diff --git a/include/uc_priv.h b/include/uc_priv.h index a56ea944..7af9c615 100644 --- a/include/uc_priv.h +++ b/include/uc_priv.h @@ -422,33 +422,39 @@ typedef struct HookedRegion { } HookedRegion; // hooked_regions related functions -static inline guint hooked_regions_hash(const void* p) { - HookedRegion *region = (HookedRegion*)p; +static inline guint hooked_regions_hash(const void *p) +{ + HookedRegion *region = (HookedRegion *)p; return qemu_xxhash4(region->start, region->length); } -static inline gboolean hooked_regions_equal(const void* lhs, const void* rhs) { - HookedRegion *l = (HookedRegion*)lhs; - HookedRegion *r = (HookedRegion*)rhs; +static inline gboolean hooked_regions_equal(const void *lhs, const void *rhs) +{ + HookedRegion *l = (HookedRegion *)lhs; + HookedRegion *r = (HookedRegion *)rhs; return l->start == r->start && l->length == r->length; } -static inline void hooked_regions_add(struct hook* h, uint64_t start, uint64_t length) { +static inline void hooked_regions_add(struct hook *h, uint64_t start, + uint64_t length) +{ HookedRegion tmp; tmp.start = start; tmp.length = length; - if (!g_hash_table_lookup(h->hooked_regions, (void*)&tmp)) { - HookedRegion* r = malloc(sizeof(HookedRegion)); + if (!g_hash_table_lookup(h->hooked_regions, (void *)&tmp)) { + HookedRegion *r = malloc(sizeof(HookedRegion)); r->start = start; r->length = length; - g_hash_table_insert(h->hooked_regions, (void*)r, (void*)1); + g_hash_table_insert(h->hooked_regions, (void *)r, (void *)1); } } -static inline void hooked_regions_check_single(struct list_item *cur, uint64_t start, uint64_t length) { +static inline void hooked_regions_check_single(struct list_item *cur, + uint64_t start, uint64_t length) +{ while (cur != NULL) { if (HOOK_BOUND_CHECK((struct hook *)cur->data, start)) { hooked_regions_add((struct hook *)cur->data, start, length); @@ -457,10 +463,13 @@ static inline void hooked_regions_check_single(struct list_item *cur, uint64_t s } } -static inline void hooked_regions_check(uc_engine *uc, uint64_t start, uint64_t length) { +static inline void hooked_regions_check(uc_engine *uc, uint64_t start, + uint64_t length) +{ // Only UC_HOOK_BLOCK and UC_HOOK_CODE might be wrongle cached! hooked_regions_check_single(uc->hook[UC_HOOK_CODE_IDX].head, start, length); - hooked_regions_check_single(uc->hook[UC_HOOK_BLOCK_IDX].head, start, length); + hooked_regions_check_single(uc->hook[UC_HOOK_BLOCK_IDX].head, start, + length); } #ifdef UNICORN_TRACER diff --git a/tests/unit/test_ctl.c b/tests/unit/test_ctl.c index 41d1aa32..df0c7cb5 100644 --- a/tests/unit/test_ctl.c +++ b/tests/unit/test_ctl.c @@ -227,31 +227,37 @@ static void test_uc_ctl_arm_cpu(void) OK(uc_close(uc)); } -static void test_uc_hook_cached_cb(uc_engine* uc, uint64_t addr, size_t size, void* user_data) { - // Don't add any TEST_CHECK here since we can't refer to the global variable here. - uint64_t* p = (uint64_t*)user_data; +static void test_uc_hook_cached_cb(uc_engine *uc, uint64_t addr, size_t size, + void *user_data) +{ + // Don't add any TEST_CHECK here since we can't refer to the global variable + // here. + uint64_t *p = (uint64_t *)user_data; (*p)++; return; } static void test_uc_hook_cached_uaf(void) { - uc_engine* uc; + uc_engine *uc; // "INC ecx; DEC edx; jmp t; t: nop" char code[] = "\x41\x4a\xeb\x00\x90"; uc_hook h; uint64_t count = 0; #ifndef _WIN32 - void* callback = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + void *callback = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); #else - void* callback = VirtualAlloc(NULL, 4096, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE) + void *callback = VirtualAlloc(NULL, 4096, MEM_RESERVE | MEM_COMMIT, + PAGE_EXECUTE_READWRITE) #endif - memcpy(callback, (void*)test_uc_hook_cached_cb, 4096); + memcpy(callback, (void *)test_uc_hook_cached_cb, 4096); uc_common_setup(&uc, UC_ARCH_X86, UC_MODE_32, code, sizeof(code) - 1); - OK(uc_hook_add(uc, &h, UC_HOOK_CODE, (void*)callback, (void*)&count, 1, 0)); + OK(uc_hook_add(uc, &h, UC_HOOK_CODE, (void *)callback, (void *)&count, 1, + 0)); OK(uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0)); @@ -275,7 +281,6 @@ static void test_uc_hook_cached_uaf(void) #else VirtualFree(callback, 0, MEM_RELEASE); #endif - } TEST_LIST = {{"test_uc_ctl_mode", test_uc_ctl_mode}, diff --git a/uc.c b/uc.c index e8eee462..6bff4e77 100644 --- a/uc.c +++ b/uc.c @@ -49,10 +49,10 @@ static void *hook_append(struct list *l, struct hook *h) return item; } -static void hook_invalidate_region(void* key, void* data, void* opaq) +static void hook_invalidate_region(void *key, void *data, void *opaq) { - uc_engine* uc = (uc_engine*)opaq; - HookedRegion* region = (HookedRegion*)key; + uc_engine *uc = (uc_engine *)opaq; + HookedRegion *region = (HookedRegion *)key; uc->uc_invalidate_tb(uc, region->start, region->length); } @@ -1570,7 +1570,8 @@ uc_err uc_hook_add(uc_engine *uc, uc_hook *hh, int type, void *callback, hook->user_data = user_data; hook->refs = 0; hook->to_delete = false; - hook->hooked_regions = g_hash_table_new_full(hooked_regions_hash, hooked_regions_equal, g_free, NULL); + hook->hooked_regions = g_hash_table_new_full( + hooked_regions_hash, hooked_regions_equal, g_free, NULL); *hh = (uc_hook)hook; // UC_HOOK_INSN has an extra argument for instruction ID @@ -1680,7 +1681,8 @@ uc_err uc_hook_del(uc_engine *uc, uc_hook hh) // and store the type mask in the hook pointer. for (i = 0; i < UC_HOOK_MAX; i++) { if (list_exists(&uc->hook[i], (void *)hook)) { - g_hash_table_foreach(hook->hooked_regions, hook_invalidate_region, uc); + g_hash_table_foreach(hook->hooked_regions, hook_invalidate_region, + uc); g_hash_table_remove_all(hook->hooked_regions); hook->to_delete = true; uc->hooks_count[i]--;