lazymio/unicorn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Squashed commit of the following:

Browse Source 
commit 520c6647c32f02d83083d969d416154aa95e922c
Merge: 6bb29b12 b999f507
Author: mio <mio@lazym.io>
Date:   Sun Apr 13 00:14:23 2025 +0800

    merge dev

commit 6bb29b12f1d9f452365cc9cb5bc2d65ef376af30
Author: mio <mio@lazym.io>
Date:   Sun Apr 13 00:13:12 2025 +0800

    enable test

commit bcb8b363ef12ac295cf4fe4f1645416e5f0ea6ae
Author: mio <mio@lazym.io>
Date:   Sun Apr 13 00:13:06 2025 +0800

    also logging

commit 5972fc156b7379d09582c745d6d597e07555f2f4
Author: mio <mio@lazym.io>
Date:   Sun Apr 13 00:12:58 2025 +0800

    no unlimited translation

commit 7d600feebf9055505918e50d0af8b529a3eba542
Author: mio <mio@lazym.io>
Date:   Sun Apr 13 00:12:47 2025 +0800

    Ignore bindings.rs

commit dde4d50f2c7713156ac3bc284287480e4d92005f
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sun Apr 6 03:26:22 2025 -0400

    alias `uc_mips_reg` to `UC_MIPS_REG`

commit 04234ae01ba7c82d9717eaae64cdda289ce3b832
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sun Apr 6 01:13:00 2025 -0400

    remove bindings.rs

commit edec1300cd7c2d8ef4babbd51f6bcba2e126bdd7
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Apr 5 14:29:40 2025 -0400

    address review

commit feb157b28b6c262c5dc3d810ec54de55a25bcd6e
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 22:40:53 2025 -0400

    ci(rust): rework workflow

    The notable changes are migrating to
    `actions-rust-lang/setup-rust-toolchain` for setting up Rust as it's
    maintained, and using `katyo/publish-crates` for publishing crates in a
    workspace

commit c1c7a8f8ed841b6ec5b4abe57013a1c2c9748c60
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 22:40:06 2025 -0400

    build(rust): set `rust-version` to 1.85

commit 8df938c9f8b478160213707674157103b0893caf
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 21:53:21 2025 -0400

    fix(rust): correct unsound pointer cast

    The size of `T` is not guaranteed to be the size of `i32` - all we know
    is that `T` is `Into<i32>`, so we should first copy them over into an
    `i32` array

commit 3059b2583a60aa0cac9278afc945ed87f7ddb65e
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 20:13:26 2025 -0400

    docs(rust): update readme

commit 7db69a888e58a4bda20083e4e0771d26a327ad13
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 13:58:30 2025 -0400

    feat(rust): add comprehensive tests

    These tests are copied over from the C tests

commit 78f2207f0e0481aef4de6d5908f8dc699a39a8d5
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 13:57:27 2025 -0400

    feat(rust): add tcg hook

commit 46e53328531ec3279dadbf18c16b493432227b31
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 13:56:55 2025 -0400

    feat(rust): add a hook for arm64 sys instructions

commit d1b58ee8282bf1eeeefbf68c87c2cf7c50c90320
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 13:56:35 2025 -0400

    feat(rust): add the ability to read the arm coprocessor register

commit d304da18b9e6741042b2a70657437be8f39f5c7c
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 13:55:29 2025 -0400

    feat(rust): add missing `Context` methods

commit 0dd87833081ac9db1feaf5bae8c839a7a2ae4947
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 13:44:51 2025 -0400

    refactor(rust): remove unnecessary code

    `unicorn-engine-sys` will provide the necessary constants & types

commit da3d2fa7c3ecd3ae8fdb6672b6c5ea23da4570ff
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 13:43:57 2025 -0400

    feat(rust): add a workspace `Cargo.toml`, and use `unicorn-engine-sys`

commit b27a2a93e4ac43aa2079e936df4dd30a1f8f329a
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 13:38:06 2025 -0400

    feat(rust): introduce `unicorn-engine-sys` crate

    This crate contains generated Rust bindings to the C library via
    bindgen. It is independent from the main `unicorn-engine` bindings,
    which will leverage this

commit bcec87a3f6e316e328683c303ccfa89e530a6c56
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 13:31:24 2025 -0400

    test(m68k): actually assert an expectation

    This test did not actually test for anything before

commit bc7e65ca96164496eb2e250b1f296a33a8aa58ee
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 13:31:09 2025 -0400

    style(test): use bitflag shorthands

commit 0ab4b7fefb3ca17b0b5977d7b204291c5de184ad
Author: Amaan Qureshi <amaanq12@gmail.com>
Date:   Sat Mar 29 13:22:13 2025 -0400

    fix(mips): lowercase enum name `uc_mips_reg`

    This aligns with other architectures

Co-authored-by: Amaan Qureshi <amaanq12@gmail.com>
This commit is contained in:
mio
2025-04-13 00:17:55 +08:00
parent b999f507b9
commit bd5a8c5146
41 changed files with 5033 additions and 4642 deletions
Download Patch File Download Diff File Expand all files Collapse all files

957
bindings/rust/src/tests/arm.rs Normal file
View File

@@ -0,0 +1,957 @@
use super::*;
use crate::{ArmCpuModel, RegisterARM, RegisterARM_CP, TcgOpCode, TcgOpFlag, uc_error};
#[test]
fn test_arm_nop() {
let code = b"\x00\xf0\x20\xe3"; // nop
let r0 = 0x1234;
let r1 = 0x5678;
let mut uc = uc_common_setup(Arch::ARM, Mode::ARM, None, code, ());
uc.reg_write(RegisterARM::R0, r0).unwrap();
uc.reg_write(RegisterARM::R1, r1).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r0 = uc.reg_read(RegisterARM::R0).unwrap();
let r1 = uc.reg_read(RegisterARM::R1).unwrap();
assert_eq!(r0, 0x1234);
assert_eq!(r1, 0x5678);
}
#[test]
fn test_arm_thumb_sub() {
let code = b"\x83\xb0"; // sub sp, #0xc
let sp = 0x1234;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::THUMB,
Some(ArmCpuModel::CORTEX_A15 as i32),
code,
(),
);
uc.reg_write(RegisterARM::SP, sp).unwrap();
uc.emu_start(CODE_START | 1, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let sp = uc.reg_read(RegisterARM::SP).unwrap();
assert_eq!(sp, 0x1228);
}
#[test]
fn test_armeb_sub() {
let code = &[
0xe3, 0xa0, 0x00, 0x37, // mov r0, #0x37
0xe0, 0x42, 0x10, 0x03, // sub r1, r2, r3
];
let r0 = 0x1234;
let r2 = 0x6789;
let r3 = 0x3333;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::ARM | Mode::BIG_ENDIAN,
Some(ArmCpuModel::Model_1176 as i32),
code,
(),
);
uc.reg_write(RegisterARM::R0, r0).unwrap();
uc.reg_write(RegisterARM::R2, r2).unwrap();
uc.reg_write(RegisterARM::R3, r3).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r0 = uc.reg_read(RegisterARM::R0).unwrap();
let r1 = uc.reg_read(RegisterARM::R1).unwrap();
let r2 = uc.reg_read(RegisterARM::R2).unwrap();
let r3 = uc.reg_read(RegisterARM::R3).unwrap();
assert_eq!(r0, 0x37);
assert_eq!(r2, 0x6789);
assert_eq!(r3, 0x3333);
assert_eq!(r1, 0x3456);
}
#[test]
fn test_armeb_be8_sub() {
let code = &[
0x37, 0x00, 0xa0, 0xe3, // mov r0, #0x37
0x03, 0x10, 0x42, 0xe0, // sub r1, r2, r3
];
let r0 = 0x1234;
let r2 = 0x6789;
let r3 = 0x3333;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::ARM | Mode::ARMBE8,
Some(ArmCpuModel::CORTEX_A15 as i32),
code,
(),
);
uc.reg_write(RegisterARM::R0, r0).unwrap();
uc.reg_write(RegisterARM::R2, r2).unwrap();
uc.reg_write(RegisterARM::R3, r3).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r0 = uc.reg_read(RegisterARM::R0).unwrap();
let r1 = uc.reg_read(RegisterARM::R1).unwrap();
let r2 = uc.reg_read(RegisterARM::R2).unwrap();
let r3 = uc.reg_read(RegisterARM::R3).unwrap();
assert_eq!(r0, 0x37);
assert_eq!(r2, 0x6789);
assert_eq!(r3, 0x3333);
assert_eq!(r1, 0x3456);
}
#[test]
fn test_arm_thumbeb_sub() {
let code = b"\xb0\x83"; // sub sp, #0xc
let sp = 0x1234;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::THUMB | Mode::BIG_ENDIAN,
Some(ArmCpuModel::Model_1176 as i32),
code,
(),
);
uc.reg_write(RegisterARM::SP, sp).unwrap();
uc.emu_start(CODE_START | 1, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let sp = uc.reg_read(RegisterARM::SP).unwrap();
assert_eq!(sp, 0x1228);
}
#[test]
fn test_arm_thumb_ite() {
let code = &[
0x9a, 0x42, // cmp r2, r3
0x15, 0xbf, // itete ne
0x00, 0x9a, // ldrne r2, [sp]
0x01, 0x9a, // ldreq r2, [sp,#4]
0x78, 0x23, // movne r3, #0x78
0x15, 0x23, // moveq r3, #0x15
];
let sp = 0x8000;
let mut r2 = 0u32;
let mut r3 = 1u32;
let mut pc = CODE_START as u32;
let mut count = 0;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::THUMB,
Some(ArmCpuModel::CORTEX_A15 as i32),
code,
count,
);
uc.reg_write(RegisterARM::SP, sp).unwrap();
uc.reg_write(RegisterARM::R2, r2 as u64).unwrap();
uc.reg_write(RegisterARM::R3, r3 as u64).unwrap();
uc.mem_map(sp, 0x1000, Prot::ALL).unwrap();
r2 = 0x68;
uc.mem_write(sp, &r2.to_le_bytes()).unwrap();
r2 = 0x4d;
uc.mem_write(sp + 4, &r2.to_le_bytes()).unwrap();
uc.add_code_hook(CODE_START, CODE_START + code.len() as u64, |uc, _, _| {
*uc.get_data_mut() += 1;
})
.unwrap();
// Execute four instructions
uc.emu_start(CODE_START | 1, CODE_START + code.len() as u64, 0, 0)
.unwrap();
r2 = uc.reg_read(RegisterARM::R2).unwrap() as u32;
r3 = uc.reg_read(RegisterARM::R3).unwrap() as u32;
count = *uc.get_data();
assert_eq!(r2, 0x68);
assert_eq!(r3, 0x78);
assert_eq!(count, 4);
r2 = 0;
*uc.get_data_mut() = 0;
uc.reg_write(RegisterARM::R2, r2 as u64).unwrap();
uc.reg_write(RegisterARM::R3, r3 as u64).unwrap();
for _ in 0..6 {
// Execute one instruction at a time.
uc.emu_start(pc as u64 | 1, CODE_START + code.len() as u64, 0, 1)
.unwrap();
pc = uc.reg_read(RegisterARM::PC).unwrap() as u32;
}
r2 = uc.reg_read(RegisterARM::R2).unwrap() as u32;
r3 = uc.reg_read(RegisterARM::R3).unwrap() as u32;
count = *uc.get_data();
assert_eq!(r2, 0x68);
assert_eq!(r3, 0x78);
assert_eq!(count, 4);
}
#[test]
fn test_arm_m_thumb_mrs() {
let code = &[
0xef, 0xf3, 0x14, 0x80, // mrs r0, control
0xef, 0xf3, 0x00, 0x81, // mrs r1, apsr
];
let control = 0b10;
let apsr = (0b10101 << 27) as u32;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::THUMB | Mode::MCLASS,
Some(ArmCpuModel::CORTEX_A15 as i32),
code,
(),
);
uc.reg_write(RegisterARM::CONTROL, control as u64).unwrap();
uc.reg_write(RegisterARM::APSR_NZCVQ, apsr as u64).unwrap();
uc.emu_start(CODE_START | 1, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r0 = uc.reg_read(RegisterARM::R0).unwrap() as u32;
let r1 = uc.reg_read(RegisterARM::R1).unwrap() as u32;
assert_eq!(r0, 0b10);
assert_eq!(r1, 0b10101 << 27);
}
#[test]
fn test_arm_m_control() {
let mut uc = Unicorn::new(Arch::ARM, Mode::THUMB | Mode::MCLASS).unwrap();
let mut control = 0;
uc.reg_write(RegisterARM::CONTROL, control as u64).unwrap();
let msp = 0x1000;
uc.reg_write(RegisterARM::R13, msp as u64).unwrap();
control = 0b10;
uc.reg_write(RegisterARM::CONTROL, control as u64).unwrap();
let psp = uc.reg_read(RegisterARM::R13).unwrap() as u32;
assert_ne!(psp, msp);
let psp = 0x2000;
uc.reg_write(RegisterARM::R13, psp as u64).unwrap();
control = 0;
uc.reg_write(RegisterARM::CONTROL, control as u64).unwrap();
let msp = uc.reg_read(RegisterARM::R13).unwrap() as u32;
assert_ne!(psp, msp);
assert_eq!(msp, 0x1000);
}
// NOTE:
// QEMU raise a special exception [`EXCP_EXCEPTION_EXIT`] to handle the
// [`EXC_RETURN`]. We can't help user handle [`EXC_RETURN`] since unicorn is designed
// not to handle any CPU exception.
#[test]
fn test_arm_m_exc_return() {
let code = b"\x6f\xf0\x02\x00\x00\x47"; // mov r0, #0xFFFFFFFD; bx r0;
let ipsr = 16;
let mut sp = 0x8000;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::THUMB | Mode::MCLASS,
Some(ArmCpuModel::CORTEX_A15 as i32),
code,
(),
);
uc.mem_map(sp - 0x1000, 0x1000, Prot::ALL).unwrap();
uc.add_intr_hook(|uc, intno| {
let pc = uc.reg_read(RegisterARM::PC).unwrap() as u32;
assert_eq!(intno, 8); // EXCP_EXCEPTION_EXIT: Return from v7M exception.
assert_eq!(pc | 1, 0xFFFFFFFD);
uc.emu_stop().unwrap();
})
.unwrap();
sp -= 0x1c;
uc.reg_write(RegisterARM::SP, sp).unwrap();
uc.reg_write(RegisterARM::IPSR, ipsr as u64).unwrap();
uc.emu_start(CODE_START | 1, CODE_START + code.len() as u64, 0, 2)
.unwrap();
}
/// For details, see <https://github.com/unicorn-engine/unicorn/issues/1494>.
#[test]
fn test_arm_und32_to_svc32() {
let code = &[
0x00, 0x00, 0xe0, 0xe3, // MVN r0, #0
0x0e, 0xf0, 0xb0, 0xe1, // MOVS pc, lr
0x00, 0x00, 0xe0, 0xe3, // MVN r0, #0
0x00, 0x00, 0xe0, 0xe3, // MVN r0, #0
];
let cpsr = 0x40000093; // SVC32
let sp = 0x12345678;
let spsr = 0x40000093; // Save previous CPSR
let lr = CODE_START + 8;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::ARM,
Some(ArmCpuModel::CORTEX_A9 as i32),
code,
(),
);
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
uc.reg_write(RegisterARM::SP, sp as u64).unwrap();
let cpsr = 0x4000009b; // UND32
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
uc.reg_write(RegisterARM::SPSR, spsr as u64).unwrap();
uc.reg_write(RegisterARM::SP, 0xDEAD0000).unwrap();
uc.reg_write(RegisterARM::LR, lr).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 3)
.unwrap();
let sp = uc.reg_read(RegisterARM::SP).unwrap() as u32;
assert_eq!(sp, 0x12345678);
}
#[test]
fn test_arm_usr32_to_svc32() {
let mut uc = Unicorn::new(Arch::ARM, Mode::ARM).unwrap();
uc.ctl_set_cpu_model(ArmCpuModel::CORTEX_A9 as i32).unwrap();
// https://www.keil.com/pack/doc/CMSIS/Core_A/html/group__CMSIS__CPSR__M.html
let mut cpsr = 0x40000093; // SVC32
let mut sp = 0x12345678;
let mut lr = 0x00102220;
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
uc.reg_write(RegisterARM::SP, sp as u64).unwrap();
uc.reg_write(RegisterARM::LR, lr as u64).unwrap();
cpsr = 0x4000009b; // UND32
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
let spsr = 0x40000093; // Save previous CPSR
uc.reg_write(RegisterARM::SPSR, spsr as u64).unwrap();
sp = 0xDEAD0000;
uc.reg_write(RegisterARM::SP, sp as u64).unwrap();
lr = 0x00509998;
uc.reg_write(RegisterARM::LR, lr as u64).unwrap();
cpsr = uc.reg_read(RegisterARM::CPSR).unwrap() as u32;
assert_eq!(cpsr & ((1 << 4) - 1), 0xb); // We are in UND32
cpsr = 0x40000090; // USR32
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
sp = 0x0010000;
uc.reg_write(RegisterARM::R13, sp as u64).unwrap();
lr = 0x0001234;
uc.reg_write(RegisterARM::LR, lr as u64).unwrap();
cpsr = uc.reg_read(RegisterARM::CPSR).unwrap() as u32;
assert_eq!(cpsr & ((1 << 4) - 1), 0); // We are in USR32
cpsr = 0x40000093; // SVC32
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
cpsr = uc.reg_read(RegisterARM::CPSR).unwrap() as u32;
sp = uc.reg_read(RegisterARM::SP).unwrap() as u32;
assert_eq!(cpsr & ((1 << 4) - 1), 3); // We are in SVC32
assert_eq!(sp, 0x12345678);
}
#[test]
fn test_arm_v8() {
let code = b"\xd0\xe8\xff\x17"; // LDAEXD.W R1, [R0]
let r0 = 0x8000;
let r1 = 0xdeadbeefu32;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::THUMB,
Some(ArmCpuModel::CORTEX_M33 as i32),
code,
(),
);
uc.mem_map(r0, 0x1000, Prot::ALL).unwrap();
uc.mem_write(r0, &r1.to_le_bytes()).unwrap();
uc.reg_write(RegisterARM::R0, r0).unwrap();
uc.emu_start(CODE_START | 1, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r1 = uc.reg_read(RegisterARM::R1).unwrap() as u32;
assert_eq!(r1, 0xdeadbeef);
}
#[test]
fn test_arm_thumb_smlabb() {
let code = b"\x13\xfb\x01\x23";
let r1 = 7;
let r2 = 9;
let r3 = 5;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::THUMB,
Some(ArmCpuModel::CORTEX_M7 as i32),
code,
(),
);
uc.reg_write(RegisterARM::R1, r1 as u64).unwrap();
uc.reg_write(RegisterARM::R2, r2 as u64).unwrap();
uc.reg_write(RegisterARM::R3, r3 as u64).unwrap();
uc.emu_start(CODE_START | 1, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r3 = uc.reg_read(RegisterARM::R3).unwrap() as u32;
assert_eq!(r3, 5 * 7 + 9);
}
#[test]
fn test_arm_not_allow_privilege_escalation() {
#[rustfmt::skip]
let code = &[
0x1f, 0x60, 0xc6, 0xe3, // BIC r6, r6, #&1F
0x13, 0x60, 0x86, 0xe3, // ORR r6, r6, #&13
0x06, 0xf0, 0x21, 0xe1, // MSR cpsr_c, r6 ; switch to SVC32 (should be ineffective from USR32)
0x00, 0x00, 0xa0, 0xe1, // MOV r0,r0
0x11, 0x00, 0x00, 0xef, // SWI OS_Exit
];
let cpsr = 0x40000013; // SVC32
let sp = 0x12345678;
let lr = 0x00102220;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::ARM,
Some(ArmCpuModel::CORTEX_A15 as i32),
code,
(),
);
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
uc.reg_write(RegisterARM::SP, sp as u64).unwrap();
uc.reg_write(RegisterARM::LR, lr as u64).unwrap();
let cpsr = 0x40000010; // USR32
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
let sp = 0x0010000;
uc.reg_write(RegisterARM::SP, sp as u64).unwrap();
let lr = 0x0001234;
uc.reg_write(RegisterARM::LR, lr as u64).unwrap();
let err = uc
.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap_err();
assert_eq!(err, uc_error::EXCEPTION);
let sp = uc.reg_read(RegisterARM::SP).unwrap() as u32;
let lr = uc.reg_read(RegisterARM::LR).unwrap() as u32;
let cpsr = uc.reg_read(RegisterARM::CPSR).unwrap() as u32;
assert_eq!(cpsr & ((1 << 4) - 1), 0); // Stay in USR32
assert_eq!(lr, 0x1234);
assert_eq!(sp, 0x10000);
}
#[test]
fn test_arm_mrc() {
let code = b"\x1d\xee\x70\x1f"; // mrc p15, #0, r1, c13, c0, #3
let mut uc = uc_common_setup(Arch::ARM, Mode::THUMB, None, code, ());
uc.emu_start(CODE_START | 1, CODE_START + code.len() as u64, 0, 0)
.unwrap();
}
#[test]
fn test_arm_hflags_rebuilt() {
let code = &[
0x00, 0x60, 0x0f, 0xe1, // MRS r6, apsr
0x1f, 0x60, 0xc6, 0xe3, // BIC r6, r6, #&1F
0x10, 0x60, 0x86, 0xe3, // ORR r6, r6, #&10
0x06, 0xf0, 0x21, 0xe1, // MSR cpsr_c, r6
0x16, 0x00, 0x02, 0xef, // SWI OS_EnterOS
0x06, 0xf0, 0x21, 0xe1, // MSR cpsr_c, r6
];
let cpsr = 0x40000013; // SVC32
let sp = 0x12345678;
let lr = 0x00102220;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::ARM,
Some(ArmCpuModel::CORTEX_A9 as i32),
code,
(),
);
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
uc.reg_write(RegisterARM::SP, sp as u64).unwrap();
uc.reg_write(RegisterARM::LR, lr as u64).unwrap();
let cpsr = 0x40000010; // USR32
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
let sp = 0x0010000;
uc.reg_write(RegisterARM::R13, sp as u64).unwrap();
let lr = 0x0001234;
uc.reg_write(RegisterARM::R14, lr as u64).unwrap();
let err = uc
.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap_err();
assert_eq!(err, uc_error::EXCEPTION);
let cpsr = 0x60000013;
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
let cpsr = 0x60000010;
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
let cpsr = 0x60000013;
uc.reg_write(RegisterARM::CPSR, cpsr as u64).unwrap();
let pc = uc.reg_read(RegisterARM::PC).unwrap();
uc.emu_start(pc, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let cpsr = uc.reg_read(RegisterARM::CPSR).unwrap() as u32;
let sp = uc.reg_read(RegisterARM::R13).unwrap() as u32;
let lr = uc.reg_read(RegisterARM::R14).unwrap() as u32;
assert_eq!(cpsr, 0x60000010);
assert_eq!(sp, 0x00010000);
assert_eq!(lr, 0x00001234);
}
#[test]
fn test_arm_mem_access_abort() {
let code = &[
0x00, 0x00, 0x90, 0xe5, // LDR r0, [r0]
0x00, 0xa0, 0xf0, 0xf7, // Undefined instruction
];
let r0 = 0x990000;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::ARM,
Some(ArmCpuModel::CORTEX_A9 as i32),
code,
0,
);
uc.reg_write(RegisterARM::R0, r0 as u64).unwrap();
uc.add_mem_hook(HookType::MEM_UNMAPPED, 1, 0, |uc, _, _, _, _| {
*uc.get_data_mut() = uc.reg_read(RegisterARM::PC).unwrap();
false
})
.unwrap();
uc.add_insn_invalid_hook(|uc| {
*uc.get_data_mut() = uc.reg_read(RegisterARM::PC).unwrap();
false
})
.unwrap();
let err = uc.emu_start(CODE_START, CODE_START + 4, 0, 0).unwrap_err();
assert_eq!(err, uc_error::READ_UNMAPPED);
let pc = uc.reg_read(RegisterARM::PC).unwrap();
assert_eq!(pc, *uc.get_data());
let err = uc
.emu_start(CODE_START + 4, CODE_START + 8, 0, 0)
.unwrap_err();
assert_eq!(err, uc_error::INSN_INVALID);
let pc = uc.reg_read(RegisterARM::PC).unwrap();
assert_eq!(pc, *uc.get_data());
let err = uc.emu_start(0x900000, 0x900000 + 8, 0, 0).unwrap_err();
assert_eq!(err, uc_error::FETCH_UNMAPPED);
let pc = uc.reg_read(RegisterARM::PC).unwrap();
assert_eq!(pc, *uc.get_data());
}
#[test]
fn test_arm_read_sctlr() {
let uc = Unicorn::new(Arch::ARM, Mode::ARM).unwrap();
let mut reg = RegisterARM_CP {
cp: 15,
is64: 0,
sec: 0,
crn: 1,
crm: 0,
opc1: 0,
opc2: 0,
val: 0,
};
uc.reg_read_arm_coproc(&mut reg).unwrap();
assert_eq!((reg.val >> 31) & 1, 0);
}
#[test]
fn test_arm_be_cpsr_sctlr() {
let mut uc = Unicorn::new(Arch::ARM, Mode::ARM | Mode::BIG_ENDIAN).unwrap();
uc.ctl_set_cpu_model(ArmCpuModel::Model_1176 as i32)
.unwrap();
let mut reg = RegisterARM_CP {
cp: 15,
is64: 0,
sec: 0,
crn: 1,
crm: 0,
opc1: 0,
opc2: 0,
val: 0,
};
uc.reg_read_arm_coproc(&mut reg).unwrap();
let cpsr = uc.reg_read(RegisterARM::CPSR).unwrap();
assert_ne!(reg.val & (1 << 7), 0);
assert_ne!(cpsr & (1 << 9), 0);
let mut uc = Unicorn::new(Arch::ARM, Mode::ARM | Mode::ARMBE8).unwrap();
uc.ctl_set_cpu_model(ArmCpuModel::CORTEX_A15 as i32)
.unwrap();
let mut reg = RegisterARM_CP {
cp: 15,
is64: 0,
sec: 0,
crn: 1,
crm: 0,
opc1: 0,
opc2: 0,
val: 0,
};
uc.reg_read_arm_coproc(&mut reg).unwrap();
let cpsr = uc.reg_read(RegisterARM::CPSR).unwrap();
// SCTLR.B == 0
assert_eq!(reg.val & (1 << 7), 0);
assert_ne!(cpsr & (1 << 9), 0);
}
#[test]
fn test_arm_switch_endian() {
let code = b"\x00\x00\x91\xe5"; // ldr r0, [r1]
let mut uc = uc_common_setup(
Arch::ARM,
Mode::ARM,
Some(ArmCpuModel::CORTEX_A15 as i32),
code,
(),
);
let r1 = CODE_START;
uc.reg_write(RegisterARM::R1, r1).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r0 = uc.reg_read(RegisterARM::R0).unwrap();
assert_eq!(r0, 0xe5910000);
let mut cpsr = uc.reg_read(RegisterARM::CPSR).unwrap();
cpsr |= 1 << 9;
uc.reg_write(RegisterARM::CPSR, cpsr).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r0 = uc.reg_read(RegisterARM::R0).unwrap();
assert_eq!(r0, 0x000091e5);
}
#[test]
fn test_armeb_ldrb() {
let code = b"\xe5\xd2\x10\x00"; // ldrb r1, [r2]
let data_address = 0x800000;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::ARM | Mode::BIG_ENDIAN,
Some(ArmCpuModel::Model_1176 as i32),
code,
(),
);
uc.mem_map(data_address, 1024 * 1024, Prot::ALL).unwrap();
uc.mem_write(data_address, b"\x66\x67\x68\x69").unwrap();
let mut r2 = data_address;
uc.reg_write(RegisterARM::R2, r2).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r1 = uc.reg_read(RegisterARM::R1).unwrap();
assert_eq!(r1, 0x66);
r2 += 1;
uc.reg_write(RegisterARM::R2, r2).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r1 = uc.reg_read(RegisterARM::R1).unwrap();
assert_eq!(r1, 0x67);
r2 += 1;
uc.reg_write(RegisterARM::R2, r2).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r1 = uc.reg_read(RegisterARM::R1).unwrap();
assert_eq!(r1, 0x68);
r2 += 1;
uc.reg_write(RegisterARM::R2, r2).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r1 = uc.reg_read(RegisterARM::R1).unwrap();
assert_eq!(r1, 0x69);
}
#[test]
fn test_arm_context_save() {
let code = b"\x83\xb0"; // sub sp, #0xc
let uc = uc_common_setup(
Arch::ARM,
Mode::THUMB,
Some(ArmCpuModel::CORTEX_R5 as i32),
code,
(),
);
let mut context = uc.context_alloc().unwrap();
uc.context_save(&mut context).unwrap();
let pc = context.reg_read(RegisterARM::PC).unwrap();
context.reg_write(RegisterARM::PC, pc).unwrap();
uc.context_restore(&context).unwrap();
let uc2 = uc_common_setup(
Arch::ARM,
Mode::THUMB,
Some(ArmCpuModel::CORTEX_A7 as i32), // NOTE: different CPU model
code,
(),
);
uc2.context_restore(&context).unwrap();
let pc2 = uc2.reg_read(RegisterARM::PC).unwrap();
assert_eq!(pc, pc2);
}
#[test]
fn test_arm_thumb2() {
#[rustfmt::skip]
let code = &[
0x24, 0x20, // MOVS R0, #0x24
0x00, 0xF0, 0x04, 0x00, // AND.W R0, R0, #4
];
let mut uc = uc_common_setup(
Arch::ARM,
Mode::THUMB | Mode::LITTLE_ENDIAN,
Some(ArmCpuModel::CORTEX_R5 as i32),
code,
(),
);
uc.emu_start(CODE_START | 1, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r0 = uc.reg_read(RegisterARM::R0).unwrap();
assert_eq!(r0, 0x4);
}
#[test]
fn test_armeb_be32_thumb2() {
#[rustfmt::skip]
let code = &[
0x20, 0x24, // MOVS R0, #0x24
0xF0, 0x00, 0x00, 0x04, // AND.W R0, R0, #4
];
let mut uc = uc_common_setup(
Arch::ARM,
Mode::THUMB | Mode::BIG_ENDIAN,
Some(ArmCpuModel::CORTEX_R5 as i32),
code,
(),
);
uc.emu_start(CODE_START | 1, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r0 = uc.reg_read(RegisterARM::R0).unwrap();
assert_eq!(r0, 0x4);
}
#[test]
fn test_arm_mem_hook_read_write() {
#[rustfmt::skip]
let code = &[
0x00, 0x10, 0x9d, 0xe5, // ldr r1, [sp]
0x04, 0x10, 0x8d, 0xe5, // str r1, [sp, #4]
0x04, 0x20, 0x9d, 0xe5, // ldr r2, [sp, #4]
0x00, 0x20, 0x8d, 0xe5, // str r2, [sp]
];
let sp = 0x9000;
let mut uc = uc_common_setup(
Arch::ARM,
Mode::ARM,
Some(ArmCpuModel::CORTEX_A15 as i32),
code,
[0u64; 2],
);
uc.reg_write(RegisterARM::SP, sp).unwrap();
uc.mem_map(0x8000, 1024 * 16, Prot::ALL).unwrap();
uc.add_mem_hook(HookType::MEM_READ, 1, 0, |uc, _, _, _, _| {
(*uc.get_data_mut())[0] += 1;
false
})
.unwrap();
uc.add_mem_hook(HookType::MEM_WRITE, 1, 0, |uc, _, _, _, _| {
(*uc.get_data_mut())[1] += 1;
false
})
.unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let [read, write] = *uc.get_data();
assert_eq!(read, 2);
assert_eq!(write, 2);
}
#[derive(Default)]
struct CmpInfo {
v0: u64,
v1: u64,
size: u64,
pc: u64,
}
fn uc_hook_sub_cmp(uc: &mut Unicorn<'_, CmpInfo>, address: u64, arg1: u64, arg2: u64, size: usize) {
let data = uc.get_data_mut();
data.pc = address;
data.size = size as u64;
data.v0 = arg1;
data.v1 = arg2;
}
#[test]
fn test_arm_tcg_opcode_cmp() {
let code = &[
0x04, 0x00, 0x9f, 0xe5, // ldr r0, [pc, #4]
0x04, 0x10, 0x9f, 0xe5, // ldr r1, [pc, #4]
0x01, 0x00, 0x50, 0xe1, // cmp r0, r1
0x05, 0x00, 0x00, 0x00, // (5)
0x03, 0x00, 0x00, 0x00, // (3)
];
let mut uc = uc_common_setup(
Arch::ARM,
Mode::ARM,
Some(ArmCpuModel::CORTEX_A15 as i32),
code,
CmpInfo::default(),
);
uc.add_tcg_hook(TcgOpCode::SUB, TcgOpFlag::CMP, 1, 0, uc_hook_sub_cmp)
.unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 3)
.unwrap();
let cmp_info = uc.get_data();
assert_eq!(cmp_info.v0, 5);
assert_eq!(cmp_info.v1, 3);
assert_eq!(cmp_info.pc, 0x1008);
assert_eq!(cmp_info.size, 32);
}
#[test]
fn test_arm_thumb_tcg_opcode_cmn() {
#[rustfmt::skip]
let code = &[
0x01, 0x48, // ldr r0, [pc #4]
0x02, 0x49, // ldr r1, [pc #8]
0x00, 0xbf, // nop
0xc8, 0x42, // cmn r0, r1
0x05, 0x00, 0x00, 0x00, // (5)
0x03, 0x00, 0x00, 0x00, // (3)
];
let mut uc = uc_common_setup(
Arch::ARM,
Mode::THUMB,
Some(ArmCpuModel::CORTEX_A15 as i32),
code,
CmpInfo::default(),
);
uc.add_tcg_hook(TcgOpCode::SUB, TcgOpFlag::CMP, 1, 0, uc_hook_sub_cmp)
.unwrap();
uc.emu_start(CODE_START | 1, CODE_START + code.len() as u64, 0, 4)
.unwrap();
let cmp_info = uc.get_data();
assert_eq!(cmp_info.v0, 5);
assert_eq!(cmp_info.v1, 3);
assert_eq!(cmp_info.pc, 0x1006);
assert_eq!(cmp_info.size, 32);
}
#[test]
fn test_arm_cp15_c1_c0_2() {
let val = 0x12345678;
// Initialize emulator in ARM mode
let mut uc = Unicorn::new(Arch::ARM, Mode::ARM).unwrap();
uc.ctl_set_cpu_model(ArmCpuModel::CORTEX_A15 as i32)
.unwrap();
// Write to CP15 C1_C0_2
uc.reg_write(RegisterARM::C1_C0_2, val).unwrap();
// Read from CP15 C1_C0_2
let read_val = uc.reg_read(RegisterARM::C1_C0_2).unwrap();
assert_eq!(val, read_val);
}

542
bindings/rust/src/tests/arm64.rs Normal file
View File

@@ -0,0 +1,542 @@
use unicorn_engine_sys::{Arm64CpuModel, Arm64Insn, RegisterARM64};
use super::*;
#[test]
fn test_arm64_until() {
let code = &[
0x30, 0x00, 0x80, 0xd2, // mov x16, #1
0x11, 0x04, 0x80, 0xd2, // mov x17, #0x20
0x9c, 0x23, 0x00, 0x91, // add x28, x28, 8
];
let mut uc = uc_common_setup(
Arch::ARM64,
Mode::ARM,
Some(Arm64CpuModel::A72 as i32),
code,
(),
);
let x16 = 0x12341234;
let x17 = 0x78907890;
let x28 = 0x12341234;
uc.reg_write(RegisterARM64::X16, x16).unwrap();
uc.reg_write(RegisterARM64::X17, x17).unwrap();
uc.reg_write(RegisterARM64::X28, x28).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 3)
.unwrap();
let x16 = uc.reg_read(RegisterARM64::X16).unwrap();
let x17 = uc.reg_read(RegisterARM64::X17).unwrap();
let x28 = uc.reg_read(RegisterARM64::X28).unwrap();
let pc = uc.reg_read(RegisterARM64::PC).unwrap();
assert_eq!(x16, 0x1);
assert_eq!(x17, 0x20);
assert_eq!(x28, 0x1234123c);
assert_eq!(pc, CODE_START + code.len() as u64);
}
#[test]
fn test_arm64_code_patching() {
let code = &[0x00, 0x04, 0x00, 0x11]; // add w0, w0, 0x1
let mut uc = uc_common_setup(
Arch::ARM64,
Mode::ARM,
Some(Arm64CpuModel::A72 as i32),
code,
(),
);
let x0 = 0x0;
uc.reg_write(RegisterARM64::X0, x0).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
assert_eq!(x0, 0x1);
let patch_code = &[0x00, 0xfc, 0x1f, 0x11]; // add w0, w0, 0x7FF
uc.mem_write(CODE_START, patch_code).unwrap();
let x0 = 0x0;
uc.reg_write(RegisterARM64::X0, x0).unwrap();
uc.emu_start(CODE_START, CODE_START + patch_code.len() as u64, 0, 0)
.unwrap();
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
assert_ne!(x0, 0x1);
assert_eq!(x0, 0x7ff);
}
/// Need to flush the cache before running the emulation after patching
#[test]
fn test_arm64_code_patching_count() {
let code = &[0x00, 0x04, 0x00, 0x11]; // add w0, w0, 0x1
let mut uc = uc_common_setup(
Arch::ARM64,
Mode::ARM,
Some(Arm64CpuModel::A72 as i32),
code,
(),
);
let x0 = 0x0;
uc.reg_write(RegisterARM64::X0, x0).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 1)
.unwrap();
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
assert_eq!(x0, 0x1);
let patch_code = &[0x00, 0xfc, 0x1f, 0x11]; // add w0, w0, 0x7FF
uc.mem_write(CODE_START, patch_code).unwrap();
uc.ctl_remove_cache(CODE_START, CODE_START + patch_code.len() as u64)
.unwrap();
let x0 = 0x0;
uc.reg_write(RegisterARM64::X0, x0).unwrap();
uc.emu_start(CODE_START, CODE_START + patch_code.len() as u64, 0, 1)
.unwrap();
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
assert_ne!(x0, 0x1);
assert_eq!(x0, 0x7ff);
}
#[test]
fn test_arm64_v8_pac() {
let code = &[0x28, 0xfd, 0xea, 0xc8]; // casal x10, x8, [x9]
let mut uc = uc_common_setup(
Arch::ARM64,
Mode::ARM,
Some(Arm64CpuModel::MAX as i32),
code,
(),
);
uc.mem_map(0x40000, 0x1000, Prot::ALL).unwrap();
uc.mem_write(0x40000, &[0; 8]).unwrap();
let x9 = 0x40000;
uc.reg_write(RegisterARM64::X9, x9).unwrap();
let x8 = 0xdeadbeafdeadbeaf;
uc.reg_write(RegisterARM64::X8, x8).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let mem = u64::from_le_bytes(uc.mem_read_as_vec(0x40000, 8).unwrap().try_into().unwrap());
assert_eq!(mem, x8);
}
#[test]
fn test_arm64_read_sctlr() {
let uc = Unicorn::new(Arch::ARM64, Mode::ARM | Mode::LITTLE_ENDIAN).unwrap();
let reg = uc.reg_read_arm64_coproc().unwrap();
assert_eq!(reg.val >> 58, 0);
}
#[test]
fn test_arm64_mrs_hook() {
let code = &[0x62, 0xd0, 0x3b, 0xd5]; // mrs x2, tpidrro_el0
let mut uc = uc_common_setup(
Arch::ARM64,
Mode::ARM | Mode::LITTLE_ENDIAN,
Some(Arm64CpuModel::A72 as i32),
code,
(),
);
uc.add_insn_sys_hook_arm64(Arm64Insn::UC_ARM64_INS_MRS, 1, 0, |uc, reg, _| {
let x2 = 0x114514;
uc.reg_write(reg, x2).unwrap();
// Skip
true
})
.unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let x2 = uc.reg_read(RegisterARM64::X2).unwrap();
assert_eq!(x2, 0x114514);
}
#[test]
fn test_arm64_correct_address_in_small_jump_hook() {
let code = &[
0x00, 0xe0, 0x8f, 0xd2, // mov x0, #0x7F00
0x00, 0x00, 0x1f, 0xd6, // br x0
];
let mut uc = uc_common_setup(
Arch::ARM64,
Mode::ARM,
Some(Arm64CpuModel::A72 as i32),
code,
(),
);
uc.add_mem_hook(HookType::MEM_UNMAPPED, 1, 0, |uc, _, address, _, _| {
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
let pc = uc.reg_read(RegisterARM64::PC).unwrap();
assert_eq!(x0, 0x7F00);
assert_eq!(pc, 0x7F00);
assert_eq!(address, 0x7F00);
false
})
.unwrap();
let err = uc
.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap_err();
assert_eq!(err, uc_error::FETCH_UNMAPPED);
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
let pc = uc.reg_read(RegisterARM64::PC).unwrap();
assert_eq!(x0, 0x7F00);
assert_eq!(pc, 0x7F00);
}
#[test]
fn test_arm64_correct_address_in_long_jump_hook() {
let code = &[0xe0, 0xdb, 0x78, 0xb2, 0x00, 0x00, 0x1f, 0xd6]; // mov x0, 0x7FFFFFFFFFFFFF00; br x0
let mut uc = uc_common_setup(
Arch::ARM64,
Mode::ARM,
Some(Arm64CpuModel::A72 as i32),
code,
(),
);
uc.add_mem_hook(HookType::MEM_UNMAPPED, 1, 0, |uc, _, address, _, _| {
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
let pc = uc.reg_read(RegisterARM64::PC).unwrap();
assert_eq!(x0, 0x7FFFFFFFFFFFFF00);
assert_eq!(pc, 0x7FFFFFFFFFFFFF00);
assert_eq!(address, 0x7FFFFFFFFFFFFF00);
false
})
.unwrap();
let err = uc
.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap_err();
assert_eq!(err, uc_error::FETCH_UNMAPPED);
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
let pc = uc.reg_read(RegisterARM64::PC).unwrap();
assert_eq!(x0, 0x7FFFFFFFFFFFFF00);
assert_eq!(pc, 0x7FFFFFFFFFFFFF00);
}
#[test]
fn test_arm64_block_sync_pc() {
let code = &[
0x00, 0x48, 0x13, 0x91, // add x0, x0, #1234
0x01, 0x00, 0x00, 0x94, // bl t
0xc1, 0xc5, 0x82, 0xd2, // t: mov x1, #5678
];
let mut uc = uc_common_setup(
Arch::ARM64,
Mode::ARM,
Some(Arm64CpuModel::A72 as i32),
code,
true,
);
uc.add_block_hook(CODE_START + 8, CODE_START + 12, |uc, addr, _| {
let pc = uc.reg_read(RegisterARM64::PC).unwrap();
assert_eq!(pc, addr);
let val = CODE_START;
let first = *uc.get_data_mut();
if first {
uc.reg_write(RegisterARM64::PC, val).unwrap();
*uc.get_data_mut() = false;
}
})
.unwrap();
let x0 = 0;
uc.reg_write(RegisterARM64::X0, x0).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
assert_eq!(x0, 1234 * 2);
}
#[test]
fn test_arm64_block_invalid_mem_read_write_sync() {
let code = &[
0x20, 0x00, 0x80, 0xd2, // mov x0, #1
0x41, 0x00, 0x80, 0xd2, // mov x1, #2
0x20, 0x00, 0x40, 0xf9, // ldr x0, [x1]
];
let mut uc = uc_common_setup(
Arch::ARM64,
Mode::ARM,
Some(Arm64CpuModel::A72 as i32),
code,
true,
);
uc.add_mem_hook(
HookType::MEM_READ,
CODE_START + 8,
CODE_START + 12,
|_, _, _, _, _| false,
)
.unwrap();
let err = uc
.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap_err();
assert_eq!(err, uc_error::READ_UNMAPPED);
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
let x1 = uc.reg_read(RegisterARM64::X1).unwrap();
assert_eq!(x0, 1);
assert_eq!(x1, 2);
}
#[test]
fn test_arm64_mmu() {
#[rustfmt::skip]
let code = &[
// Read data from physical address
0x00, 0x81, 0x00, 0x58, // ldr x0, =0x40000000
0x01, 0x00, 0x40, 0xf9, // ldr x1, [x0]
// Initialize translation table control registers
0x00, 0x81, 0x00, 0x58, // ldr x0, =0x180803F20
0x40, 0x20, 0x18, 0xd5, // msr TCR_EL1, x0
0x00, 0x81, 0x00, 0x58, // ldr x0, =0xFFFFFFFF
0x00, 0xa2, 0x18, 0xd5, // msr MAIR_EL1, x0
// Set translation table
0x40, 0x7f, 0x00, 0x10, // adr x0, ttb0_base
0x00, 0x20, 0x18, 0xd5, // msr TTBR0_EL1, x0
// Enable caches and the MMU
0x00, 0x10, 0x38, 0xd5, // mrs x0, SCTLR_EL1
0x00, 0x00, 0x7e, 0xb2, // orr x0, x0, #(0x1 << 2) // The C bit (data cache)
0x00, 0x00, 0x74, 0xb2, // orr x0, x0, #(0x1 << 12) // The I bit (instruction cache)
0x00, 0x00, 0x40, 0xb2, // orr x0, x0, #0x1
0x00, 0x10, 0x18, 0xd5, // msr SCTLR_EL1, x0
0x9f, 0x3f, 0x03, 0xd5, // dsb SY
0xdf, 0x3f, 0x03, 0xd5, // isb
// Read the same memory area through virtual address
0xe0, 0x7f, 0x00, 0x58, // ldr x0, =0x80000000
0x02, 0x00, 0x40, 0xf9, // ldr x2, [x0]
// Stop
0x00, 0x00, 0x00, 0x14, // b .
0x1f, 0x20, 0x03, 0xd5, // nop
0x1f, 0x20, 0x03, 0xd5, // nop
0x1f, 0x20, 0x03, 0xd5, // nop
0x1f, 0x20, 0x03, 0xd5, // nop
0x1f, 0x20, 0x03, 0xd5, // nop
];
let mut data = vec![0x44u8; 0x1000];
let mut tlbe = [0x41, 0x07, 0, 0, 0, 0, 0, 0];
let mut uc = Unicorn::new(Arch::ARM64, Mode::ARM).unwrap();
uc.ctl_set_tlb_type(unicorn_engine_sys::TlbType::CPU)
.unwrap();
uc.mem_map(0, 0x2000, Prot::ALL).unwrap();
uc.mem_write(0, code).unwrap();
uc.mem_write(0x1000, &tlbe).unwrap();
tlbe[3] = 0x40;
uc.mem_write(0x1008, &tlbe).unwrap();
uc.mem_write(0x1010, &tlbe).unwrap();
uc.mem_write(0x1018, &tlbe).unwrap();
tlbe[0] = 0;
tlbe[1] = 0;
uc.mem_write(0x1020, &tlbe).unwrap();
tlbe[0] = 0x20;
tlbe[1] = 0x3f;
tlbe[2] = 0x80;
tlbe[3] = 0x80;
tlbe[4] = 0x1;
uc.mem_write(0x1028, &tlbe).unwrap();
tlbe[0] = 0xff;
tlbe[1] = 0xff;
tlbe[2] = 0xff;
tlbe[3] = 0xff;
tlbe[4] = 0x00;
uc.mem_write(0x1030, &tlbe).unwrap();
tlbe[0] = 0;
tlbe[1] = 0;
tlbe[2] = 0;
tlbe[3] = 0x80;
uc.mem_write(0x1038, &tlbe).unwrap();
unsafe {
uc.mem_map_ptr(
0x40000000,
0x1000,
Prot::READ,
data.as_mut_ptr().cast::<core::ffi::c_void>(),
)
.unwrap();
}
uc.emu_start(0, 0x44, 0, 0).unwrap();
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
let x1 = uc.reg_read(RegisterARM64::X1).unwrap();
let x2 = uc.reg_read(RegisterARM64::X2).unwrap();
assert_eq!(x0, 0x80000000);
assert_eq!(x1, 0x4444444444444444);
assert_eq!(x2, 0x4444444444444444);
}
#[test]
fn test_arm64_pc_wrap() {
let code1 = &[0x20, 0x00, 0x02, 0x8b]; // add x1, x2, x3
let code2 = &[0x20, 0x00, 0x03, 0x8b]; // add x1, x3, x3
let mut uc = Unicorn::new(Arch::ARM64, Mode::ARM).unwrap();
uc.mem_map(0xFFFFFFFFFFFFF000, 4096, Prot::READ | Prot::EXEC)
.unwrap();
uc.mem_write(0xFFFFFFFFFFFFFFFC, code1).unwrap();
let x1 = 1;
let x2 = 2;
uc.reg_write(RegisterARM64::X1, x1).unwrap();
uc.reg_write(RegisterARM64::X2, x2).unwrap();
uc.emu_start(
0xFFFFFFFFFFFFFFFC,
0xFFFFFFFFFFFFFFFCu64.wrapping_add(4),
0,
1,
)
.unwrap();
uc.mem_unmap(0xFFFFFFFFFFFFF000, 4096).unwrap();
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
assert_eq!(x0, 1 + 2);
uc.mem_map(0xFFFFFFFFFFFFF000, 4096, Prot::READ | Prot::EXEC)
.unwrap();
uc.mem_write(0xFFFFFFFFFFFFFFFC, code2).unwrap();
let x1 = 5;
let x2 = 0;
let x3 = 5;
uc.reg_write(RegisterARM64::X1, x1).unwrap();
uc.reg_write(RegisterARM64::X2, x2).unwrap();
uc.reg_write(RegisterARM64::X3, x3).unwrap();
uc.emu_start(
0xFFFFFFFFFFFFFFFC,
0xFFFFFFFFFFFFFFFCu64.wrapping_add(4),
0,
1,
)
.unwrap();
uc.mem_unmap(0xFFFFFFFFFFFFF000, 4096).unwrap();
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
assert_eq!(x0, 5 + 5);
}
#[test]
fn test_arm64_mem_prot_regress() {
let code = &[0x08, 0x40, 0x5e, 0x78]; // ldurh w8, [x0, #-0x1c]
let mut uc = Unicorn::new(Arch::ARM64, Mode::ARM).unwrap();
uc.mem_map(0, 0x4000, Prot::READ | Prot::EXEC).unwrap();
uc.mem_map(0x4000, 0xC000, Prot::READ | Prot::WRITE)
.unwrap();
uc.mem_write(0, code).unwrap();
uc.add_mem_hook(
HookType::MEM_READ | HookType::MEM_WRITE,
1,
0,
|_, _, _, _, _| false,
)
.unwrap();
uc.add_mem_hook(HookType::MEM_PROT, 1, 0, |_, _, _, _, _| false)
.unwrap();
uc.add_mem_hook(HookType::MEM_UNMAPPED, 1, 0, |_, _, _, _, _| false)
.unwrap();
let value = 0x801b;
uc.reg_write(RegisterARM64::X0, value).unwrap();
uc.emu_start(0, code.len() as u64, 0, 0).unwrap();
}
#[test]
fn test_arm64_mem_hook_read_write() {
let code = &[
0xe1, 0x0b, 0x40, 0xa9, // ldp x1, x2, [sp]
0xe1, 0x0b, 0x00, 0xa9, // stp x1, x2, [sp]
0xe1, 0x0b, 0x40, 0xa9, // ldp x1, x2, [sp]
0xe1, 0x0b, 0x00, 0xa9, // stp x1, x2, [sp]
];
let mut uc = uc_common_setup(
Arch::ARM64,
Mode::ARM,
Some(Arm64CpuModel::A72 as i32),
code,
[0, 0],
);
let sp = 0x16db6a040;
uc.reg_write(RegisterARM64::SP, sp).unwrap();
uc.mem_map(0x16db68000, 1024 * 16, Prot::ALL).unwrap();
uc.add_mem_hook(HookType::MEM_READ, 1, 0, |uc, _, _, _, _| {
(*uc.get_data_mut())[0] += 1;
false
})
.unwrap();
uc.add_mem_hook(HookType::MEM_WRITE, 1, 0, |uc, _, _, _, _| {
(*uc.get_data_mut())[1] += 1;
false
})
.unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let [read, write] = *uc.get_data();
assert_eq!(read, 4);
assert_eq!(write, 4);
}

281
bindings/rust/src/tests/ctl.rs Normal file
View File

@@ -0,0 +1,281 @@
use std::time::{Duration, Instant};
use unicorn_engine_sys::{RegisterX86, X86Insn};
use super::*;
use crate::Unicorn;
#[test]
fn test_uc_ctl_mode() {
let uc = Unicorn::new(Arch::X86, Mode::MODE_32).unwrap();
let mode = uc.ctl_get_mode().unwrap();
assert_eq!(mode, Mode::MODE_32);
}
#[test]
fn test_uc_ctl_arch() {
let uc = Unicorn::new(Arch::X86, Mode::MODE_32).unwrap();
let arch = uc.ctl_get_arch().unwrap();
assert_eq!(arch, Arch::X86);
}
#[test]
fn test_uc_ctl_page_size() {
let uc = Unicorn::new(Arch::X86, Mode::MODE_32).unwrap();
let page_size = uc.ctl_get_page_size().unwrap();
assert_eq!(page_size, 4096);
}
#[test]
fn test_uc_ctl_timeout() {
let uc = Unicorn::new(Arch::X86, Mode::MODE_32).unwrap();
let timeout = uc.ctl_get_timeout().unwrap();
assert_eq!(timeout, 0);
}
#[test]
fn test_uc_ctl_exits() {
// cmp eax, 0;
// jg lb;
// inc eax;
// nop; <---- exit1
// lb:
// inc ebx;
// nop; <---- exit2
let code = b"\x83\xf8\x00\x7f\x02\x40\x90\x43\x90";
let eax = 0;
let ebx = 0;
let exits = [CODE_START + 6, CODE_START + 8];
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_32).unwrap();
uc.mem_map(CODE_START, CODE_LEN, Prot::ALL).unwrap();
uc.mem_write(CODE_START, code).unwrap();
uc.ctl_exits_enable().unwrap();
uc.ctl_set_exits(&exits).unwrap();
uc.reg_write(RegisterX86::EAX, eax).unwrap();
uc.reg_write(RegisterX86::EBX, ebx).unwrap();
// Run twice.
uc.emu_start(CODE_START, 0, 0, 0).unwrap();
uc.emu_start(CODE_START, 0, 0, 0).unwrap();
let eax = uc.reg_read(RegisterX86::EAX).unwrap();
let ebx = uc.reg_read(RegisterX86::EBX).unwrap();
assert_eq!(eax, 1);
assert_eq!(ebx, 1);
}
#[test]
fn test_uc_ctl_tb_cache() {
fn time_emulation(uc: &mut Unicorn<'_, ()>, start: u64, end: u64) -> Duration {
let now = Instant::now();
uc.emu_start(start, end, 0, 0).unwrap();
now.elapsed()
}
const TB_COUNT: usize = 8;
const TCG_MAX_INSNS: usize = 512;
const CODE_LEN: usize = TB_COUNT * TCG_MAX_INSNS;
let code = [0x90; CODE_LEN]; // nop
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_32).unwrap();
uc.mem_map(CODE_START, CODE_LEN, Prot::ALL).unwrap();
uc.mem_write(CODE_START, &code).unwrap();
let standard = time_emulation(&mut uc, CODE_START, CODE_START + code.len() as u64);
for i in 0..TB_COUNT {
uc.ctl_request_cache(CODE_START + (i * TCG_MAX_INSNS) as u64, None)
.unwrap();
}
let cached = time_emulation(&mut uc, CODE_START, CODE_START + code.len() as u64);
for i in 0..TB_COUNT {
let start = CODE_START + (i * TCG_MAX_INSNS) as u64;
uc.ctl_remove_cache(start, start + 1).unwrap();
}
let evicted = time_emulation(&mut uc, CODE_START, CODE_START + code.len() as u64);
assert!(cached < standard);
assert!(evicted > cached);
}
#[cfg(feature = "arch_arm")]
#[test]
fn test_uc_ctl_change_page_size() {
let mut uc = Unicorn::new(Arch::ARM, Mode::ARM).unwrap();
let mut uc2 = Unicorn::new(Arch::ARM, Mode::ARM).unwrap();
uc2.ctl_set_page_size(4096).unwrap();
let page_size = uc2.ctl_get_page_size().unwrap();
assert_eq!(page_size, 4096);
// Mapping at 0x400 (1024) should succeed for the first Unicorn instance,
// but fail for the second instance since the page size is different.
// (Note: ARM's default page size is 1024)
assert!(uc.mem_map(1 << 10, 1 << 10, Prot::ALL).is_ok());
assert!(uc2.mem_map(1 << 10, 1 << 10, Prot::ALL).is_err());
}
#[cfg(feature = "arch_arm")]
#[test]
fn test_uc_ctl_arm_cpu() {
use unicorn_engine_sys::ArmCpuModel;
let mut uc = Unicorn::new(Arch::ARM, Mode::THUMB).unwrap();
uc.ctl_set_cpu_model(ArmCpuModel::CORTEX_M7 as i32).unwrap();
}
#[cfg(feature = "arch_arm")]
#[test]
fn test_uc_ctl_change_page_size_arm64() {
let mut uc = Unicorn::new(Arch::ARM64, Mode::ARM).unwrap();
let mut uc2 = Unicorn::new(Arch::ARM64, Mode::ARM).unwrap();
uc2.ctl_set_page_size(16384).unwrap();
let page_size = uc2.ctl_get_page_size().unwrap();
assert_eq!(page_size, 16384);
// Mapping at 0x400 (1024) should succeed for the first Unicorn instance,
// but fail for the second instance since the page size is different.
// (Note: ARM64's default page size is 1024)
assert!(uc.mem_map(1 << 10, 1 << 10, Prot::ALL).is_ok());
assert!(uc2.mem_map(1 << 10, 1 << 10, Prot::ALL).is_err());
}
#[test]
fn test_uc_hook_cached_uaf() {
let code = b"\x41\x4a\xeb\x00\x90";
let mut uc = Unicorn::new_with_data(Arch::X86, Mode::MODE_32, 0u64).unwrap();
uc.mem_map(CODE_START, CODE_LEN, Prot::ALL).unwrap();
uc.mem_write(CODE_START, code).unwrap();
let hook = uc
.add_code_hook(CODE_START, CODE_START + code.len() as u64, |uc, _, _| {
*uc.get_data_mut() += 1;
})
.unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
// Move the hook to the deleted hooks list.
uc.remove_hook(hook).unwrap();
// This will clear deleted hooks and SHOULD clear cache.
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
// Now hooks are deleted and thus this _should not_ call
// test_uc_hook_cached_cb anymore. If the hook is allocated like from
// malloc, and the code region is free-ed, this call _shall not_ call the
// hook anymore to avoid UAF.
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
// Only 4 calls
assert_eq!(*uc.get_data(), 4);
}
#[test]
fn test_uc_emu_stop_set_ip() {
#[rustfmt::skip]
let code = &[
0x48, 0x31, 0xc0, // 0x0 xor rax, rax : rax = 0
0x90, // 0x3 nop :
0x48, 0xff, 0xc0, // 0x4 inc rax : rax++
0x90, // 0x7 nop : <-- going to stop here
0x48, 0xff, 0xc0, // 0x8 inc rax : rax++
0x90, // 0xb nop :
0x0f, 0x0b, // 0xc ud2 : <-- will raise UC_ERR_INSN_INVALID,
// : but should not never be reached
0x90, // 0xe nop :
0x90, // 0xf nop :
];
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_64).unwrap();
uc.mem_map(CODE_START, CODE_LEN, Prot::ALL).unwrap();
uc.mem_write(CODE_START, code).unwrap();
uc.add_code_hook(
CODE_START,
CODE_START + code.len() as u64,
|uc, address, _| {
let rip = CODE_START + 0xb;
if address == CODE_START + 0x7 {
uc.emu_stop().unwrap();
uc.reg_write(RegisterX86::RIP, rip).unwrap();
}
},
)
.unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let rip = uc.reg_read(RegisterX86::RIP).unwrap();
assert_eq!(rip, CODE_START + 0xb);
}
#[test]
fn test_tlb_clear() {
#[rustfmt::skip]
let code = &[
0xa3, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, // movabs dword ptr [0x200000], eax
0x0f, 0x05, // syscall
0xa3, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, // movabs dword ptr [0x200000], eax
];
let mut uc = Unicorn::new_with_data(Arch::X86, Mode::MODE_64, 0usize).unwrap();
uc.mem_map(CODE_START, CODE_LEN, Prot::ALL).unwrap();
uc.mem_write(CODE_START, code).unwrap();
uc.mem_map(0x200000, 0x1000, Prot::ALL).unwrap();
uc.ctl_set_tlb_type(TlbType::VIRTUAL).unwrap();
uc.add_tlb_hook(1, 0, |uc, addr, _| {
*uc.get_data_mut() += 1;
Some(TlbEntry {
paddr: addr,
perms: Prot::ALL,
})
})
.unwrap();
uc.add_insn_sys_hook(X86Insn::SYSCALL, 1, 0, |uc| {
uc.ctl_flush_tlb().unwrap();
})
.unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let tlbcount = *uc.get_data();
assert_eq!(tlbcount, 4);
}
#[test]
fn test_noexec() {
#[rustfmt::skip]
let code = &[
0x8a, 0x05, 0x00, 0x00, 0x00, 0x00, // mov al, byte ptr[rip]
0x90, // nop
];
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_64).unwrap();
uc.mem_map(CODE_START, CODE_LEN, Prot::ALL).unwrap();
uc.mem_write(CODE_START, code).unwrap();
uc.ctl_set_tlb_type(TlbType::VIRTUAL).unwrap();
uc.mem_protect(CODE_START, CODE_START as usize + 0x1000, Prot::EXEC)
.unwrap();
let err = uc
.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap_err();
assert_eq!(err, uc_error::READ_PROT);
}

22
bindings/rust/src/tests/m68k.rs Normal file
View File

@@ -0,0 +1,22 @@
use unicorn_engine_sys::RegisterM68K;
use super::*;
#[test]
fn test_move_to_sr() {
let code = [
0x46, 0xfc, 0x27, 0x00, // move #$2700, sr
];
let mut uc = uc_common_setup(Arch::M68K, Mode::BIG_ENDIAN, None, &code, ());
let mut sr = uc.reg_read(RegisterM68K::SR).unwrap();
sr |= 0x2000;
uc.reg_write(RegisterM68K::SR, sr).unwrap(); // Set supervisor mode
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let sr = uc.reg_read(RegisterM68K::SR).unwrap();
assert_eq!(sr, 0x2700);
}

529
bindings/rust/src/tests/mem.rs Normal file
View File

@@ -0,0 +1,529 @@
use unicorn_engine_sys::{ContextMode, RegisterX86};
use super::*;
#[test]
fn test_map_correct() {
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_64).unwrap();
uc.mem_map(0x40000, 0x1000 * 16, Prot::ALL).unwrap(); // [0x40000, 0x50000]
uc.mem_map(0x60000, 0x1000 * 16, Prot::ALL).unwrap(); // [0x60000, 0x70000]
uc.mem_map(0x20000, 0x1000 * 16, Prot::ALL).unwrap(); // [0x20000, 0x30000]
assert_eq!(
uc.mem_map(0x10000, 0x2000 * 16, Prot::ALL),
Err(uc_error::MAP)
);
assert_eq!(
uc.mem_map(0x25000, 0x1000 * 16, Prot::ALL),
Err(uc_error::MAP)
);
assert_eq!(
uc.mem_map(0x35000, 0x1000 * 16, Prot::ALL),
Err(uc_error::MAP)
);
assert_eq!(
uc.mem_map(0x45000, 0x1000 * 16, Prot::ALL),
Err(uc_error::MAP)
);
assert_eq!(
uc.mem_map(0x55000, 0x2000 * 16, Prot::ALL),
Err(uc_error::MAP)
);
uc.mem_map(0x35000, 0x5000, Prot::ALL).unwrap();
uc.mem_map(0x50000, 0x5000, Prot::ALL).unwrap();
}
#[test]
fn test_map_wrapping() {
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_64).unwrap();
assert_eq!(
uc.mem_map((!0 - 0x4000) & !0xfff, 0x8000, Prot::ALL),
Err(uc_error::ARG)
);
}
#[test]
fn test_mem_protect() {
let code = [
0x01, 0x70, 0x04, // add [eax + 4], esi
];
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_32).unwrap();
let eax = 0x2000;
let esi = 0xdeadbeef;
uc.reg_write(RegisterX86::EAX, eax).unwrap();
uc.reg_write(RegisterX86::ESI, esi).unwrap();
uc.mem_map(0x1000, 0x1000, Prot::READ | Prot::EXEC).unwrap();
uc.mem_map(0x2000, 0x1000, Prot::READ).unwrap();
uc.mem_protect(0x2000, 0x1000, Prot::READ | Prot::WRITE)
.unwrap();
uc.mem_write(0x1000, &code).unwrap();
uc.emu_start(0x1000, 0x1000 + code.len() as u64, 0, 1)
.unwrap();
let mem = u32::from_le_bytes(
uc.mem_read_as_vec(0x2000 + 4, 4)
.unwrap()
.try_into()
.unwrap(),
);
assert_eq!(mem, 0xdeadbeef);
}
#[test]
fn test_splitting_mem_unmap() {
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_32).unwrap();
uc.mem_map(0x20000, 0x1000, Prot::NONE).unwrap();
uc.mem_map(0x21000, 0x2000, Prot::NONE).unwrap();
uc.mem_unmap(0x21000, 0x1000).unwrap();
}
#[test]
fn test_splitting_mmio_unmap() {
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_32).unwrap();
let code = &[
0x8b, 0x0d, 0x04, 0x30, 0x00, 0x00, // mov ecx, [0x3004] <-- normal read
0x8b, 0x1d, 0x04, 0x40, 0x00, 0x00, // mov ebx, [0x4004] <-- mmio read
];
let bytes = 0xdeadbeefu32;
uc.mem_map(0x1000, 0x1000, Prot::ALL).unwrap();
uc.mem_write(0x1000, code).unwrap();
uc.mmio_map_ro(0x3000, 0x2000, |_, offset, size| {
assert_eq!(offset, 4);
assert_eq!(size, 4);
0x19260817
})
.unwrap();
// Map a ram area instead
uc.mem_unmap(0x3000, 0x1000).unwrap();
uc.mem_map(0x3000, 0x1000, Prot::ALL).unwrap();
uc.mem_write(0x3004, &bytes.to_le_bytes()).unwrap();
uc.emu_start(0x1000, 0x1000 + code.len() as u64, 0, 0)
.unwrap();
let ecx = uc.reg_read(RegisterX86::ECX).unwrap();
let ebx = uc.reg_read(RegisterX86::EBX).unwrap();
assert_eq!(ecx, 0xdeadbeef);
assert_eq!(ebx, 0x19260817);
}
#[test]
fn test_mem_protect_map_ptr() {
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_64).unwrap();
let val = 0x114514u64;
let mut data1 = vec![0u8; 0x4000];
let mut data2 = vec![0u8; 0x2000];
unsafe {
uc.mem_map_ptr(0x4000, 0x4000, Prot::ALL, data1.as_mut_ptr().cast())
.unwrap();
}
uc.mem_unmap(0x6000, 0x2000).unwrap();
unsafe {
uc.mem_map_ptr(0x6000, 0x2000, Prot::ALL, data2.as_mut_ptr().cast())
.unwrap();
}
uc.mem_write(0x6004, &val.to_le_bytes()).unwrap();
uc.mem_protect(0x6000, 0x1000, Prot::READ).unwrap();
let mut mem = vec![0u8; 8];
uc.mem_read(0x6004, &mut mem).unwrap();
assert_eq!(val.to_le_bytes(), mem.as_slice());
}
#[test]
fn test_map_at_the_end() {
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_64).unwrap();
let mem = vec![0xffu8; 0x1000];
uc.mem_map(0xfffffffffffff000, 0x1000, Prot::ALL).unwrap();
uc.mem_write(0xfffffffffffff000, &mem).unwrap();
assert_eq!(
uc.mem_write(0xffffffffffffff00, &mem),
Err(uc_error::WRITE_UNMAPPED)
);
assert_eq!(uc.mem_write(0, &mem), Err(uc_error::WRITE_UNMAPPED));
}
#[test]
fn test_map_big_memory() {
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_64).unwrap();
let requested_size = !(page_size::get() - 1);
assert_eq!(
uc.mem_map(0x0, requested_size, Prot::ALL),
Err(uc_error::NOMEM)
);
}
#[test]
fn test_mem_protect_remove_exec() {
#[rustfmt::skip]
let code = [
0x90, // nop
0xeb, 0x00, // jmp 3
0x90, // nop
];
let mut uc = Unicorn::new_with_data(Arch::X86, Mode::MODE_64, 0).unwrap();
uc.mem_map(0x1000, 0x1000, Prot::ALL).unwrap();
uc.mem_map(0x2000, 0x1000, Prot::ALL).unwrap();
uc.mem_write(0x1000, &code).unwrap();
uc.add_block_hook(1, 0, |uc, _, _| {
*uc.get_data_mut() += 1;
uc.mem_protect(0x2000, 0x1000, Prot::READ).unwrap();
})
.unwrap();
uc.emu_start(0x1000, 0x1000 + code.len() as u64, 0, 0)
.unwrap();
assert_eq!(*uc.get_data_mut(), 2);
}
#[test]
fn test_mem_protect_mmio() {
#[rustfmt::skip]
let code = [
0xa1, 0x20, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // movabs eax, dword ptr [0x2020]
0xa3, 0x20, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // movabs dword ptr [0x2020], eax
];
let mut uc = Unicorn::new_with_data(Arch::X86, Mode::MODE_64, 0).unwrap();
uc.mem_map(0x8000, 0x1000, Prot::ALL).unwrap();
uc.mem_write(0x8000, &code).unwrap();
uc.mmio_map(
0x1000,
0x3000,
Some(|uc: &mut Unicorn<'_, i32>, addr, _| {
assert_eq!(addr, 0x20);
*uc.get_data_mut() += 1;
0x114514
}),
Some(|_: &mut Unicorn<'_, i32>, _addr, _size, _val| {
panic!("Write callback should not be called");
}),
)
.unwrap();
uc.mem_protect(0x2000, 0x1000, Prot::READ).unwrap();
assert_eq!(
uc.emu_start(0x8000, 0x8000 + code.len() as u64, 0, 0),
Err(uc_error::WRITE_PROT)
);
let eax = uc.reg_read(RegisterX86::RAX).unwrap();
assert_eq!(*uc.get_data_mut(), 1);
assert_eq!(eax, 0x114514u64);
}
#[test]
fn test_snapshot() {
#[rustfmt::skip]
let code = [
0xa1, 0x20, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // movabs eax, dword ptr [0x2020]
0xff, 0xc0, // inc eax
0xa3, 0x20, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // movabs dword ptr [0x2020], eax
];
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_64).unwrap();
let mut c0 = uc.context_alloc().unwrap();
let mut c1 = uc.context_alloc().unwrap();
uc.ctl_set_context_mode(ContextMode::MEMORY).unwrap();
uc.mem_map(0x1000, 0x1000, Prot::ALL).unwrap();
uc.mem_write(0x1000, &code).unwrap();
uc.mem_map(0x2000, 0x1000, Prot::ALL).unwrap();
uc.context_save(&mut c0).unwrap();
uc.emu_start(0x1000, 0x1000 + code.len() as u64, 0, 0)
.unwrap();
let mem = u32::from_le_bytes(uc.mem_read_as_vec(0x2020, 4).unwrap().try_into().unwrap());
assert_eq!(mem, 1);
uc.context_save(&mut c1).unwrap();
uc.emu_start(0x1000, 0x1000 + code.len() as u64, 0, 0)
.unwrap();
let mem = u32::from_le_bytes(uc.mem_read_as_vec(0x2020, 4).unwrap().try_into().unwrap());
assert_eq!(mem, 2);
uc.context_restore(&c1).unwrap();
let mem = u32::from_le_bytes(uc.mem_read_as_vec(0x2020, 4).unwrap().try_into().unwrap());
assert_eq!(mem, 1);
uc.context_restore(&c0).unwrap();
let mem = u32::from_le_bytes(uc.mem_read_as_vec(0x2020, 4).unwrap().try_into().unwrap());
assert_eq!(mem, 0);
let code_data = uc.mem_read_as_vec(0x1000, 1).unwrap();
assert_eq!(code_data[0], 0xa1);
}
// static bool test_snapshot_with_vtlb_callback(uc_engine *uc, uint64_t addr,
// uc_mem_type type,
// uc_tlb_entry *result,
// void *user_data)
// {
// result->paddr = addr - 0x400000000;
// result->perms = UC_PROT_ALL;
// return true;
// }
//
// static void test_snapshot_with_vtlb(void)
// {
// uc_engine *uc;
// uc_context *c0, *c1;
// uint32_t mem;
// uc_hook hook;
//
// // mov eax, [0x2020]; inc eax; mov [0x2020], eax
// char code[] = "\xA1\x20\x20\x00\x00\x04\x00\x00\x00\xFF\xC0\xA3\x20\x20\x00"
// "\x00\x04\x00\x00\x00";
//
// OK(uc_open(UC_ARCH_X86, UC_MODE_64, &uc));
//
// // Allocate contexts
// OK(uc_context_alloc(uc, &c0));
// OK(uc_context_alloc(uc, &c1));
// OK(uc_ctl_context_mode(uc, UC_CTL_CONTEXT_MEMORY));
//
// OK(uc_ctl_tlb_mode(uc, UC_TLB_VIRTUAL));
// OK(uc_hook_add(uc, &hook, UC_HOOK_TLB_FILL,
// test_snapshot_with_vtlb_callback, NULL, 1, 0));
//
// // Map physical memory
// OK(uc_mem_map(uc, 0x1000, 0x1000, UC_PROT_EXEC | UC_PROT_READ));
// OK(uc_mem_write(uc, 0x1000, code, sizeof(code) - 1));
// OK(uc_mem_map(uc, 0x2000, 0x1000, UC_PROT_ALL));
//
// // Initial context save
// OK(uc_context_save(uc, c0));
//
// OK(uc_emu_start(uc, 0x400000000 + 0x1000,
// 0x400000000 + 0x1000 + sizeof(code) - 1, 0, 0));
// OK(uc_mem_read(uc, 0x2020, &mem, sizeof(mem)));
// TEST_CHECK(mem == 1);
// OK(uc_context_save(uc, c1));
// OK(uc_emu_start(uc, 0x400000000 + 0x1000,
// 0x400000000 + 0x1000 + sizeof(code) - 1, 0, 0));
// OK(uc_mem_read(uc, 0x2020, &mem, sizeof(mem)));
// TEST_CHECK(mem == 2);
// OK(uc_context_restore(uc, c1));
// // TODO check mem
// OK(uc_mem_read(uc, 0x2020, &mem, sizeof(mem)));
// TEST_CHECK(mem == 1);
// OK(uc_context_restore(uc, c0));
// OK(uc_mem_read(uc, 0x2020, &mem, sizeof(mem)));
// TEST_CHECK(mem == 0);
// // TODO check mem
//
// OK(uc_context_free(c0));
// OK(uc_context_free(c1));
// OK(uc_close(uc));
// }
#[test]
fn test_snapshot_with_vtlb() {
#[rustfmt::skip]
let code = [
0xa1, 0x20, 0x20, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, // movabs eax, dword ptr [0x2020]
0xff, 0xc0, // inc eax
0xa3, 0x20, 0x20, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, // movabs dword ptr [0x2020], eax
];
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_64).unwrap();
// Allocate contexts
let mut c0 = uc.context_alloc().unwrap();
let mut c1 = uc.context_alloc().unwrap();
uc.ctl_set_context_mode(ContextMode::MEMORY).unwrap();
uc.ctl_set_tlb_type(TlbType::VIRTUAL).unwrap();
uc.add_tlb_hook(1, 0, |_, addr, _| {
Some(TlbEntry {
paddr: addr - 0x400000000,
perms: Prot::ALL,
})
})
.unwrap();
// Map physical memory
uc.mem_map(0x1000, 0x1000, Prot::EXEC | Prot::READ).unwrap();
uc.mem_write(0x1000, &code).unwrap();
uc.mem_map(0x2000, 0x1000, Prot::ALL).unwrap();
// Initial context save
uc.context_save(&mut c0).unwrap();
uc.emu_start(
0x400000000 + CODE_START,
0x400000000 + CODE_START + code.len() as u64,
0,
0,
)
.unwrap();
let mem = u32::from_le_bytes(uc.mem_read_as_vec(0x2020, 4).unwrap().try_into().unwrap());
assert_eq!(mem, 1);
uc.context_save(&mut c1).unwrap();
uc.emu_start(
0x400000000 + CODE_START,
0x400000000 + CODE_START + code.len() as u64,
0,
0,
)
.unwrap();
let mem = u32::from_le_bytes(uc.mem_read_as_vec(0x2020, 4).unwrap().try_into().unwrap());
assert_eq!(mem, 2);
uc.context_restore(&c1).unwrap();
let mem = u32::from_le_bytes(uc.mem_read_as_vec(0x2020, 4).unwrap().try_into().unwrap());
assert_eq!(mem, 1);
uc.context_restore(&c0).unwrap();
let mem = u32::from_le_bytes(uc.mem_read_as_vec(0x2020, 4).unwrap().try_into().unwrap());
assert_eq!(mem, 0);
}
#[test]
fn test_context_snapshot() {
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_64).unwrap();
let baseaddr = 0xfffff1000;
let offset = 0x10;
let mut tmp = 1u64;
uc.ctl_set_context_mode(ContextMode::MEMORY | ContextMode::CPU)
.unwrap();
uc.mem_map(baseaddr, 0x1000, Prot::ALL).unwrap();
let mut ctx = uc.context_alloc().unwrap();
uc.context_save(&mut ctx).unwrap();
uc.mem_write(baseaddr + offset, &tmp.to_le_bytes()).unwrap();
tmp = u64::from_le_bytes(
uc.mem_read_as_vec(baseaddr + offset, 8)
.unwrap()
.try_into()
.unwrap(),
);
assert_eq!(tmp, 1);
uc.context_restore(&ctx).unwrap();
tmp = u64::from_le_bytes(
uc.mem_read_as_vec(baseaddr + offset, 8)
.unwrap()
.try_into()
.unwrap(),
);
assert_eq!(tmp, 0);
tmp = 2;
uc.mem_write(baseaddr + offset, &tmp.to_le_bytes()).unwrap();
tmp = u64::from_le_bytes(
uc.mem_read_as_vec(baseaddr + offset, 8)
.unwrap()
.try_into()
.unwrap(),
);
assert_eq!(tmp, 2);
uc.context_restore(&ctx).unwrap();
tmp = u64::from_le_bytes(
uc.mem_read_as_vec(baseaddr + offset, 8)
.unwrap()
.try_into()
.unwrap(),
);
assert_eq!(tmp, 0);
}
// static void test_snapshot_unmap(void)
// {
// uc_engine *uc;
// uc_context *ctx;
// uint64_t tmp;
//
// OK(uc_open(UC_ARCH_X86, UC_MODE_64, &uc));
// OK(uc_ctl_context_mode(uc, UC_CTL_CONTEXT_MEMORY | UC_CTL_CONTEXT_CPU));
// OK(uc_mem_map(uc, 0x1000, 0x2000, UC_PROT_ALL));
//
// tmp = 1;
// OK(uc_mem_write(uc, 0x1000, &tmp, sizeof(tmp)));
// tmp = 2;
// OK(uc_mem_write(uc, 0x2000, &tmp, sizeof(tmp)));
//
// OK(uc_context_alloc(uc, &ctx));
// OK(uc_context_save(uc, ctx));
//
// uc_assert_err(UC_ERR_ARG, uc_mem_unmap(uc, 0x1000, 0x1000));
// OK(uc_mem_unmap(uc, 0x1000, 0x2000));
// uc_assert_err(UC_ERR_READ_UNMAPPED,
// uc_mem_read(uc, 0x1000, &tmp, sizeof(tmp)));
// uc_assert_err(UC_ERR_READ_UNMAPPED,
// uc_mem_read(uc, 0x2000, &tmp, sizeof(tmp)));
//
// OK(uc_context_restore(uc, ctx));
// OK(uc_mem_read(uc, 0x1000, &tmp, sizeof(tmp)));
// TEST_CHECK(tmp == 1);
// OK(uc_mem_read(uc, 0x2000, &tmp, sizeof(tmp)));
// TEST_CHECK(tmp == 2);
//
// OK(uc_context_free(ctx));
// OK(uc_close(uc));
// }
#[test]
fn test_snapshot_unmap() {
let mut uc = Unicorn::new(Arch::X86, Mode::MODE_64).unwrap();
let offset = 0x10;
uc.ctl_set_context_mode(ContextMode::MEMORY | ContextMode::CPU)
.unwrap();
uc.mem_map(0x1000, 0x2000, Prot::ALL).unwrap();
let mut tmp = 1u64;
uc.mem_write(0x1000 + offset, &tmp.to_le_bytes()).unwrap();
tmp = 2;
uc.mem_write(0x2000 + offset, &tmp.to_le_bytes()).unwrap();
let mut ctx = uc.context_alloc().unwrap();
uc.context_save(&mut ctx).unwrap();
assert_eq!(uc.mem_unmap(0x1000, 0x1000).unwrap_err(), uc_error::ARG);
uc.mem_unmap(0x1000, 0x2000).unwrap();
assert_eq!(
uc.mem_read_as_vec(0x1000 + offset, 8).unwrap_err(),
uc_error::READ_UNMAPPED,
);
assert_eq!(
uc.mem_read_as_vec(0x2000 + offset, 8).unwrap_err(),
uc_error::READ_UNMAPPED,
);
uc.context_restore(&ctx).unwrap();
tmp = u64::from_le_bytes(
uc.mem_read_as_vec(0x1000 + offset, 8)
.unwrap()
.try_into()
.unwrap(),
);
assert_eq!(tmp, 1);
tmp = u64::from_le_bytes(
uc.mem_read_as_vec(0x2000 + offset, 8)
.unwrap()
.try_into()
.unwrap(),
);
assert_eq!(tmp, 2);
}

227
bindings/rust/src/tests/mips.rs Normal file
View File

@@ -0,0 +1,227 @@
use unicorn_engine_sys::RegisterMIPS;
use super::*;
const CODE_START: u64 = 0x10000000;
const CODE_LEN: usize = 0x4000;
fn uc_common_setup<T>(
arch: Arch,
mode: Mode,
cpu_model: Option<i32>,
code: &[u8],
data: T,
) -> Unicorn<'_, T> {
let mut uc = Unicorn::new_with_data(arch, mode, data).unwrap();
if let Some(cpu_model) = cpu_model {
uc.ctl_set_cpu_model(cpu_model).unwrap();
}
uc.mem_map(CODE_START, CODE_LEN, Prot::ALL).unwrap();
uc.mem_write(CODE_START, code).unwrap();
uc
}
#[test]
fn test_mips_el_ori() {
let code = [
0x56, 0x34, 0x21, 0x34, // ori $at, $at, 0x3456;
];
let r1 = 0x6789;
let mut uc = uc_common_setup(
Arch::MIPS,
Mode::MIPS32 | Mode::LITTLE_ENDIAN,
None,
&code,
(),
);
uc.reg_write(RegisterMIPS::R1, r1).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r1 = uc.reg_read(RegisterMIPS::R1).unwrap();
assert_eq!(r1, 0x77df);
}
#[test]
fn test_mips_eb_ori() {
let code = [
0x34, 0x21, 0x34, 0x56, // ori $at, $at, 0x3456;
];
let r1 = 0x6789;
let mut uc = uc_common_setup(Arch::MIPS, Mode::MIPS32 | Mode::BIG_ENDIAN, None, &code, ());
uc.reg_write(RegisterMIPS::R1, r1).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r1 = uc.reg_read(RegisterMIPS::R1).unwrap();
assert_eq!(r1, 0x77df);
}
#[test]
fn test_mips_stop_at_branch() {
let code = [
0x02, 0x00, 0x00, 0x08, // j 0x8
0x21, 0x10, 0x62, 0x00, // addu $v0, $v1, $v0
];
let v1 = 5;
let mut uc = uc_common_setup(
Arch::MIPS,
Mode::MIPS32 | Mode::LITTLE_ENDIAN,
None,
&code,
(),
);
uc.reg_write(RegisterMIPS::V1, v1).unwrap();
// Execute one instruction with branch delay slot.
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 1)
.unwrap();
let pc = uc.reg_read(RegisterMIPS::PC).unwrap();
let v1 = uc.reg_read(RegisterMIPS::V0).unwrap();
// Even if we just execute one instruction, the instruction in the
// delay slot would also be executed.
assert_eq!(pc, CODE_START + 0x8);
assert_eq!(v1, 0x5);
}
#[test]
fn test_mips_stop_at_delay_slot() {
let code = [
0x02, 0x00, 0x00, 0x08, // j 0x8
0x00, 0x00, 0x00, 0x00, // nop
0x00, 0x00, 0x00, 0x00, // nop
];
let mut uc = uc_common_setup(
Arch::MIPS,
Mode::MIPS32 | Mode::LITTLE_ENDIAN,
None,
&code,
(),
);
// Stop at the delay slot by design.
uc.emu_start(CODE_START, CODE_START + 4, 0, 0).unwrap();
let pc = uc.reg_read(RegisterMIPS::PC).unwrap();
// The branch instruction isn't committed and the PC is not updated.
// The user is responsible for restarting emulation at the branch instruction.
assert_eq!(pc, CODE_START);
}
#[test]
fn test_mips_stop_at_delay_slot_2() {
let code = [
0x24, 0x06, 0x00, 0x03, // addiu $a2, $zero, 3
0x10, 0xa6, 0x00, 0x79, // beq $a1, $a2, 0x1e8
0x30, 0x42, 0x00, 0xfc, // andi $v0, $v0, 0xfc
0x10, 0x40, 0x00, 0x32, // beqz $v0, 0x47c8c90
0x24, 0xab, 0xff, 0xda, // addiu $t3, $a1, -0x26
0x2d, 0x62, 0x00, 0x02, // sltiu $v0, $t3, 2
0x10, 0x40, 0x00, 0x32, // beqz $v0, 0x47c8c9c
0x00, 0x00, 0x00, 0x00, // nop
];
let v0 = 0xff;
let a1 = 0x3;
let mut uc = uc_common_setup(Arch::MIPS, Mode::MIPS32 | Mode::BIG_ENDIAN, None, &code, ());
uc.reg_write(RegisterMIPS::V0, v0).unwrap();
uc.reg_write(RegisterMIPS::A1, a1).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64 + 16, 0, 2)
.unwrap();
let pc = uc.reg_read(RegisterMIPS::PC).unwrap();
let v0 = uc.reg_read(RegisterMIPS::V0).unwrap();
assert_eq!(pc, CODE_START + 4 + 0x1e8);
assert_eq!(v0, 0xfc);
}
#[test]
fn test_mips_lwx_exception_issue_1314() {
let code = [
0x0a, 0xc8, 0x79, 0x7e, // lwx $t9, $t9($s3)
];
let mut uc = uc_common_setup(
Arch::MIPS,
Mode::MIPS32 | Mode::LITTLE_ENDIAN,
None,
&code,
(),
);
uc.mem_map(0x10000, 0x4000, Prot::ALL).unwrap();
// Enable DSP
// https://s3-eu-west-1.amazonaws.com/downloads-mips/documents/MD00090-2B-MIPS32PRA-AFP-06.02.pdf
let mut reg = uc.reg_read(RegisterMIPS::CP0_STATUS).unwrap();
reg |= 1 << 24;
uc.reg_write(RegisterMIPS::CP0_STATUS, reg).unwrap();
reg = 0;
uc.reg_write(RegisterMIPS::R1, reg).unwrap();
uc.reg_write(RegisterMIPS::T9, reg).unwrap();
reg = 0xdeadbeef;
uc.mem_write(0x10000, &(reg as u32).to_le_bytes()).unwrap();
reg = 0x10000;
uc.reg_write(RegisterMIPS::S3, reg).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
reg = uc.reg_read(RegisterMIPS::T9).unwrap();
assert_eq!(reg, 0xdeadbeef);
}
#[test]
fn test_mips_mips16() {
let code = [
0xC4, 0x6B, 0x49, 0xE3, // sc $t1, 0x6bc4($k0)
];
let v0 = 0x6789;
let mips16_lowbit = 1;
let mut uc = uc_common_setup(
Arch::MIPS,
Mode::MIPS32 | Mode::LITTLE_ENDIAN,
None,
&code,
(),
);
uc.reg_write(RegisterMIPS::V0, v0).unwrap();
uc.emu_start(
CODE_START | mips16_lowbit,
CODE_START + code.len() as u64,
0,
0,
)
.unwrap();
let v0 = uc.reg_read(RegisterMIPS::V0).unwrap();
assert_eq!(v0, 0x684D);
}
#[test]
fn test_mips_mips_fpr() {
#[rustfmt::skip]
let code = [
0xf6, 0x42, 0x09, 0x3c, 0x79, 0xe9, 0x29, 0x35, // li $t1, 0x42f6e979
0x00, 0x08, 0x89, 0x44, // mtc1 $t1, $f1
];
let mut uc = uc_common_setup(Arch::MIPS, Mode::MIPS32, None, &code, ());
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let f1 = uc.reg_read(RegisterMIPS::F1).unwrap();
assert_eq!(f1, 0x42f6e979);
}

39
bindings/rust/src/tests/mod.rs Normal file
View File

@@ -0,0 +1,39 @@
extern crate std;
#[cfg(feature = "arch_arm")]
mod arm;
#[cfg(feature = "arch_aarch64")]
mod arm64;
mod ctl;
#[cfg(feature = "arch_m68k")]
mod m68k;
mod mem;
#[cfg(feature = "arch_mips")]
mod mips;
#[cfg(feature = "arch_ppc")]
mod ppc;
#[cfg(feature = "arch_riscv")]
mod riscv;
#[cfg(feature = "arch_s390x")]
mod s390x;
use crate::{Arch, HookType, Mode, Prot, TlbEntry, TlbType, Unicorn, uc_error};
pub const CODE_START: u64 = 0x1000;
pub const CODE_LEN: usize = 0x4000;
fn uc_common_setup<T>(
arch: Arch,
mode: Mode,
cpu_model: Option<i32>,
code: &[u8],
data: T,
) -> Unicorn<'_, T> {
let mut uc = Unicorn::new_with_data(arch, mode, data).unwrap();
if let Some(cpu_model) = cpu_model {
uc.ctl_set_cpu_model(cpu_model).unwrap();
}
uc.mem_map(CODE_START, CODE_LEN, Prot::ALL).unwrap();
uc.mem_write(CODE_START, code).unwrap();
uc
}

92
bindings/rust/src/tests/ppc.rs Normal file
View File

@@ -0,0 +1,92 @@
use unicorn_engine_sys::RegisterPPC;
use super::*;
#[test]
fn test_ppc32_add() {
let code = [
0x7f, 0x46, 0x1a, 0x14, // add 26, 6, 3
];
let r3 = 42;
let r6 = 1337;
let mut uc = uc_common_setup(Arch::PPC, Mode::PPC32 | Mode::BIG_ENDIAN, None, &code, ());
uc.reg_write(RegisterPPC::R3, r3).unwrap();
uc.reg_write(RegisterPPC::R6, r6).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let reg = uc.reg_read(RegisterPPC::R26).unwrap();
assert_eq!(reg, 1379);
}
// https://www.ibm.com/docs/en/aix/7.2?topic=set-fadd-fa-floating-add-instruction
#[test]
// #[ignore = "Crashes on Windows & some Linux distros"]
fn test_ppc32_fadd() {
let code = [
0xfc, 0xc4, 0x28, 0x2a, // fadd 6, 4, 5
];
let mut msr = 0;
let fpr4 = 0xC053400000000000;
let fpr5 = 0x400C000000000000;
let mut uc = uc_common_setup(Arch::PPC, Mode::PPC32 | Mode::BIG_ENDIAN, None, &code, ());
msr |= 1 << 13; // Big endian
uc.reg_write(RegisterPPC::MSR, msr).unwrap(); // enable FP
uc.reg_write(RegisterPPC::FPR4, fpr4).unwrap();
uc.reg_write(RegisterPPC::FPR5, fpr5).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let fpr6 = uc.reg_read(RegisterPPC::FPR6).unwrap();
assert_eq!(fpr6, 0xC052600000000000);
}
#[test]
fn test_ppc32_sc() {
let code = [
0x44, 0x00, 0x00, 0x02, // sc
];
let mut uc = uc_common_setup(Arch::PPC, Mode::PPC32 | Mode::BIG_ENDIAN, None, &code, ());
uc.add_intr_hook(|uc, _| uc.emu_stop().unwrap()).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let pc = uc.reg_read(RegisterPPC::PC).unwrap();
assert_eq!(pc, CODE_START + 4);
}
#[test]
fn test_ppc32_cr() {
let mut uc = uc_common_setup(Arch::PPC, Mode::PPC32 | Mode::BIG_ENDIAN, None, &[], ());
let mut cr = 0x12345678;
uc.reg_write(RegisterPPC::CR, cr).unwrap();
cr = uc.reg_read(RegisterPPC::CR).unwrap();
assert_eq!(cr, 0x12345678);
}
#[test]
fn test_ppc32_spr_time() {
let code = [
0x7c, 0x76, 0x02, 0xa6, // mfspr r3, DEC
0x7c, 0x6d, 0x42, 0xa6, // mfspr r3, TBUr
];
let mut uc = uc_common_setup(Arch::PPC, Mode::PPC32 | Mode::BIG_ENDIAN, None, &code, ());
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
}

676
bindings/rust/src/tests/riscv.rs Normal file
View File

@@ -0,0 +1,676 @@
use unicorn_engine_sys::RegisterRISCV;
use super::*;
#[test]
fn test_riscv32_nop() {
let code = [
0x13, 0x00, 0x00, 0x00, // nop
];
let t0 = 0x1234;
let t1 = 0x5678;
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV32, None, &code, ());
uc.reg_write(RegisterRISCV::T0, t0).unwrap();
uc.reg_write(RegisterRISCV::T1, t1).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let t0 = uc.reg_read(RegisterRISCV::T0).unwrap();
let t1 = uc.reg_read(RegisterRISCV::T1).unwrap();
assert_eq!(t0, 0x1234);
assert_eq!(t1, 0x5678);
}
#[test]
fn test_riscv64_nop() {
let code = [
0x13, 0x00, 0x00, 0x00, // nop
];
let t0 = 0x1234;
let t1 = 0x5678;
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
uc.reg_write(RegisterRISCV::T0, t0).unwrap();
uc.reg_write(RegisterRISCV::T1, t1).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let t0 = uc.reg_read(RegisterRISCV::T0).unwrap();
let t1 = uc.reg_read(RegisterRISCV::T1).unwrap();
assert_eq!(t0, 0x1234);
assert_eq!(t1, 0x5678);
}
#[test]
fn test_riscv32_until_pc_update() {
let code = [
0x93, 0x02, 0x10, 0x00, // addi t0, zero, 1
0x13, 0x03, 0x00, 0x02, // addi t1, zero, 0x20
0x13, 0x01, 0x81, 0x00, // addi sp, sp, 8
];
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV32, None, &code, ());
let mut t0 = 0x1234;
let mut t1 = 0x7890;
let mut sp = 0x1234;
uc.reg_write(RegisterRISCV::T0, t0).unwrap();
uc.reg_write(RegisterRISCV::T1, t1).unwrap();
uc.reg_write(RegisterRISCV::SP, sp).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
t0 = uc.reg_read(RegisterRISCV::T0).unwrap();
t1 = uc.reg_read(RegisterRISCV::T1).unwrap();
sp = uc.reg_read(RegisterRISCV::SP).unwrap();
let pc = uc.reg_read(RegisterRISCV::PC).unwrap();
assert_eq!(t0, 0x1);
assert_eq!(t1, 0x20);
assert_eq!(sp, 0x123c);
assert_eq!(pc, CODE_START + code.len() as u64);
}
#[test]
fn test_riscv64_until_pc_update() {
let code = [
0x93, 0x02, 0x10, 0x00, // addi t0, zero, 1
0x13, 0x03, 0x00, 0x02, // addi t1, zero, 0x20
0x13, 0x01, 0x81, 0x00, // addi sp, sp, 8
];
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
let mut t0 = 0x1234;
let mut t1 = 0x7890;
let mut sp = 0x1234;
uc.reg_write(RegisterRISCV::T0, t0).unwrap();
uc.reg_write(RegisterRISCV::T1, t1).unwrap();
uc.reg_write(RegisterRISCV::SP, sp).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
t0 = uc.reg_read(RegisterRISCV::T0).unwrap();
t1 = uc.reg_read(RegisterRISCV::T1).unwrap();
sp = uc.reg_read(RegisterRISCV::SP).unwrap();
let pc = uc.reg_read(RegisterRISCV::PC).unwrap();
assert_eq!(t0, 0x1);
assert_eq!(t1, 0x20);
assert_eq!(sp, 0x123c);
assert_eq!(pc, CODE_START + code.len() as u64);
}
#[test]
fn test_riscv32_3steps_pc_update() {
let code = [
0x93, 0x02, 0x10, 0x00, // addi t0, zero, 1
0x13, 0x03, 0x00, 0x02, // addi t1, zero, 0x20
0x13, 0x01, 0x81, 0x00, // addi sp, sp, 8
];
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV32, None, &code, ());
let mut t0 = 0x1234;
let mut t1 = 0x7890;
let mut sp = 0x1234;
uc.reg_write(RegisterRISCV::T0, t0).unwrap();
uc.reg_write(RegisterRISCV::T1, t1).unwrap();
uc.reg_write(RegisterRISCV::SP, sp).unwrap();
uc.emu_start(CODE_START, u64::MAX, 0, 3).unwrap();
t0 = uc.reg_read(RegisterRISCV::T0).unwrap();
t1 = uc.reg_read(RegisterRISCV::T1).unwrap();
sp = uc.reg_read(RegisterRISCV::SP).unwrap();
let pc = uc.reg_read(RegisterRISCV::PC).unwrap();
assert_eq!(t0, 0x1);
assert_eq!(t1, 0x20);
assert_eq!(sp, 0x123c);
assert_eq!(pc, CODE_START + code.len() as u64);
}
#[test]
fn test_riscv64_3steps_pc_update() {
let code = [
0x93, 0x02, 0x10, 0x00, // addi t0, zero, 1
0x13, 0x03, 0x00, 0x02, // addi t1, zero, 0x20
0x13, 0x01, 0x81, 0x00, // addi sp, sp, 8
];
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
let mut t0 = 0x1234;
let mut t1 = 0x7890;
let mut sp = 0x1234;
uc.reg_write(RegisterRISCV::T0, t0).unwrap();
uc.reg_write(RegisterRISCV::T1, t1).unwrap();
uc.reg_write(RegisterRISCV::SP, sp).unwrap();
uc.emu_start(CODE_START, u64::MAX, 0, 3).unwrap();
t0 = uc.reg_read(RegisterRISCV::T0).unwrap();
t1 = uc.reg_read(RegisterRISCV::T1).unwrap();
sp = uc.reg_read(RegisterRISCV::SP).unwrap();
let pc = uc.reg_read(RegisterRISCV::PC).unwrap();
assert_eq!(t0, 0x1);
assert_eq!(t1, 0x20);
assert_eq!(sp, 0x123c);
assert_eq!(pc, CODE_START + code.len() as u64);
}
#[test]
fn test_riscv32_fp_move() {
let code = [
0xd3, 0x81, 0x10, 0x22, // fmv.d f3, f1
];
let mut f1 = 0x123456781a2b3c4d;
let mut f3 = 0x56780246aaaabbbb;
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV32, None, &code, ());
uc.reg_write(RegisterRISCV::F1, f1).unwrap();
uc.reg_write(RegisterRISCV::F3, f3).unwrap();
uc.emu_start(CODE_START, u64::MAX, 0, 1).unwrap();
f1 = uc.reg_read(RegisterRISCV::F1).unwrap();
f3 = uc.reg_read(RegisterRISCV::F3).unwrap();
assert_eq!(f1, 0x123456781a2b3c4d);
assert_eq!(f3, 0x123456781a2b3c4d);
}
#[test]
fn test_riscv64_fp_move() {
let code = [
0xd3, 0x81, 0x10, 0x22, // fmv.d f3, f1
];
let mut f1 = 0x123456781a2b3c4d;
let mut f3 = 0x56780246aaaabbbb;
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
uc.reg_write(RegisterRISCV::F1, f1).unwrap();
uc.reg_write(RegisterRISCV::F3, f3).unwrap();
uc.emu_start(CODE_START, u64::MAX, 0, 1).unwrap();
f1 = uc.reg_read(RegisterRISCV::F1).unwrap();
f3 = uc.reg_read(RegisterRISCV::F3).unwrap();
assert_eq!(f1, 0x123456781a2b3c4d);
assert_eq!(f3, 0x123456781a2b3c4d);
}
#[test]
fn test_riscv64_fp_move_from_int() {
let code = [
0xf3, 0x90, 0x01, 0x30, // csrrw x2, mstatus, x3;
0x53, 0x00, 0x0b, 0xf2, // fmvd.d.x ft0, s6
];
let mut ft0 = 0x12341234;
let mut s6 = 0x56785678;
let x3 = 0x6000;
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
uc.reg_write(RegisterRISCV::FT0, ft0).unwrap();
uc.reg_write(RegisterRISCV::S6, s6).unwrap();
// mstatus.fs
uc.reg_write(RegisterRISCV::X3, x3).unwrap();
uc.emu_start(CODE_START, u64::MAX, 0, 2).unwrap();
ft0 = uc.reg_read(RegisterRISCV::FT0).unwrap();
s6 = uc.reg_read(RegisterRISCV::S6).unwrap();
assert_eq!(ft0, 0x56785678);
assert_eq!(s6, 0x56785678);
}
#[test]
fn test_riscv64_fp_move_from_int_reg_write() {
let code = [
0x53, 0x00, 0x0b, 0xf2, // fmvd.d.x ft0, s6
];
let mut ft0 = 0x12341234;
let mut s6 = 0x56785678;
let mstatus = 0x6000;
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
uc.reg_write(RegisterRISCV::FT0, ft0).unwrap();
uc.reg_write(RegisterRISCV::S6, s6).unwrap();
// mstatus.fs
uc.reg_write(RegisterRISCV::MSTATUS, mstatus).unwrap();
uc.emu_start(CODE_START, u64::MAX, 0, 1).unwrap();
ft0 = uc.reg_read(RegisterRISCV::FT0).unwrap();
s6 = uc.reg_read(RegisterRISCV::S6).unwrap();
assert_eq!(ft0, 0x56785678);
assert_eq!(s6, 0x56785678);
}
#[test]
fn test_riscv64_fp_move_to_int() {
let code = [
0xf3, 0x90, 0x01, 0x30, // csrrw x2, mstatus, x3;
0x53, 0x0b, 0x00, 0xe2, // fmv.x.d s6, ft0
];
let mut ft0 = 0x12341234;
let mut s6 = 0x56785678;
let x3 = 0x6000;
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
uc.reg_write(RegisterRISCV::FT0, ft0).unwrap();
uc.reg_write(RegisterRISCV::S6, s6).unwrap();
// mstatus.fs
uc.reg_write(RegisterRISCV::X3, x3).unwrap();
uc.emu_start(CODE_START, u64::MAX, 0, 2).unwrap();
ft0 = uc.reg_read(RegisterRISCV::FT0).unwrap();
s6 = uc.reg_read(RegisterRISCV::S6).unwrap();
assert_eq!(ft0, 0x12341234);
assert_eq!(s6, 0x12341234);
}
#[test]
fn test_riscv64_code_patching() {
let code = [
0x93, 0x82, 0x12, 0x00, // addi t0, t0, 0x1
];
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
// Zero out t0 and t1
let mut t0 = 0x0;
uc.reg_write(RegisterRISCV::T0, t0).unwrap();
// emulate the instruction
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
// check value
t0 = uc.reg_read(RegisterRISCV::T0).unwrap();
assert_eq!(t0, 0x1);
// patch instruction
let patch_code = [
0x93, 0x82, 0xf2, 0x7f, // addi t0, t0, 0x7FF
];
uc.mem_write(CODE_START, &patch_code).unwrap();
// zero out t0
t0 = 0x0;
uc.reg_write(RegisterRISCV::T0, t0).unwrap();
uc.emu_start(CODE_START, CODE_START + patch_code.len() as u64, 0, 0)
.unwrap();
// check value
t0 = uc.reg_read(RegisterRISCV::T0).unwrap();
assert_eq!(t0, 0x7ff);
}
#[test]
fn test_riscv64_code_patching_count() {
let code = [
0x93, 0x82, 0x12, 0x00, // addi t0, t0, 0x1
];
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
// Zero out t0 and t1
let mut t0 = 0x0;
uc.reg_write(RegisterRISCV::T0, t0).unwrap();
// emulate the instruction
uc.emu_start(CODE_START, u64::MAX, 0, 1).unwrap();
// check value
t0 = uc.reg_read(RegisterRISCV::T0).unwrap();
assert_eq!(t0, 0x1);
// patch instruction
let patch_code = [
0x93, 0x82, 0xf2, 0x7f, // addi t0, t0, 0x7FF
];
uc.mem_write(CODE_START, &patch_code).unwrap();
uc.ctl_remove_cache(CODE_START, CODE_START + patch_code.len() as u64)
.unwrap();
// zero out t0
t0 = 0x0;
uc.reg_write(RegisterRISCV::T0, t0).unwrap();
uc.emu_start(CODE_START, u64::MAX, 0, 1).unwrap();
// check value
t0 = uc.reg_read(RegisterRISCV::T0).unwrap();
assert_eq!(t0, 0x7ff);
}
#[test]
fn test_riscv64_ecall() {
let code = [
0x73, 0x00, 0x00, 0x00, // ecall
];
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
uc.add_intr_hook(|uc, _| uc.emu_stop().unwrap()).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let pc = uc.reg_read(RegisterRISCV::PC).unwrap();
assert_eq!(pc, CODE_START + 4);
}
#[test]
fn test_riscv32_mmio_map() {
#[rustfmt::skip]
let code = [
0x37, 0x17, 0x02, 0x40, // lui a4, 0x40021
0x1c, 0x4f, // c.lw a5, 0x18(a4)
];
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV32, None, &code, ());
uc.mmio_map_ro(0x40000000, 0x40000, |uc, offset, _size| {
let a4 = uc.reg_read(RegisterRISCV::A4).unwrap();
assert_eq!(a4, 0x40021 << 12);
assert_eq!(offset, 0x21018);
0
})
.unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
}
#[test]
fn test_riscv32_map() {
#[rustfmt::skip]
let code = [
0x37, 0x17, 0x02, 0x40, // lui a4, 0x40021
0x1c, 0x4f, // c.lw a5, 0x18(a4)
];
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV32, None, &code, ());
let val = 0xdeadbeefu64;
uc.mem_map(0x40000000, 0x40000, Prot::ALL).unwrap();
uc.mem_write(0x40000000 + 0x21018, &val.to_le_bytes())
.unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let a5 = uc.reg_read(RegisterRISCV::A5).unwrap();
assert_eq!(a5, val);
}
#[test]
fn test_riscv64_mmio_map() {
#[rustfmt::skip]
let code = [
0x37, 0x17, 0x02, 0x40, // lui a4, 0x40021
0x1c, 0x4f, // c.lw a5, 0x18(a4)
];
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
uc.mmio_map_ro(0x40000000, 0x40000, |uc, offset, _size| {
let a4 = uc.reg_read(RegisterRISCV::A4).unwrap();
assert_eq!(a4, 0x40021 << 12);
assert_eq!(offset, 0x21018);
0
})
.unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
}
#[test]
fn test_riscv_correct_address_in_small_jump_hook() {
#[rustfmt::skip]
let code = [
0xb7, 0x82, 0x00, 0x00, // lui t0, 8
0x9b, 0x82, 0x02, 0xf0, // addiw t0, t0, -256;
0x67, 0x80, 0x02, 0x00, // jr x5
];
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
uc.add_mem_hook(HookType::MEM_UNMAPPED, 1, 0, |uc, _, address, _, _| {
// Check registers
let x5 = uc.reg_read(RegisterRISCV::X5).unwrap();
let pc = uc.reg_read(RegisterRISCV::PC).unwrap();
assert_eq!(x5, 0x7F00);
assert_eq!(pc, 0x7F00);
// Check address
assert_eq!(address, 0x7F00);
false
})
.unwrap();
let err = uc
.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap_err();
assert_eq!(err, uc_error::FETCH_UNMAPPED);
let x5 = uc.reg_read(RegisterRISCV::X5).unwrap();
let pc = uc.reg_read(RegisterRISCV::PC).unwrap();
assert_eq!(x5, 0x7F00);
assert_eq!(pc, 0x7F00);
}
#[test]
fn test_riscv_correct_address_in_long_jump_hook() {
#[rustfmt::skip]
let code = [
0x93, 0x02, 0xf0, 0xff, // addi t0, zero, -1
0x93, 0x92, 0xf2, 0x03, // slli t0, t0, 63
0x93, 0x82, 0x02, 0xf0, // addi t0, t0, -256
0x67, 0x80, 0x02, 0x00, // jr x5
];
let mut uc = uc_common_setup(Arch::RISCV, Mode::RISCV64, None, &code, ());
uc.add_mem_hook(HookType::MEM_UNMAPPED, 1, 0, |uc, _, address, _, _| {
// Check registers
let x5 = uc.reg_read(RegisterRISCV::X5).unwrap();
let pc = uc.reg_read(RegisterRISCV::PC).unwrap();
assert_eq!(x5, 0x7FFFFFFFFFFFFF00);
assert_eq!(pc, 0x7FFFFFFFFFFFFF00);
// Check address
assert_eq!(address, 0x7FFFFFFFFFFFFF00);
false
})
.unwrap();
let err = uc
.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap_err();
assert_eq!(err, uc_error::FETCH_UNMAPPED);
let x5 = uc.reg_read(RegisterRISCV::X5).unwrap();
let pc = uc.reg_read(RegisterRISCV::PC).unwrap();
assert_eq!(x5, 0x7FFFFFFFFFFFFF00);
assert_eq!(pc, 0x7FFFFFFFFFFFFF00);
}
#[test]
fn test_riscv_mmu() {
fn test_riscv_mmu_prepare_tlb(uc: &mut Unicorn<'_, ()>, data_address: u64, code_address: u64) {
let sptbr = 0x2000;
uc.mem_map(sptbr, 0x3000, Prot::ALL).unwrap(); // tlb base
let tlbe = ((sptbr + 0x1000) >> 2) | 1;
uc.mem_write(sptbr, &tlbe.to_le_bytes()).unwrap();
let tlbe = ((sptbr + 0x2000) >> 2) | 1;
uc.mem_write(sptbr + 0x1000, &tlbe.to_le_bytes()).unwrap();
let tlbe = (code_address >> 2) | (7 << 1) | 1;
uc.mem_write(sptbr + 0x2000 + 0x15 * 8, &tlbe.to_le_bytes())
.unwrap();
let tlbe = (data_address >> 2) | (7 << 1) | 1;
uc.mem_write(sptbr + 0x2000 + 0x16 * 8, &tlbe.to_le_bytes())
.unwrap();
}
let code_address = 0x5000;
let data_address = 0x6000;
let data_value = 0x41414141u32;
let code_m = [
0x1b, 0x0e, 0xf0, 0xff, // li t3, (8 << 60) | 2
0x13, 0x1e, 0xfe, 0x03, // csrw sptbr, t3
0x13, 0x0e, 0x2e, 0x00, // li t0, (1 << 11) | (1 << 5)
0x73, 0x10, 0x0e, 0x18, // csrw mstatus, t0
0xb7, 0x12, 0x00, 0x00, // la t1, 0x15000
0x9b, 0x82, 0x02, 0x82, // csrw mepc, t1
0x73, 0x90, 0x02, 0x30, // mret
0x37, 0x53, 0x01, 0x00, // lui t0, 8
0x73, 0x10, 0x13, 0x34, // csrw mepc, t1
0x73, 0x00, 0x20, 0x30, // mret
];
#[rustfmt::skip]
let code_s = [
0xb7, 0x42, 0x41, 0x41, 0x9b, 0x82, 0x12, 0x14, // li t0, 0x41414141
0x37, 0x63, 0x01, 0x00, // li t1, 0x16000
0x23, 0x20, 0x53, 0x00, // sw t0, 0(t1)
0x13, 0x00, 0x00, 0x00, // nop
];
let mut uc = Unicorn::new(Arch::RISCV, Mode::RISCV64).unwrap();
uc.ctl_set_tlb_type(TlbType::CPU).unwrap();
uc.add_code_hook(1, 0, |uc, address, _| {
if address == 0x15010 {
uc.emu_stop().unwrap();
}
})
.unwrap();
uc.mem_map(0x1000, 0x1000, Prot::ALL).unwrap();
uc.mem_map(code_address, 0x1000, Prot::ALL).unwrap();
uc.mem_map(data_address, 0x1000, Prot::ALL).unwrap();
uc.mem_write(code_address, &code_s).unwrap();
uc.mem_write(0x1000, &code_m).unwrap();
test_riscv_mmu_prepare_tlb(&mut uc, data_address, code_address);
uc.emu_start(0x1000, 0x1000 + code_m.len() as u64, 0, 0)
.unwrap();
let data_result = u32::from_le_bytes(
uc.mem_read_as_vec(data_address, 4)
.unwrap()
.try_into()
.unwrap(),
);
assert_eq!(data_value, data_result);
}
#[test]
fn test_riscv_priv() {
let m_entry_address = 0x1000;
let main_address = 0x3000;
#[rustfmt::skip]
let code_m_entry = [
0x93, 0x02, 0x00, 0x00, // li t0, 0
0x73, 0x90, 0x02, 0x30, // csrw mstatus, t0
0x37, 0x33, 0x00, 0x00, // li t1, 0x3000
0x73, 0x10, 0x13, 0x34, // csrw mepc, t1
0x73, 0x00, 0x20, 0x30, // mret
];
#[rustfmt::skip]
let code_main = [
0x73, 0x90, 0x02, 0x14, // csrw sscratch, t1
0x13, 0x00, 0x00, 0x00, // nop
];
let main_end_address = main_address + code_main.len() as u64;
let mut uc = Unicorn::new(Arch::RISCV, Mode::RISCV64).unwrap();
uc.ctl_set_tlb_type(TlbType::CPU).unwrap();
uc.mem_map(m_entry_address, 0x1000, Prot::ALL).unwrap();
uc.mem_map(main_address, 0x1000, Prot::ALL).unwrap();
uc.mem_write(m_entry_address, &code_m_entry).unwrap();
uc.mem_write(main_address, &code_main).unwrap();
// Before anything executes we should be in M-Mode
let mut priv_value = uc.reg_read(RegisterRISCV::PRIV).unwrap();
assert_eq!(priv_value, 3);
// We'll put a sentinel value in sscratch so we can determine whether we've
// successfully written to it below.
let mut reg_value = 0xffff;
uc.reg_write(RegisterRISCV::SSCRATCH, reg_value).unwrap();
// Run until we reach the "csrw" at the start of code_main, at which
// point we should be in U-Mode due to the mret instruction.
uc.emu_start(m_entry_address, main_address, 0, 10).unwrap();
let mut pc = uc.reg_read(RegisterRISCV::PC).unwrap();
assert_eq!(pc, main_address);
priv_value = uc.reg_read(RegisterRISCV::PRIV).unwrap();
assert_eq!(priv_value, 0); // Now in U-Mode
// U-Mode can't write to sscratch, so execution at this point should
// cause an invalid instruction exception.
let err = uc
.emu_start(main_address, main_end_address, 0, 0)
.unwrap_err();
assert_eq!(err, uc_error::EXCEPTION);
pc = uc.reg_read(RegisterRISCV::PC).unwrap();
assert_eq!(pc, main_address + 4);
// ...but if we force S-Mode then we should be able to set it successfully.
priv_value = 1;
uc.reg_write(RegisterRISCV::PRIV, priv_value).unwrap();
uc.emu_start(main_address, main_end_address, 0, 0).unwrap();
reg_value = uc.reg_read(RegisterRISCV::SSCRATCH).unwrap();
assert_eq!(reg_value, 0);
pc = uc.reg_read(RegisterRISCV::PC).unwrap();
assert_eq!(pc, main_end_address);
}

25
bindings/rust/src/tests/s390x.rs Normal file
View File

@@ -0,0 +1,25 @@
use unicorn_engine_sys::RegisterS390X;
use super::*;
#[test]
fn test_s390x_lr() {
let code = [
0x18, 0x23, // lr %r2, %r3
];
let r3 = 0x114514;
let mut uc = uc_common_setup(Arch::S390X, Mode::BIG_ENDIAN, None, &code, ());
uc.reg_write(RegisterS390X::R3, r3).unwrap();
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
.unwrap();
let r2 = uc.reg_read(RegisterS390X::R2).unwrap();
let pc = uc.reg_read(RegisterS390X::PC).unwrap();
assert_eq!(r2, 0x114514);
assert_eq!(pc, CODE_START + code.len() as u64);
}