mio
bd5a8c5146
commit 520c6647c32f02d83083d969d416154aa95e922c
Merge: 6bb29b12 b999f507
Author: mio <mio@lazym.io>
Date: Sun Apr 13 00:14:23 2025 +0800
merge dev
commit 6bb29b12f1d9f452365cc9cb5bc2d65ef376af30
Author: mio <mio@lazym.io>
Date: Sun Apr 13 00:13:12 2025 +0800
enable test
commit bcb8b363ef12ac295cf4fe4f1645416e5f0ea6ae
Author: mio <mio@lazym.io>
Date: Sun Apr 13 00:13:06 2025 +0800
also logging
commit 5972fc156b7379d09582c745d6d597e07555f2f4
Author: mio <mio@lazym.io>
Date: Sun Apr 13 00:12:58 2025 +0800
no unlimited translation
commit 7d600feebf9055505918e50d0af8b529a3eba542
Author: mio <mio@lazym.io>
Date: Sun Apr 13 00:12:47 2025 +0800
Ignore bindings.rs
commit dde4d50f2c7713156ac3bc284287480e4d92005f
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sun Apr 6 03:26:22 2025 -0400
alias `uc_mips_reg` to `UC_MIPS_REG`
commit 04234ae01ba7c82d9717eaae64cdda289ce3b832
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sun Apr 6 01:13:00 2025 -0400
remove bindings.rs
commit edec1300cd7c2d8ef4babbd51f6bcba2e126bdd7
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Apr 5 14:29:40 2025 -0400
address review
commit feb157b28b6c262c5dc3d810ec54de55a25bcd6e
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 22:40:53 2025 -0400
ci(rust): rework workflow
The notable changes are migrating to
`actions-rust-lang/setup-rust-toolchain` for setting up Rust as it's
maintained, and using `katyo/publish-crates` for publishing crates in a
workspace
commit c1c7a8f8ed841b6ec5b4abe57013a1c2c9748c60
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 22:40:06 2025 -0400
build(rust): set `rust-version` to 1.85
commit 8df938c9f8b478160213707674157103b0893caf
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 21:53:21 2025 -0400
fix(rust): correct unsound pointer cast
The size of `T` is not guaranteed to be the size of `i32` - all we know
is that `T` is `Into<i32>`, so we should first copy them over into an
`i32` array
commit 3059b2583a60aa0cac9278afc945ed87f7ddb65e
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 20:13:26 2025 -0400
docs(rust): update readme
commit 7db69a888e58a4bda20083e4e0771d26a327ad13
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 13:58:30 2025 -0400
feat(rust): add comprehensive tests
These tests are copied over from the C tests
commit 78f2207f0e0481aef4de6d5908f8dc699a39a8d5
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 13:57:27 2025 -0400
feat(rust): add tcg hook
commit 46e53328531ec3279dadbf18c16b493432227b31
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 13:56:55 2025 -0400
feat(rust): add a hook for arm64 sys instructions
commit d1b58ee8282bf1eeeefbf68c87c2cf7c50c90320
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 13:56:35 2025 -0400
feat(rust): add the ability to read the arm coprocessor register
commit d304da18b9e6741042b2a70657437be8f39f5c7c
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 13:55:29 2025 -0400
feat(rust): add missing `Context` methods
commit 0dd87833081ac9db1feaf5bae8c839a7a2ae4947
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 13:44:51 2025 -0400
refactor(rust): remove unnecessary code
`unicorn-engine-sys` will provide the necessary constants & types
commit da3d2fa7c3ecd3ae8fdb6672b6c5ea23da4570ff
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 13:43:57 2025 -0400
feat(rust): add a workspace `Cargo.toml`, and use `unicorn-engine-sys`
commit b27a2a93e4ac43aa2079e936df4dd30a1f8f329a
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 13:38:06 2025 -0400
feat(rust): introduce `unicorn-engine-sys` crate
This crate contains generated Rust bindings to the C library via
bindgen. It is independent from the main `unicorn-engine` bindings,
which will leverage this
commit bcec87a3f6e316e328683c303ccfa89e530a6c56
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 13:31:24 2025 -0400
test(m68k): actually assert an expectation
This test did not actually test for anything before
commit bc7e65ca96164496eb2e250b1f296a33a8aa58ee
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 13:31:09 2025 -0400
style(test): use bitflag shorthands
commit 0ab4b7fefb3ca17b0b5977d7b204291c5de184ad
Author: Amaan Qureshi <amaanq12@gmail.com>
Date: Sat Mar 29 13:22:13 2025 -0400
fix(mips): lowercase enum name `uc_mips_reg`
This aligns with other architectures
Co-authored-by: Amaan Qureshi <amaanq12@gmail.com>
543 lines
14 KiB
Rust
543 lines
14 KiB
Rust
use unicorn_engine_sys::{Arm64CpuModel, Arm64Insn, RegisterARM64};
|
|
|
|
use super::*;
|
|
|
|
#[test]
|
|
fn test_arm64_until() {
|
|
let code = &[
|
|
0x30, 0x00, 0x80, 0xd2, // mov x16, #1
|
|
0x11, 0x04, 0x80, 0xd2, // mov x17, #0x20
|
|
0x9c, 0x23, 0x00, 0x91, // add x28, x28, 8
|
|
];
|
|
|
|
let mut uc = uc_common_setup(
|
|
Arch::ARM64,
|
|
Mode::ARM,
|
|
Some(Arm64CpuModel::A72 as i32),
|
|
code,
|
|
(),
|
|
);
|
|
|
|
let x16 = 0x12341234;
|
|
let x17 = 0x78907890;
|
|
let x28 = 0x12341234;
|
|
|
|
uc.reg_write(RegisterARM64::X16, x16).unwrap();
|
|
uc.reg_write(RegisterARM64::X17, x17).unwrap();
|
|
uc.reg_write(RegisterARM64::X28, x28).unwrap();
|
|
|
|
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 3)
|
|
.unwrap();
|
|
|
|
let x16 = uc.reg_read(RegisterARM64::X16).unwrap();
|
|
let x17 = uc.reg_read(RegisterARM64::X17).unwrap();
|
|
let x28 = uc.reg_read(RegisterARM64::X28).unwrap();
|
|
let pc = uc.reg_read(RegisterARM64::PC).unwrap();
|
|
|
|
assert_eq!(x16, 0x1);
|
|
assert_eq!(x17, 0x20);
|
|
assert_eq!(x28, 0x1234123c);
|
|
assert_eq!(pc, CODE_START + code.len() as u64);
|
|
}
|
|
|
|
#[test]
|
|
fn test_arm64_code_patching() {
|
|
let code = &[0x00, 0x04, 0x00, 0x11]; // add w0, w0, 0x1
|
|
let mut uc = uc_common_setup(
|
|
Arch::ARM64,
|
|
Mode::ARM,
|
|
Some(Arm64CpuModel::A72 as i32),
|
|
code,
|
|
(),
|
|
);
|
|
|
|
let x0 = 0x0;
|
|
uc.reg_write(RegisterARM64::X0, x0).unwrap();
|
|
|
|
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
|
|
.unwrap();
|
|
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
assert_eq!(x0, 0x1);
|
|
|
|
let patch_code = &[0x00, 0xfc, 0x1f, 0x11]; // add w0, w0, 0x7FF
|
|
uc.mem_write(CODE_START, patch_code).unwrap();
|
|
|
|
let x0 = 0x0;
|
|
uc.reg_write(RegisterARM64::X0, x0).unwrap();
|
|
|
|
uc.emu_start(CODE_START, CODE_START + patch_code.len() as u64, 0, 0)
|
|
.unwrap();
|
|
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
assert_ne!(x0, 0x1);
|
|
assert_eq!(x0, 0x7ff);
|
|
}
|
|
|
|
/// Need to flush the cache before running the emulation after patching
|
|
#[test]
|
|
fn test_arm64_code_patching_count() {
|
|
let code = &[0x00, 0x04, 0x00, 0x11]; // add w0, w0, 0x1
|
|
let mut uc = uc_common_setup(
|
|
Arch::ARM64,
|
|
Mode::ARM,
|
|
Some(Arm64CpuModel::A72 as i32),
|
|
code,
|
|
(),
|
|
);
|
|
|
|
let x0 = 0x0;
|
|
uc.reg_write(RegisterARM64::X0, x0).unwrap();
|
|
|
|
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 1)
|
|
.unwrap();
|
|
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
assert_eq!(x0, 0x1);
|
|
|
|
let patch_code = &[0x00, 0xfc, 0x1f, 0x11]; // add w0, w0, 0x7FF
|
|
uc.mem_write(CODE_START, patch_code).unwrap();
|
|
uc.ctl_remove_cache(CODE_START, CODE_START + patch_code.len() as u64)
|
|
.unwrap();
|
|
|
|
let x0 = 0x0;
|
|
uc.reg_write(RegisterARM64::X0, x0).unwrap();
|
|
|
|
uc.emu_start(CODE_START, CODE_START + patch_code.len() as u64, 0, 1)
|
|
.unwrap();
|
|
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
assert_ne!(x0, 0x1);
|
|
assert_eq!(x0, 0x7ff);
|
|
}
|
|
|
|
#[test]
|
|
fn test_arm64_v8_pac() {
|
|
let code = &[0x28, 0xfd, 0xea, 0xc8]; // casal x10, x8, [x9]
|
|
let mut uc = uc_common_setup(
|
|
Arch::ARM64,
|
|
Mode::ARM,
|
|
Some(Arm64CpuModel::MAX as i32),
|
|
code,
|
|
(),
|
|
);
|
|
|
|
uc.mem_map(0x40000, 0x1000, Prot::ALL).unwrap();
|
|
uc.mem_write(0x40000, &[0; 8]).unwrap();
|
|
|
|
let x9 = 0x40000;
|
|
uc.reg_write(RegisterARM64::X9, x9).unwrap();
|
|
|
|
let x8 = 0xdeadbeafdeadbeaf;
|
|
uc.reg_write(RegisterARM64::X8, x8).unwrap();
|
|
|
|
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
|
|
.unwrap();
|
|
|
|
let mem = u64::from_le_bytes(uc.mem_read_as_vec(0x40000, 8).unwrap().try_into().unwrap());
|
|
assert_eq!(mem, x8);
|
|
}
|
|
|
|
#[test]
|
|
fn test_arm64_read_sctlr() {
|
|
let uc = Unicorn::new(Arch::ARM64, Mode::ARM | Mode::LITTLE_ENDIAN).unwrap();
|
|
|
|
let reg = uc.reg_read_arm64_coproc().unwrap();
|
|
|
|
assert_eq!(reg.val >> 58, 0);
|
|
}
|
|
|
|
#[test]
|
|
fn test_arm64_mrs_hook() {
|
|
let code = &[0x62, 0xd0, 0x3b, 0xd5]; // mrs x2, tpidrro_el0
|
|
let mut uc = uc_common_setup(
|
|
Arch::ARM64,
|
|
Mode::ARM | Mode::LITTLE_ENDIAN,
|
|
Some(Arm64CpuModel::A72 as i32),
|
|
code,
|
|
(),
|
|
);
|
|
|
|
uc.add_insn_sys_hook_arm64(Arm64Insn::UC_ARM64_INS_MRS, 1, 0, |uc, reg, _| {
|
|
let x2 = 0x114514;
|
|
uc.reg_write(reg, x2).unwrap();
|
|
|
|
// Skip
|
|
true
|
|
})
|
|
.unwrap();
|
|
|
|
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
|
|
.unwrap();
|
|
|
|
let x2 = uc.reg_read(RegisterARM64::X2).unwrap();
|
|
assert_eq!(x2, 0x114514);
|
|
}
|
|
|
|
#[test]
|
|
fn test_arm64_correct_address_in_small_jump_hook() {
|
|
let code = &[
|
|
0x00, 0xe0, 0x8f, 0xd2, // mov x0, #0x7F00
|
|
0x00, 0x00, 0x1f, 0xd6, // br x0
|
|
];
|
|
|
|
let mut uc = uc_common_setup(
|
|
Arch::ARM64,
|
|
Mode::ARM,
|
|
Some(Arm64CpuModel::A72 as i32),
|
|
code,
|
|
(),
|
|
);
|
|
|
|
uc.add_mem_hook(HookType::MEM_UNMAPPED, 1, 0, |uc, _, address, _, _| {
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
let pc = uc.reg_read(RegisterARM64::PC).unwrap();
|
|
assert_eq!(x0, 0x7F00);
|
|
assert_eq!(pc, 0x7F00);
|
|
assert_eq!(address, 0x7F00);
|
|
false
|
|
})
|
|
.unwrap();
|
|
|
|
let err = uc
|
|
.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
|
|
.unwrap_err();
|
|
assert_eq!(err, uc_error::FETCH_UNMAPPED);
|
|
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
let pc = uc.reg_read(RegisterARM64::PC).unwrap();
|
|
assert_eq!(x0, 0x7F00);
|
|
assert_eq!(pc, 0x7F00);
|
|
}
|
|
|
|
#[test]
|
|
fn test_arm64_correct_address_in_long_jump_hook() {
|
|
let code = &[0xe0, 0xdb, 0x78, 0xb2, 0x00, 0x00, 0x1f, 0xd6]; // mov x0, 0x7FFFFFFFFFFFFF00; br x0
|
|
let mut uc = uc_common_setup(
|
|
Arch::ARM64,
|
|
Mode::ARM,
|
|
Some(Arm64CpuModel::A72 as i32),
|
|
code,
|
|
(),
|
|
);
|
|
|
|
uc.add_mem_hook(HookType::MEM_UNMAPPED, 1, 0, |uc, _, address, _, _| {
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
let pc = uc.reg_read(RegisterARM64::PC).unwrap();
|
|
assert_eq!(x0, 0x7FFFFFFFFFFFFF00);
|
|
assert_eq!(pc, 0x7FFFFFFFFFFFFF00);
|
|
assert_eq!(address, 0x7FFFFFFFFFFFFF00);
|
|
false
|
|
})
|
|
.unwrap();
|
|
|
|
let err = uc
|
|
.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
|
|
.unwrap_err();
|
|
assert_eq!(err, uc_error::FETCH_UNMAPPED);
|
|
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
let pc = uc.reg_read(RegisterARM64::PC).unwrap();
|
|
assert_eq!(x0, 0x7FFFFFFFFFFFFF00);
|
|
assert_eq!(pc, 0x7FFFFFFFFFFFFF00);
|
|
}
|
|
|
|
#[test]
|
|
fn test_arm64_block_sync_pc() {
|
|
let code = &[
|
|
0x00, 0x48, 0x13, 0x91, // add x0, x0, #1234
|
|
0x01, 0x00, 0x00, 0x94, // bl t
|
|
0xc1, 0xc5, 0x82, 0xd2, // t: mov x1, #5678
|
|
];
|
|
|
|
let mut uc = uc_common_setup(
|
|
Arch::ARM64,
|
|
Mode::ARM,
|
|
Some(Arm64CpuModel::A72 as i32),
|
|
code,
|
|
true,
|
|
);
|
|
|
|
uc.add_block_hook(CODE_START + 8, CODE_START + 12, |uc, addr, _| {
|
|
let pc = uc.reg_read(RegisterARM64::PC).unwrap();
|
|
assert_eq!(pc, addr);
|
|
let val = CODE_START;
|
|
let first = *uc.get_data_mut();
|
|
if first {
|
|
uc.reg_write(RegisterARM64::PC, val).unwrap();
|
|
*uc.get_data_mut() = false;
|
|
}
|
|
})
|
|
.unwrap();
|
|
|
|
let x0 = 0;
|
|
uc.reg_write(RegisterARM64::X0, x0).unwrap();
|
|
|
|
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
|
|
.unwrap();
|
|
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
assert_eq!(x0, 1234 * 2);
|
|
}
|
|
|
|
#[test]
|
|
fn test_arm64_block_invalid_mem_read_write_sync() {
|
|
let code = &[
|
|
0x20, 0x00, 0x80, 0xd2, // mov x0, #1
|
|
0x41, 0x00, 0x80, 0xd2, // mov x1, #2
|
|
0x20, 0x00, 0x40, 0xf9, // ldr x0, [x1]
|
|
];
|
|
|
|
let mut uc = uc_common_setup(
|
|
Arch::ARM64,
|
|
Mode::ARM,
|
|
Some(Arm64CpuModel::A72 as i32),
|
|
code,
|
|
true,
|
|
);
|
|
|
|
uc.add_mem_hook(
|
|
HookType::MEM_READ,
|
|
CODE_START + 8,
|
|
CODE_START + 12,
|
|
|_, _, _, _, _| false,
|
|
)
|
|
.unwrap();
|
|
|
|
let err = uc
|
|
.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
|
|
.unwrap_err();
|
|
assert_eq!(err, uc_error::READ_UNMAPPED);
|
|
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
let x1 = uc.reg_read(RegisterARM64::X1).unwrap();
|
|
assert_eq!(x0, 1);
|
|
assert_eq!(x1, 2);
|
|
}
|
|
|
|
#[test]
|
|
fn test_arm64_mmu() {
|
|
#[rustfmt::skip]
|
|
let code = &[
|
|
// Read data from physical address
|
|
0x00, 0x81, 0x00, 0x58, // ldr x0, =0x40000000
|
|
0x01, 0x00, 0x40, 0xf9, // ldr x1, [x0]
|
|
|
|
// Initialize translation table control registers
|
|
0x00, 0x81, 0x00, 0x58, // ldr x0, =0x180803F20
|
|
0x40, 0x20, 0x18, 0xd5, // msr TCR_EL1, x0
|
|
0x00, 0x81, 0x00, 0x58, // ldr x0, =0xFFFFFFFF
|
|
0x00, 0xa2, 0x18, 0xd5, // msr MAIR_EL1, x0
|
|
|
|
// Set translation table
|
|
0x40, 0x7f, 0x00, 0x10, // adr x0, ttb0_base
|
|
0x00, 0x20, 0x18, 0xd5, // msr TTBR0_EL1, x0
|
|
|
|
// Enable caches and the MMU
|
|
0x00, 0x10, 0x38, 0xd5, // mrs x0, SCTLR_EL1
|
|
0x00, 0x00, 0x7e, 0xb2, // orr x0, x0, #(0x1 << 2) // The C bit (data cache)
|
|
0x00, 0x00, 0x74, 0xb2, // orr x0, x0, #(0x1 << 12) // The I bit (instruction cache)
|
|
0x00, 0x00, 0x40, 0xb2, // orr x0, x0, #0x1
|
|
0x00, 0x10, 0x18, 0xd5, // msr SCTLR_EL1, x0
|
|
0x9f, 0x3f, 0x03, 0xd5, // dsb SY
|
|
0xdf, 0x3f, 0x03, 0xd5, // isb
|
|
|
|
// Read the same memory area through virtual address
|
|
0xe0, 0x7f, 0x00, 0x58, // ldr x0, =0x80000000
|
|
0x02, 0x00, 0x40, 0xf9, // ldr x2, [x0]
|
|
|
|
// Stop
|
|
0x00, 0x00, 0x00, 0x14, // b .
|
|
0x1f, 0x20, 0x03, 0xd5, // nop
|
|
0x1f, 0x20, 0x03, 0xd5, // nop
|
|
0x1f, 0x20, 0x03, 0xd5, // nop
|
|
0x1f, 0x20, 0x03, 0xd5, // nop
|
|
0x1f, 0x20, 0x03, 0xd5, // nop
|
|
];
|
|
|
|
let mut data = vec![0x44u8; 0x1000];
|
|
let mut tlbe = [0x41, 0x07, 0, 0, 0, 0, 0, 0];
|
|
|
|
let mut uc = Unicorn::new(Arch::ARM64, Mode::ARM).unwrap();
|
|
uc.ctl_set_tlb_type(unicorn_engine_sys::TlbType::CPU)
|
|
.unwrap();
|
|
uc.mem_map(0, 0x2000, Prot::ALL).unwrap();
|
|
uc.mem_write(0, code).unwrap();
|
|
|
|
uc.mem_write(0x1000, &tlbe).unwrap();
|
|
|
|
tlbe[3] = 0x40;
|
|
uc.mem_write(0x1008, &tlbe).unwrap();
|
|
uc.mem_write(0x1010, &tlbe).unwrap();
|
|
uc.mem_write(0x1018, &tlbe).unwrap();
|
|
|
|
tlbe[0] = 0;
|
|
tlbe[1] = 0;
|
|
uc.mem_write(0x1020, &tlbe).unwrap();
|
|
|
|
tlbe[0] = 0x20;
|
|
tlbe[1] = 0x3f;
|
|
tlbe[2] = 0x80;
|
|
tlbe[3] = 0x80;
|
|
tlbe[4] = 0x1;
|
|
uc.mem_write(0x1028, &tlbe).unwrap();
|
|
|
|
tlbe[0] = 0xff;
|
|
tlbe[1] = 0xff;
|
|
tlbe[2] = 0xff;
|
|
tlbe[3] = 0xff;
|
|
tlbe[4] = 0x00;
|
|
uc.mem_write(0x1030, &tlbe).unwrap();
|
|
|
|
tlbe[0] = 0;
|
|
tlbe[1] = 0;
|
|
tlbe[2] = 0;
|
|
tlbe[3] = 0x80;
|
|
uc.mem_write(0x1038, &tlbe).unwrap();
|
|
|
|
unsafe {
|
|
uc.mem_map_ptr(
|
|
0x40000000,
|
|
0x1000,
|
|
Prot::READ,
|
|
data.as_mut_ptr().cast::<core::ffi::c_void>(),
|
|
)
|
|
.unwrap();
|
|
}
|
|
|
|
uc.emu_start(0, 0x44, 0, 0).unwrap();
|
|
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
let x1 = uc.reg_read(RegisterARM64::X1).unwrap();
|
|
let x2 = uc.reg_read(RegisterARM64::X2).unwrap();
|
|
|
|
assert_eq!(x0, 0x80000000);
|
|
assert_eq!(x1, 0x4444444444444444);
|
|
assert_eq!(x2, 0x4444444444444444);
|
|
}
|
|
|
|
#[test]
|
|
fn test_arm64_pc_wrap() {
|
|
let code1 = &[0x20, 0x00, 0x02, 0x8b]; // add x1, x2, x3
|
|
let code2 = &[0x20, 0x00, 0x03, 0x8b]; // add x1, x3, x3
|
|
|
|
let mut uc = Unicorn::new(Arch::ARM64, Mode::ARM).unwrap();
|
|
uc.mem_map(0xFFFFFFFFFFFFF000, 4096, Prot::READ | Prot::EXEC)
|
|
.unwrap();
|
|
uc.mem_write(0xFFFFFFFFFFFFFFFC, code1).unwrap();
|
|
|
|
let x1 = 1;
|
|
let x2 = 2;
|
|
uc.reg_write(RegisterARM64::X1, x1).unwrap();
|
|
uc.reg_write(RegisterARM64::X2, x2).unwrap();
|
|
|
|
uc.emu_start(
|
|
0xFFFFFFFFFFFFFFFC,
|
|
0xFFFFFFFFFFFFFFFCu64.wrapping_add(4),
|
|
0,
|
|
1,
|
|
)
|
|
.unwrap();
|
|
|
|
uc.mem_unmap(0xFFFFFFFFFFFFF000, 4096).unwrap();
|
|
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
assert_eq!(x0, 1 + 2);
|
|
|
|
uc.mem_map(0xFFFFFFFFFFFFF000, 4096, Prot::READ | Prot::EXEC)
|
|
.unwrap();
|
|
uc.mem_write(0xFFFFFFFFFFFFFFFC, code2).unwrap();
|
|
|
|
let x1 = 5;
|
|
let x2 = 0;
|
|
let x3 = 5;
|
|
uc.reg_write(RegisterARM64::X1, x1).unwrap();
|
|
uc.reg_write(RegisterARM64::X2, x2).unwrap();
|
|
uc.reg_write(RegisterARM64::X3, x3).unwrap();
|
|
|
|
uc.emu_start(
|
|
0xFFFFFFFFFFFFFFFC,
|
|
0xFFFFFFFFFFFFFFFCu64.wrapping_add(4),
|
|
0,
|
|
1,
|
|
)
|
|
.unwrap();
|
|
|
|
uc.mem_unmap(0xFFFFFFFFFFFFF000, 4096).unwrap();
|
|
|
|
let x0 = uc.reg_read(RegisterARM64::X0).unwrap();
|
|
assert_eq!(x0, 5 + 5);
|
|
}
|
|
|
|
#[test]
|
|
fn test_arm64_mem_prot_regress() {
|
|
let code = &[0x08, 0x40, 0x5e, 0x78]; // ldurh w8, [x0, #-0x1c]
|
|
|
|
let mut uc = Unicorn::new(Arch::ARM64, Mode::ARM).unwrap();
|
|
|
|
uc.mem_map(0, 0x4000, Prot::READ | Prot::EXEC).unwrap();
|
|
uc.mem_map(0x4000, 0xC000, Prot::READ | Prot::WRITE)
|
|
.unwrap();
|
|
uc.mem_write(0, code).unwrap();
|
|
|
|
uc.add_mem_hook(
|
|
HookType::MEM_READ | HookType::MEM_WRITE,
|
|
1,
|
|
0,
|
|
|_, _, _, _, _| false,
|
|
)
|
|
.unwrap();
|
|
|
|
uc.add_mem_hook(HookType::MEM_PROT, 1, 0, |_, _, _, _, _| false)
|
|
.unwrap();
|
|
|
|
uc.add_mem_hook(HookType::MEM_UNMAPPED, 1, 0, |_, _, _, _, _| false)
|
|
.unwrap();
|
|
|
|
let value = 0x801b;
|
|
uc.reg_write(RegisterARM64::X0, value).unwrap();
|
|
|
|
uc.emu_start(0, code.len() as u64, 0, 0).unwrap();
|
|
}
|
|
|
|
#[test]
|
|
fn test_arm64_mem_hook_read_write() {
|
|
let code = &[
|
|
0xe1, 0x0b, 0x40, 0xa9, // ldp x1, x2, [sp]
|
|
0xe1, 0x0b, 0x00, 0xa9, // stp x1, x2, [sp]
|
|
0xe1, 0x0b, 0x40, 0xa9, // ldp x1, x2, [sp]
|
|
0xe1, 0x0b, 0x00, 0xa9, // stp x1, x2, [sp]
|
|
];
|
|
|
|
let mut uc = uc_common_setup(
|
|
Arch::ARM64,
|
|
Mode::ARM,
|
|
Some(Arm64CpuModel::A72 as i32),
|
|
code,
|
|
[0, 0],
|
|
);
|
|
|
|
let sp = 0x16db6a040;
|
|
uc.reg_write(RegisterARM64::SP, sp).unwrap();
|
|
uc.mem_map(0x16db68000, 1024 * 16, Prot::ALL).unwrap();
|
|
|
|
uc.add_mem_hook(HookType::MEM_READ, 1, 0, |uc, _, _, _, _| {
|
|
(*uc.get_data_mut())[0] += 1;
|
|
false
|
|
})
|
|
.unwrap();
|
|
|
|
uc.add_mem_hook(HookType::MEM_WRITE, 1, 0, |uc, _, _, _, _| {
|
|
(*uc.get_data_mut())[1] += 1;
|
|
false
|
|
})
|
|
.unwrap();
|
|
|
|
uc.emu_start(CODE_START, CODE_START + code.len() as u64, 0, 0)
|
|
.unwrap();
|
|
|
|
let [read, write] = *uc.get_data();
|
|
assert_eq!(read, 4);
|
|
assert_eq!(write, 4);
|
|
}
|