NAME=: open
FILE=bins/mdmp/calc.dmp
CMDS=i~format
EXPECT=<<EOF
format   mdmp
EOF
RUN

NAME=: info
FILE=bins/mdmp/calc.dmp
CMDS=iI
EXPECT=<<EOF
arch     x86
baddr    0xffffffffffffffff
binsz    36724
bintype  mdmp
bits     64
canary   false
retguard false
crypto   false
endian   little
flags    0x00040000
havecode true
hdr.csum 0x00000000
laddr    0x0
linenum  false
lsyms    false
machine  AMD64
nx       false
os       Windows NT Workstation 6.1.7601
pic      false
relocs   false
rpath    NONE
sanitize false
static   true
streams  13
stripped false
va       true
EOF
RUN

NAME=: sections
FILE=bins/mdmp/calc.dmp
CMDS=iS~calc
EXPECT=<<EOF
9   0x00000000   0xe3000 0xfffe0000      0xe3000 ---- C:\Windows\System32\calc.exe
EOF
RUN

NAME=: entrypoints nomem .dmp
FILE=bins/mdmp/calc.dmp
CMDS=ie
EXPECT=<<EOF
[Entrypoints]

0 entrypoints
EOF
RUN

NAME=: resolve vaddr to paddr
FILE=bins/mdmp/hello.dmp
CMDS=px 64 @ 0x00400000
EXPECT=<<EOF
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x00400000  4d5a 9000 0300 0000 0400 0000 ffff 0000  MZ..............
0x00400010  b800 0000 0000 0000 4000 0000 0000 0000  ........@.......
0x00400020  0000 0000 0000 0000 0000 0000 0000 0000  ................
0x00400030  0000 0000 0000 0000 0000 0000 8000 0000  ................
EOF
RUN

NAME=: test format definitions
FILE=bins/mdmp/hello.dmp
ARGS=-nn
CMDS=pf.
EXPECT=<<EOF
pf.mdmp_directory [4]E? (mdmp_stream_type)StreamType (mdmp_location_descriptor)Location
pf.mdmp_exception [4]E[4]Eqqdd[15]q (mdmp_exception_code)ExceptionCode (mdmp_exception_flags)ExceptionFlags ExceptionRecord ExceptionAddress NumberParameters __UnusedAlignment ExceptionInformation
pf.mdmp_exception_stream dd?? ThreadId __Alignment (mdmp_exception)ExceptionRecord (mdmp_location_descriptor)ThreadContext
pf.mdmp_header [4]zddddt[8]B Signature Version NumberOfStreams StreamDirectoryRVA CheckSum TimeDateStamp (mdmp_type)Flags
pf.mdmp_location_descriptor dd DataSize RVA
pf.mdmp_location_descriptor64 qq DataSize RVA
pf.mdmp_memory64_list qq[83]? NumberOfMemoryRanges BaseRva (mdmp_memory_descriptor64)MemoryRanges
pf.mdmp_memory_descriptor q? StartOfMemoryRange (mdmp_location_descriptor)Memory
pf.mdmp_memory_descriptor64 qq StartOfMemoryRange DataSize
pf.mdmp_memory_info qq[4]Edq[4]E[4]E[4]Ed BaseAddress AllocationBase (mdmp_page_protect)AllocationProtect __Alignment1 RegionSize (mdmp_mem_state)State (mdmp_page_protect)Protect (mdmp_mem_type)Type __Alignment2
pf.mdmp_memory_info_list ddq[127]? SizeOfHeader SizeOfEntry NumberOfEntries (mdmp_memory_info)MemoryInfo
pf.mdmp_misc_info d[4]Bdtttddddd SizeOfInfo (mdmp_misc1_flags)Flags1 ProcessId ProcessCreateTime ProcessUserTime ProcessKernelTime ProcessorMaxMhz ProcessorCurrentMhz ProcessorMhzLimit ProcessorMaxIdleState ProcessorCurrentIdleState
pf.mdmp_module qddtd???qq BaseOfImage SizeOfImage CheckSum TimeDateStamp ModuleNameRVA (mdmp_vs_fixedfileinfo)VersionInfo (mdmp_location_descriptor)CvRecord (mdmp_location_descriptor)MiscRecord Reserved0 Reserved1
pf.mdmp_module_list d[10]? NumberOfModule (mdmp_module)Modules
pf.mdmp_string dZ Length Buffer
pf.mdmp_system_info [2]EwwbBddd[4]Ed[2]Ew[2]q (mdmp_processor_architecture)ProcessorArchitecture ProcessorLevel ProcessorRevision NumberOfProcessors (mdmp_product_type)ProductType MajorVersion MinorVersion BuildNumber (mdmp_platform_id)PlatformId CsdVersionRva (mdmp_suite_mask)SuiteMask Reserved2 ProcessorFeatures
pf.mdmp_thread ddddq?? ThreadId SuspendCount PriorityClass Priority Teb (mdmp_memory_descriptor)Stack (mdmp_location_descriptor)ThreadContext
pf.mdmp_thread_list d[1]? NumberOfThreads (mdmp_thread)Threads
pf.mdmp_token_info ddq TokenSize TokenId TokenHandle
pf.mdmp_token_info_list dddd TokenListSize TokenListEntries ListHeaderSize ElementHeaderSize
pf.mdmp_vs_fixedfileinfo ddddddddddddd dwSignature dwStrucVersion dwFileVersionMs dwFileVersionLs dwProductVersionMs dwProductVersionLs dwFileFlagsMask dwFileFlags dwFileOs dwFileType dwFileSubtype dwFileDateMs dwFileDateLs
EOF
RUN

NAME=: 32bit - libraries count
FILE=bins/mdmp/hello.dmp
CMDS=il~libraries
EXPECT=<<EOF
[Linked libraries]
57 libraries
EOF
RUN

NAME=: 32bit - libraries resolving
FILE=bins/mdmp/hello.dmp
CMDS=il~kernel32.dll
EXPECT=<<EOF
[0x00400000] - kernel32.dll
EOF
RUN

NAME=: 32bit - entrypoints count
FILE=bins/mdmp/hello.dmp
CMDS=<<EOF
ie~entrypoints
iee~entrypoints
EOF
EXPECT=<<EOF
9 entrypoints
2 entrypoints
EOF
RUN

NAME=: 32bit - entrypoints resolving
FILE=bins/mdmp/hello.dmp
CMDS=ie~0x004014e0
EXPECT=<<EOF
vaddr=0x004014e0 paddr=0x000990b2 haddr=0x00097c7a type=program
EOF
RUN

NAME=: 32bit - symbols count
FILE=bins/mdmp/hello.dmp
CMDS=is~?
EXPECT=<<EOF
7469
EOF
RUN

NAME=: 32bit - symbols resolving 1
FILE=bins/mdmp/hello.dmp
CMDS=is~DeleteCriticalSection:0
EXPECT=<<EOF
1    0x0009dcda 0x00406108 NONE   FUNC 0    KERNEL32.dll                                  imp.DeleteCriticalSection
EOF
RUN

NAME=: 32bit - symbols resolving 2
FILE=bins/mdmp/hello.dmp
CMDS=is~RtlDeleteCriticalSection:0
EXPECT=<<EOF
358  0x001c2176 0x76fb05a4 NONE   FUNC 0    ntdll.dll                                     imp.RtlDeleteCriticalSection
EOF
RUN

NAME=: 32bit - imports count
FILE=bins/mdmp/hello.dmp
CMDS=ii~?
EXPECT=<<EOF
2031
EOF
RUN

NAME=: 32bit - imports resolving
FILE=bins/mdmp/hello.dmp
CMDS=ii~TerminateProcess~KERNEL32.dll
EXPECT=<<EOF
17  0x00406148 NONE FUNC KERNEL32.dll                                  TerminateProcess
EOF
RUN

NAME=: 32bit - exports count
FILE=bins/mdmp/hello.dmp
CMDS=iE~?
EXPECT=<<EOF
5441
EOF
RUN

NAME=: 32bit - exports resolving
FILE=bins/mdmp/hello.dmp
CMDS=iE~Ordinal_1
EXPECT=<<EOF
1    0x0041f1f2 0x77802620 GLOBAL FUNC 0    ntdll.dll      Ordinal_1
EOF
RUN

NAME=: 32bit - relocs count
FILE=bins/mdmp/hello.dmp
CMDS=ir~relocations
EXPECT=<<EOF
2028 relocations
EOF
RUN

NAME=: 32bit - relocs resolving
FILE=bins/mdmp/hello.dmp
CMDS=ir~__dllonexit
EXPECT=<<EOF
0x00406160 0x0009dd32 SET_32 msvcrt.dll___dllonexit
EOF
RUN

NAME=: 32bit - relocs following
FILE=bins/mdmp/hello.dmp
CMDS=pd 12 @[0x004061cc]
EXPECT=<<EOF
            ;-- vfprintf:
            0x773e7430      8bff           mov edi, edi
            0x773e7432      55             push rbp
            0x773e7433      8bec           mov ebp, esp
            0x773e7435      ff7510         push qword [rbp + 0x10]
            0x773e7438      6a00           push 0
            0x773e743a      ff750c         push qword [rbp + 0xc]
            0x773e743d      ff7508         push qword [rbp + 8]
            0x773e7440      68fdcc3777     push 0x7737ccfd
            0x773e7445      e800feffff     call 0x773e724a
            0x773e744a      83c414         add esp, 0x14
            0x773e744d      5d             pop rbp
            0x773e744e      c3             ret
EOF
RUN

NAME=: 32bit - strings count
FILE=bins/mdmp/hello.dmp
CMDS=iz~?
EXPECT=<<EOF
10277
EOF
RUN

NAME=: 64bit - libraries count
FILE=bins/mdmp/hello64.dmp
CMDS=il~libraries
EXPECT=<<EOF
[Linked libraries]
49 libraries
EOF
RUN

NAME=: 64bit - libraries resolving
FILE=bins/mdmp/hello64.dmp
CMDS=il~kernel32.dll
EXPECT=<<EOF
[0x00400000] - kernel32.dll
EOF
RUN

NAME=: 64bit - entrypoints count
FILE=bins/mdmp/hello64.dmp
CMDS=ie~entrypoints
EXPECT=<<EOF
5 entrypoints
EOF
RUN

NAME=: 64bit - entrypoints resolving
FILE=bins/mdmp/hello64.dmp
CMDS=ie~0x00401500
EXPECT=<<EOF
vaddr=0x00401500 paddr=0x0009418f haddr=0x00092d37 type=program
EOF
RUN

NAME=: 64bit - symbols count
FILE=bins/mdmp/hello64.dmp
CMDS=is~?
EXPECT=<<EOF
6827
EOF
RUN

NAME=: 64bit - symbols resolving 1
FILE=bins/mdmp/hello64.dmp
CMDS=is~imp.DeleteCriticalSection~KERNEL32.dll
EXPECT=<<EOF
1    0x0009ae8b 0x004081fc    NONE   FUNC 0    KERNEL32.dll                                  imp.DeleteCriticalSection
EOF
RUN

NAME=: 64bit - symbols resolving 2
FILE=bins/mdmp/hello64.dmp
CMDS=is~A_SHAFinal
EXPECT=<<EOF
9    0x001eb87f 0x77728bf0    GLOBAL FUNC 0    ntdll.dll                                     A_SHAFinal
EOF
RUN

NAME=: 64bit - imports count
FILE=bins/mdmp/hello64.dmp
CMDS=ii~?
EXPECT=<<EOF
1512
EOF
RUN

NAME=: 64bit - imports resolving
FILE=bins/mdmp/hello64.dmp
CMDS=ii~KERNEL32.dll~GetCurrentProcessId
EXPECT=<<EOF
4   0x00408214    NONE FUNC KERNEL32.dll                                  GetCurrentProcessId
EOF
RUN

NAME=: 64bit - exports count
FILE=bins/mdmp/hello64.dmp
CMDS=iE~?
EXPECT=<<EOF
5318
EOF
RUN

NAME=: 64bit - exports resolving
FILE=bins/mdmp/hello64.dmp
CMDS=iE~CsrVerifyRegion
EXPECT=<<EOF
39   0x0029513f 0x777d24b0    GLOBAL FUNC 0    ntdll.dll      CsrVerifyRegion
EOF
RUN

NAME=: 64bit - relocs count
FILE=bins/mdmp/hello64.dmp
CMDS=ir~relocations
EXPECT=<<EOF
1509 relocations
EOF
RUN

NAME=: 64bit - relocs resolving
FILE=bins/mdmp/hello64.dmp
CMDS=ir~KERNEL32.dll_DeleteCriticalSection
EXPECT=<<EOF
0x004081fc    0x0009ae8b SET_64 KERNEL32.dll_DeleteCriticalSection
EOF
RUN

NAME=: 64bit - relocs following
FILE=bins/mdmp/hello64.dmp
CMDS=pd 9 @[0x004083ac]
EXPECT=<<EOF
            ;-- vfprintf:
            0x7fefdb0a1a4      4883ec38       sub rsp, 0x38
            0x7fefdb0a1a8      4c89442420     mov qword [rsp + 0x20], r8
            0x7fefdb0a1ad      4c8bc2         mov r8, rdx
            0x7fefdb0a1b0      488bd1         mov rdx, rcx
            0x7fefdb0a1b3      488d0dea7ffa.  lea rcx, [0x7fefdab21a4]
            0x7fefdb0a1ba      4533c9         xor r9d, r9d
            0x7fefdb0a1bd      e87efdffff     call 0x7fefdb09f40
            0x7fefdb0a1c2      4883c438       add rsp, 0x38
            0x7fefdb0a1c6      c3             ret
EOF
RUN

NAME=: 64bit - strings count
FILE=bins/mdmp/hello64.dmp
CMDS=iz~?
EXPECT=<<EOF
22901
EOF
RUN

NAME=: reload file
FILE=bins/mdmp/calc.dmp
CMDS=<<EOF
ib
?e ok
EOF
EXPECT=<<EOF
ok
EOF
RUN
