tests: add feature tests for idalib

[williballenthin]

closes #2740

TODO:

• integrate with CI/CD
• triage failures

Checklist

• No CHANGELOG update needed

• No documentation update needed

[github-actions]

Please add bug fixes, new features, breaking changes and anything else you think is worthwhile mentioning to the master (unreleased) section of CHANGELOG.md. If no CHANGELOG update is needed add the following to the PR description: [x] No CHANGELOG update needed

CHANGELOG updated or no update needed, thanks! 😄

[williballenthin]

Results (524.69s (0:08:44)):
     155 passed
      15 failed
         - tests/test_idalib_features.py:23 test_idalib_features[al-khaser x64-function=0x14004B4F0-api(__vcrt_GetModuleHandle)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[kernel32-64-function=0x1800202B0-api(RtlCaptureContext)-True0]
         - tests/test_idalib_features.py:23 test_idalib_features[kernel32-64-function=0x1800202B0-api(RtlCaptureContext)-True1]
         - tests/test_idalib_features.py:23 test_idalib_features[pma12-04-file-characteristic(embedded pe)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[pma16-01-function=0x404356-os(windows)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[pma16-01-function=0x404356-arch(i386)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[pma16-01-function=0x404356-format(pe)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[pma16-01-function=0x404356,bb=0x4043B9-os(windows)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[pma16-01-function=0x404356,bb=0x4043B9-arch(i386)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[2bf18d-function=0x4027b3,bb=0x402861,insn=0x40286d-api(__GI_connect)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[2bf18d-function=0x4027b3,bb=0x402861,insn=0x40286d-api(connect)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[2bf18d-function=0x4027b3,bb=0x402861,insn=0x40286d-api(__libc_connect)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[2bf18d-function=0x4088a4-function-name(__GI_connect)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[2bf18d-function=0x4088a4-function-name(connect)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[2bf18d-function=0x4088a4-function-name(__libc_connect)-True]

[williballenthin]

         - tests/test_idalib_features.py:23 test_idalib_features[2bf18d-function=0x4088a4-function-name(__GI_connect)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[2bf18d-function=0x4088a4-function-name(connect)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[2bf18d-function=0x4088a4-function-name(__libc_connect)-True]

need to figure out how to extract "alternative names":

and propagate to callers:

---

also, the connect function isn't recognized as a lib function, so its name isn't being extracted (the symbol comes from symtab, not FLIRT). the ida extractor should extract all names that don't look like sub_*.

[williballenthin]

       - tests/test_idalib_features.py:23 test_idalib_features[pma16-01-function=0x404356-os(windows)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[pma16-01-function=0x404356-arch(i386)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[pma16-01-function=0x404356-format(pe)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[pma16-01-function=0x404356,bb=0x4043B9-os(windows)-True]
         - tests/test_idalib_features.py:23 test_idalib_features[pma16-01-function=0x404356,bb=0x4043B9-arch(i386)-True]

IDA recognizes this as a library function, so we'd better pick a different function: 0x401100 basic block 0x401130 for example.

[williballenthin]

         - tests/test_idalib_features.py:23 test_idalib_features[kernel32-64-function=0x1800202B0-api(RtlCaptureContext)-True0]
         - tests/test_idalib_features.py:23 test_idalib_features[kernel32-64-function=0x1800202B0-api(RtlCaptureContext)-True1]

this is due to recognizing the containing function as _report_gsfailure (a library function) and therefore skipping analysis of it, which is correct behavior.

---

note there's a dup here in the test cases, we should de-dup.

[williballenthin]

need to figure out how to extract "alternative names"

apparently "Alternative Names" are just stored in the function comment:

  def get_alternative_names(ea):
      """Get all alternative names for an address."""
      alt_names = []

      # Check indented comment
      cmt = ida_bytes.get_cmt(ea, False)  # False = non-repeatable
      if cmt:
          for line in cmt.split('\n'):
              if line.startswith("Alternative name is '") and line.endswith("'"):
                  name = line[21:-1]  # Extract name between quotes
                  alt_names.append(name)

      # Check function comment
      pfn = ida_funcs.get_func(ea)
      if pfn:
          func_cmt = ida_funcs.get_func_cmt(pfn, False)
          if func_cmt:
              for line in func_cmt.split('\n'):
                  if line.startswith("Alternative name is '") and line.endswith("'"):
                      name = line[21:-1]
                      alt_names.append(name)

      return alt_names

[williballenthin]

         - tests/test_idalib_features.py:23 test_idalib_features[al-khaser x64-function=0x14004B4F0-api(__vcrt_GetModuleHandle)-True]

this is due to IDA correctly identifying a library function and therefore not analyzing it: