merge from upstream
This commit is contained in:
Chris Eagle
@ -62,9 +62,14 @@ type UcOptions struct {
|
|||||||
Timeout, Count uint64
|
Timeout, Count uint64
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewUnicorn(arch, mode int) (Unicorn, error) {
|
func Version() (int, int) {
|
||||||
var major, minor C.uint
|
var major, minor C.uint
|
||||||
C.uc_version(&major, &minor)
|
C.uc_version(&major, &minor)
|
||||||
|
return int(major), int(minor)
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewUnicorn(arch, mode int) (Unicorn, error) {
|
||||||
|
major, minor := Version()
|
||||||
if major != C.UC_API_MAJOR || minor != C.UC_API_MINOR {
|
if major != C.UC_API_MAJOR || minor != C.UC_API_MINOR {
|
||||||
return nil, UcError(ERR_VERSION)
|
return nil, UcError(ERR_VERSION)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -36,7 +36,7 @@ public class Sample_x86_mmr {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// map 4k
|
// map 4k
|
||||||
uc.mem_map(ADDRESS, 0x1000, Unicorn.UC_PROT_ALL);
|
uc.mem_map(0x400000, 0x1000, Unicorn.UC_PROT_ALL);
|
||||||
|
|
||||||
X86_MMR ldtr1 = new X86_MMR(0x1111111122222222L, 0x33333333, 0x44444444, (short)0x5555);
|
X86_MMR ldtr1 = new X86_MMR(0x1111111122222222L, 0x33333333, 0x44444444, (short)0x5555);
|
||||||
X86_MMR ldtr2;
|
X86_MMR ldtr2;
|
||||||
|
|||||||
@ -519,7 +519,7 @@ JNIEXPORT jlong JNICALL Java_unicorn_Unicorn_registerHook__JI
|
|||||||
if (invokeInterruptCallbacks == 0) {
|
if (invokeInterruptCallbacks == 0) {
|
||||||
invokeInterruptCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeInterruptCallbacks", "(JI)V");
|
invokeInterruptCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeInterruptCallbacks", "(JI)V");
|
||||||
}
|
}
|
||||||
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_hookintr, env);
|
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_hookintr, env, 1, 0);
|
||||||
break;
|
break;
|
||||||
case UC_HOOK_MEM_FETCH_UNMAPPED: // Hook for all invalid memory access events
|
case UC_HOOK_MEM_FETCH_UNMAPPED: // Hook for all invalid memory access events
|
||||||
case UC_HOOK_MEM_READ_UNMAPPED: // Hook for all invalid memory access events
|
case UC_HOOK_MEM_READ_UNMAPPED: // Hook for all invalid memory access events
|
||||||
@ -530,7 +530,7 @@ JNIEXPORT jlong JNICALL Java_unicorn_Unicorn_registerHook__JI
|
|||||||
if (invokeEventMemCallbacks == 0) {
|
if (invokeEventMemCallbacks == 0) {
|
||||||
invokeEventMemCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeEventMemCallbacks", "(JIJIJ)Z");
|
invokeEventMemCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeEventMemCallbacks", "(JIJIJ)Z");
|
||||||
}
|
}
|
||||||
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_eventmem, env);
|
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_eventmem, env, 1, 0);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return (jlong)hh;
|
return (jlong)hh;
|
||||||
@ -552,18 +552,18 @@ JNIEXPORT jlong JNICALL Java_unicorn_Unicorn_registerHook__JII
|
|||||||
if (invokeOutCallbacks == 0) {
|
if (invokeOutCallbacks == 0) {
|
||||||
invokeOutCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeOutCallbacks", "(JIII)V");
|
invokeOutCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeOutCallbacks", "(JIII)V");
|
||||||
}
|
}
|
||||||
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_insn_out, env, arg1);
|
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_insn_out, env, 1, 0, arg1);
|
||||||
case UC_X86_INS_IN:
|
case UC_X86_INS_IN:
|
||||||
if (invokeInCallbacks == 0) {
|
if (invokeInCallbacks == 0) {
|
||||||
invokeInCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeInCallbacks", "(JII)I");
|
invokeInCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeInCallbacks", "(JII)I");
|
||||||
}
|
}
|
||||||
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_insn_in, env, arg1);
|
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_insn_in, env, 1, 0, arg1);
|
||||||
case UC_X86_INS_SYSENTER:
|
case UC_X86_INS_SYSENTER:
|
||||||
case UC_X86_INS_SYSCALL:
|
case UC_X86_INS_SYSCALL:
|
||||||
if (invokeSyscallCallbacks == 0) {
|
if (invokeSyscallCallbacks == 0) {
|
||||||
invokeSyscallCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeSyscallCallbacks", "(J)V");
|
invokeSyscallCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeSyscallCallbacks", "(J)V");
|
||||||
}
|
}
|
||||||
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_insn_syscall, env, arg1);
|
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_insn_syscall, env, 1, 0, arg1);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -584,25 +584,25 @@ JNIEXPORT jlong JNICALL Java_unicorn_Unicorn_registerHook__JIJJ
|
|||||||
if (invokeCodeCallbacks == 0) {
|
if (invokeCodeCallbacks == 0) {
|
||||||
invokeCodeCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeCodeCallbacks", "(JJI)V");
|
invokeCodeCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeCodeCallbacks", "(JJI)V");
|
||||||
}
|
}
|
||||||
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_hookcode, env, arg1, arg2);
|
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_hookcode, env, 1, 0, arg1, arg2);
|
||||||
break;
|
break;
|
||||||
case UC_HOOK_BLOCK: // Hook basic blocks
|
case UC_HOOK_BLOCK: // Hook basic blocks
|
||||||
if (invokeBlockCallbacks == 0) {
|
if (invokeBlockCallbacks == 0) {
|
||||||
invokeBlockCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeBlockCallbacks", "(JJI)V");
|
invokeBlockCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeBlockCallbacks", "(JJI)V");
|
||||||
}
|
}
|
||||||
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_hookblock, env, arg1, arg2);
|
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_hookblock, env, 1, 0, arg1, arg2);
|
||||||
break;
|
break;
|
||||||
case UC_HOOK_MEM_READ: // Hook all memory read events.
|
case UC_HOOK_MEM_READ: // Hook all memory read events.
|
||||||
if (invokeReadCallbacks == 0) {
|
if (invokeReadCallbacks == 0) {
|
||||||
invokeReadCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeReadCallbacks", "(JJI)V");
|
invokeReadCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeReadCallbacks", "(JJI)V");
|
||||||
}
|
}
|
||||||
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_hookmem, env, arg1, arg2);
|
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_hookmem, env, 1, 0, arg1, arg2);
|
||||||
break;
|
break;
|
||||||
case UC_HOOK_MEM_WRITE: // Hook all memory write events.
|
case UC_HOOK_MEM_WRITE: // Hook all memory write events.
|
||||||
if (invokeWriteCallbacks == 0) {
|
if (invokeWriteCallbacks == 0) {
|
||||||
invokeWriteCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeWriteCallbacks", "(JJIJ)V");
|
invokeWriteCallbacks = (*env)->GetStaticMethodID(env, clz, "invokeWriteCallbacks", "(JJIJ)V");
|
||||||
}
|
}
|
||||||
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_hookmem, env, arg1, arg2);
|
err = uc_hook_add((uc_engine*)eng, &hh, (uc_hook_type)type, cb_hookmem, env, 1, 0, arg1, arg2);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return (jlong)hh;
|
return (jlong)hh;
|
||||||
|
|||||||
@ -26,7 +26,6 @@ VALUE m_uc_reg_write(VALUE self, VALUE reg_id, VALUE reg_value);
|
|||||||
VALUE m_uc_mem_read(VALUE self, VALUE address, VALUE size);
|
VALUE m_uc_mem_read(VALUE self, VALUE address, VALUE size);
|
||||||
VALUE m_uc_mem_write(VALUE self, VALUE address, VALUE bytes);
|
VALUE m_uc_mem_write(VALUE self, VALUE address, VALUE bytes);
|
||||||
VALUE m_uc_mem_map(int argc, VALUE* argv, VALUE self);
|
VALUE m_uc_mem_map(int argc, VALUE* argv, VALUE self);
|
||||||
//VALUE m_uc_mem_map_ptr(VALUE self, VALUE address, VALUE size, VALUE perms, VALUE ptr);
|
|
||||||
VALUE m_uc_mem_unmap(VALUE self, VALUE address, VALUE size);
|
VALUE m_uc_mem_unmap(VALUE self, VALUE address, VALUE size);
|
||||||
VALUE m_uc_mem_protect(VALUE self, VALUE address, VALUE size, VALUE perms);
|
VALUE m_uc_mem_protect(VALUE self, VALUE address, VALUE size, VALUE perms);
|
||||||
VALUE m_uc_hook_add(int argc, VALUE* argv, VALUE self);
|
VALUE m_uc_hook_add(int argc, VALUE* argv, VALUE self);
|
||||||
|
|||||||
@ -63,8 +63,6 @@
|
|||||||
|
|
||||||
#include "uc_priv.h"
|
#include "uc_priv.h"
|
||||||
|
|
||||||
#define USE_STATIC_CODE_GEN_BUFFER
|
|
||||||
|
|
||||||
//#define DEBUG_TB_INVALIDATE
|
//#define DEBUG_TB_INVALIDATE
|
||||||
//#define DEBUG_FLUSH
|
//#define DEBUG_FLUSH
|
||||||
/* make various TB consistency checks */
|
/* make various TB consistency checks */
|
||||||
@ -501,7 +499,7 @@ static inline PageDesc *page_find(struct uc_struct *uc, tb_page_addr_t index)
|
|||||||
# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
|
# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
|
#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (8 * 1024 * 1024)
|
||||||
|
|
||||||
#define DEFAULT_CODE_GEN_BUFFER_SIZE \
|
#define DEFAULT_CODE_GEN_BUFFER_SIZE \
|
||||||
(DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
|
(DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
|
||||||
@ -520,7 +518,7 @@ static inline size_t size_code_gen_buffer(struct uc_struct *uc, size_t tb_size)
|
|||||||
/* ??? If we relax the requirement that CONFIG_USER_ONLY use the
|
/* ??? If we relax the requirement that CONFIG_USER_ONLY use the
|
||||||
static buffer, we could size this on RESERVED_VA, on the text
|
static buffer, we could size this on RESERVED_VA, on the text
|
||||||
segment size of the executable, or continue to use the default. */
|
segment size of the executable, or continue to use the default. */
|
||||||
tb_size = (unsigned long)(uc->ram_size / 4);
|
tb_size = (unsigned long)DEFAULT_CODE_GEN_BUFFER_SIZE;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
|
if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
|
||||||
|
|||||||
@ -75,7 +75,7 @@ ARCHIVE = $(LIBDIR)/lib$(LIBNAME).$(AR_EXT)
|
|||||||
endif
|
endif
|
||||||
endif
|
endif
|
||||||
|
|
||||||
.PHONY: all clean
|
.PHONY: all clean clean_bins clean_libs
|
||||||
|
|
||||||
UNICORN_ARCHS := $(shell if [ -e ../config.log ]; then cat ../config.log;\
|
UNICORN_ARCHS := $(shell if [ -e ../config.log ]; then cat ../config.log;\
|
||||||
else printf "$(UNICORN_ARCHS)"; fi)
|
else printf "$(UNICORN_ARCHS)"; fi)
|
||||||
@ -110,13 +110,17 @@ OBJS = $(addprefix $(OBJDIR)/,$(SOURCES:.c=.o))
|
|||||||
OBJS_ELF = $(addprefix $(OBJDIR)/,$(SOURCES:.c=))
|
OBJS_ELF = $(addprefix $(OBJDIR)/,$(SOURCES:.c=))
|
||||||
BINARY = $(addprefix $(SAMPLEDIR)/,$(SOURCES:.c=$(BIN_EXT)))
|
BINARY = $(addprefix $(SAMPLEDIR)/,$(SOURCES:.c=$(BIN_EXT)))
|
||||||
|
|
||||||
all: $(BINARY)
|
all: clean_bins $(BINARY)
|
||||||
|
|
||||||
clean:
|
clean_bins:
|
||||||
rm -rf *.o $(OBJS_ELF) $(BINARY) $(SAMPLEDIR)/*.exe $(SAMPLEDIR)/*.static $(OBJDIR)/lib$(LIBNAME)* $(OBJDIR)/$(LIBNAME)*
|
rm -rf *.o $(OBJS_ELF) $(BINARY) $(SAMPLEDIR)/*.exe $(SAMPLEDIR)/*.static $(OBJDIR)/lib$(LIBNAME)* $(OBJDIR)/$(LIBNAME)*
|
||||||
rm -rf libunicorn*.so libunicorn*.lib libunicorn*.dylib unicorn*.dll unicorn*.lib
|
|
||||||
rm -rf sample_x86 sample_arm sample_arm64 sample_mips sample_sparc sample_ppc sample_m68k shellcode mem_apis sample_x86_32_gdt_and_seg_regs
|
rm -rf sample_x86 sample_arm sample_arm64 sample_mips sample_sparc sample_ppc sample_m68k shellcode mem_apis sample_x86_32_gdt_and_seg_regs
|
||||||
|
|
||||||
|
clean_libs:
|
||||||
|
rm -rf libunicorn*.so libunicorn*.lib libunicorn*.dylib unicorn*.dll unicorn*.lib
|
||||||
|
|
||||||
|
clean: clean_bins clean_libs
|
||||||
|
|
||||||
$(BINARY): $(OBJS)
|
$(BINARY): $(OBJS)
|
||||||
|
|
||||||
$(SAMPLEDIR)/%$(BIN_EXT): $(OBJDIR)/%.o
|
$(SAMPLEDIR)/%$(BIN_EXT): $(OBJDIR)/%.o
|
||||||
|
|||||||
@ -154,10 +154,7 @@ static void gdt_demo() {
|
|||||||
uc_hook hook1, hook2;
|
uc_hook hook1, hook2;
|
||||||
uc_err err;
|
uc_err err;
|
||||||
uint8_t buf[128];
|
uint8_t buf[128];
|
||||||
uc_x86_mmr idtr;
|
|
||||||
uc_x86_mmr gdtr;
|
uc_x86_mmr gdtr;
|
||||||
uc_x86_mmr ldtr;
|
|
||||||
uc_x86_mmr tr;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
bits 32
|
bits 32
|
||||||
|
|||||||
@ -65,7 +65,7 @@ int main() {
|
|||||||
|
|
||||||
uc_hook h1, h2;
|
uc_hook h1, h2;
|
||||||
|
|
||||||
err = uc_hook_add(uc, &h1, UC_HOOK_BLOCK, cb_hookblock, NULL, (uint64_t)1, (uint64_t)0);
|
err = uc_hook_add(uc, &h1, UC_HOOK_BLOCK, cb_hookblock, NULL, 1, 0);
|
||||||
if (err != UC_ERR_OK) {
|
if (err != UC_ERR_OK) {
|
||||||
fprintf(stderr, "not ok %d - %s\n", count++, uc_strerror(err));
|
fprintf(stderr, "not ok %d - %s\n", count++, uc_strerror(err));
|
||||||
exit(0);
|
exit(0);
|
||||||
|
|||||||
@ -120,10 +120,10 @@ static void VM_exec()
|
|||||||
uc_reg_write(uc, UC_X86_REG_EDI, &r_edi);
|
uc_reg_write(uc, UC_X86_REG_EDI, &r_edi);
|
||||||
uc_reg_write(uc, UC_X86_REG_EFLAGS, &eflags);
|
uc_reg_write(uc, UC_X86_REG_EFLAGS, &eflags);
|
||||||
|
|
||||||
uc_hook_add(uc, &trace1, UC_HOOK_MEM_READ_UNMAPPED | UC_HOOK_MEM_WRITE_UNMAPPED, (void *)hook_invalid_mem, NULL);
|
uc_hook_add(uc, &trace1, UC_HOOK_MEM_READ_UNMAPPED | UC_HOOK_MEM_WRITE_UNMAPPED, (void *)hook_invalid_mem, NULL, 1, 0);
|
||||||
|
|
||||||
// tracing all instruction by having @begin > @end
|
// tracing all instruction by having @begin > @end
|
||||||
uc_hook_add(uc, &trace2, UC_HOOK_CODE, (void *)hook_ins, NULL, (uint64_t)1, (uint64_t)0);
|
uc_hook_add(uc, &trace2, UC_HOOK_CODE, (void *)hook_ins, NULL, 1, 0);
|
||||||
|
|
||||||
// emulate machine code in infinite time
|
// emulate machine code in infinite time
|
||||||
err = uc_emu_start(uc, ADDRESS, ADDRESS + (sizeof(X86_CODE32) - 1), 0, 0);
|
err = uc_emu_start(uc, ADDRESS, ADDRESS + (sizeof(X86_CODE32) - 1), 0, 0);
|
||||||
|
|||||||
@ -112,7 +112,7 @@ int main() {
|
|||||||
|
|
||||||
uc_hook h1;
|
uc_hook h1;
|
||||||
|
|
||||||
err = uc_hook_add(uc, &h1, UC_HOOK_MEM_UNMAPPED, cb_hookunmapped, NULL);
|
err = uc_hook_add(uc, &h1, UC_HOOK_MEM_UNMAPPED, cb_hookunmapped, NULL, 1, 0);
|
||||||
if (err != UC_ERR_OK) {
|
if (err != UC_ERR_OK) {
|
||||||
fprintf(stderr, "not ok %d - %s\n", count++, uc_strerror(err));
|
fprintf(stderr, "not ok %d - %s\n", count++, uc_strerror(err));
|
||||||
exit(0);
|
exit(0);
|
||||||
|
|||||||
@ -98,7 +98,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
|
|
||||||
// hook all instructions by having @begin > @end
|
// hook all instructions by having @begin > @end
|
||||||
printf("uc_hook_add()\n");
|
printf("uc_hook_add()\n");
|
||||||
uc_hook_add(uc, &hhc, UC_HOOK_CODE, mips_codehook, NULL, (uint64_t)1, (uint64_t)0);
|
uc_hook_add(uc, &hhc, UC_HOOK_CODE, mips_codehook, NULL, 1, 0);
|
||||||
if( err )
|
if( err )
|
||||||
{
|
{
|
||||||
printf("Failed on uc_hook_add(code) with error returned: %u\n", err);
|
printf("Failed on uc_hook_add(code) with error returned: %u\n", err);
|
||||||
|
|||||||
@ -58,7 +58,7 @@ static void VM_exec()
|
|||||||
uc_reg_write(uc, UC_X86_REG_ESP, &r_esp); //make stack pointer point to already mapped memory so we don't need to hook.
|
uc_reg_write(uc, UC_X86_REG_ESP, &r_esp); //make stack pointer point to already mapped memory so we don't need to hook.
|
||||||
uc_reg_write(uc, UC_X86_REG_EFLAGS, &eflags);
|
uc_reg_write(uc, UC_X86_REG_EFLAGS, &eflags);
|
||||||
|
|
||||||
uc_hook_add(uc, &trace, UC_HOOK_CODE, (void *)hook_ins, NULL, (uint64_t)1, (uint64_t)0);
|
uc_hook_add(uc, &trace, UC_HOOK_CODE, (void *)hook_ins, NULL, 1, 0);
|
||||||
|
|
||||||
// emulate machine code in infinite time
|
// emulate machine code in infinite time
|
||||||
err = uc_emu_start(uc, ADDRESS, ADDRESS + (sizeof(X86_CODE32) - 1), 0, 0);
|
err = uc_emu_start(uc, ADDRESS, ADDRESS + (sizeof(X86_CODE32) - 1), 0, 0);
|
||||||
|
|||||||
@ -25,7 +25,7 @@ int main(int argc, char **argv, char **envp) {
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
uc_hook hook;
|
uc_hook hook;
|
||||||
uc_hook_add(uc, &hook, UC_HOOK_BLOCK, hook_block, NULL, (uint64_t)1, (uint64_t)0);
|
uc_hook_add(uc, &hook, UC_HOOK_BLOCK, hook_block, NULL, 1, 0);
|
||||||
printf("uc_emu_start(…)\n");
|
printf("uc_emu_start(…)\n");
|
||||||
uc_emu_start(uc, STARTING_ADDRESS, STARTING_ADDRESS + sizeof(BINARY) - 1, 0, 20);
|
uc_emu_start(uc, STARTING_ADDRESS, STARTING_ADDRESS + sizeof(BINARY) - 1, 0, 20);
|
||||||
printf("done\n");
|
printf("done\n");
|
||||||
|
|||||||
@ -205,7 +205,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
printf("ok %d - Program written to memory\n", log_num++);
|
printf("ok %d - Program written to memory\n", log_num++);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, (uint64_t)1, (uint64_t)0) != UC_ERR_OK) {
|
if (uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, 1, 0) != UC_ERR_OK) {
|
||||||
printf("not ok %d - Failed to install UC_HOOK_CODE ucr\n", log_num++);
|
printf("not ok %d - Failed to install UC_HOOK_CODE ucr\n", log_num++);
|
||||||
return 6;
|
return 6;
|
||||||
} else {
|
} else {
|
||||||
@ -213,7 +213,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// intercept memory write events
|
// intercept memory write events
|
||||||
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE, hook_mem_write, NULL, (uint64_t)1, (uint64_t)0) != UC_ERR_OK) {
|
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE, hook_mem_write, NULL, 1, 0) != UC_ERR_OK) {
|
||||||
printf("not ok %d - Failed to install UC_HOOK_MEM_WRITE ucr\n", log_num++);
|
printf("not ok %d - Failed to install UC_HOOK_MEM_WRITE ucr\n", log_num++);
|
||||||
return 7;
|
return 7;
|
||||||
} else {
|
} else {
|
||||||
@ -221,7 +221,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// intercept invalid memory events
|
// intercept invalid memory events
|
||||||
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE_PROT | UC_HOOK_MEM_FETCH_PROT, hook_mem_invalid, NULL) != UC_ERR_OK) {
|
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE_PROT | UC_HOOK_MEM_FETCH_PROT, hook_mem_invalid, NULL, 1, 0) != UC_ERR_OK) {
|
||||||
printf("not ok %d - Failed to install memory invalid handler\n", log_num++);
|
printf("not ok %d - Failed to install memory invalid handler\n", log_num++);
|
||||||
return 8;
|
return 8;
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -213,7 +213,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
printf("ok %d - Program written to memory\n", log_num++);
|
printf("ok %d - Program written to memory\n", log_num++);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, (uint64_t)1, (uint64_t)0) != UC_ERR_OK) {
|
if (uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, 1, 0) != UC_ERR_OK) {
|
||||||
printf("not ok %d - Failed to install UC_HOOK_CODE ucr\n", log_num++);
|
printf("not ok %d - Failed to install UC_HOOK_CODE ucr\n", log_num++);
|
||||||
return 5;
|
return 5;
|
||||||
} else {
|
} else {
|
||||||
@ -221,7 +221,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// intercept memory write events
|
// intercept memory write events
|
||||||
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE, hook_mem_write, NULL, (uint64_t)1, (uint64_t)0) != UC_ERR_OK) {
|
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE, hook_mem_write, NULL, 1, 0) != UC_ERR_OK) {
|
||||||
printf("not ok %d - Failed to install UC_HOOK_MEM_WRITE ucr\n", log_num++);
|
printf("not ok %d - Failed to install UC_HOOK_MEM_WRITE ucr\n", log_num++);
|
||||||
return 6;
|
return 6;
|
||||||
} else {
|
} else {
|
||||||
@ -229,7 +229,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// intercept invalid memory events
|
// intercept invalid memory events
|
||||||
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE_PROT, hook_mem_invalid, NULL) != UC_ERR_OK) {
|
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE_PROT, hook_mem_invalid, NULL, 1, 0) != UC_ERR_OK) {
|
||||||
printf("not ok %d - Failed to install memory invalid handler\n", log_num++);
|
printf("not ok %d - Failed to install memory invalid handler\n", log_num++);
|
||||||
return 7;
|
return 7;
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -208,7 +208,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
printf("ok %d - Program written to memory\n", log_num++);
|
printf("ok %d - Program written to memory\n", log_num++);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, (uint64_t)1, (uint64_t)0) != UC_ERR_OK) {
|
if (uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, 1, 0) != UC_ERR_OK) {
|
||||||
printf("not ok %d - Failed to install UC_HOOK_CODE ucr\n", log_num++);
|
printf("not ok %d - Failed to install UC_HOOK_CODE ucr\n", log_num++);
|
||||||
return 5;
|
return 5;
|
||||||
} else {
|
} else {
|
||||||
@ -216,7 +216,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// intercept memory write events
|
// intercept memory write events
|
||||||
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE, hook_mem_write, NULL, (uint64_t)1, (uint64_t)0) != UC_ERR_OK) {
|
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE, hook_mem_write, NULL, 1, 0) != UC_ERR_OK) {
|
||||||
printf("not ok %d - Failed to install UC_HOOK_MEM_WRITE ucr\n", log_num++);
|
printf("not ok %d - Failed to install UC_HOOK_MEM_WRITE ucr\n", log_num++);
|
||||||
return 6;
|
return 6;
|
||||||
} else {
|
} else {
|
||||||
@ -224,7 +224,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// intercept invalid memory events
|
// intercept invalid memory events
|
||||||
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE_UNMAPPED, hook_mem_invalid, NULL) != UC_ERR_OK) {
|
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE_UNMAPPED, hook_mem_invalid, NULL, 1, 0) != UC_ERR_OK) {
|
||||||
printf("not ok %d - Failed to install memory invalid handler\n", log_num++);
|
printf("not ok %d - Failed to install memory invalid handler\n", log_num++);
|
||||||
return 7;
|
return 7;
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -107,7 +107,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
|
|
||||||
// hook all instructions by having @begin > @end
|
// hook all instructions by having @begin > @end
|
||||||
printf("uc_hook_add()\n");
|
printf("uc_hook_add()\n");
|
||||||
uc_hook_add(uc, &hhc, UC_HOOK_CODE, mips_codehook, NULL, (uint64_t)1, (uint64_t)0);
|
uc_hook_add(uc, &hhc, UC_HOOK_CODE, mips_codehook, NULL, 1, 0);
|
||||||
if( err )
|
if( err )
|
||||||
{
|
{
|
||||||
printf("Failed on uc_hook_add(code) with error returned: %u\n", err);
|
printf("Failed on uc_hook_add(code) with error returned: %u\n", err);
|
||||||
|
|||||||
@ -100,7 +100,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// hook all instructions by having @begin > @end
|
// hook all instructions by having @begin > @end
|
||||||
uc_hook_add(uc, &hhc, UC_HOOK_CODE, mips_codehook, NULL, (uint64_t)1, (uint64_t)0);
|
uc_hook_add(uc, &hhc, UC_HOOK_CODE, mips_codehook, NULL, 1, 0);
|
||||||
if( err )
|
if( err )
|
||||||
{
|
{
|
||||||
printf("Failed on uc_hook_add(code) with error returned: %u\n", err);
|
printf("Failed on uc_hook_add(code) with error returned: %u\n", err);
|
||||||
|
|||||||
@ -25,7 +25,7 @@ int main(int argc, char **argv, char **envp) {
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
uc_hook trace;
|
uc_hook trace;
|
||||||
uc_hook_add(uc, &trace, UC_HOOK_CODE, hook_code, NULL, (uint64_t)MEMORY_STARTING_ADDRESS, (uint64_t)(MEMORY_STARTING_ADDRESS + 1));
|
uc_hook_add(uc, &trace, UC_HOOK_CODE, hook_code, NULL, MEMORY_STARTING_ADDRESS, MEMORY_STARTING_ADDRESS + 1);
|
||||||
printf("uc_emu_start(…)\n");
|
printf("uc_emu_start(…)\n");
|
||||||
uc_emu_start(uc, MEMORY_STARTING_ADDRESS, MEMORY_STARTING_ADDRESS + sizeof(BINARY_CODE) - 1, 0, 0);
|
uc_emu_start(uc, MEMORY_STARTING_ADDRESS, MEMORY_STARTING_ADDRESS + sizeof(BINARY_CODE) - 1, 0, 0);
|
||||||
printf("done\n");
|
printf("done\n");
|
||||||
|
|||||||
@ -83,10 +83,10 @@ int main(int argc, char **argv, char **envp)
|
|||||||
uc_mem_write(uc, 0x300000, (const uint8_t*)"\x41\x41\x41\x41", 4);
|
uc_mem_write(uc, 0x300000, (const uint8_t*)"\x41\x41\x41\x41", 4);
|
||||||
uc_mem_write(uc, 0x400000, (const uint8_t*)"\x42\x42\x42\x42", 4);
|
uc_mem_write(uc, 0x400000, (const uint8_t*)"\x42\x42\x42\x42", 4);
|
||||||
|
|
||||||
//uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, (uint64_t)0x400000, (uint64_t)0x400fff);
|
//uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, 0x400000, 0x400fff);
|
||||||
|
|
||||||
// intercept invalid memory events
|
// intercept invalid memory events
|
||||||
uc_hook_add(uc, &trace1, UC_MEM_READ_PROT, hook_mem_invalid, NULL);
|
uc_hook_add(uc, &trace1, UC_MEM_READ_PROT, hook_mem_invalid, NULL, 1, 0);
|
||||||
|
|
||||||
// emulate machine code in infinite time
|
// emulate machine code in infinite time
|
||||||
printf("BEGIN execution\n");
|
printf("BEGIN execution\n");
|
||||||
|
|||||||
@ -129,7 +129,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
printf("ok %d - Program written to memory\n", log_num++);
|
printf("ok %d - Program written to memory\n", log_num++);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, (uint64_t)1, (uint64_t)0) != UC_ERR_OK) {
|
if (uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, 1, 0) != UC_ERR_OK) {
|
||||||
printf("not ok %d - Failed to install UC_HOOK_CODE handler\n", log_num++);
|
printf("not ok %d - Failed to install UC_HOOK_CODE handler\n", log_num++);
|
||||||
return 5;
|
return 5;
|
||||||
}
|
}
|
||||||
@ -138,7 +138,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// intercept memory write events only, NOT read events
|
// intercept memory write events only, NOT read events
|
||||||
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE, hook_mem_write, NULL, (uint64_t)1, (uint64_t)0) != UC_ERR_OK) {
|
if (uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE, hook_mem_write, NULL, 1, 0) != UC_ERR_OK) {
|
||||||
printf("not ok %d - Failed to install UC_HOOK_MEM_WRITE handler\n", log_num++);
|
printf("not ok %d - Failed to install UC_HOOK_MEM_WRITE handler\n", log_num++);
|
||||||
return 6;
|
return 6;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -139,10 +139,10 @@ int main(int argc, char **argv, char **envp)
|
|||||||
printf("Allowed to write to read only memory via uc_mem_write\n");
|
printf("Allowed to write to read only memory via uc_mem_write\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
//uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, (uint64_t)0x400000, (uint64_t)0x400fff);
|
//uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, 0x400000, 0x400fff);
|
||||||
|
|
||||||
// intercept invalid memory events
|
// intercept invalid memory events
|
||||||
uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE_UNMAPPED | UC_HOOK_MEM_WRITE_PROT, hook_mem_invalid, NULL);
|
uc_hook_add(uc, &trace1, UC_HOOK_MEM_WRITE_UNMAPPED | UC_HOOK_MEM_WRITE_PROT, hook_mem_invalid, NULL, 1, 0);
|
||||||
|
|
||||||
// emulate machine code in infinite time
|
// emulate machine code in infinite time
|
||||||
printf("BEGIN execution - 1\n");
|
printf("BEGIN execution - 1\n");
|
||||||
|
|||||||
0
tests/regress/tcg_liveness_analysis_bug_issue-287.py
Normal file → Executable file
0
tests/regress/tcg_liveness_analysis_bug_issue-287.py
Normal file → Executable file
@ -164,7 +164,7 @@ int main(int argc, char **argv, char **envp)
|
|||||||
|
|
||||||
// hook all instructions by having @begin > @end
|
// hook all instructions by having @begin > @end
|
||||||
printf("uc_hook_add()\n");
|
printf("uc_hook_add()\n");
|
||||||
uc_hook_add(uc, &hhc, UC_HOOK_CODE, mips_codehook, NULL, (uint64_t)1, (uint64_t)0);
|
uc_hook_add(uc, &hhc, UC_HOOK_CODE, mips_codehook, NULL, 1, 0);
|
||||||
if( err )
|
if( err )
|
||||||
{
|
{
|
||||||
printf("Failed on uc_hook_add(code) with error returned: %u\n", err);
|
printf("Failed on uc_hook_add(code) with error returned: %u\n", err);
|
||||||
|
|||||||
@ -67,10 +67,10 @@ static void test_arm(void)
|
|||||||
uc_reg_write(uc, UC_ARM_REG_R3, &r3);
|
uc_reg_write(uc, UC_ARM_REG_R3, &r3);
|
||||||
|
|
||||||
// tracing all basic blocks with customized callback
|
// tracing all basic blocks with customized callback
|
||||||
uc_hook_add(uc, &trace1, UC_HOOK_BLOCK, hook_block, NULL, (uint64_t)1, (uint64_t)0);
|
uc_hook_add(uc, &trace1, UC_HOOK_BLOCK, hook_block, NULL, 1, 0);
|
||||||
|
|
||||||
// tracing one instruction at ADDRESS with customized callback
|
// tracing one instruction at ADDRESS with customized callback
|
||||||
uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, (uint64_t)ADDRESS, (uint64_t)ADDRESS);
|
uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, ADDRESS, ADDRESS);
|
||||||
|
|
||||||
// emulate machine code in infinite time (last param = 0), or when
|
// emulate machine code in infinite time (last param = 0), or when
|
||||||
// finishing all the code.
|
// finishing all the code.
|
||||||
@ -118,10 +118,10 @@ static void test_thumb(void)
|
|||||||
uc_reg_write(uc, UC_ARM_REG_SP, &sp);
|
uc_reg_write(uc, UC_ARM_REG_SP, &sp);
|
||||||
|
|
||||||
// tracing all basic blocks with customized callback
|
// tracing all basic blocks with customized callback
|
||||||
uc_hook_add(uc, &trace1, UC_HOOK_BLOCK, hook_block, NULL, (uint64_t)1, (uint64_t)0);
|
uc_hook_add(uc, &trace1, UC_HOOK_BLOCK, hook_block, NULL, 1, 0);
|
||||||
|
|
||||||
// tracing one instruction at ADDRESS with customized callback
|
// tracing one instruction at ADDRESS with customized callback
|
||||||
uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, (uint64_t)ADDRESS, (uint64_t)ADDRESS);
|
uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, ADDRESS, ADDRESS);
|
||||||
|
|
||||||
// emulate machine code in infinite time (last param = 0), or when
|
// emulate machine code in infinite time (last param = 0), or when
|
||||||
// finishing all the code.
|
// finishing all the code.
|
||||||
|
|||||||
94
tests/regress/x86_gdt.py
Executable file
94
tests/regress/x86_gdt.py
Executable file
@ -0,0 +1,94 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
from unicorn import *
|
||||||
|
from unicorn.x86_const import *
|
||||||
|
from struct import pack
|
||||||
|
|
||||||
|
import regress
|
||||||
|
|
||||||
|
F_GRANULARITY = 0x8
|
||||||
|
F_PROT_32 = 0x4
|
||||||
|
F_LONG = 0x2
|
||||||
|
F_AVAILABLE = 0x1
|
||||||
|
|
||||||
|
A_PRESENT = 0x80
|
||||||
|
|
||||||
|
A_PRIV_3 = 0x60
|
||||||
|
A_PRIV_2 = 0x40
|
||||||
|
A_PRIV_1 = 0x20
|
||||||
|
A_PRIV_0 = 0x0
|
||||||
|
|
||||||
|
A_CODE = 0x10
|
||||||
|
A_DATA = 0x10
|
||||||
|
A_TSS = 0x0
|
||||||
|
A_GATE = 0x0
|
||||||
|
|
||||||
|
A_DATA_WRITABLE = 0x2
|
||||||
|
A_CODE_READABLE = 0x2
|
||||||
|
|
||||||
|
A_DIR_CON_BIT = 0x4
|
||||||
|
|
||||||
|
S_GDT = 0x0
|
||||||
|
S_LDT = 0x4
|
||||||
|
S_PRIV_3 = 0x3
|
||||||
|
S_PRIV_2 = 0x2
|
||||||
|
S_PRIV_1 = 0x1
|
||||||
|
S_PRIV_0 = 0x0
|
||||||
|
|
||||||
|
CODE = '65330d18000000'.decode('hex') # xor ecx, dword ptr gs:[0x18]
|
||||||
|
|
||||||
|
def create_selector(idx, flags):
|
||||||
|
to_ret = flags
|
||||||
|
to_ret |= idx << 3
|
||||||
|
return to_ret
|
||||||
|
|
||||||
|
def create_gdt_entry(base, limit, access, flags):
|
||||||
|
|
||||||
|
to_ret = limit & 0xffff;
|
||||||
|
to_ret |= (base & 0xffffff) << 16;
|
||||||
|
to_ret |= (access & 0xff) << 40;
|
||||||
|
to_ret |= ((limit >> 16) & 0xf) << 48;
|
||||||
|
to_ret |= (flags & 0xff) << 52;
|
||||||
|
to_ret |= ((base >> 24) & 0xff) << 56;
|
||||||
|
return pack('<Q',to_ret)
|
||||||
|
|
||||||
|
def hook_mem_read(uc, type, addr,*args):
|
||||||
|
print(hex(addr))
|
||||||
|
return False
|
||||||
|
|
||||||
|
CODE_ADDR = 0x40000
|
||||||
|
CODE_SIZE = 0x1000
|
||||||
|
|
||||||
|
GDT_ADDR = 0x3000
|
||||||
|
GDT_LIMIT = 0x1000
|
||||||
|
GDT_ENTRY_SIZE = 0x8
|
||||||
|
|
||||||
|
SEGMENT_ADDR = 0x5000
|
||||||
|
SEGMENT_SIZE = 0x1000
|
||||||
|
|
||||||
|
class GdtRead(regress.RegressTest):
|
||||||
|
|
||||||
|
def test_gdt(self):
|
||||||
|
uc = Uc(UC_ARCH_X86, UC_MODE_32)
|
||||||
|
uc.hook_add(UC_HOOK_MEM_READ_UNMAPPED, hook_mem_read)
|
||||||
|
|
||||||
|
uc.mem_map(GDT_ADDR, GDT_LIMIT)
|
||||||
|
uc.mem_map(SEGMENT_ADDR, SEGMENT_SIZE)
|
||||||
|
uc.mem_map(CODE_ADDR, CODE_SIZE)
|
||||||
|
|
||||||
|
uc.mem_write(CODE_ADDR, CODE)
|
||||||
|
uc.mem_write(SEGMENT_ADDR+0x18, 'AAAA')
|
||||||
|
|
||||||
|
gdt_entry = create_gdt_entry(SEGMENT_ADDR, SEGMENT_SIZE, A_PRESENT | A_DATA | A_DATA_WRITABLE | A_PRIV_3 | A_DIR_CON_BIT, F_PROT_32)
|
||||||
|
uc.mem_write(GDT_ADDR + 8, gdt_entry)
|
||||||
|
|
||||||
|
uc.reg_write(UC_X86_REG_GDTR, (0, GDT_ADDR, GDT_LIMIT, 0x0))
|
||||||
|
|
||||||
|
selector = create_selector(1, S_GDT | S_PRIV_3)
|
||||||
|
uc.reg_write(UC_X86_REG_GS, selector)
|
||||||
|
|
||||||
|
uc.emu_start(CODE_ADDR, CODE_ADDR+len(CODE))
|
||||||
|
|
||||||
|
self.assertEqual(uc.read_reg(UC_X86_REG_ECX), 0x41414141)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
Reference in New Issue
Block a user