From 4d0157eb4a4891fe9101ac84accbd11cd4277794 Mon Sep 17 00:00:00 2001 From: Nguyen Anh Quynh Date: Thu, 26 Jul 2018 15:19:23 +0800 Subject: [PATCH] x86: fix #968. also fix potential bug of not clearing high bytes when updateing EIP --- qemu/target-i386/unicorn.c | 4 ++-- uc.c | 11 +++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/qemu/target-i386/unicorn.c b/qemu/target-i386/unicorn.c index b67e4c69..550cceeb 100644 --- a/qemu/target-i386/unicorn.c +++ b/qemu/target-i386/unicorn.c @@ -971,7 +971,7 @@ int x86_reg_write(struct uc_struct *uc, unsigned int *regs, void *const *vals, i uc_emu_stop(uc); break; case UC_X86_REG_IP: - WRITE_WORD(X86_CPU(uc, mycpu)->env.eip, *(uint16_t *)value); + X86_CPU(uc, mycpu)->env.eip = *(uint16_t *)value; // force to quit execution and flush TB uc->quit_request = true; uc_emu_stop(uc); @@ -1161,7 +1161,7 @@ int x86_reg_write(struct uc_struct *uc, unsigned int *regs, void *const *vals, i uc_emu_stop(uc); break; case UC_X86_REG_EIP: - WRITE_DWORD(X86_CPU(uc, mycpu)->env.eip, *(uint32_t *)value); + X86_CPU(uc, mycpu)->env.eip = *(uint32_t *)value; // force to quit execution and flush TB uc->quit_request = true; uc_emu_stop(uc); diff --git a/uc.c b/uc.c index ef5ef23c..56166cce 100644 --- a/uc.c +++ b/uc.c @@ -548,9 +548,16 @@ uc_err uc_emu_start(uc_engine* uc, uint64_t begin, uint64_t until, uint64_t time switch(uc->mode) { default: break; - case UC_MODE_16: - uc_reg_write(uc, UC_X86_REG_IP, &begin); + case UC_MODE_16: { + uint64_t ip; + uint16_t cs; + + uc_reg_read(uc, UC_X86_REG_CS, &cs); + // compensate for later adding up IP & CS + ip = begin - cs*16; + uc_reg_write(uc, UC_X86_REG_IP, &ip); break; + } case UC_MODE_32: uc_reg_write(uc, UC_X86_REG_EIP, &begin); break;