gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 07:10:29 -08:00
Code Issues Packages Projects Releases Wiki Activity

adding test for unmapped immediate data reference

Browse Source
This commit is contained in:
Michael Hunhoff
2020-08-11 14:12:07 -06:00
parent 791afd7ac8
commit 70b4546c33
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/fixtures.py
View File

@@ -83,3 +83,9 @@ def sample_39c05b15e9834ac93f206bc114d0a00c357c888db567ba8f5345da0529cbed41():
def sample_499c2a85f6e8142c3f48d4251c9c7cd6_raw32(): def sample_499c2a85f6e8142c3f48d4251c9c7cd6_raw32():
path = os.path.join(CD, "data", "499c2a85f6e8142c3f48d4251c9c7cd6.raw32") path = os.path.join(CD, "data", "499c2a85f6e8142c3f48d4251c9c7cd6.raw32")
return Sample(viv_utils.getShellcodeWorkspace(path), path) return Sample(viv_utils.getShellcodeWorkspace(path), path)
@pytest.fixture
def sample_al_khaser_x86():
path = os.path.join(CD, "data", "al-khaser_x86.exe_")
return Sample(viv_utils.getWorkspace(path), path)

5
tests/test_viv_features.py
View File

@@ -126,6 +126,11 @@ def test_number_arch_features(mimikatz):
assert capa.features.insn.Number(0xFF, arch=ARCH_X64) not in features assert capa.features.insn.Number(0xFF, arch=ARCH_X64) not in features
def test_unmapped_immediate_memory_reference_features(sample_al_khaser_x86):
features = extract_function_features(viv_utils.Function(sample_al_khaser_x86.vw, 0x41AAB4))
assert capa.features.insn.Number(0x7FFE02D4) in features
def test_offset_features(mimikatz): def test_offset_features(mimikatz):
features = extract_function_features(viv_utils.Function(mimikatz.vw, 0x40105D)) features = extract_function_features(viv_utils.Function(mimikatz.vw, 0x40105D))
assert capa.features.insn.Offset(0x0) in features assert capa.features.insn.Offset(0x0) in features