OLD | NEW |
| (Empty) |
1 # Test false detection cases. | |
2 | |
3 # .text start RVA and end RVA | |
4 1000 | |
5 3000 | |
6 # .reloc start RVA and end RVA | |
7 3800 | |
8 4000 | |
9 # End RVA | |
10 5000 | |
11 | |
12 # Assume ImageBase = 00400000. This does not affect the test. | |
13 Program: | |
14 00401000: 55 push ebp | |
15 00401001: 8B EC mov ebp,esp | |
16 00401003: B8 E8 00 00 00 mov eax,0E8h # E8 00 00 00 00 | |
17 00401008: 00 C0 add al,al | |
18 0040100A: 90 nop | |
19 0040100B: 90 nop | |
20 0040100C: B9 00 00 00 E9 mov ecx,0E9000000h # E9 E8 00 00 00 | |
21 00401011: E8 00 00 00 00 call 00401016 | |
22 00401016: 90 nop | |
23 00401017: 90 nop | |
24 00401018: B1 0F mov cl,0Fh # 0F 80 C0 00 00 00 | |
25 0040101A: 80 C0 00 add al,0 | |
26 0040101D: 00 00 add byte ptr [eax],al | |
27 0040101F: 90 nop | |
28 00401020: 90 nop | |
29 00401021: B8 E8 00 00 00 mov eax,0E8h # E8 00 00 00 E8 | |
30 00401026: E8 00 00 00 00 call 0040102B | |
31 0040102B: 90 nop | |
32 0040102C: 90 nop | |
33 0040102D: E8 00 E9 00 00 call 0040F932 # E9 00 00 00 00 | |
34 00401032: 00 00 add byte ptr [eax],al | |
35 00401034: 5D pop ebp | |
36 00401035: C3 ret | |
37 | |
38 Abs32: | |
39 | |
40 Expected: | |
41 1005 # False positive | |
42 1011 # False positive | |
43 # 1012 => False negative: shadowed by 1011 | |
44 101B # False positive | |
45 # 1023 => Potential false positive, but suppressed since target is outside .text | |
46 1027 # Emerges since it's not shadowed by 1023 | |
47 1030 # False positive: target of 102E was outside .text, so fall back to this | |
OLD | NEW |