertEqual(self.fileinfo.output['importTable']['imports'][36]['name'], 'WSAStartup')
self.assertEqual(self.fileinfo.output['importTable']['imports'][36]['libraryName'], 'WS2_32.dll')

class PeTest64(Test):
settings = TestSettings(
tool='fileinfo',
input='Test64.exe_',
args='--verbose --json'
)

def test_correctly_analyzes_imports_and_exports(self):
assert self.fileinfo.succeeded

self.assertEqual(self.fileinfo.output['declaredNumberOfDataDirectories'], '16')
self.assertEqual(self.fileinfo.output['endianness'], 'Little endian')
self.assertEqual(self.fileinfo.output['fileFormat'], 'PE')
self.assertEqual(self.fileinfo.output['fileType'], 'Executable file')
self.assertEqual(self.fileinfo.output['importTable']['numberOfImports'], '36')

self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['name'], 'RegOpenKeyExW')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['libraryName'], 'ADVAPI32.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][1]['name'], 'CreateFileW')
self.assertEqual(self.fileinfo.output['importTable']['imports'][1]['libraryName'], 'KERNEL32.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][15]['name'], '__getmainargs')
self.assertEqual(self.fileinfo.output['importTable']['imports'][15]['libraryName'], 'msvcrt.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][30]['name'], 'MessageBeep')
self.assertEqual(self.fileinfo.output['importTable']['imports'][30]['libraryName'], 'USER32.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][31]['name'], 'MessageBoxA')
self.assertEqual(self.fileinfo.output['importTable']['imports'][31]['libraryName'], 'USER32.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][33]['ordinalNumber'], '115')
self.assertEqual(self.fileinfo.output['importTable']['imports'][33]['name'], 'WSAStartup')
self.assertEqual(self.fileinfo.output['importTable']['imports'][33]['libraryName'], 'WS2_32.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][34]['ordinalNumber'], '4')
self.assertEqual(self.fileinfo.output['importTable']['imports'][34]['name'], 'connect')
self.assertEqual(self.fileinfo.output['importTable']['imports'][34]['libraryName'], 'WS2_32.dll')

self.assertEqual(self.fileinfo.output['importTable']['imports'][35]['ordinalNumber'], '19')
self.assertEqual(self.fileinfo.output['importTable']['imports'][35]['name'], 'send')
self.assertEqual(self.fileinfo.output['importTable']['imports'][35]['libraryName'], 'WS2_32.dll')
5 changes: 1 addition & 4 deletions tools/fileinfo/features/pe-delayed-imports/test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ def test_delayed_imports_detection(self):
self.assertEqual(self.fileinfo.output['importTable']['imports'][77]['index'], '77')
self.assertEqual(self.fileinfo.output['importTable']['imports'][78]['index'], '78')
self.assertEqual(self.fileinfo.output['importTable']['imports'][79]['index'], '79')
assert 'name' not in self.fileinfo.output['importTable']['imports'][69]
self.assertEqual(self.fileinfo.output['importTable']['imports'][72]['name'], 'GetInputState')
self.assertEqual(self.fileinfo.output['importTable']['imports'][73]['name'], 'wsprintfA')
self.assertEqual(self.fileinfo.output['importTable']['imports'][74]['name'], 'PostThreadMessageA')
Expand All @@ -47,6 +46,7 @@ def test_delayed_imports_detection(self):
self.assertEqual(self.fileinfo.output['importTable']['imports'][77]['address'], '0x4020f2')
self.assertEqual(self.fileinfo.output['importTable']['imports'][78]['address'], '0x4020c0')
self.assertEqual(self.fileinfo.output['importTable']['imports'][79]['address'], '0x4020e0')
self.assertEqual(self.fileinfo.output['importTable']['imports'][69]['name'], 'sendto')
self.assertEqual(self.fileinfo.output['importTable']['imports'][69]['ordinalNumber'], '20')
self.assertEqual(self.fileinfo.output['importTable']['imports'][69]['delayed'], 'false')
self.assertEqual(self.fileinfo.output['importTable']['imports'][72]['delayed'], 'true')
Expand Down Expand Up @@ -74,7 +74,6 @@ def test_delayled_imports_detection(self):
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['libraryName'], 'KERNEL32.dll')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['address'], '0x400a00')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['name'], 'GetModuleHandleA')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['ordinalNumber'], '294')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['delayed'], 'false')

self.assertEqual(self.fileinfo.output['importTable']['imports'][25]['index'], '25')
Expand Down Expand Up @@ -114,7 +113,6 @@ def test_delayed_imports_detection(self):
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['libraryName'], 'KERNEL32.dll')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['address'], '0x400c00')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['name'], 'WaitForSingleObject')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['ordinalNumber'], '1124')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['delayed'], 'false')

self.assertEqual(self.fileinfo.output['importTable']['imports'][25]['index'], '25')
Expand Down Expand Up @@ -154,7 +152,6 @@ def test_delayed_imports_detection(self):
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['libraryName'], 'KERNEL32.dll')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['address'], '0x140001000')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['name'], 'WaitForSingleObject')
self.assertEqual(self.fileinfo.output['importTable']['imports'][0]['ordinalNumber'], '1128')

self.assertEqual(self.fileinfo.output['importTable']['imports'][24]['index'], '24')
self.assertEqual(self.fileinfo.output['importTable']['imports'][24]['libraryName'], 'COMCTL32.dll')
Expand Down
2 changes: 1 addition & 1 deletion tools/unpacker/upx/features/certificate-info/test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ def test_certificate_directory(self):
first_sig = self.fileinfo.output['digitalSignatures']['signatures'][0]
assert first_sig['digestAlgorithm'] == 'sha1'
# Unpacked file -> different contents than original -> different hash -> invalid signature on the unpacked file
assert first_sig['fileDigest'] == '5CBE1AD2114B8EA09819F798DA2CBD89CAC4E53B'
assert first_sig['fileDigest'] == '3E8002A08AEB8A1AF564E26C84FD0352C1302FEA'
assert first_sig['signedDigest'] == '79FBA75A396B6C8EB65D46C7B75065A75CA5148A'
assert first_sig['warnings'][0] == "Signature digest doesn't match the file digest"

Expand Down

0 comments on commit 2fa0388

Please sign in to comment.