This commit is contained in:
Nguyen Anh Quynh 2016-04-08 21:42:22 +08:00
commit 023e4375d0

View file

@ -19,10 +19,10 @@ var asm = strings.Join([]string{
func addHooks(mu uc.Unicorn) { func addHooks(mu uc.Unicorn) {
mu.HookAdd(uc.HOOK_BLOCK, func(mu uc.Unicorn, addr uint64, size uint32) { mu.HookAdd(uc.HOOK_BLOCK, func(mu uc.Unicorn, addr uint64, size uint32) {
fmt.Printf("Block: 0x%x, 0x%x\n", addr, size) fmt.Printf("Block: 0x%x, 0x%x\n", addr, size)
}) }, 1, 0)
mu.HookAdd(uc.HOOK_CODE, func(mu uc.Unicorn, addr uint64, size uint32) { mu.HookAdd(uc.HOOK_CODE, func(mu uc.Unicorn, addr uint64, size uint32) {
fmt.Printf("Code: 0x%x, 0x%x\n", addr, size) fmt.Printf("Code: 0x%x, 0x%x\n", addr, size)
}) }, 1, 0)
mu.HookAdd(uc.HOOK_MEM_READ|uc.HOOK_MEM_WRITE, func(mu uc.Unicorn, access int, addr uint64, size int, value int64) { mu.HookAdd(uc.HOOK_MEM_READ|uc.HOOK_MEM_WRITE, func(mu uc.Unicorn, access int, addr uint64, size int, value int64) {
if access == uc.MEM_WRITE { if access == uc.MEM_WRITE {
fmt.Printf("Mem write") fmt.Printf("Mem write")
@ -30,7 +30,7 @@ func addHooks(mu uc.Unicorn) {
fmt.Printf("Mem read") fmt.Printf("Mem read")
} }
fmt.Printf(": @0x%x, 0x%x = 0x%x\n", addr, size, value) fmt.Printf(": @0x%x, 0x%x = 0x%x\n", addr, size, value)
}) }, 1, 0)
invalid := uc.HOOK_MEM_READ_INVALID | uc.HOOK_MEM_WRITE_INVALID | uc.HOOK_MEM_FETCH_INVALID invalid := uc.HOOK_MEM_READ_INVALID | uc.HOOK_MEM_WRITE_INVALID | uc.HOOK_MEM_FETCH_INVALID
mu.HookAdd(invalid, func(mu uc.Unicorn, access int, addr uint64, size int, value int64) bool { mu.HookAdd(invalid, func(mu uc.Unicorn, access int, addr uint64, size int, value int64) bool {
switch access { switch access {
@ -45,11 +45,11 @@ func addHooks(mu uc.Unicorn) {
} }
fmt.Printf(": @0x%x, 0x%x = 0x%x\n", addr, size, value) fmt.Printf(": @0x%x, 0x%x = 0x%x\n", addr, size, value)
return false return false
}) }, 1, 0)
mu.HookAdd(uc.HOOK_INSN, func(mu uc.Unicorn) { mu.HookAdd(uc.HOOK_INSN, func(mu uc.Unicorn) {
rax, _ := mu.RegRead(uc.X86_REG_RAX) rax, _ := mu.RegRead(uc.X86_REG_RAX)
fmt.Printf("Syscall: %d\n", rax) fmt.Printf("Syscall: %d\n", rax)
}, uc.X86_INS_SYSCALL) }, 1, 0, uc.X86_INS_SYSCALL)
} }
func run() error { func run() error {