Merge pull request #56 from mrexodia/test-framework

Actually use the new test framework

Author: mrexodia

.github/workflows/build.yml

@@ -7,39 +7,88 @@ jobs:
     # Skip building pull requests from the same repository
     if: ${{ github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) }}
     runs-on: windows-2019
+    env:
+      # Disable output buffering in an attempt to get readable errors
+      PYTHONUNBUFFERED: '1'
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Python environment
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
       with:
         python-version: '3.9'
         architecture: 'x64'
 
-    - name: Build
+    - name: Python setup
       run: |
         python setup.py develop
 
-    - name: StringEncryptionFun_x64
+    - name: Add msbuild to PATH
+      uses: microsoft/[email protected]
+
+    - name: Cache build
+      uses: actions/cache@v3
+      id: cache-build
+      with:
+        path: 'tests/DumpulatorTests/bin'
+        key: ${{ runner.os }}-${{ hashFiles('tests/DumpulatorTests/**') }}
+
+    - name: Build DumpulatorTests
+      if: steps.cache-build.outputs.cache-hit != 'true'
       run: |
-        curl -sSOJL https://github.com/mrexodia/dumpulator/releases/download/v0.0.1/StringEncryptionFun_x64.dmp
-        python tests/getting-started.py
+        msbuild /p:Configuration=Release /p:Platform=Win32 tests\DumpulatorTests\DumpulatorTests.sln
+        msbuild /p:Configuration=Release /p:Platform=x64 tests\DumpulatorTests\DumpulatorTests.sln
 
-    - name: StringEncryptionFun_x86
+    - name: Cache dumps
+      uses: actions/cache@v3
+      id: cache-dumps
+      with:
+        path: 'tests/*.dmp'
+        key: ${{ runner.os }}-${{ hashFiles('tests/download_artifacts.py') }}
+
+    - name: Download dumps
+      if: steps.cache-dumps.outputs.cache-hit != 'true'
       run: |
+        cd tests
+        curl -sSOJL https://github.com/mrexodia/dumpulator/releases/download/v0.0.1/StringEncryptionFun_x64.dmp
         curl -sSOJL https://github.com/mrexodia/dumpulator/releases/download/v0.0.1/StringEncryptionFun_x86.dmp
-        python tests/getting-started32.py
+        python download_artifacts.py
+
+    - name: 'Test: StringEncryptionFun_x64'
+      run: |
+        cd tests
+        python getting-started.py
+
+    - name: 'Test: StringEncryptionFun_x86'
+      run: |
+        cd tests
+        python getting-started32.py
+
+    - name: 'Test: DumpulatorTests'
+      run: |
+        cd tests
+        python harness-tests.py
+
+    - name: 'Test: ExceptionTest_x64'
+      run: |
+        cd tests
+        python execute-dump.py ExceptionTest_x64.dmp
+
+    - name: 'Test: ExceptionTest_x86'
+      run: |
+        cd tests
+        python execute-dump.py ExceptionTest_x86.dmp
 
   publish:
     if: ${{ startsWith(github.ref, 'refs/tags/v') }}
     runs-on: ubuntu-20.04
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Python environment
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
       with:
         python-version: '3.9'
         architecture: 'x64'
@@ -49,7 +98,8 @@ jobs:
         python setup.py sdist
 
     - name: Publish to PyPI
-      uses: pypa/gh-action-pypi-publish@master
+      # https://github.com/pypa/gh-action-pypi-publish/releases/tag/v1.6.4
+      uses: pypa/gh-action-pypi-publish@c7f29f7adef1a245bd91520e94867e5c6eedddcc
       with:
         password: ${{ secrets.PYPI_API_TOKEN }}
 

src/dumpulator/dumpulator.py

@@ -37,6 +37,7 @@ class ExceptionType(Enum):
     Memory = 1
     Interrupt = 2
     ContextSwitch = 3
+    Terminate = 4
 
 @dataclass
 class ExceptionInfo:
@@ -783,7 +784,7 @@ def _setup_syscalls(self):
                 self.info(f"Patching Wow64Transition: {export.address:x} -> {patch_addr:x}")
                 # See: https://opcode0x90.wordpress.com/2007/05/18/kifastsystemcall-hook/
                 # mov edx, esp; sysenter; ret
-                KiFastSystemCall = b"\x8B\xD4\x0F\x34\xC3"
+                KiFastSystemCall = b"\x8B\xD4\x0F\x34\x90\x90\xC3"
                 self.write(patch_addr, KiFastSystemCall)
             elif export.name == "KiUserExceptionDispatcher":
                 self.KiUserExceptionDispatcher = export.address
@@ -1003,6 +1004,12 @@ def start(self, begin, end=0xffffffffffffffff, count=0) -> None:
                         # Restore the context (unicorn might mess with it before stopping)
                         if self.exception.context is not None:
                             self._uc.context_restore(self.exception.context)
+
+                        if self.exception.type == ExceptionType.Terminate:
+                            if self.exit_code is not None:
+                                self.info(f"exit code: {self.exit_code:x}")
+                            break
+
                         try:
                             emu_begin = self.handle_exception()
                         except:
@@ -1465,7 +1472,7 @@ def syscall_arg(index):
                     return dp.regs.r10
                 return dp.args[index]
 
-            dp.info(f"[{dp.sequence_id}] syscall: {name}(")
+            dp.info(f"[{dp.sequence_id}] syscall (index: {hex(index)}): {name}(")
             for i in range(0, argcount):
                 argname = argspec.args[1 + i]
                 argtype = argspec.annotations[argname]
@@ -1474,7 +1481,7 @@ def syscall_arg(index):
                 # It looks like the python designers did an oopsie, so we're going
                 # the fully-undocumented route.
                 sal = None
-                if argtype.__name__ == "Annotated":
+                if "Annotated" in type(argtype).__name__:
                     sal, = argtype.__metadata__
                     argtype = argtype.__origin__
 
@@ -1513,6 +1520,9 @@ def syscall_arg(index):
                     if dp.x64:
                         dp.regs.rcx = dp.regs.cip + 2
                         dp.regs.r11 = dp.regs.eflags
+                    else:
+                        # HACK: there is a bug in unicorn that doesn't increment EIP
+                        dp.regs.eip += 2
             except UcError as err:
                 raise err
             except Exception as exc:

src/dumpulator/ntsyscalls.py

@@ -4475,7 +4475,11 @@ def ZwTerminateProcess(dp: Dumpulator,
                        ):
     assert ProcessHandle == 0 or ProcessHandle == dp.NtCurrentProcess()
     dp.stop(ExitStatus)
-    return STATUS_SUCCESS
+    exception = ExceptionInfo()
+    exception.type = ExceptionType.Terminate
+    exception.final = True
+    exception.context = dp._uc.context_save()
+    return exception
 
 @syscall
 def ZwTerminateThread(dp: Dumpulator,

tests/DumpulatorTests/DumpulatorTests.sln

@@ -11,6 +11,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HarnessMinimal", "HarnessMi
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HarnessFull", "HarnessFull\HarnessFull.vcxproj", "{1FD2D0B5-53E2-4E9E-AA4B-2E822ABD2D49}"
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ExceptionTest", "ExceptionTest\ExceptionTest.vcxproj", "{8D02ACE7-0361-45F7-B173-3188B235F2DC}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Release|Win32 = Release|Win32
@@ -33,6 +35,10 @@ Global
 		{1FD2D0B5-53E2-4E9E-AA4B-2E822ABD2D49}.Release|Win32.Build.0 = Release|Win32
 		{1FD2D0B5-53E2-4E9E-AA4B-2E822ABD2D49}.Release|x64.ActiveCfg = Release|x64
 		{1FD2D0B5-53E2-4E9E-AA4B-2E822ABD2D49}.Release|x64.Build.0 = Release|x64
+		{8D02ACE7-0361-45F7-B173-3188B235F2DC}.Release|Win32.ActiveCfg = Release|Win32
+		{8D02ACE7-0361-45F7-B173-3188B235F2DC}.Release|Win32.Build.0 = Release|Win32
+		{8D02ACE7-0361-45F7-B173-3188B235F2DC}.Release|x64.ActiveCfg = Release|x64
+		{8D02ACE7-0361-45F7-B173-3188B235F2DC}.Release|x64.Build.0 = Release|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

tests/DumpulatorTests/Tests/ExceptionTest.cpp renamed to tests/DumpulatorTests/ExceptionTest/ExceptionTest.cpp

@@ -1,4 +1,7 @@
-#include "debug.h"
+#include <Windows.h>
+#include <cstdio>
+
+#include "../Tests/debug.h"
 
 static LONG WINAPI VectoredHandler(struct _EXCEPTION_POINTERS* ExceptionInfo)
 {
@@ -62,3 +65,10 @@ extern "C" __declspec(dllexport) bool Exception_Test()
 	DebugPrint(L"Finished!");
 	return true;
 }
+
+
+int main(int argc, char** argv)
+{
+    auto exitCode = Exception_Test() ? EXIT_SUCCESS : EXIT_FAILURE;
+    ExitProcess(exitCode);
+}

tests/DumpulatorTests/ExceptionTest/ExceptionTest.vcxproj

@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{8D02ACE7-0361-45F7-B173-3188B235F2DC}</ProjectGuid>
+    <RootNamespace>ExceptionTest</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)bin\</OutDir>
+    <IntDir>$(SolutionDir)_obj\$(Platform)\$(ProjectName)\</IntDir>
+    <TargetName>$(ProjectName)_x86</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)bin\</OutDir>
+    <IntDir>$(SolutionDir)_obj\$(Platform)\$(ProjectName)\</IntDir>
+    <TargetName>$(ProjectName)_x64</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>false</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>false</DataExecutionPrevention>
+      <AdditionalDependencies>ntdll.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>false</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>false</DataExecutionPrevention>
+      <AdditionalDependencies>ntdll.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="ExceptionTest.cpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

tests/DumpulatorTests/ExceptionTest/ExceptionTest.vcxproj.filters

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="ExceptionTest.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>

tests/DumpulatorTests/Loader/Loader.cpp

@@ -16,5 +16,14 @@ int main(int argc, char** argv)
         return EXIT_FAILURE;
     }
     auto TestFunction = (int(*)())GetProcAddress(hLib, argv[1]);
-    return TestFunction() ? EXIT_SUCCESS : EXIT_FAILURE;
+    if (TestFunction == nullptr)
+    {
+        printf("Could not find function: %s\n", argv[1]);
+        return EXIT_FAILURE;
+    }
+    // Trigger a breakpoint to allow the debugger to dump
+    if (argc > 2)
+        __debugbreak();
+    auto exitCode = TestFunction() ? EXIT_SUCCESS : EXIT_FAILURE;
+    ExitProcess(exitCode);
 }

tests/DumpulatorTests/Tests/Tests.vcxproj

@@ -12,7 +12,6 @@
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="DllMain.cpp" />
-    <ClCompile Include="ExceptionTest.cpp" />
     <ClCompile Include="HandleTest.cpp" />
   </ItemGroup>
   <ItemGroup>

tests/DumpulatorTests/Tests/Tests.vcxproj.filters

@@ -15,9 +15,6 @@
     </Filter>
   </ItemGroup>
   <ItemGroup>
-    <ClCompile Include="ExceptionTest.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
     <ClCompile Include="HandleTest.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>