Skip to content

tests: add test for disabled code hook after import dispatch#291

Merged
williballenthin merged 1 commit into
masterfrom
test-290
May 20, 2026
Merged

tests: add test for disabled code hook after import dispatch#291
williballenthin merged 1 commit into
masterfrom
test-290

Conversation

@williballenthin

Copy link
Copy Markdown
Collaborator

see #290

@williballenthin williballenthin merged commit 9178006 into master May 20, 2026
5 of 6 checks passed
@williballenthin williballenthin deleted the test-290 branch May 20, 2026 10:51

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new test case to verify that the Import Address Table (IAT) is correctly handled after a Structured Exception Handling (SEH) event. It includes a new C source file for an x86 binary that manually resolves GetTickCount, sets up an SEH handler, and triggers a division-by-zero exception to test the execution flow. Additionally, a Python test script is added to validate the sequence of API calls. Feedback was provided regarding unreachable code in the C handler after an ExitProcess call and a suggestion to refactor the Python assertions for better efficiency and readability.

Comment on lines +69 to +70
ExitProcess((UINT)(tick ^ pid));
return ExceptionContinueExecution;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The ExitProcess function does not return. Therefore, the return statement on the following line is unreachable code and can be removed for clarity.

    ExitProcess((UINT)(tick ^ pid));

Comment on lines +7 to +10
assert "kernel32.GetTickCount" in apis
assert "kernel32.GetCurrentProcessId" in apis
assert "kernel32.ExitProcess" in apis
assert apis.index("kernel32.GetTickCount") < apis.index("kernel32.GetCurrentProcessId")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The checks for API presence and order can be made more concise and efficient. The current implementation scans the apis list multiple times. You can rely on list.index() to find the APIs, which will raise a ValueError if an API is not found, providing a clear test failure.

Suggested change
assert "kernel32.GetTickCount" in apis
assert "kernel32.GetCurrentProcessId" in apis
assert "kernel32.ExitProcess" in apis
assert apis.index("kernel32.GetTickCount") < apis.index("kernel32.GetCurrentProcessId")
assert "kernel32.ExitProcess" in apis
gtc_index = apis.index("kernel32.GetTickCount")
gcp_index = apis.index("kernel32.GetCurrentProcessId")
assert gtc_index < gcp_index

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant