mirror of https://github.com/bitdefender/bddisasm.git synced 2024-11-18 05:28:09 +00:00

History

Andrei Vlad LUTAS 08096172cc Multiple improvements - New shemu flag - SHEMU_FLAG_SIDT, set when sheu encounters a SIDT in ring0. - Added the CET Tracked flag to SYSCLAL, SYSENTER and INT n instructions. - Fixed Do Not Track prefix recognition for CALL and JMP in long-mode. - Fixed MONITOR and MONITORX implicit operands - the rAX register encodes a virtual address that will be used as the monitored range. That address is subject to a 1 byte load. - Fixed RMPADJUST and RMPUPDATE implicit operands - the rAX register encodes a virtual address, and the rCX register encodes a virtual address of the RMP updated entry.		2021-08-31 13:37:50 +03:00
..
bdshemu_test.zip	Multiple improvements	2021-08-31 13:37:50 +03:00
README.md	Multiple improvements in bdshemu	2021-08-10 11:43:51 +03:00
test_all.py	Multiple improvements in bdshemu	2021-08-10 11:43:51 +03:00

README.md

Shellcode Emulator Tests

To avoid detections from anti-malware products the test files are stored in a password protected ZIP. The password is infected. The test script will automatically unzip the files before running the tests.

These tests are used to validate basic bdshemu functionality. Each test consists of up to three files:

The binary test file. The name format for this type of file is name_32|64[_r0]. No extension must be provided; 32 indicates 32 bit test file, 64 indicates 64 bit test file, and r0 indicates kernel payload
The output result file. Must be named the same as the binary test file, but with the extension .result
Optional assembly file, used to generate the binary test file

The test_all.py script will iterate all the test folders, and it will run bdshemu on each identified test file. The result file will be compared with the output of the test run. If they are not the same, the test will fail.

NOTE: This test will assume disasm is in the path. Works on Windows only.