diff --git a/tests/regress/x86_self_modifying.elf b/tests/regress/x86_self_modifying.elf new file mode 100755 index 00000000..c8613d04 Binary files /dev/null and b/tests/regress/x86_self_modifying.elf differ diff --git a/tests/regress/x86_self_modifying.py b/tests/regress/x86_self_modifying.py new file mode 100755 index 00000000..189faa77 --- /dev/null +++ b/tests/regress/x86_self_modifying.py @@ -0,0 +1,37 @@ +#!/usr/bin/env python +from unicorn import * +from unicorn.x86_const import * +from struct import pack + +import os +import regress + +CODE_ADDR = 0x08048000 +STACK_ADDR = 0x2000000 +CODE = open(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'x86_self_modifying.elf')).read() +CODE_SIZE = len(CODE) + (0x1000 - len(CODE)%0x1000) +STACK_SIZE = 0x8000 + +ENTRY_POINT = 0x8048074 + +def hook_intr(uc, intno, data): + uc.emu_stop() + +class SelfModifying(regress.RegressTest): + def test_self_modifying(self): + uc = Uc(UC_ARCH_X86, UC_MODE_32) + + uc.mem_map(CODE_ADDR, CODE_SIZE, 5) + uc.mem_map(STACK_ADDR, STACK_SIZE, 7) + uc.mem_write(CODE_ADDR, CODE) + uc.reg_write(UC_X86_REG_ESP, STACK_ADDR + STACK_SIZE) + + uc.hook_add(UC_HOOK_INTR, hook_intr) + + uc.emu_start(ENTRY_POINT, -1) + + retcode = uc.reg_read(UC_X86_REG_EBX) + self.assertEqual(retcode, 65) + +if __name__ == '__main__': + regress.main() diff --git a/tests/regress/x86_self_modifying.s b/tests/regress/x86_self_modifying.s new file mode 100644 index 00000000..86a5114e --- /dev/null +++ b/tests/regress/x86_self_modifying.s @@ -0,0 +1,51 @@ +.intel_syntax noprefix + +.global _start +_start: + mov ebp, esp + sub ebp, 0x4000 + mov edx, ebp + + lea esi, [self_modifying] + mov edi, ebp + mov ecx, 0x2d + call memcpy + add ebp, 0x2d + xor ebx, ebx + call edx + + mov eax, 1 + int 0x80 + +memcpy: + cmp ecx, 0 + je _end + dec ecx + mov al, byte ptr [esi+ecx] + mov byte ptr [edi+ecx], al + jmp memcpy + +_end: + ret + +self_modifying: + inc ebx + call $+5 + pop esi + dec byte ptr [esi+11] + xor edx, edx + sub esi, 6 +_loop_start: + cmp edx, 5 + jz _loop_end + + mov edi, ebp + mov ecx, 0x2d + lea eax, [memcpy] + call eax + inc edx + add ebp, 0x2d + mov byte ptr [ebp], 0xc3 + jmp _loop_start + +_loop_end: