lazymio/unicorn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Format code

Browse Source
This commit is contained in:
mio
2025-01-04 15:48:54 +08:00
parent d50bbb5d5b
commit fcca82bb28
6 changed files with 75 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/uc_priv.h
View File

@@ -108,7 +108,8 @@ typedef MemoryRegion *(*uc_memory_mapping_t)(struct uc_struct *, hwaddr addr);
typedef void (*uc_memory_filter_t)(MemoryRegion *, int32_t); typedef void (*uc_memory_filter_t)(MemoryRegion *, int32_t);
typedef bool (*uc_flatview_copy_t)(struct uc_struct *, FlatView *, FlatView *, bool); typedef bool (*uc_flatview_copy_t)(struct uc_struct *, FlatView *, FlatView *,
bool);
typedef void (*uc_readonly_mem_t)(MemoryRegion *mr, bool readonly); typedef void (*uc_readonly_mem_t)(MemoryRegion *mr, bool readonly);
@@ -431,7 +432,7 @@ struct uc_context {
uc_arch arch; // the arch of this context uc_arch arch; // the arch of this context
int snapshot_level; // the memory snapshot level to restore int snapshot_level; // the memory snapshot level to restore
bool ramblock_freed; // wheter there was a some ramblock freed bool ramblock_freed; // wheter there was a some ramblock freed
RAMBlock *last_block;// The last element of the ramblock list RAMBlock *last_block; // The last element of the ramblock list
FlatView *fv; // The current flatview of the memory FlatView *fv; // The current flatview of the memory
char data[0]; // context char data[0]; // context
}; };

3
qemu/target/i386/unicorn.c
View File

@@ -2000,7 +2000,8 @@ static bool x86_stop_interrupt(struct uc_struct *uc, int intno)
static bool x86_insn_hook_validate(uint32_t insn_enum) static bool x86_insn_hook_validate(uint32_t insn_enum)
{ {
// for x86 we can only hook IN, OUT, SYSCALL, SYSENTER, CPUID, RDTSC, and RDTSCP // for x86 we can only hook IN, OUT, SYSCALL, SYSENTER, CPUID, RDTSC, and
// RDTSCP
if (insn_enum != UC_X86_INS_IN && insn_enum != UC_X86_INS_OUT && if (insn_enum != UC_X86_INS_IN && insn_enum != UC_X86_INS_OUT &&
insn_enum != UC_X86_INS_SYSCALL && insn_enum != UC_X86_INS_SYSENTER && insn_enum != UC_X86_INS_SYSCALL && insn_enum != UC_X86_INS_SYSENTER &&
insn_enum != UC_X86_INS_CPUID && insn_enum != UC_X86_INS_RDTSC && insn_enum != UC_X86_INS_CPUID && insn_enum != UC_X86_INS_RDTSC &&

51
tests/unit/test_arm64.c
View File

@@ -529,26 +529,36 @@ static void test_arm64_pc_wrap(void)
OK(uc_close(uc)); OK(uc_close(uc));
} }
static void static void test_arm64_mem_prot_regress_hook_mem(uc_engine *uc,
test_arm64_mem_prot_regress_hook_mem(uc_engine *uc, uc_mem_type type, uc_mem_type type,
uint64_t address, int size, int64_t value, void *user_data) uint64_t address, int size,
int64_t value, void *user_data)
{ {
// fprintf(stderr, "%s %p %d\n", (type == UC_MEM_WRITE) ? "UC_MEM_WRITE" : "UC_MEM_READ", (void *)address, size); // fprintf(stderr, "%s %p %d\n", (type == UC_MEM_WRITE) ? "UC_MEM_WRITE" :
// "UC_MEM_READ", (void *)address, size);
} }
static bool static bool test_arm64_mem_prot_regress_hook_prot(uc_engine *uc,
test_arm64_mem_prot_regress_hook_prot(uc_engine *uc, uc_mem_type type, uc_mem_type type,
uint64_t address, int size, int64_t value, void *user_data) uint64_t address, int size,
int64_t value,
void *user_data)
{ {
// fprintf(stderr, "%s %p %d\n", (type == UC_MEM_WRITE_PROT) ? "UC_MEM_WRITE_PROT" : ((type == UC_MEM_FETCH_PROT) ? "UC_MEM_FETCH_PROT" : "UC_MEM_READ_PROT"), (void *)address, size); // fprintf(stderr, "%s %p %d\n", (type == UC_MEM_WRITE_PROT) ?
// "UC_MEM_WRITE_PROT" : ((type == UC_MEM_FETCH_PROT) ? "UC_MEM_FETCH_PROT"
// : "UC_MEM_READ_PROT"), (void *)address, size);
return false; return false;
} }
static bool static bool test_arm64_mem_prot_regress_hook_unm(uc_engine *uc,
test_arm64_mem_prot_regress_hook_unm(uc_engine *uc, uc_mem_type type, uc_mem_type type,
uint64_t address, int size, int64_t value, void *user_data) uint64_t address, int size,
int64_t value, void *user_data)
{ {
// fprintf(stderr, "%s %p %d\n", (type == UC_MEM_WRITE_UNMAPPED) ? "UC_MEM_WRITE_UNMAPPED" : ((type == UC_MEM_FETCH_UNMAPPED) ? "UC_MEM_FETCH_UNMAPPED" : "UC_MEM_READ_UNMAPPED"), (void *)address, size); // fprintf(stderr, "%s %p %d\n", (type == UC_MEM_WRITE_UNMAPPED) ?
// "UC_MEM_WRITE_UNMAPPED" : ((type == UC_MEM_FETCH_UNMAPPED) ?
// "UC_MEM_FETCH_UNMAPPED" : "UC_MEM_READ_UNMAPPED"), (void *)address,
// size);
return false; return false;
} }
@@ -562,17 +572,24 @@ static void test_arm64_mem_prot_regress(void)
uc_engine *uc; uc_engine *uc;
OK(uc_open(UC_ARCH_ARM64, UC_MODE_ARM, &uc)); OK(uc_open(UC_ARCH_ARM64, UC_MODE_ARM, &uc));
OK(uc_mem_map(uc, 0, 0x4000, UC_PROT_READ|UC_PROT_EXEC)); OK(uc_mem_map(uc, 0, 0x4000, UC_PROT_READ | UC_PROT_EXEC));
OK(uc_mem_map(uc, 0x4000, 0xC000, UC_PROT_READ|UC_PROT_WRITE)); OK(uc_mem_map(uc, 0x4000, 0xC000, UC_PROT_READ | UC_PROT_WRITE));
OK(uc_mem_write(uc, 0, code, sizeof(code))); OK(uc_mem_write(uc, 0, code, sizeof(code)));
uc_hook hh_mem; uc_hook hh_mem;
OK(uc_hook_add(uc, &hh_mem, UC_HOOK_MEM_READ | UC_HOOK_MEM_WRITE, test_arm64_mem_prot_regress_hook_mem, NULL, 1, 0)); OK(uc_hook_add(uc, &hh_mem, UC_HOOK_MEM_READ | UC_HOOK_MEM_WRITE,
test_arm64_mem_prot_regress_hook_mem, NULL, 1, 0));
uc_hook hh_prot; uc_hook hh_prot;
OK(uc_hook_add(uc, &hh_prot, UC_HOOK_MEM_READ_PROT | UC_HOOK_MEM_WRITE_PROT | UC_HOOK_MEM_FETCH_PROT, test_arm64_mem_prot_regress_hook_prot, NULL, 1, 0)); OK(uc_hook_add(uc, &hh_prot,
UC_HOOK_MEM_READ_PROT | UC_HOOK_MEM_WRITE_PROT |
UC_HOOK_MEM_FETCH_PROT,
test_arm64_mem_prot_regress_hook_prot, NULL, 1, 0));
uc_hook hh_unm; uc_hook hh_unm;
OK(uc_hook_add(uc, &hh_unm, UC_HOOK_MEM_READ_UNMAPPED | UC_HOOK_MEM_WRITE_UNMAPPED | UC_HOOK_MEM_FETCH_UNMAPPED, test_arm64_mem_prot_regress_hook_unm, NULL, 1, 0)); OK(uc_hook_add(uc, &hh_unm,
UC_HOOK_MEM_READ_UNMAPPED | UC_HOOK_MEM_WRITE_UNMAPPED |
UC_HOOK_MEM_FETCH_UNMAPPED,
test_arm64_mem_prot_regress_hook_unm, NULL, 1, 0));
const uint64_t value = 0x801b; const uint64_t value = 0x801b;
OK(uc_reg_write(uc, UC_ARM64_REG_X0, &value)); OK(uc_reg_write(uc, UC_ARM64_REG_X0, &value));

42
tests/unit/test_x86.c
View File

@@ -632,10 +632,11 @@ static void test_x86_smc_add(void)
/* /*
* mov qword ptr [rip+0x10], rax * mov qword ptr [rip+0x10], rax
* mov word ptr [rip], 0x0548 * mov word ptr [rip], 0x0548
* [orig] mov eax, dword ptr [rax + 0x12345678]; [after SMC] 480578563412 add rax, 0x12345678 * [orig] mov eax, dword ptr [rax + 0x12345678]; [after SMC] 480578563412
* hlt * add rax, 0x12345678 hlt
*/ */
char code[] = "\x48\x89\x05\x10\x00\x00\x00\x66\xc7\x05\x00\x00\x00\x00\x48\x05\x8b\x80\x78\x56\x34\x12\xf4"; char code[] = "\x48\x89\x05\x10\x00\x00\x00\x66\xc7\x05\x00\x00\x00\x00\x48"
"\x05\x8b\x80\x78\x56\x34\x12\xf4";
uc_common_setup(&uc, UC_ARCH_X86, UC_MODE_64, code, sizeof(code) - 1); uc_common_setup(&uc, UC_ARCH_X86, UC_MODE_64, code, sizeof(code) - 1);
OK(uc_mem_map(uc, stack_base, 0x2000, UC_PROT_ALL)); OK(uc_mem_map(uc, stack_base, 0x2000, UC_PROT_ALL));
@@ -648,10 +649,11 @@ static void test_x86_smc_mem_hook_callback(uc_engine *uc, uc_mem_type t,
uint64_t addr, int size, uint64_t addr, int size,
uint64_t value, void *user_data) uint64_t value, void *user_data)
{ {
uint64_t write_addresses[] = { 0x1030, 0x1010, 0x1010, 0x1018, 0x1018, 0x1029, 0x1029 }; uint64_t write_addresses[] = {0x1030, 0x1010, 0x1010, 0x1018,
0x1018, 0x1029, 0x1029};
unsigned int *i = user_data; unsigned int *i = user_data;
TEST_CHECK(*i < (sizeof(write_addresses)/sizeof(write_addresses[0]))); TEST_CHECK(*i < (sizeof(write_addresses) / sizeof(write_addresses[0])));
TEST_CHECK(write_addresses[*i] == addr); TEST_CHECK(write_addresses[*i] == addr);
(*i)++; (*i)++;
} }
@@ -666,19 +668,19 @@ static void test_x86_smc_mem_hook(void)
/* /*
* mov qword ptr [rip+0x29], rax * mov qword ptr [rip+0x29], rax
* mov word ptr [rip], 0x0548 * mov word ptr [rip], 0x0548
* [orig] mov eax, dword ptr [rax + 0x12345678]; [after SMC] 480578563412 add rax, 0x12345678 * [orig] mov eax, dword ptr [rax + 0x12345678]; [after SMC] 480578563412
* nop * add rax, 0x12345678 nop nop nop mov qword ptr [rip-0x08], rax mov word
* nop * ptr [rip], 0x0548 [orig] mov eax, dword ptr [rax + 0x12345678]; [after
* nop * SMC] 480578563412 add rax, 0x12345678 hlt
* mov qword ptr [rip-0x08], rax
* mov word ptr [rip], 0x0548
* [orig] mov eax, dword ptr [rax + 0x12345678]; [after SMC] 480578563412 add rax, 0x12345678
* hlt
*/ */
char code[] = "\x48\x89\x05\x29\x00\x00\x00\x66\xC7\x05\x00\x00\x00\x00\x48\x05\x8B\x80\x78\x56\x34\x12\x90\x90\x90\x48\x89\x05\xF8\xFF\xFF\xFF\x66\xC7\x05\x00\x00\x00\x00\x48\x05\x8B\x80\x78\x56\x34\x12\xF4"; char code[] =
"\x48\x89\x05\x29\x00\x00\x00\x66\xC7\x05\x00\x00\x00\x00\x48\x05\x8B"
"\x80\x78\x56\x34\x12\x90\x90\x90\x48\x89\x05\xF8\xFF\xFF\xFF\x66\xC7"
"\x05\x00\x00\x00\x00\x48\x05\x8B\x80\x78\x56\x34\x12\xF4";
uc_common_setup(&uc, UC_ARCH_X86, UC_MODE_64, code, sizeof(code) - 1); uc_common_setup(&uc, UC_ARCH_X86, UC_MODE_64, code, sizeof(code) - 1);
OK(uc_hook_add(uc, &hook, UC_HOOK_MEM_WRITE, test_x86_smc_mem_hook_callback, &i, 1, 0)); OK(uc_hook_add(uc, &hook, UC_HOOK_MEM_WRITE, test_x86_smc_mem_hook_callback,
&i, 1, 0));
OK(uc_mem_map(uc, stack_base, 0x2000, UC_PROT_ALL)); OK(uc_mem_map(uc, stack_base, 0x2000, UC_PROT_ALL));
r_rsp = stack_base + 0x1800; r_rsp = stack_base + 0x1800;
OK(uc_reg_write(uc, UC_X86_REG_RSP, &r_rsp)); OK(uc_reg_write(uc, UC_X86_REG_RSP, &r_rsp));
@@ -1343,14 +1345,13 @@ static void test_x86_unaligned_access(void)
OK(uc_close(uc)); OK(uc_close(uc));
} }
static void test_x86_64_unaligned_access(void){ static void test_x86_64_unaligned_access(void)
{
uc_engine *uc; uc_engine *uc;
uc_hook hook; uc_hook hook;
char code[] = { char code[] = {"\x48\x89\x01" // mov qword ptr [rcx],rax
"\x48\x89\x01" // mov qword ptr [rcx],rax
"\x48\x8b\x00" // mov rax,qword ptr [rax] "\x48\x8b\x00" // mov rax,qword ptr [rax]
"\xcc" "\xcc"};
};
uint64_t r_rax = LEINT64(0x2fffff); uint64_t r_rax = LEINT64(0x2fffff);
uint64_t r_rcx = LEINT64(0x2fffff); uint64_t r_rcx = LEINT64(0x2fffff);
struct writelog_t write_log[10]; struct writelog_t write_log[10];
@@ -1382,7 +1383,6 @@ static void test_x86_64_unaligned_access(void){
TEST_CHECK(b == 0x2fffff); TEST_CHECK(b == 0x2fffff);
OK(uc_close(uc)); OK(uc_close(uc));
} }
#endif #endif

9
uc.c
View File

@@ -35,7 +35,8 @@ static void clear_deleted_hooks(uc_engine *uc);
static uc_err uc_snapshot(uc_engine *uc); static uc_err uc_snapshot(uc_engine *uc);
static uc_err uc_restore_latest_snapshot(uc_engine *uc); static uc_err uc_restore_latest_snapshot(uc_engine *uc);
#if defined(__APPLE__) && defined(HAVE_PTHREAD_JIT_PROTECT) && (defined(__arm__) || defined(__aarch64__)) #if defined(__APPLE__) && defined(HAVE_PTHREAD_JIT_PROTECT) && \
(defined(__arm__) || defined(__aarch64__))
static void save_jit_state(uc_engine *uc) static void save_jit_state(uc_engine *uc)
{ {
if (!uc->nested) { if (!uc->nested) {
@@ -2148,7 +2149,8 @@ uc_err uc_context_save(uc_engine *uc, uc_context *context)
if (!context->fv) { if (!context->fv) {
return UC_ERR_NOMEM; return UC_ERR_NOMEM;
} }
if (!uc->flatview_copy(uc, context->fv, uc->address_space_memory.current_map, false)) { if (!uc->flatview_copy(uc, context->fv,
uc->address_space_memory.current_map, false)) {
restore_jit_state(uc); restore_jit_state(uc);
return UC_ERR_NOMEM; return UC_ERR_NOMEM;
} }
@@ -2434,7 +2436,8 @@ uc_err uc_context_restore(uc_engine *uc, uc_context *context)
uc_snapshot(uc); uc_snapshot(uc);
uc->ram_list.freed = context->ramblock_freed; uc->ram_list.freed = context->ramblock_freed;
uc->ram_list.last_block = context->last_block; uc->ram_list.last_block = context->last_block;
if (!uc->flatview_copy(uc, uc->address_space_memory.current_map, context->fv, true)) { if (!uc->flatview_copy(uc, uc->address_space_memory.current_map,
context->fv, true)) {
return UC_ERR_NOMEM; return UC_ERR_NOMEM;
} }
uc->tcg_flush_tlb(uc); uc->tcg_flush_tlb(uc);