tests: add test for disabled code hook after import dispatch#291
Conversation
There was a problem hiding this comment.
Code Review
This pull request introduces a new test case to verify that the Import Address Table (IAT) is correctly handled after a Structured Exception Handling (SEH) event. It includes a new C source file for an x86 binary that manually resolves GetTickCount, sets up an SEH handler, and triggers a division-by-zero exception to test the execution flow. Additionally, a Python test script is added to validate the sequence of API calls. Feedback was provided regarding unreachable code in the C handler after an ExitProcess call and a suggestion to refactor the Python assertions for better efficiency and readability.
| ExitProcess((UINT)(tick ^ pid)); | ||
| return ExceptionContinueExecution; |
| assert "kernel32.GetTickCount" in apis | ||
| assert "kernel32.GetCurrentProcessId" in apis | ||
| assert "kernel32.ExitProcess" in apis | ||
| assert apis.index("kernel32.GetTickCount") < apis.index("kernel32.GetCurrentProcessId") |
There was a problem hiding this comment.
The checks for API presence and order can be made more concise and efficient. The current implementation scans the apis list multiple times. You can rely on list.index() to find the APIs, which will raise a ValueError if an API is not found, providing a clear test failure.
| assert "kernel32.GetTickCount" in apis | |
| assert "kernel32.GetCurrentProcessId" in apis | |
| assert "kernel32.ExitProcess" in apis | |
| assert apis.index("kernel32.GetTickCount") < apis.index("kernel32.GetCurrentProcessId") | |
| assert "kernel32.ExitProcess" in apis | |
| gtc_index = apis.index("kernel32.GetTickCount") | |
| gcp_index = apis.index("kernel32.GetCurrentProcessId") | |
| assert gtc_index < gcp_index |
see #290