backengineering / bintests Goto Github PK

A large collection of 32bit and 64bit PE files useful for verifying the correctness of bin2bin transformations

binary-rewriting pe pe32 pe64 disassembly

bintests's Introduction

Binary Rewriting Test Suite

This repository comprises a set of PE executable files encompassing a diverse array of code. Its primary goal is to facilitate testing the accuracy of bin2bin transformations. We are focused on assessing the effectiveness of our binary rewriting capabilities, particularly when applied to substantially large binaries exceeding 200MB which may have various "odd" behaviors. For now this repo will only contain x86 executables.

Usage

Any PE files under 32bit/ and 64bit/ can be executed on the commandline. They will output text, you can compare this text with the transformed version of the binary to see if they match.

SEH Tests

All tests under the seh/ folder are 64bit PE executable files. These tests do not print anything out if successful, instead the exit code should be checked to make sure it is zero. If it is non-zero then the SEH test has failed.

Why?

Most research papers on the topic of binary rewriting usually targets ELF files. Majority of these papers use the binutils that gnu ships. We are building software to protect windows executable files and I couldnt find a large repo with pre-compiled test bins ready to use. That is why this exists. This is also used by our CI workflows to test our code as we write it. Very useful!

Test List

The test bins consist of tests from the following projects:

zasm - https://github.com/zyantific/zasm/tree/master/examples
chrome - https://developer.chrome.com/blog/chrome-for-testing/
testfloat - https://github.com/backengineering/testfloat-pe
openssl - https://github.com/openssl/openssl/tree/master/test
llvm - JIT Fibonacci, IRTransforms, OrcV2Examples, clang
coremark - https://github.com/backengineering/coremark-pe
windows_seh_tests - https://github.com/Microsoft/windows_seh_tests
windows compiler tests (more seh) - https://github.com/Microsoft/compiler-tests
corkami weird pe files - https://github.com/corkami/pocs/tree/master/PE/bin
vulnerable windows drivers - https://github.com/namazso/physmem_drivers
VisualUEFI - https://github.com/ionescu007/VisualUefi
MultiWorldDemo - https://github.com/UNAmedia/ue5-multiworld-demo
FPChess - https://wiki.freepascal.org/fpChess

This also contains all sorts of misc tests aimed at breaking disassembly (recursive functions, functions that call each other, noreturn functions, all sorts of jump tables).

Compile Options & Binary Information

Most bins will be compiled with /O2, /GL, and /LTCG. However not all bins will be compiled with these options. Real world bins will have a wide range of optimization/compiler options so we try to replicate this by not having every single binary use /O2, /GL, etc. Its important to note this because code compiled with /GL you cannot assume volitile registers are really volitile. The compiler can do some non-abi stuff with functions inside of the binary.

bintests's People

Contributors

Stargazers

Watchers

Forkers

gavz notpidgey

bintests's Issues

Nasty x86 binary

Are you interested in some nasty byte-codes, like this?

; nasm -g -f win32 strange_offset.s && x86_64-w64-mingw32-cc -g -no-pie -m32 -o strange_offset.exe strange_offset.obj
; nasm -g -f elf strange_offset.s && gcc -g -no-pie -m32 -o strange_offset strange_offset.o
section .text
    global main

    extern printf
    extern exit

main:
    mov EAX, 0x02eb11b0
    cmp EAX, 0x02eb11b0
    fake_jmp dw 0xfa74

    push EAX
    push reveal_key
    call printf

finish:
    ; exit the program
    push 0
    call exit

section .data
    reveal_key db 'The key is "%x"', 0

This will print The key is "2eb1111"

pascal/delphi binaries

Its been brought to my attention that we should have a few delphi/pascal binaries in here.

windows seh tests are optimized away

re-compile all of the seh tests with optimizations disabled because it is removing the try/except lol.

add chromium binaries

https://github.com/chromium/chromium

luajit tests

luajit does some insane optimization shit that would be a good to test on our framework.

x86-sok fork for llvm-msvc?

make a fork of this for llvm-msvc and compile all of the binaries through it...??

https://github.com/junxzm1990/x86-sok

powerful??

some of the tests from openssl require dynamic libraries

My bad... Some of the tests from the openssl tests require dynamic libraries from openssl. Those need to be nuked from orbit.

we need tests with stack cookie (/GS) enabled

when /GS is enabled functions with stack cookies use GSHandlerCheck exception handler function.

I literally cannot find anywhere on google that defines the language specific data for __GSHandlerCheck but after some reverse engineering it contains this information:

typedef struct GSHandlerData {
    unsigned long stackCookieOffset;
}

other pieces of software to test

zasm tests https://github.com/zyantific/zasm/tree/master/src/tests
z3 tests https://github.com/Z3Prover/z3/tree/master/src/test
luajit
unicorn engine
chocolatey

add luajit tests

https://github.com/openresty/luajit2-test-suite

firefox

add firefox to our misc rewrite binaries. or maybe just tor. xul.dll is the main module.

uefi modules

add some uefi modules, they are just PE files with a different subsystem anyways... Not sure if they have an IAT though..

https://github.com/ionescu007/VisualUefi

seperate the large llvm bins out

so the large llvm binaries that are in 32bit/64bit bog down CI. This repo needs to run everytime we make a push so we can see the effects we make on code coverage and stability. I suggest a change to the file structure:

64bit/ci/*.exe
64bit/ci/*.pdb
32bit/ci/*.exe
32bit/ci/*.pdb

we move the larger bins to just 32bit/.exe and 32bit/.pdb this way we can run them locally still without clogging up CI with huge binaries to rewrite.