Add a new hook type UC_HOOK_EDGE_GENERATED and corresponding sample

2021-11-01 23:27:35 +01:00
parent b7e82d460c
commit c11b9aa5c3
5 changed files with 80 additions and 10 deletions
--- a/include/uc_priv.h
+++ b/include/uc_priv.h
@ -157,10 +157,19 @@ typedef enum uc_hook_idx {
    UC_HOOK_MEM_FETCH_IDX,
    UC_HOOK_MEM_READ_AFTER_IDX,
    UC_HOOK_INSN_INVALID_IDX,
+    UC_HOOK_EDGE_GENERATED_IDX,

    UC_HOOK_MAX,
 } uc_hook_idx;

+// Copy the essential information from TranslationBlock
+#define UC_TB_COPY(uc_tb, tb)                                                  \
+    do {                                                                       \
+        (uc_tb)->pc = tb->pc;                                                  \
+        (uc_tb)->icount = tb->icount;                                          \
+        (uc_tb)->size = tb->size;                                              \
+    } while (0)
+
 // The lowest 6 bits are used for hook type index.
 #define UC_HOOK_IDX_MASK ((1 << 6) - 1)

--- a/include/unicorn/unicorn.h
+++ b/include/unicorn/unicorn.h
@ -232,6 +232,22 @@ typedef uint32_t (*uc_cb_insn_in_t)(uc_engine *uc, uint32_t port, int size,
 typedef void (*uc_cb_insn_out_t)(uc_engine *uc, uint32_t port, int size,
                                 uint32_t value, void *user_data);

+// Represent a TranslationBlock.
+typedef struct uc_tb {
+    uint64_t pc;
+    uint16_t icount;
+    uint16_t size;
+} uc_tb;
+
+/*
+  Callback function for new edges between translation blocks.
+
+  @cur_tb: Current TB which is to be generated.
+  @prev_tb: The previous TB.
+*/
+typedef void (*uc_hook_edge_gen_t)(uc_engine *uc, uc_tb *cur_tb, uc_tb *prev_tb,
+                                   void *user_data);
+
 /*
  Callback function for MMIO read

@ -302,6 +318,12 @@ typedef enum uc_hook_type {
    UC_HOOK_MEM_READ_AFTER = 1 << 13,
    // Hook invalid instructions exceptions.
    UC_HOOK_INSN_INVALID = 1 << 14,
+    // Hook on new edge generation. Could be useful in program analysis.
+    //
+    // NOTE: This is different from UC_HOOK_BLOCK in 2 ways:
+    //       1. The hook is called before executing code.
+    //       2. The hook is only called when generation is triggered.
+    UC_HOOK_EDGE_GENERATED = 1 << 15
 } uc_hook_type;

 // Hook type for all events of unmapped memory access
@ -391,13 +413,6 @@ typedef enum uc_query_type {
                      // result = True)
 } uc_query_type;

-// Represent a TranslationBlock.
-typedef struct uc_tb {
-    uint64_t pc;
-    uint16_t icount;
-    uint16_t size;
-} uc_tb;
-
 // The implementation of uc_ctl is like what Linux ioctl does but slightly
 // different.
 //