yuzu/unicorn
1
0
Fork 0
mirror of https://github.com/yuzu-emu/unicorn.git synced 2025-02-25 11:46:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

samples: code style for sample_batch_reg.c

Browse source
This commit is contained in:
Nguyen Anh Quynh 2016-04-06 09:48:38 +08:00
parent f2c99bc80e
commit 400f396a2a
1 changed files with 33 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
samples/sample_batch_reg.c
View file

@ -3,14 +3,20 @@
#include <string.h> #include <string.h>
#include <unicorn/unicorn.h> #include <unicorn/unicorn.h>
int syscall_abi[] = {UC_X86_REG_RAX, UC_X86_REG_RDI, UC_X86_REG_RSI, UC_X86_REG_RDX, UC_X86_REG_R10, UC_X86_REG_R8, UC_X86_REG_R9}; int syscall_abi[] = {
uint64_t vals[7] = {200, 10, 11, 12, 13, 14, 15}; UC_X86_REG_RAX, UC_X86_REG_RDI, UC_X86_REG_RSI, UC_X86_REG_RDX,
UC_X86_REG_R10, UC_X86_REG_R8, UC_X86_REG_R9
};
uint64_t vals[7] = { 200, 10, 11, 12, 13, 14, 15 };
// This part of the API is less... clean... because Unicorn supports arbitrary register types. // This part of the API is less... clean... because Unicorn supports arbitrary register types.
// So the least intrusive solution is passing individual pointers. // So the least intrusive solution is passing individual pointers.
// On the plus side, you only need to make this pointer array once. // On the plus side, you only need to make this pointer array once.
void *ptrs[7]; void *ptrs[7];
void uc_perror(const char *func, uc_err err) { void uc_perror(const char *func, uc_err err)
{
fprintf(stderr, "Error in %s(): %s\n", func, uc_strerror(err)); fprintf(stderr, "Error in %s(): %s\n", func, uc_strerror(err));
} }
@ -19,30 +25,39 @@ void uc_perror(const char *func, uc_err err) {
// mov rax, 100; mov rdi, 1; mov rsi, 2; mov rdx, 3; mov r10, 4; mov r8, 5; mov r9, 6; syscall // mov rax, 100; mov rdi, 1; mov rsi, 2; mov rdx, 3; mov r10, 4; mov r8, 5; mov r9, 6; syscall
#define CODE "\x48\xc7\xc0\x64\x00\x00\x00\x48\xc7\xc7\x01\x00\x00\x00\x48\xc7\xc6\x02\x00\x00\x00\x48\xc7\xc2\x03\x00\x00\x00\x49\xc7\xc2\x04\x00\x00\x00\x49\xc7\xc0\x05\x00\x00\x00\x49\xc7\xc1\x06\x00\x00\x00\x0f\x05" #define CODE "\x48\xc7\xc0\x64\x00\x00\x00\x48\xc7\xc7\x01\x00\x00\x00\x48\xc7\xc6\x02\x00\x00\x00\x48\xc7\xc2\x03\x00\x00\x00\x49\xc7\xc2\x04\x00\x00\x00\x49\xc7\xc0\x05\x00\x00\x00\x49\xc7\xc1\x06\x00\x00\x00\x0f\x05"
void hook_syscall(uc_engine *uc, void *user_data) { void hook_syscall(uc_engine *uc, void *user_data)
{
int i; int i;
uc_reg_read_batch(uc, syscall_abi, ptrs, 7); uc_reg_read_batch(uc, syscall_abi, ptrs, 7);
printf("syscall: {"); printf("syscall: {");
for (i = 0; i < 7; i++) { for (i = 0; i < 7; i++) {
if (i != 0) printf(", "); if (i != 0) printf(", ");
printf("%llu", vals[i]); printf("%llu", vals[i]);
} }
printf("}\n"); printf("}\n");
} }
void hook_code(uc_engine *uc, uint64_t addr, uint32_t size, void *user_data) { void hook_code(uc_engine *uc, uint64_t addr, uint32_t size, void *user_data)
{
printf("HOOK_CODE: 0x%llx, 0x%x\n", addr, size); printf("HOOK_CODE: 0x%llx, 0x%x\n", addr, size);
} }
int main() { int main()
{
int i; int i;
uc_hook sys_hook;
uc_err err;
uc_engine *uc;
// set up register pointers // set up register pointers
for (i = 0; i < 7; i++) { for (i = 0; i < 7; i++) {
ptrs[i] = &vals[i]; ptrs[i] = &vals[i];
} }
uc_err err;
uc_engine *uc;
if ((err = uc_open(UC_ARCH_X86, UC_MODE_64, &uc))) { if ((err = uc_open(UC_ARCH_X86, UC_MODE_64, &uc))) {
uc_perror("uc_open", err); uc_perror("uc_open", err);
return 1; return 1;
@ -54,37 +69,46 @@ int main() {
uc_perror("uc_reg_write_batch", err); uc_perror("uc_reg_write_batch", err);
return 1; return 1;
} }
// reg_read_batch // reg_read_batch
memset(vals, 0, sizeof(vals)); memset(vals, 0, sizeof(vals));
if ((err = uc_reg_read_batch(uc, syscall_abi, ptrs, 7))) { if ((err = uc_reg_read_batch(uc, syscall_abi, ptrs, 7))) {
uc_perror("uc_reg_read_batch", err); uc_perror("uc_reg_read_batch", err);
return 1; return 1;
} }
printf("reg_read_batch = {"); printf("reg_read_batch = {");
for (i = 0; i < 7; i++) { for (i = 0; i < 7; i++) {
if (i != 0) printf(", "); if (i != 0) printf(", ");
printf("%llu", vals[i]); printf("%llu", vals[i]);
} }
printf("}\n"); printf("}\n");
// syscall // syscall
printf("\n"); printf("\n");
printf("running syscall shellcode\n"); printf("running syscall shellcode\n");
uc_hook sys_hook;
if ((err = uc_hook_add(uc, &sys_hook, UC_HOOK_INSN, hook_syscall, NULL, 1, 0, UC_X86_INS_SYSCALL))) { if ((err = uc_hook_add(uc, &sys_hook, UC_HOOK_INSN, hook_syscall, NULL, 1, 0, UC_X86_INS_SYSCALL))) {
uc_perror("uc_hook_add", err); uc_perror("uc_hook_add", err);
return 1; return 1;
} }
if ((err = uc_mem_map(uc, BASE, 0x1000, UC_PROT_ALL))) { if ((err = uc_mem_map(uc, BASE, 0x1000, UC_PROT_ALL))) {
uc_perror("uc_mem_map", err); uc_perror("uc_mem_map", err);
return 1; return 1;
} }
if ((err = uc_mem_write(uc, BASE, CODE, sizeof(CODE) - 1))) { if ((err = uc_mem_write(uc, BASE, CODE, sizeof(CODE) - 1))) {
uc_perror("uc_mem_write", err); uc_perror("uc_mem_write", err);
return 1; return 1;
} }
if ((err = uc_emu_start(uc, BASE, BASE + sizeof(CODE) - 1, 0, 0))) { if ((err = uc_emu_start(uc, BASE, BASE + sizeof(CODE) - 1, 0, 0))) {
uc_perror("uc_emu_start", err); uc_perror("uc_emu_start", err);
return 1; return 1;
} }
return 0;
} }