yizhi-js-lib/favicon-trap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

renames the register constants so unicorn and capstone can compile together

Browse Source
This commit is contained in:
mothran
2015-08-23 21:36:33 -07:00
parent 3e5ebc58a0
commit a167f7c456
29 changed files with 4130 additions and 4128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
bindings/python/sample_network_auditing.py
View File

@ -173,11 +173,11 @@ def hook_intr(uc, intno, user_data):
if intno != 0x80:
return
eax = uc.reg_read(X86_REG_EAX)
ebx = uc.reg_read(X86_REG_EBX)
ecx = uc.reg_read(X86_REG_ECX)
edx = uc.reg_read(X86_REG_EDX)
eip = uc.reg_read(X86_REG_EIP)
eax = uc.reg_read(UC_X86_REG_EAX)
ebx = uc.reg_read(UC_X86_REG_EBX)
ecx = uc.reg_read(UC_X86_REG_ECX)
edx = uc.reg_read(UC_X86_REG_EDX)
eip = uc.reg_read(UC_X86_REG_EIP)
# print(">>> INTERRUPT %d" % eax)
@ -217,7 +217,7 @@ def hook_intr(uc, intno, user_data):
filename = uc.mem_read(filename_addr, FILENAME_MAX_LEN)
dummy_fd = id_gen.next()
uc.reg_write(X86_REG_EAX, dummy_fd)
uc.reg_write(UC_X86_REG_EAX, dummy_fd)
msg = "open file (filename=%s flags=%d mode=%d) with fd(%d)" % (bytearray_to_string(filename), flags, mode, dummy_fd)
@ -234,8 +234,8 @@ def hook_intr(uc, intno, user_data):
print(">>> SYS_DUP2 oldfd=%d newfd=%d" % (ebx, ecx))
elif eax == 102: # sys_socketcall
# ref: http://www.skyfree.org/linux/kernel_network/socket.html
call = uc.reg_read(X86_REG_EBX)
args = uc.reg_read(X86_REG_ECX)
call = uc.reg_read(UC_X86_REG_EBX)
args = uc.reg_read(UC_X86_REG_ECX)
buf = uc.mem_read(args, SOCKETCALL_MAX_ARGS*SIZE_REG)
args = struct.unpack("<" + "I"*SOCKETCALL_MAX_ARGS, buf)
@ -249,7 +249,7 @@ def hook_intr(uc, intno, user_data):
protocol = args[2]
dummy_fd = id_gen.next()
uc.reg_write(X86_REG_EAX, dummy_fd)
uc.reg_write(UC_X86_REG_EAX, dummy_fd)
if family == 2: # AF_INET
@ -353,7 +353,7 @@ def test_i386(code):
mu.mem_write(ADDRESS, code)
# initialize stack
mu.reg_write(X86_REG_ESP, ADDRESS + 0x200000)
mu.reg_write(UC_X86_REG_ESP, ADDRESS + 0x200000)
# tracing all instructions with customized callback
# mu.hook_add(UC_HOOK_CODE, hook_code)

124
bindings/python/sample_x86.py
View File

@ -26,7 +26,7 @@ def hook_block(uc, address, size, user_data):
# callback for tracing instructions
def hook_code(uc, address, size, user_data):
print(">>> Tracing instruction at 0x%x, instruction size = %u" %(address, size))
#eip = uc.reg_read(X86_REG_EIP)
#eip = uc.reg_read(UC_X86_REG_EIP)
#print(">>> EIP = 0x%x" %(eip))
@ -56,7 +56,7 @@ def hook_mem_access(uc, access, address, size, value, user_data):
# callback for IN instruction
def hook_in(uc, port, size, user_data):
eip = uc.reg_read(X86_REG_EIP)
eip = uc.reg_read(UC_X86_REG_EIP)
print("--- reading from port 0x%x, size: %u, address: 0x%x" %(port, size, eip))
if size == 1:
# read 1 byte to AL
@ -73,20 +73,20 @@ def hook_in(uc, port, size, user_data):
# callback for OUT instruction
def hook_out(uc, port, size, value, user_data):
eip = uc.reg_read(X86_REG_EIP)
eip = uc.reg_read(UC_X86_REG_EIP)
print("--- writing to port 0x%x, size: %u, value: 0x%x, address: 0x%x" %(port, size, value, eip))
# confirm that value is indeed the value of AL/AX/EAX
v = 0
if size == 1:
# read 1 byte in AL
v = uc.reg_read(X86_REG_AL)
v = uc.reg_read(UC_X86_REG_AL)
if size == 2:
# read 2 bytes in AX
v = uc.reg_read(X86_REG_AX)
v = uc.reg_read(UC_X86_REG_AX)
if size == 4:
# read 4 bytes in EAX
v = uc.reg_read(X86_REG_EAX)
v = uc.reg_read(UC_X86_REG_EAX)
print("--- register value = 0x%x" %v)
@ -105,8 +105,8 @@ def test_i386():
mu.mem_write(ADDRESS, X86_CODE32)
# initialize machine registers
mu.reg_write(X86_REG_ECX, 0x1234)
mu.reg_write(X86_REG_EDX, 0x7890)
mu.reg_write(UC_X86_REG_ECX, 0x1234)
mu.reg_write(UC_X86_REG_EDX, 0x7890)
# tracing all basic blocks with customized callback
mu.hook_add(UC_HOOK_BLOCK, hook_block)
@ -120,8 +120,8 @@ def test_i386():
# now print out some registers
print(">>> Emulation done. Below is the CPU context")
r_ecx = mu.reg_read(X86_REG_ECX)
r_edx = mu.reg_read(X86_REG_EDX)
r_ecx = mu.reg_read(UC_X86_REG_ECX)
r_edx = mu.reg_read(UC_X86_REG_EDX)
print(">>> ECX = 0x%x" %r_ecx)
print(">>> EDX = 0x%x" %r_edx)
@ -149,8 +149,8 @@ def test_i386_loop():
mu.mem_write(ADDRESS, X86_CODE32_LOOP)
# initialize machine registers
mu.reg_write(X86_REG_ECX, 0x1234)
mu.reg_write(X86_REG_EDX, 0x7890)
mu.reg_write(UC_X86_REG_ECX, 0x1234)
mu.reg_write(UC_X86_REG_EDX, 0x7890)
# emulate machine code in infinite time
mu.emu_start(ADDRESS, ADDRESS + len(X86_CODE32_LOOP), 2 * UC_SECOND_SCALE)
@ -158,8 +158,8 @@ def test_i386_loop():
# now print out some registers
print(">>> Emulation done. Below is the CPU context")
r_ecx = mu.reg_read(X86_REG_ECX)
r_edx = mu.reg_read(X86_REG_EDX)
r_ecx = mu.reg_read(UC_X86_REG_ECX)
r_edx = mu.reg_read(UC_X86_REG_EDX)
print(">>> ECX = 0x%x" %r_ecx)
print(">>> EDX = 0x%x" %r_edx)
@ -180,8 +180,8 @@ def test_i386_invalid_mem_read():
mu.mem_write(ADDRESS, X86_CODE32_MEM_READ)
# initialize machine registers
mu.reg_write(X86_REG_ECX, 0x1234)
mu.reg_write(X86_REG_EDX, 0x7890)
mu.reg_write(UC_X86_REG_ECX, 0x1234)
mu.reg_write(UC_X86_REG_EDX, 0x7890)
# tracing all basic blocks with customized callback
mu.hook_add(UC_HOOK_BLOCK, hook_block)
@ -198,8 +198,8 @@ def test_i386_invalid_mem_read():
# now print out some registers
print(">>> Emulation done. Below is the CPU context")
r_ecx = mu.reg_read(X86_REG_ECX)
r_edx = mu.reg_read(X86_REG_EDX)
r_ecx = mu.reg_read(UC_X86_REG_ECX)
r_edx = mu.reg_read(UC_X86_REG_EDX)
print(">>> ECX = 0x%x" %r_ecx)
print(">>> EDX = 0x%x" %r_edx)
@ -220,8 +220,8 @@ def test_i386_invalid_mem_write():
mu.mem_write(ADDRESS, X86_CODE32_MEM_WRITE)
# initialize machine registers
mu.reg_write(X86_REG_ECX, 0x1234)
mu.reg_write(X86_REG_EDX, 0x7890)
mu.reg_write(UC_X86_REG_ECX, 0x1234)
mu.reg_write(UC_X86_REG_EDX, 0x7890)
# tracing all basic blocks with customized callback
#mu.hook_add(UC_HOOK_BLOCK, hook_block)
@ -241,8 +241,8 @@ def test_i386_invalid_mem_write():
# now print out some registers
print(">>> Emulation done. Below is the CPU context")
r_ecx = mu.reg_read(X86_REG_ECX)
r_edx = mu.reg_read(X86_REG_EDX)
r_ecx = mu.reg_read(UC_X86_REG_ECX)
r_edx = mu.reg_read(UC_X86_REG_EDX)
print(">>> ECX = 0x%x" %r_ecx)
print(">>> EDX = 0x%x" %r_edx)
@ -280,8 +280,8 @@ def test_i386_inout():
mu.mem_write(ADDRESS, X86_CODE32_INOUT)
# initialize machine registers
mu.reg_write(X86_REG_EAX, 0x1234)
mu.reg_write(X86_REG_ECX, 0x6789)
mu.reg_write(UC_X86_REG_EAX, 0x1234)
mu.reg_write(UC_X86_REG_ECX, 0x6789)
# tracing all basic blocks with customized callback
mu.hook_add(UC_HOOK_BLOCK, hook_block)
@ -290,8 +290,8 @@ def test_i386_inout():
mu.hook_add(UC_HOOK_CODE, hook_code)
# handle IN & OUT instruction
mu.hook_add(UC_HOOK_INSN, hook_in, None, X86_INS_IN)
mu.hook_add(UC_HOOK_INSN, hook_out, None, X86_INS_OUT)
mu.hook_add(UC_HOOK_INSN, hook_in, None, UC_X86_INS_IN)
mu.hook_add(UC_HOOK_INSN, hook_out, None, UC_X86_INS_OUT)
# emulate machine code in infinite time
mu.emu_start(ADDRESS, ADDRESS + len(X86_CODE32_INOUT))
@ -299,8 +299,8 @@ def test_i386_inout():
# now print out some registers
print(">>> Emulation done. Below is the CPU context")
r_ecx = mu.reg_read(X86_REG_ECX)
r_eax = mu.reg_read(X86_REG_EAX)
r_ecx = mu.reg_read(UC_X86_REG_ECX)
r_eax = mu.reg_read(UC_X86_REG_EAX)
print(">>> EAX = 0x%x" %r_eax)
print(">>> ECX = 0x%x" %r_ecx)
except UcError as e:
@ -320,23 +320,23 @@ def test_x86_64():
mu.mem_write(ADDRESS, X86_CODE64)
# initialize machine registers
mu.reg_write(X86_REG_RAX, 0x71f3029efd49d41d)
mu.reg_write(X86_REG_RBX, 0xd87b45277f133ddb)
mu.reg_write(X86_REG_RCX, 0xab40d1ffd8afc461)
mu.reg_write(X86_REG_RDX, 0x919317b4a733f01)
mu.reg_write(X86_REG_RSI, 0x4c24e753a17ea358)
mu.reg_write(X86_REG_RDI, 0xe509a57d2571ce96)
mu.reg_write(X86_REG_R8, 0xea5b108cc2b9ab1f)
mu.reg_write(X86_REG_R9, 0x19ec097c8eb618c1)
mu.reg_write(X86_REG_R10, 0xec45774f00c5f682)
mu.reg_write(X86_REG_R11, 0xe17e9dbec8c074aa)
mu.reg_write(X86_REG_R12, 0x80f86a8dc0f6d457)
mu.reg_write(X86_REG_R13, 0x48288ca5671c5492)
mu.reg_write(X86_REG_R14, 0x595f72f6e4017f6e)
mu.reg_write(X86_REG_R15, 0x1efd97aea331cccc)
mu.reg_write(UC_X86_REG_RAX, 0x71f3029efd49d41d)
mu.reg_write(UC_X86_REG_RBX, 0xd87b45277f133ddb)
mu.reg_write(UC_X86_REG_RCX, 0xab40d1ffd8afc461)
mu.reg_write(UC_X86_REG_RDX, 0x919317b4a733f01)
mu.reg_write(UC_X86_REG_RSI, 0x4c24e753a17ea358)
mu.reg_write(UC_X86_REG_RDI, 0xe509a57d2571ce96)
mu.reg_write(UC_X86_REG_R8, 0xea5b108cc2b9ab1f)
mu.reg_write(UC_X86_REG_R9, 0x19ec097c8eb618c1)
mu.reg_write(UC_X86_REG_R10, 0xec45774f00c5f682)
mu.reg_write(UC_X86_REG_R11, 0xe17e9dbec8c074aa)
mu.reg_write(UC_X86_REG_R12, 0x80f86a8dc0f6d457)
mu.reg_write(UC_X86_REG_R13, 0x48288ca5671c5492)
mu.reg_write(UC_X86_REG_R14, 0x595f72f6e4017f6e)
mu.reg_write(UC_X86_REG_R15, 0x1efd97aea331cccc)
# setup stack
mu.reg_write(X86_REG_RSP, ADDRESS + 0x200000)
mu.reg_write(UC_X86_REG_RSP, ADDRESS + 0x200000)
# tracing all basic blocks with customized callback
mu.hook_add(UC_HOOK_BLOCK, hook_block)
@ -359,20 +359,20 @@ def test_x86_64():
# now print out some registers
print(">>> Emulation done. Below is the CPU context")
rax = mu.reg_read(X86_REG_RAX)
rbx = mu.reg_read(X86_REG_RBX)
rcx = mu.reg_read(X86_REG_RCX)
rdx = mu.reg_read(X86_REG_RDX)
rsi = mu.reg_read(X86_REG_RSI)
rdi = mu.reg_read(X86_REG_RDI)
r8 = mu.reg_read(X86_REG_R8)
r9 = mu.reg_read(X86_REG_R9)
r10 = mu.reg_read(X86_REG_R10)
r11 = mu.reg_read(X86_REG_R11)
r12 = mu.reg_read(X86_REG_R12)
r13 = mu.reg_read(X86_REG_R13)
r14 = mu.reg_read(X86_REG_R14)
r15 = mu.reg_read(X86_REG_R15)
rax = mu.reg_read(UC_X86_REG_RAX)
rbx = mu.reg_read(UC_X86_REG_RBX)
rcx = mu.reg_read(UC_X86_REG_RCX)
rdx = mu.reg_read(UC_X86_REG_RDX)
rsi = mu.reg_read(UC_X86_REG_RSI)
rdi = mu.reg_read(UC_X86_REG_RDI)
r8 = mu.reg_read(UC_X86_REG_R8)
r9 = mu.reg_read(UC_X86_REG_R9)
r10 = mu.reg_read(UC_X86_REG_R10)
r11 = mu.reg_read(UC_X86_REG_R11)
r12 = mu.reg_read(UC_X86_REG_R12)
r13 = mu.reg_read(UC_X86_REG_R13)
r14 = mu.reg_read(UC_X86_REG_R14)
r15 = mu.reg_read(UC_X86_REG_R15)
print(">>> RAX = %x" %rax)
print(">>> RBX = %x" %rbx)
@ -409,17 +409,17 @@ def test_x86_64_syscall():
mu.mem_write(ADDRESS, X86_CODE64_SYSCALL)
def hook_syscall(mu, user_data):
rax = mu.reg_read(X86_REG_RAX)
rax = mu.reg_read(UC_X86_REG_RAX)
if rax == 0x100:
mu.reg_write(X86_REG_RAX, 0x200)
mu.reg_write(UC_X86_REG_RAX, 0x200)
else:
print('ERROR: was not expecting rax=%d in syscall' % rax)
# hook interrupts for syscall
mu.hook_add(UC_HOOK_INSN, hook_syscall, None, X86_INS_SYSCALL)
mu.hook_add(UC_HOOK_INSN, hook_syscall, None, UC_X86_INS_SYSCALL)
# syscall handler is expecting rax=0x100
mu.reg_write(X86_REG_RAX, 0x100)
mu.reg_write(UC_X86_REG_RAX, 0x100)
try:
# emulate machine code in infinite time
@ -430,7 +430,7 @@ def test_x86_64_syscall():
# now print out some registers
print(">>> Emulation done. Below is the CPU context")
rax = mu.reg_read(X86_REG_RAX)
rax = mu.reg_read(UC_X86_REG_RAX)
print(">>> RAX = 0x%x" % rax)
except UcError as e:

10
bindings/python/shellcode.py
View File

@ -40,16 +40,16 @@ def hook_intr(uc, intno, user_data):
uc.emu_stop()
return
eax = uc.reg_read(X86_REG_EAX)
eip = uc.reg_read(X86_REG_EIP)
eax = uc.reg_read(UC_X86_REG_EAX)
eip = uc.reg_read(UC_X86_REG_EIP)
if eax == 1: # sys_exit
print(">>> 0x%x: interrupt 0x%x, EAX = 0x%x" %(eip, intno, eax))
uc.emu_stop()
elif eax == 4: # sys_write
# ECX = buffer address
ecx = uc.reg_read(X86_REG_ECX)
ecx = uc.reg_read(UC_X86_REG_ECX)
# EDX = buffer size
edx = uc.reg_read(X86_REG_EDX)
edx = uc.reg_read(UC_X86_REG_EDX)
try:
buf = uc.mem_read(ecx, edx)
@ -79,7 +79,7 @@ def test_i386(mode, code):
mu.mem_write(ADDRESS, code)
# initialize stack
mu.reg_write(X86_REG_ESP, ADDRESS + 0x200000)
mu.reg_write(UC_X86_REG_ESP, ADDRESS + 0x200000)
# tracing all basic blocks with customized callback
mu.hook_add(UC_HOOK_BLOCK, hook_block)

6
bindings/python/unicorn/__init__.py
View File

@ -416,11 +416,11 @@ class Uc(object):
cb, ctypes.cast(self._callback_count, ctypes.c_void_p))
elif htype == UC_HOOK_INSN:
insn = ctypes.c_int(arg1)
if arg1 == x86_const.X86_INS_IN: # IN instruction
if arg1 == x86_const.UC_X86_INS_IN: # IN instruction
cb = ctypes.cast(UC_HOOK_INSN_IN_CB(self._hook_insn_in_cb), UC_HOOK_INSN_IN_CB)
if arg1 == x86_const.X86_INS_OUT: # OUT instruction
if arg1 == x86_const.UC_X86_INS_OUT: # OUT instruction
cb = ctypes.cast(UC_HOOK_INSN_OUT_CB(self._hook_insn_out_cb), UC_HOOK_INSN_OUT_CB)
if arg1 in (x86_const.X86_INS_SYSCALL, x86_const.X86_INS_SYSENTER): # SYSCALL/SYSENTER instruction
if arg1 in (x86_const.UC_X86_INS_SYSCALL, x86_const.UC_X86_INS_SYSENTER): # SYSCALL/SYSENTER instruction
cb = ctypes.cast(UC_HOOK_INSN_SYSCALL_CB(self._hook_insn_syscall_cb), UC_HOOK_INSN_SYSCALL_CB)
status = _uc.uc_hook_add(self._uch, ctypes.byref(_h2), htype, \
cb, ctypes.cast(self._callback_count, ctypes.c_void_p), insn)

3166
bindings/python/unicorn/x86_const.py
View File

File diff suppressed because it is too large Load Diff