Format code
This commit is contained in:
@@ -422,20 +422,24 @@ typedef struct HookedRegion {
|
||||
} HookedRegion;
|
||||
|
||||
// hooked_regions related functions
|
||||
static inline guint hooked_regions_hash(const void* p) {
|
||||
static inline guint hooked_regions_hash(const void *p)
|
||||
{
|
||||
HookedRegion *region = (HookedRegion *)p;
|
||||
|
||||
return qemu_xxhash4(region->start, region->length);
|
||||
}
|
||||
|
||||
static inline gboolean hooked_regions_equal(const void* lhs, const void* rhs) {
|
||||
static inline gboolean hooked_regions_equal(const void *lhs, const void *rhs)
|
||||
{
|
||||
HookedRegion *l = (HookedRegion *)lhs;
|
||||
HookedRegion *r = (HookedRegion *)rhs;
|
||||
|
||||
return l->start == r->start && l->length == r->length;
|
||||
}
|
||||
|
||||
static inline void hooked_regions_add(struct hook* h, uint64_t start, uint64_t length) {
|
||||
static inline void hooked_regions_add(struct hook *h, uint64_t start,
|
||||
uint64_t length)
|
||||
{
|
||||
HookedRegion tmp;
|
||||
tmp.start = start;
|
||||
tmp.length = length;
|
||||
@@ -448,7 +452,9 @@ static inline void hooked_regions_add(struct hook* h, uint64_t start, uint64_t l
|
||||
}
|
||||
}
|
||||
|
||||
static inline void hooked_regions_check_single(struct list_item *cur, uint64_t start, uint64_t length) {
|
||||
static inline void hooked_regions_check_single(struct list_item *cur,
|
||||
uint64_t start, uint64_t length)
|
||||
{
|
||||
while (cur != NULL) {
|
||||
if (HOOK_BOUND_CHECK((struct hook *)cur->data, start)) {
|
||||
hooked_regions_add((struct hook *)cur->data, start, length);
|
||||
@@ -457,10 +463,13 @@ static inline void hooked_regions_check_single(struct list_item *cur, uint64_t s
|
||||
}
|
||||
}
|
||||
|
||||
static inline void hooked_regions_check(uc_engine *uc, uint64_t start, uint64_t length) {
|
||||
static inline void hooked_regions_check(uc_engine *uc, uint64_t start,
|
||||
uint64_t length)
|
||||
{
|
||||
// Only UC_HOOK_BLOCK and UC_HOOK_CODE might be wrongle cached!
|
||||
hooked_regions_check_single(uc->hook[UC_HOOK_CODE_IDX].head, start, length);
|
||||
hooked_regions_check_single(uc->hook[UC_HOOK_BLOCK_IDX].head, start, length);
|
||||
hooked_regions_check_single(uc->hook[UC_HOOK_BLOCK_IDX].head, start,
|
||||
length);
|
||||
}
|
||||
|
||||
#ifdef UNICORN_TRACER
|
||||
|
||||
@@ -227,8 +227,11 @@ static void test_uc_ctl_arm_cpu(void)
|
||||
OK(uc_close(uc));
|
||||
}
|
||||
|
||||
static void test_uc_hook_cached_cb(uc_engine* uc, uint64_t addr, size_t size, void* user_data) {
|
||||
// Don't add any TEST_CHECK here since we can't refer to the global variable here.
|
||||
static void test_uc_hook_cached_cb(uc_engine *uc, uint64_t addr, size_t size,
|
||||
void *user_data)
|
||||
{
|
||||
// Don't add any TEST_CHECK here since we can't refer to the global variable
|
||||
// here.
|
||||
uint64_t *p = (uint64_t *)user_data;
|
||||
(*p)++;
|
||||
return;
|
||||
@@ -242,16 +245,19 @@ static void test_uc_hook_cached_uaf(void)
|
||||
uc_hook h;
|
||||
uint64_t count = 0;
|
||||
#ifndef _WIN32
|
||||
void* callback = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
|
||||
void *callback = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC,
|
||||
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
|
||||
#else
|
||||
void* callback = VirtualAlloc(NULL, 4096, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE)
|
||||
void *callback = VirtualAlloc(NULL, 4096, MEM_RESERVE | MEM_COMMIT,
|
||||
PAGE_EXECUTE_READWRITE)
|
||||
#endif
|
||||
|
||||
memcpy(callback, (void *)test_uc_hook_cached_cb, 4096);
|
||||
|
||||
uc_common_setup(&uc, UC_ARCH_X86, UC_MODE_32, code, sizeof(code) - 1);
|
||||
|
||||
OK(uc_hook_add(uc, &h, UC_HOOK_CODE, (void*)callback, (void*)&count, 1, 0));
|
||||
OK(uc_hook_add(uc, &h, UC_HOOK_CODE, (void *)callback, (void *)&count, 1,
|
||||
0));
|
||||
|
||||
OK(uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0));
|
||||
|
||||
@@ -275,7 +281,6 @@ static void test_uc_hook_cached_uaf(void)
|
||||
#else
|
||||
VirtualFree(callback, 0, MEM_RELEASE);
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
TEST_LIST = {{"test_uc_ctl_mode", test_uc_ctl_mode},
|
||||
|
||||
6
uc.c
6
uc.c
@@ -1570,7 +1570,8 @@ uc_err uc_hook_add(uc_engine *uc, uc_hook *hh, int type, void *callback,
|
||||
hook->user_data = user_data;
|
||||
hook->refs = 0;
|
||||
hook->to_delete = false;
|
||||
hook->hooked_regions = g_hash_table_new_full(hooked_regions_hash, hooked_regions_equal, g_free, NULL);
|
||||
hook->hooked_regions = g_hash_table_new_full(
|
||||
hooked_regions_hash, hooked_regions_equal, g_free, NULL);
|
||||
*hh = (uc_hook)hook;
|
||||
|
||||
// UC_HOOK_INSN has an extra argument for instruction ID
|
||||
@@ -1680,7 +1681,8 @@ uc_err uc_hook_del(uc_engine *uc, uc_hook hh)
|
||||
// and store the type mask in the hook pointer.
|
||||
for (i = 0; i < UC_HOOK_MAX; i++) {
|
||||
if (list_exists(&uc->hook[i], (void *)hook)) {
|
||||
g_hash_table_foreach(hook->hooked_regions, hook_invalidate_region, uc);
|
||||
g_hash_table_foreach(hook->hooked_regions, hook_invalidate_region,
|
||||
uc);
|
||||
g_hash_table_remove_all(hook->hooked_regions);
|
||||
hook->to_delete = true;
|
||||
uc->hooks_count[i]--;
|
||||
|
||||
Reference in New Issue
Block a user