lazymio/unicorn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Format code

Browse Source
This commit is contained in:
lazymio
2022-06-02 14:46:26 +02:00
parent fdd129fd30
commit 6d61aec82f
3 changed files with 42 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
include/uc_priv.h
View File

@@ -422,20 +422,24 @@ typedef struct HookedRegion {
} HookedRegion; } HookedRegion;
// hooked_regions related functions // hooked_regions related functions
static inline guint hooked_regions_hash(const void* p) { static inline guint hooked_regions_hash(const void *p)
{
HookedRegion *region = (HookedRegion *)p; HookedRegion *region = (HookedRegion *)p;
return qemu_xxhash4(region->start, region->length); return qemu_xxhash4(region->start, region->length);
} }
static inline gboolean hooked_regions_equal(const void* lhs, const void* rhs) { static inline gboolean hooked_regions_equal(const void *lhs, const void *rhs)
{
HookedRegion *l = (HookedRegion *)lhs; HookedRegion *l = (HookedRegion *)lhs;
HookedRegion *r = (HookedRegion *)rhs; HookedRegion *r = (HookedRegion *)rhs;
return l->start == r->start && l->length == r->length; return l->start == r->start && l->length == r->length;
} }
static inline void hooked_regions_add(struct hook* h, uint64_t start, uint64_t length) { static inline void hooked_regions_add(struct hook *h, uint64_t start,
uint64_t length)
{
HookedRegion tmp; HookedRegion tmp;
tmp.start = start; tmp.start = start;
tmp.length = length; tmp.length = length;
@@ -448,7 +452,9 @@ static inline void hooked_regions_add(struct hook* h, uint64_t start, uint64_t l
} }
} }
static inline void hooked_regions_check_single(struct list_item *cur, uint64_t start, uint64_t length) { static inline void hooked_regions_check_single(struct list_item *cur,
uint64_t start, uint64_t length)
{
while (cur != NULL) { while (cur != NULL) {
if (HOOK_BOUND_CHECK((struct hook *)cur->data, start)) { if (HOOK_BOUND_CHECK((struct hook *)cur->data, start)) {
hooked_regions_add((struct hook *)cur->data, start, length); hooked_regions_add((struct hook *)cur->data, start, length);
@@ -457,10 +463,13 @@ static inline void hooked_regions_check_single(struct list_item *cur, uint64_t s
} }
} }
static inline void hooked_regions_check(uc_engine *uc, uint64_t start, uint64_t length) { static inline void hooked_regions_check(uc_engine *uc, uint64_t start,
uint64_t length)
{
// Only UC_HOOK_BLOCK and UC_HOOK_CODE might be wrongle cached! // Only UC_HOOK_BLOCK and UC_HOOK_CODE might be wrongle cached!
hooked_regions_check_single(uc->hook[UC_HOOK_CODE_IDX].head, start, length); hooked_regions_check_single(uc->hook[UC_HOOK_CODE_IDX].head, start, length);
hooked_regions_check_single(uc->hook[UC_HOOK_BLOCK_IDX].head, start, length); hooked_regions_check_single(uc->hook[UC_HOOK_BLOCK_IDX].head, start,
length);
} }
#ifdef UNICORN_TRACER #ifdef UNICORN_TRACER

17
tests/unit/test_ctl.c
View File

@@ -227,8 +227,11 @@ static void test_uc_ctl_arm_cpu(void)
OK(uc_close(uc)); OK(uc_close(uc));
} }
static void test_uc_hook_cached_cb(uc_engine* uc, uint64_t addr, size_t size, void* user_data) { static void test_uc_hook_cached_cb(uc_engine *uc, uint64_t addr, size_t size,
// Don't add any TEST_CHECK here since we can't refer to the global variable here. void *user_data)
{
// Don't add any TEST_CHECK here since we can't refer to the global variable
// here.
uint64_t *p = (uint64_t *)user_data; uint64_t *p = (uint64_t *)user_data;
(*p)++; (*p)++;
return; return;
@@ -242,16 +245,19 @@ static void test_uc_hook_cached_uaf(void)
uc_hook h; uc_hook h;
uint64_t count = 0; uint64_t count = 0;
#ifndef _WIN32 #ifndef _WIN32
void* callback = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); void *callback = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
#else #else
void* callback = VirtualAlloc(NULL, 4096, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE) void *callback = VirtualAlloc(NULL, 4096, MEM_RESERVE | MEM_COMMIT,
PAGE_EXECUTE_READWRITE)
#endif #endif
memcpy(callback, (void *)test_uc_hook_cached_cb, 4096); memcpy(callback, (void *)test_uc_hook_cached_cb, 4096);
uc_common_setup(&uc, UC_ARCH_X86, UC_MODE_32, code, sizeof(code) - 1); uc_common_setup(&uc, UC_ARCH_X86, UC_MODE_32, code, sizeof(code) - 1);
OK(uc_hook_add(uc, &h, UC_HOOK_CODE, (void*)callback, (void*)&count, 1, 0)); OK(uc_hook_add(uc, &h, UC_HOOK_CODE, (void *)callback, (void *)&count, 1,
0));
OK(uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0)); OK(uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0));
@@ -275,7 +281,6 @@ static void test_uc_hook_cached_uaf(void)
#else #else
VirtualFree(callback, 0, MEM_RELEASE); VirtualFree(callback, 0, MEM_RELEASE);
#endif #endif
} }
TEST_LIST = {{"test_uc_ctl_mode", test_uc_ctl_mode}, TEST_LIST = {{"test_uc_ctl_mode", test_uc_ctl_mode},

6
uc.c
View File

@@ -1570,7 +1570,8 @@ uc_err uc_hook_add(uc_engine *uc, uc_hook *hh, int type, void *callback,
hook->user_data = user_data; hook->user_data = user_data;
hook->refs = 0; hook->refs = 0;
hook->to_delete = false; hook->to_delete = false;
hook->hooked_regions = g_hash_table_new_full(hooked_regions_hash, hooked_regions_equal, g_free, NULL); hook->hooked_regions = g_hash_table_new_full(
hooked_regions_hash, hooked_regions_equal, g_free, NULL);
*hh = (uc_hook)hook; *hh = (uc_hook)hook;
// UC_HOOK_INSN has an extra argument for instruction ID // UC_HOOK_INSN has an extra argument for instruction ID
@@ -1680,7 +1681,8 @@ uc_err uc_hook_del(uc_engine *uc, uc_hook hh)
// and store the type mask in the hook pointer. // and store the type mask in the hook pointer.
for (i = 0; i < UC_HOOK_MAX; i++) { for (i = 0; i < UC_HOOK_MAX; i++) {
if (list_exists(&uc->hook[i], (void *)hook)) { if (list_exists(&uc->hook[i], (void *)hook)) {
g_hash_table_foreach(hook->hooked_regions, hook_invalidate_region, uc); g_hash_table_foreach(hook->hooked_regions, hook_invalidate_region,
uc);
g_hash_table_remove_all(hook->hooked_regions); g_hash_table_remove_all(hook->hooked_regions);
hook->to_delete = true; hook->to_delete = true;
uc->hooks_count[i]--; uc->hooks_count[i]--;