Merge branch 'fix/self_modifying' of https://github.com/rhelmot/unicorn into rhelmot-fix/self_modifying

2016-08-30 21:20:22 +08:00
parent 321a8beef9 42949408ca
commit 69d976375e
12 changed files with 112 additions and 8 deletions
--- a/tests/regress/invalid_read_in_cpu_tb_exec.c
+++ b/tests/regress/invalid_read_in_cpu_tb_exec.c
@ -1,7 +1,7 @@
 #include <unicorn/unicorn.h>

 static void hook_block(uc_engine *uc, uint64_t address, uint32_t size, void *user_data) {
-  printf("hook_block(…)\n");
+  printf("hook_block(%p, %lx, %d, %p)\n", uc, address, size, user_data);
 }

 /*
--- a/tests/regress/x86_self_modifying.elf
+++ b/tests/regress/x86_self_modifying.elf
--- a/tests/regress/x86_self_modifying.py
+++ b/tests/regress/x86_self_modifying.py
@ -0,0 +1,37 @@
+#!/usr/bin/env python
+from unicorn import *
+from unicorn.x86_const import *
+from struct import pack
+
+import os
+import regress
+
+CODE_ADDR = 0x08048000
+STACK_ADDR = 0x2000000
+CODE = open(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'x86_self_modifying.elf')).read()
+CODE_SIZE = len(CODE) + (0x1000 - len(CODE)%0x1000)
+STACK_SIZE = 0x8000
+
+ENTRY_POINT = 0x8048074
+
+def hook_intr(uc, intno, data):
+    uc.emu_stop()
+
+class SelfModifying(regress.RegressTest):
+    def test_self_modifying(self):
+        uc = Uc(UC_ARCH_X86, UC_MODE_32)
+
+        uc.mem_map(CODE_ADDR, CODE_SIZE, 5)
+        uc.mem_map(STACK_ADDR, STACK_SIZE, 7)
+        uc.mem_write(CODE_ADDR, CODE)
+        uc.reg_write(UC_X86_REG_ESP, STACK_ADDR + STACK_SIZE)
+
+        uc.hook_add(UC_HOOK_INTR, hook_intr)
+
+        uc.emu_start(ENTRY_POINT, -1)
+
+        retcode = uc.reg_read(UC_X86_REG_EBX)
+        self.assertEqual(retcode, 65)
+
+if __name__ == '__main__':
+    regress.main()
--- a/tests/regress/x86_self_modifying.s
+++ b/tests/regress/x86_self_modifying.s
@ -0,0 +1,51 @@
+.intel_syntax noprefix
+
+.global _start
+_start:
+    mov ebp, esp
+    sub ebp, 0x4000
+    mov edx, ebp
+
+    lea esi, [self_modifying]
+    mov edi, ebp
+    mov ecx, 0x2d
+    call memcpy
+    add ebp, 0x2d
+    xor ebx, ebx
+    call edx
+
+    mov eax, 1
+    int 0x80
+
+memcpy:
+    cmp ecx, 0
+    je _end
+    dec ecx
+    mov al, byte ptr [esi+ecx]
+    mov byte ptr [edi+ecx], al
+    jmp memcpy
+
+_end:
+    ret
+
+self_modifying:
+    inc ebx
+    call $+5
+    pop esi
+    dec byte ptr [esi+11]
+    xor edx, edx
+    sub esi, 6
+_loop_start:
+    cmp edx, 5
+    jz _loop_end
+
+    mov edi, ebp
+    mov ecx, 0x2d
+    lea eax, [memcpy]
+    call eax
+    inc edx
+    add ebp, 0x2d
+    mov byte ptr [ebp], 0xc3
+    jmp _loop_start
+
+_loop_end: