NAME=: open
FILE=../bins/mdmp/calc.dmp
EXPECT=<<EOF
format   mdmp
EOF
CMDS=<<EOF
i~format
EOF
RUN

NAME=: info
FILE=../bins/mdmp/calc.dmp
EXPECT=<<EOF
arch     x86
baddr    0xffffffffffffffff
binsz    36724
bintype  mdmp
bits     64
canary   false
retguard false
crypto   false
endian   little
flags    0x00040000
havecode true
hdr.csum 0x00000000
laddr    0x0
linenum  false
lsyms    false
machine  AMD64
maxopsz  16
minopsz  1
nx       false
os       Windows NT Workstation 6.1.7601
pcalign  0
pic      false
relocs   false
rpath    NONE
sanitiz  false
static   true
streams  13
stripped false
va       true
EOF
CMDS=<<EOF
iI
EOF
RUN

NAME=: sections
FILE=../bins/mdmp/calc.dmp
EXPECT=<<EOF
9   0x00000000   0xe3000 0xfffe0000      0xe3000 ---- C:_Windows_System32_calc.exe
EOF
CMDS=<<EOF
iS~calc
EOF
RUN

NAME=: entrypoints nomem .dmp
FILE=../bins/mdmp/calc.dmp
EXPECT=<<EOF
[Entrypoints]

0 entrypoints
EOF
CMDS=<<EOF
ie
EOF
RUN

NAME=: resolve vaddr to paddr
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x00400000  4d5a 9000 0300 0000 0400 0000 ffff 0000  MZ..............
0x00400010  b800 0000 0000 0000 4000 0000 0000 0000  ........@.......
0x00400020  0000 0000 0000 0000 0000 0000 0000 0000  ................
0x00400030  0000 0000 0000 0000 0000 0000 8000 0000  ................
EOF
CMDS=<<EOF
px 64 @ 0x00400000
EOF
RUN

NAME=: test format definitions
ARGS=-nn
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
pf.mdmp_directory [4]E? (mdmp_stream_type)StreamType (mdmp_location_descriptor)Location
pf.mdmp_exception [4]E[4]Eqqdd[15]q (mdmp_exception_code)ExceptionCode (mdmp_exception_flags)ExceptionFlags ExceptionRecord ExceptionAddress NumberParameters __UnusedAlignment ExceptionInformation
pf.mdmp_exception_stream dd?? ThreadId __Alignment (mdmp_exception)ExceptionRecord (mdmp_location_descriptor)ThreadContext
pf.mdmp_header [4]zddddt[8]B Signature Version NumberOfStreams StreamDirectoryRVA CheckSum TimeDateStamp (mdmp_type)Flags
pf.mdmp_location_descriptor dd DataSize RVA
pf.mdmp_location_descriptor64 qq DataSize RVA
pf.mdmp_memory64_list qq[83]? NumberOfMemoryRanges BaseRva (mdmp_memory_descriptor64)MemoryRanges
pf.mdmp_memory_descriptor q? StartOfMemoryRange (mdmp_location_descriptor)Memory
pf.mdmp_memory_descriptor64 qq StartOfMemoryRange DataSize
pf.mdmp_memory_info qq[4]Edq[4]E[4]E[4]Ed BaseAddress AllocationBase (mdmp_page_protect)AllocationProtect __Alignment1 RegionSize (mdmp_mem_state)State (mdmp_page_protect)Protect (mdmp_mem_type)Type __Alignment2
pf.mdmp_memory_info_list ddq[127]? SizeOfHeader SizeOfEntry NumberOfEntries (mdmp_memory_info)MemoryInfo
pf.mdmp_misc_info d[4]Bdtttddddd SizeOfInfo (mdmp_misc1_flags)Flags1 ProcessId ProcessCreateTime ProcessUserTime ProcessKernelTime ProcessorMaxMhz ProcessorCurrentMhz ProcessorMhzLimit ProcessorMaxIdleState ProcessorCurrentIdleState
pf.mdmp_module qddtd???qq BaseOfImage SizeOfImage CheckSum TimeDateStamp ModuleNameRVA (mdmp_vs_fixedfileinfo)VersionInfo (mdmp_location_descriptor)CvRecord (mdmp_location_descriptor)MiscRecord Reserved0 Reserved1
pf.mdmp_module_list d[10]? NumberOfModule (mdmp_module)Modules
pf.mdmp_string dZ Length Buffer
pf.mdmp_system_info [2]EwwbBddd[4]Ed[2]Ew[2]q (mdmp_processor_architecture)ProcessorArchitecture ProcessorLevel ProcessorRevision NumberOfProcessors (mdmp_product_type)ProductType MajorVersion MinorVersion BuildNumber (mdmp_platform_id)PlatformId CsdVersionRva (mdmp_suite_mask)SuiteMask Reserved2 ProcessorFeatures
pf.mdmp_thread ddddq?? ThreadId SuspendCount PriorityClass Priority Teb (mdmp_memory_descriptor)Stack (mdmp_location_descriptor)ThreadContext
pf.mdmp_thread_list d[1]? NumberOfThreads (mdmp_thread)Threads
pf.mdmp_token_info ddq TokenSize TokenId TokenHandle
pf.mdmp_token_info_list dddd TokenListSize TokenListEntries ListHeaderSize ElementHeaderSize
pf.mdmp_vs_fixedfileinfo ddddddddddddd dwSignature dwStrucVersion dwFileVersionMs dwFileVersionLs dwProductVersionMs dwProductVersionLs dwFileFlagsMask dwFileFlags dwFileOs dwFileType dwFileSubtype dwFileDateMs dwFileDateLs
EOF
CMDS=<<EOF
pf.
EOF
RUN

NAME=: 32bit - libraries count
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
[Linked libraries]
57 libraries
EOF
CMDS=<<EOF
il~libraries
EOF
RUN

NAME=: 32bit - libraries resolving
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
[0x00400000] - kernel32.dll
EOF
CMDS=<<EOF
il~kernel32.dll
EOF
RUN

NAME=: 32bit - entrypoints count
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
9 entrypoints
2 entrypoints
EOF
CMDS=<<EOF
ie~entrypoints
iee~entrypoints
EOF
RUN

NAME=: 32bit - entrypoints resolving
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
vaddr=0x004014e0 paddr=0x000990b2 haddr=0x00097c7a type=program
EOF
CMDS=<<EOF
ie~0x004014e0
EOF
RUN

NAME=: 32bit - symbols count
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
7469
EOF
CMDS=<<EOF
is~?
EOF
RUN

NAME=: 32bit - symbols resolving 1
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
1     0x0009dcda 0x00406108 NONE   FUNC 0    KERNEL32.dll                                  imp.DeleteCriticalSection
EOF
CMDS=<<EOF
is~DeleteCriticalSection:0
EOF
RUN

NAME=: 32bit - symbols resolving 2
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
358   0x001c2176 0x76fb05a4 NONE   FUNC 0    ntdll.dll                                     imp.RtlDeleteCriticalSection
EOF
CMDS=<<EOF
is~RtlDeleteCriticalSection:0
EOF
RUN

NAME=: 32bit - imports count
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
2031
EOF
CMDS=<<EOF
ii~?
EOF
RUN

NAME=: 32bit - imports resolving
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
17  0x00406148 NONE FUNC KERNEL32.dll                                  TerminateProcess
EOF
CMDS=<<EOF
ii~TerminateProcess~KERNEL32.dll
EOF
RUN

NAME=: 32bit - exports count
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
5441
EOF
CMDS=<<EOF
iE~?
EOF
RUN

NAME=: 32bit - exports resolving
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
1992  0x0041f1f2 0x77802620 GLOBAL FUNC 0    ntdll.dll      Ordinal_1
EOF
CMDS=<<EOF
iE~Ordinal_1
EOF
RUN

NAME=: 32bit - relocs count
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
2028 relocations
EOF
CMDS=<<EOF
ir~relocations
EOF
RUN

NAME=: 32bit - relocs resolving
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
0x00406160 0x0009dd32 SET_32 msvcrt.dll___dllonexit
EOF
CMDS=<<EOF
ir~__dllonexit
EOF
RUN

NAME=: 32bit - relocs following
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
            ;-- vfprintf:
            0x773e7430      8bff           mov edi, edi
            0x773e7432      55             push rbp
            0x773e7433      8bec           mov ebp, esp
            0x773e7435      ff7510         push qword [rbp + 0x10]
            0x773e7438      6a00           push 0
            0x773e743a      ff750c         push qword [rbp + 0xc]
            0x773e743d      ff7508         push qword [rbp + 8]
            0x773e7440      68fdcc3777     push 0x7737ccfd
            0x773e7445      e800feffff     call 0x773e724a
            0x773e744a      83c414         add esp, 0x14
            0x773e744d      5d             pop rbp
            0x773e744e      c3             ret
EOF
CMDS=<<EOF
pd 12 @[0x004061cc]
EOF
RUN

NAME=: 32bit - strings count
FILE=../bins/mdmp/hello.dmp
EXPECT=<<EOF
10281
EOF
CMDS=<<EOF
iz~?
EOF
RUN

NAME=: 64bit - libraries count
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
[Linked libraries]
49 libraries
EOF
CMDS=<<EOF
il~libraries
EOF
RUN

NAME=: 64bit - libraries resolving
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
[0x00400000] - kernel32.dll
EOF
CMDS=<<EOF
il~kernel32.dll
EOF
RUN

NAME=: 64bit - entrypoints count
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
5 entrypoints
EOF
CMDS=<<EOF
ie~entrypoints
EOF
RUN

NAME=: 64bit - entrypoints resolving
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
vaddr=0x00401500 paddr=0x0009418f haddr=0x00092d37 type=program
EOF
CMDS=<<EOF
ie~0x00401500
EOF
RUN

NAME=: 64bit - symbols count
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
6827
EOF
CMDS=<<EOF
is~?
EOF
RUN

NAME=: 64bit - symbols resolving 1
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
1     0x0009ae8b 0x004081fc    NONE   FUNC 0    KERNEL32.dll                                  imp.DeleteCriticalSection
EOF
CMDS=<<EOF
is~imp.DeleteCriticalSection~KERNEL32.dll
EOF
RUN

NAME=: 64bit - symbols resolving 2
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
8     0x001eb87f 0x77728bf0    GLOBAL FUNC 0    ntdll.dll                                     A_SHAFinal
EOF
CMDS=<<EOF
is~A_SHAFinal
EOF
RUN

NAME=: 64bit - imports count
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
1512
EOF
CMDS=<<EOF
ii~?
EOF
RUN

NAME=: 64bit - imports resolving
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
4   0x00408214    NONE FUNC KERNEL32.dll                                  GetCurrentProcessId
EOF
CMDS=<<EOF
ii~KERNEL32.dll~GetCurrentProcessId
EOF
RUN

NAME=: 64bit - exports count
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
5318
EOF
CMDS=<<EOF
iE~?
EOF
RUN

NAME=: 64bit - exports resolving
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
38    0x0029513f 0x777d24b0    GLOBAL FUNC 0    ntdll.dll      CsrVerifyRegion
EOF
CMDS=<<EOF
iE~CsrVerifyRegion
EOF
RUN

NAME=: 64bit - relocs count
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
1509 relocations
EOF
CMDS=<<EOF
ir~relocations
EOF
RUN

NAME=: 64bit - relocs resolving
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
0x004081fc    0x0009ae8b SET_64 KERNEL32.dll_DeleteCriticalSection
EOF
CMDS=<<EOF
ir~KERNEL32.dll_DeleteCriticalSection
EOF
RUN

NAME=: 64bit - relocs following
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
            ;-- vfprintf:
            0x7fefdb0a1a4      4883ec38       sub rsp, 0x38
            0x7fefdb0a1a8      4c89442420     mov qword [rsp + 0x20], r8
            0x7fefdb0a1ad      4c8bc2         mov r8, rdx
            0x7fefdb0a1b0      488bd1         mov rdx, rcx
            0x7fefdb0a1b3      488d0dea7ffa.  lea rcx, [0x7fefdab21a4]
            0x7fefdb0a1ba      4533c9         xor r9d, r9d
            0x7fefdb0a1bd      e87efdffff     call 0x7fefdb09f40
            0x7fefdb0a1c2      4883c438       add rsp, 0x38
            0x7fefdb0a1c6      c3             ret
EOF
CMDS=<<EOF
pd 9 @[0x004083ac]
EOF
RUN

NAME=: 64bit - strings count
FILE=../bins/mdmp/hello64.dmp
EXPECT=<<EOF
22898
EOF
CMDS=<<EOF
iz~?
EOF
RUN

NAME=: reload file
FILE=../bins/mdmp/calc.dmp
EXPECT=<<EOF
ok
EOF
CMDS=<<EOF
ib
?e ok
EOF
RUN
