def test_assembler():
CheckInstr(Add)('RAX', 'RSP')
CheckInstr(Add)('RAX', mem('[RCX]'))
CheckInstr(Add)('RAX', mem('[RDI + 0x10]'))
CheckInstr(Add)('RAX', mem('[RSI + 0x7fffffff]'))
CheckInstr(Add)('RAX', mem('[RSI + -0x1]'))
CheckInstr(Add)('RAX', mem('[0x10]'))
CheckInstr(Add)('RAX', mem('fs:[0x10]'))
CheckInstr(Add)('RAX', mem('[RSI + RDI * 2]'))
CheckInstr(Add)('RAX', mem('[RSI + RDI * 2 + 0x10]'))
CheckInstr(Add)('RAX', mem('gs:[RSI + RDI * 2 + 0x10]'))
CheckInstr(Add)('RAX', mem('[R15 * 8 + 0x10]'))
CheckInstr(Add)('RAX', mem('[R9 + R8 * 2 + 0x7fffffff]'))
CheckInstr(Add)('RAX', mem('[R9 + R8 * 2 + -0x80000000]'))
CheckInstr(Add)('RAX', mem('[-1]'))
CheckInstr(Add)('RAX', mem('[0x7fffffff]'))
CheckInstr(Add)('RAX', -1)
CheckInstr(Sub)('RCX', 'RSP')
CheckInstr(Sub)('RCX', mem('[RSP]'))
CheckInstr(Xor)('R15', mem('[RAX + R8 * 2 + 0x11223344]'))
CheckInstr(Xor)('RAX', 'RAX')
CheckInstr(Cmp)('RAX', -1)
#CheckInstr(Cmp, immediat_accepted=-1)('RAX', 0xffffffff)
CheckInstr(Lea)('RAX', mem('[RAX + 1]'))
CheckInstr(Lea)('RAX', mem('fs:[RAX + 1]'))
CheckInstr(Mov)('RAX', mem('[0x1122334455667788]'))
CheckInstr(Mov)('RAX', mem('gs:[0x1122334455667788]'))
CheckInstr(Mov)('RAX', mem('gs:[0x60]'))
CheckInstr(Mov)('RCX', 0x1122334455667788)
CheckInstr(Mov)('RCX', -1)
CheckInstr(Mov)('RCX', -0x1000)
CheckInstr(Mov)('RCX', 0xffffffff)
CheckInstr(Mov)('RAX', 0xffffffff)
CheckInstr(Mov)('R8', 0x1122334455667788)
CheckInstr(Mov)('RCX', -1)
CheckInstr(Mov, immediat_accepted=-1)('RCX', 0xffffffffffffffff)
CheckInstr(Mov)(mem('gs:[0x1122334455667788]'), 'RAX')
CheckInstr(Mov)(mem('[RAX]'), 0x11223344)
CheckInstr(Mov)(mem('[EAX]'), 0x11223344)
CheckInstr(Mov)(mem('[RBX]'), 0x11223344)
CheckInstr(Mov)("R12", mem("[RAX]"))
CheckInstr(Mov)("RAX", mem("[R12]"))
CheckInstr(Mov)("RAX", mem("[RAX + R12]"))
CheckInstr(Mov)("RAX", mem("[R12 + R12]"))
CheckInstr(Mov)("RAX", mem("[R12 + R15]"))
CheckInstr(Mov)("RAX", mem("[R10]"))
CheckInstr(Mov)("RAX", mem("[R11]"))
CheckInstr(Mov)("RAX", mem("[R12]"))
CheckInstr(Mov)("RAX", mem("[R13]"))
CheckInstr(Mov)("RAX", mem("[R14]"))
CheckInstr(Mov)("RAX", mem("[R15]"))
#CheckInstr(Mov)("RSI", mem("[R12]"))
CheckInstr(And)('RCX', 'RBX')
CheckInstr(And)('RAX', 0x11223344)
CheckInstr(And)('EAX', 0x11223344)
CheckInstr(And)('EAX', 0xffffffff)
CheckInstr(And)('RAX', mem('[RAX + 1]'))
CheckInstr(And)(mem('[RAX + 1]'), 'R8')
CheckInstr(And)(mem('[EAX + 1]'), 'R8')
CheckInstr(And)(mem('[RAX + 1]'), 'EAX')
CheckInstr(Or)('RCX', 'RBX')
CheckInstr(Or)('RAX', 0x11223344)
CheckInstr(Or)('RAX', mem('[RAX + 1]'))
CheckInstr(Or)(mem('[RAX + 1]'), 'R8')
CheckInstr(Or)(mem('[EAX + 1]'), 'R8')
CheckInstr(Or)(mem('[RAX + 1]'), 'EAX')
CheckInstr(Shr)('RAX', 8)
CheckInstr(Shr)('R15', 0x12)
CheckInstr(Shl)('RAX', 8)
CheckInstr(Shl)('R15', 0x12)
CheckInstr(Int3)()
CheckInstr(Int)(0)
CheckInstr(Int)(3)
CheckInstr(Int)(0xff)
# I really don't know why it's the inverse
# But I don't care, it's Test dude..
CheckInstr(x64.Test, expected_result="test r11, rax")('RAX', 'R11')
CheckInstr(x64.Test, expected_result="test edi, eax")('EAX', 'EDI')
CheckInstr(x64.Test)('RCX', 'RCX')
CheckInstr(x64.Test)(mem('[RDI + 0x100]'), 'RCX')
assert x64.Test(mem('[RDI + 0x100]'), 'RCX').get_code() == x64.Test('RCX', mem('[RDI + 0x100]')).get_code()
CheckInstr(Push)('RAX')
assert len(Push("RAX").get_code()) == 1
CheckInstr(Push)('R15')
CheckInstr(Push)(0x42)
CheckInstr(Push)(-1)
CheckInstr(Push)(mem("[ECX]"))
CheckInstr(Push)(mem("[RCX]"))
CheckInstr(Pop)('RAX')
assert len(Pop("RAX").get_code()) == 1
CheckInstr(Call)('RAX')
CheckInstr(Call)(mem('[RAX + RCX * 8]'))
CheckInstr(Cpuid)()
CheckInstr(Xchg)('RAX', 'RSP')
assert Xchg('RAX', 'RCX').get_code() == Xchg('RCX', 'RAX').get_code()
# 32 / 64 bits register mixing
CheckInstr(Mov)('ECX', 'EBX')
CheckInstr(Mov)('RCX', mem('[EBX]'))
CheckInstr(Mov)('ECX', mem('[RBX]'))
CheckInstr(Mov)('ECX', mem('[EBX]'))
CheckInstr(Mov)('RCX', mem('[EBX + EBX]'))
CheckInstr(Mov)('RCX', mem('[ESP + EBX + 0x10]'))
CheckInstr(Mov)('ECX', mem('[ESP + EBX + 0x10]'))
CheckInstr(Mov)('ECX', mem('[RBX + RCX + 0x10]'))
CheckInstr(Mov)(mem('[RBX + RCX + 0x10]'), 'ECX')
CheckInstr(Mov)(mem('[EBX + ECX + 0x10]'), 'ECX')
CheckInstr(Mov)(mem('[EBX + ECX + 0x10]'), 'R8')
CheckInstr(Not)('RAX')
CheckInstr(Not)(mem('[RAX]'))
CheckInstr(ScasB, expected_result="scasb al, byte ptr [rdi]")()
CheckInstr(ScasW, expected_result="scasw ax, word ptr [rdi]")()
CheckInstr(ScasD, expected_result="scasd eax, dword ptr [rdi]")()
CheckInstr(ScasQ, expected_result="scasq rax, qword ptr [rdi]")()
CheckInstr(CmpsB, expected_result="cmpsb byte ptr [rsi], byte ptr [rdi]")()
CheckInstr(CmpsW, expected_result="cmpsw word ptr [rsi], word ptr [rdi]")()
CheckInstr(CmpsD, expected_result="cmpsd dword ptr [rsi], dword ptr [rdi]")()
CheckInstr(CmpsQ, expected_result="cmpsq qword ptr [rsi], qword ptr [rdi]")()
CheckInstr(Mov, must_fail=True)('RCX', 'ECX')
CheckInstr(Mov, must_fail=True)('RCX', mem('[ECX + RCX]'))
CheckInstr(Mov, must_fail=True)('RCX', mem('[RBX + ECX]'))
CheckInstr(Mov, must_fail=True)('ECX', mem('[ECX + RCX]'))
CheckInstr(Mov, must_fail=True)('ECX', mem('[RBX + ECX]'))
CheckInstr(Add, must_fail=True)('RAX', 0xffffffff)
# Test some prefix / REP
assert (x64.Rep + x64.Nop()).get_code() == b"\xf3\x90"
assert (x64.GSPrefix + x64.Nop()).get_code() == b"\x65\x90"
assert (x64.OperandSizeOverride + x64.Nop()).get_code() == b"\x66\x90"
assert (x64.Repne + x64.Nop()).get_code() == b"\xf2\x90"
code = MultipleInstr()
code += Nop()
code += Rep + Nop()
code += Ret()
print(repr(code.get_code()))
assert code.get_code() == b"\x90\xf3\x90\xc3"
GetProcAddress64 += x64.Mov("RAX", "RDX")
GetProcAddress64 += x64.Mov(
"RBX",
x64.mem("[RAX + 32]")) # RBX : first base ! (base of current module)
#GetProcAddress64 += x64.Mov("RBX ", x64.mem("[RAX + 32]")) # RBX : first base ! (base of current module)
GetProcAddress64 += x64.Cmp("RBX", 0)
GetProcAddress64 += x64.Jz(":DLL_NOT_FOUND")
GetProcAddress64 += x64.Mov(
"RCX", x64.mem("[RAX + 80]")) # RCX = NAME (UNICODE_STRING.Buffer)
GetProcAddress64 += x64.Call(":FUNC_STRLENW64")
GetProcAddress64 += x64.Mov("RDI", "RCX")
GetProcAddress64 += x64.Mov("RCX", "RAX")
GetProcAddress64 += x64.Mov("RSI", "R11")
GetProcAddress64 += x64.Rep + x64.CmpsW(
) #;cmp with current dll name (unicode)
GetProcAddress64 += x64.Test("RCX", "RCX")
GetProcAddress64 += x64.Jz(":DLL_FOUND")
GetProcAddress64 += x64.Mov("RDX", x64.mem("[RDX]"))
GetProcAddress64 += x64.Jmp(":a_dest")
GetProcAddress64 += x64.Label(":DLL_FOUND") # here rbx = base
GetProcAddress64 += x64.Mov("EAX", x64.mem("[RBX + 60]")) # rax = PEBASE RVA
GetProcAddress64 += x64.Add("RAX", "RBX") # RAX = PEBASE
GetProcAddress64 += x64.Add("RAX", 24) # ;OPTIONAL HEADER
GetProcAddress64 += x64.Mov("ECX",
x64.mem("[rax + 112]")) # ;rcx = RVA export dir
GetProcAddress64 += x64.Add("RCX", "RBX") # ;rcx = export_dir
GetProcAddress64 += x64.Mov("RAX", "RCX") # ;RAX = export_dir
GetProcAddress64 += x64.Push("RAX") # ;Save it for after function search
# ; EBX = BASE | EAX = EXPORT DIR
GetProcAddress64 += x64.Mov("ECX", x64.mem("[RAX + 24] "))
GetProcAddress64 += x64.Mov("R13", "RCX") # ;r13 = NB names