mirror of
https://github.com/yuzu-emu/unicorn.git
synced 2025-01-24 23:21:15 +00:00
fix conflicts when merging new_regress to master
This commit is contained in:
commit
ad835459bd
|
@ -3,13 +3,25 @@
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.arm_const import *
|
from unicorn.arm_const import *
|
||||||
|
|
||||||
uc = Uc(UC_ARCH_ARM, UC_MODE_ARM)
|
import regress
|
||||||
uc.mem_map(0x1000, 0x1000)
|
|
||||||
uc.mem_write(0x1000, '1eff2f010000a0e1'.decode('hex'))
|
|
||||||
def hook_block(uc, addr, *args):
|
|
||||||
print 'enter block 0x%04x' % addr
|
|
||||||
|
|
||||||
uc.reg_write(UC_ARM_REG_LR, 0x1004)
|
class BxHang(regress.RegressTest):
|
||||||
uc.hook_add(UC_HOOK_BLOCK, hook_block)
|
|
||||||
print 'block should only run once'
|
def runTest(self):
|
||||||
uc.emu_start(0x1000, 0x1004, timeout=250)
|
uc = Uc(UC_ARCH_ARM, UC_MODE_ARM)
|
||||||
|
uc.mem_map(0x1000, 0x1000)
|
||||||
|
uc.mem_write(0x1000, '1eff2f010000a0e1'.decode('hex'))
|
||||||
|
uc.count = 0
|
||||||
|
def hook_block(uc, addr, *args):
|
||||||
|
print 'enter block 0x%04x' % addr
|
||||||
|
uc.count += 1
|
||||||
|
|
||||||
|
uc.reg_write(UC_ARM_REG_LR, 0x1004)
|
||||||
|
uc.hook_add(UC_HOOK_BLOCK, hook_block)
|
||||||
|
print 'block should only run once'
|
||||||
|
uc.emu_start(0x1000, 0x1004, timeout=500)
|
||||||
|
|
||||||
|
self.assertEqual(uc.count, 1)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -3,15 +3,30 @@
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.arm_const import *
|
from unicorn.arm_const import *
|
||||||
|
|
||||||
uc = Uc(UC_ARCH_ARM, UC_MODE_ARM)
|
import regress
|
||||||
uc.mem_map(0x1000, 0x1000)
|
|
||||||
uc.mem_write(0x1000, '00c000e3'.decode('hex')) # movw r12, #0
|
|
||||||
def hook_block(uc, addr, *args):
|
|
||||||
print 'enter block 0x%04x' % addr
|
|
||||||
|
|
||||||
uc.reg_write(UC_ARM_REG_R12, 0x123)
|
class MovHang(regress.RegressTest):
|
||||||
print 'r12 =', uc.reg_read(UC_ARM_REG_R12)
|
|
||||||
uc.hook_add(UC_HOOK_BLOCK, hook_block)
|
def runTest(self):
|
||||||
print 'block should only run once'
|
uc = Uc(UC_ARCH_ARM, UC_MODE_ARM)
|
||||||
uc.emu_start(0x1000, 0x1004, timeout=250)
|
uc.mem_map(0x1000, 0x1000)
|
||||||
print 'r12 =', uc.reg_read(UC_ARM_REG_R12)
|
uc.mem_write(0x1000, '00c000e3'.decode('hex')) # movw r12, #0
|
||||||
|
|
||||||
|
def hook_block(uc, addr, *args):
|
||||||
|
print 'enter block 0x%04x' % addr
|
||||||
|
uc.count += 1
|
||||||
|
|
||||||
|
uc.reg_write(UC_ARM_REG_R12, 0x123)
|
||||||
|
self.assertEquals(uc.reg_read(UC_ARM_REG_R12), 0x123)
|
||||||
|
|
||||||
|
uc.hook_add(UC_HOOK_BLOCK, hook_block)
|
||||||
|
uc.count = 0
|
||||||
|
|
||||||
|
#print 'block should only run once'
|
||||||
|
uc.emu_start(0x1000, 0x1004, timeout=500)
|
||||||
|
|
||||||
|
self.assertEquals(uc.reg_read(UC_ARM_REG_R12), 0x0)
|
||||||
|
self.assertEquals(uc.count, 1)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -1,11 +1,14 @@
|
||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
|
|
||||||
# reg_write() can't modify PC from within trace callbacks
|
# reg_write() can't modify PC from within trace callbacks
|
||||||
|
# Pull Request #4
|
||||||
|
|
||||||
from __future__ import print_function
|
from __future__ import print_function
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.arm_const import *
|
from unicorn.arm_const import *
|
||||||
|
|
||||||
|
import regress
|
||||||
|
|
||||||
BASE_ADDRESS = 0x10000000
|
BASE_ADDRESS = 0x10000000
|
||||||
|
|
||||||
# sub sp, #0xc
|
# sub sp, #0xc
|
||||||
|
@ -16,41 +19,46 @@ def hook_code(uc, address, size, user_data):
|
||||||
print(">>> Tracing instruction at 0x%x, instruction size = %u" % (address, size))
|
print(">>> Tracing instruction at 0x%x, instruction size = %u" % (address, size))
|
||||||
mu = user_data
|
mu = user_data
|
||||||
print(">>> Setting PC to 0xffffffff")
|
print(">>> Setting PC to 0xffffffff")
|
||||||
mu.reg_write(ARM_REG_PC, 0xffffffff)
|
mu.reg_write(UC_ARM_REG_PC, 0xffffffff)
|
||||||
|
|
||||||
# callback for tracing basic blocks
|
# callback for tracing basic blocks
|
||||||
def hook_block(uc, address, size, user_data):
|
def hook_block(uc, address, size, user_data):
|
||||||
print(">>> Tracing basic block at 0x%x, block size = 0x%x" %(address, size))
|
print(">>> Tracing basic block at 0x%x, block size = 0x%x" %(address, size))
|
||||||
mu = user_data
|
mu = user_data
|
||||||
print(">>> Setting PC to 0xffffffff")
|
print(">>> Setting PC to 0xffffffff")
|
||||||
mu.reg_write(ARM_REG_PC, 0xffffffff)
|
mu.reg_write(UC_ARM_REG_PC, 0xffffffff)
|
||||||
|
|
||||||
# set up emulation
|
class CallBackPCTest(regress.RegressTest):
|
||||||
def instruction_trace_test():
|
|
||||||
try:
|
|
||||||
# initialize emulator in ARM's Thumb mode
|
|
||||||
mu = Uc(UC_ARCH_ARM, UC_MODE_THUMB)
|
|
||||||
|
|
||||||
# map some memory
|
def runTest(self):
|
||||||
mu.mem_map(BASE_ADDRESS, 2 * 1024 * 1024)
|
self.instruction_trace_test()
|
||||||
|
|
||||||
# write machine code to be emulated to memory
|
# set up emulation
|
||||||
mu.mem_write(BASE_ADDRESS, THUMB_CODE)
|
def instruction_trace_test(self):
|
||||||
|
try:
|
||||||
|
# initialize emulator in ARM's Thumb mode
|
||||||
|
mu = Uc(UC_ARCH_ARM, UC_MODE_THUMB)
|
||||||
|
|
||||||
# setup stack
|
# map some memory
|
||||||
mu.reg_write(UC_ARM_REG_SP, BASE_ADDRESS + 2 * 1024 * 1024)
|
mu.mem_map(BASE_ADDRESS, 2 * 1024 * 1024)
|
||||||
|
|
||||||
# tracing all instructions with customized callback
|
# write machine code to be emulated to memory
|
||||||
mu.hook_add(UC_HOOK_CODE, hook_code, user_data=mu)
|
mu.mem_write(BASE_ADDRESS, THUMB_CODE)
|
||||||
|
|
||||||
# tracing all basic blocks with customized callback
|
# setup stack
|
||||||
mu.hook_add(UC_HOOK_BLOCK, hook_block, user_data=mu)
|
mu.reg_write(UC_ARM_REG_SP, BASE_ADDRESS + 2 * 1024 * 1024)
|
||||||
|
|
||||||
# emulate machine code in infinite time
|
# tracing all instructions with customized callback
|
||||||
mu.emu_start(BASE_ADDRESS, BASE_ADDRESS + len(THUMB_CODE))
|
mu.hook_add(UC_HOOK_CODE, hook_code, user_data=mu)
|
||||||
|
|
||||||
except UcError as e:
|
# tracing all basic blocks with customized callback
|
||||||
print("ERROR: %s" % e)
|
mu.hook_add(UC_HOOK_BLOCK, hook_block, user_data=mu)
|
||||||
|
|
||||||
|
# emulate machine code in infinite time
|
||||||
|
mu.emu_start(BASE_ADDRESS, BASE_ADDRESS + len(THUMB_CODE))
|
||||||
|
|
||||||
|
except UcError as e:
|
||||||
|
assertFalse(0, "ERROR: %s" % e)
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
instruction_trace_test()
|
regress.main()
|
||||||
|
|
|
@ -3,30 +3,35 @@
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.x86_const import *
|
from unicorn.x86_const import *
|
||||||
|
|
||||||
|
import regress
|
||||||
|
|
||||||
CODE_ADDR = 0x0
|
CODE_ADDR = 0x0
|
||||||
|
|
||||||
|
|
||||||
binary1 = b'\xb8\x02\x00\x00\x00'
|
binary1 = b'\xb8\x02\x00\x00\x00'
|
||||||
binary2 = b'\xb8\x01\x00\x00\x00'
|
binary2 = b'\xb8\x01\x00\x00\x00'
|
||||||
|
|
||||||
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
class CrashTB(regress.RegressTest):
|
||||||
|
|
||||||
mu.mem_map(CODE_ADDR, 2 * 1024 * 1024)
|
def runTest(self):
|
||||||
|
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
||||||
|
|
||||||
# write machine code to be emulated to memory
|
mu.mem_map(CODE_ADDR, 2 * 1024 * 1024)
|
||||||
mu.mem_write(CODE_ADDR, binary1)
|
|
||||||
|
|
||||||
# emu for maximum 1 sec.
|
# write machine code to be emulated to memory
|
||||||
mu.emu_start(CODE_ADDR, len(binary1), UC_SECOND_SCALE)
|
mu.mem_write(CODE_ADDR, binary1)
|
||||||
|
|
||||||
print("RAX = %x" %mu.reg_read(UC_X86_REG_RAX))
|
# emu for maximum 1 sec.
|
||||||
|
mu.emu_start(CODE_ADDR, len(binary1), UC_SECOND_SCALE)
|
||||||
|
|
||||||
# write machine code to be emulated to memory
|
self.assertEqual(0x2, mu.reg_read(UC_X86_REG_RAX))
|
||||||
mu.mem_write(CODE_ADDR, binary2)
|
|
||||||
|
|
||||||
# emu for maximum 1 sec.
|
# write machine code to be emulated to memory
|
||||||
mu.emu_start(CODE_ADDR, len(binary2), UC_SECOND_SCALE)
|
mu.mem_write(CODE_ADDR, binary2)
|
||||||
|
|
||||||
print("RAX = %x" %mu.reg_read(UC_X86_REG_RAX))
|
# emu for maximum 1 sec.
|
||||||
|
mu.emu_start(CODE_ADDR, len(binary2), UC_SECOND_SCALE)
|
||||||
|
|
||||||
|
self.assertEqual(0x1, mu.reg_read(UC_X86_REG_RAX))
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
||||||
|
|
|
@ -2,10 +2,19 @@
|
||||||
# From issue #1 of Ryan Hileman
|
# From issue #1 of Ryan Hileman
|
||||||
|
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
|
import regress
|
||||||
|
|
||||||
CODE = b"\x90\x91\x92"
|
CODE = b"\x90\x91\x92"
|
||||||
|
|
||||||
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
class DeadLock(regress.RegressTest):
|
||||||
mu.mem_map(0x100000, 4 * 1024)
|
|
||||||
mu.mem_write(0x100000, CODE)
|
def runTest(self):
|
||||||
mu.emu_start(0x100000, 0x1000 + len(CODE))
|
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
||||||
|
mu.mem_map(0x100000, 4 * 1024)
|
||||||
|
mu.mem_write(0x100000, CODE)
|
||||||
|
|
||||||
|
with self.assertRaises(UcError):
|
||||||
|
mu.emu_start(0x100000, 0x1000 + len(CODE))
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -3,11 +3,18 @@
|
||||||
"""See https://github.com/unicorn-engine/unicorn/issues/65"""
|
"""See https://github.com/unicorn-engine/unicorn/issues/65"""
|
||||||
|
|
||||||
import unicorn
|
import unicorn
|
||||||
ADDR = 0x10101000
|
import regress
|
||||||
mu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
|
||||||
mu.mem_map(ADDR, 1024 * 4)
|
|
||||||
mu.mem_write(ADDR, b'\x41')
|
|
||||||
mu.emu_start(ADDR, ADDR + 1, count=1)
|
|
||||||
# The following should not trigger a null pointer dereference
|
|
||||||
mu.emu_stop()
|
|
||||||
|
|
||||||
|
class EmuStopSegFault(regress.RegressTest):
|
||||||
|
|
||||||
|
def runTest(self):
|
||||||
|
ADDR = 0x10101000
|
||||||
|
mu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
||||||
|
mu.mem_map(ADDR, 1024 * 4)
|
||||||
|
mu.mem_write(ADDR, b'\x41')
|
||||||
|
mu.emu_start(ADDR, ADDR + 1, count=1)
|
||||||
|
# The following should not trigger a null pointer dereference
|
||||||
|
self.assertEqual(None, mu.emu_stop())
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.x86_const import *
|
from unicorn.x86_const import *
|
||||||
from capstone import *
|
from capstone import *
|
||||||
|
import regress
|
||||||
|
|
||||||
ESP = 0x2000
|
ESP = 0x2000
|
||||||
PAGE_SIZE = 2 * 1024 * 1024
|
PAGE_SIZE = 2 * 1024 * 1024
|
||||||
|
@ -29,33 +30,40 @@ def hook_code(uc, addr, size, user_data):
|
||||||
print(" 0x%X:" % (addr)),
|
print(" 0x%X:" % (addr)),
|
||||||
disasm.disas_single(str(mem))
|
disasm.disas_single(str(mem))
|
||||||
|
|
||||||
def mem_reader(addr, size):
|
class FpuIP(regress.RegressTest):
|
||||||
tmp = mu.mem_read(addr, size)
|
|
||||||
|
|
||||||
for i in tmp:
|
def mem_reader(self, mu, addr, size, expected):
|
||||||
print(" 0x%x" % i),
|
tmp = mu.mem_read(addr, size)
|
||||||
print("")
|
for out, exp in zip(tmp, expected):
|
||||||
|
self.assertEqual(exp, out)
|
||||||
|
|
||||||
|
def test_32(self):
|
||||||
|
mu = Uc(UC_ARCH_X86, UC_MODE_32)
|
||||||
|
|
||||||
mu = Uc(UC_ARCH_X86, UC_MODE_32)
|
mu.mem_map(0x0, PAGE_SIZE)
|
||||||
|
mu.mem_write(0x4000, CODE)
|
||||||
|
mu.reg_write(UC_X86_REG_ESP, ESP)
|
||||||
|
mu.hook_add(UC_HOOK_CODE, hook_code)
|
||||||
|
|
||||||
mu.mem_map(0x0, PAGE_SIZE)
|
mu.emu_start(0x4000, 0, 0, 5)
|
||||||
mu.mem_write(0x4000, CODE)
|
esp = mu.reg_read(UC_X86_REG_ESP)
|
||||||
mu.reg_write(UC_X86_REG_ESP, ESP)
|
self.assertEqual(0x2004, esp)
|
||||||
mu.hook_add(UC_HOOK_CODE, hook_code)
|
expected = [0x0, 0x0, 0xa, 0x40]
|
||||||
|
self.mem_reader(mu, esp + 14, 4, expected)
|
||||||
|
|
||||||
|
def test_64(self):
|
||||||
|
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
||||||
|
|
||||||
mu.emu_start(0x4000, 0, 0, 5)
|
mu.mem_map(0x0, PAGE_SIZE)
|
||||||
esp = mu.reg_read(UC_X86_REG_ESP)
|
mu.mem_write(0x4000, CODE)
|
||||||
print("value at ESP [0x%X - 4]: " % esp)
|
mu.reg_write(UC_X86_REG_ESP, ESP)
|
||||||
mem_reader(esp + 14, 4)
|
mu.hook_add(UC_HOOK_CODE, hook_code)
|
||||||
|
|
||||||
# EXPECTED OUTPUT:
|
mu.emu_start(0x4000, 0, 0, 5)
|
||||||
# 0x4000: mov dword ptr [esp], 0x37f
|
rsp = mu.reg_read(UC_X86_REG_RSP)
|
||||||
# 0x4007: fldcw word ptr [esp]
|
self.assertEqual(0x2012, rsp + 10)
|
||||||
# 0x400A: fnop
|
expected = [0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0x0]
|
||||||
# 0x400C: fnstenv dword ptr [esp + 8]
|
self.mem_reader(mu, rsp + 10, 4, expected)
|
||||||
# 0x4010: pop ecx
|
|
||||||
# value at ESP [0x2004 - 4]:
|
if __name__ == '__main__':
|
||||||
# 0x0 0x0 0xa 0x40
|
regress.main()
|
||||||
# ^ this value should match the fnop instuction addr
|
|
||||||
|
|
|
@ -1,62 +0,0 @@
|
||||||
#!/usr/bin/python
|
|
||||||
from unicorn import *
|
|
||||||
from unicorn.x86_const import *
|
|
||||||
from capstone import *
|
|
||||||
|
|
||||||
ESP = 0x2000
|
|
||||||
PAGE_SIZE = 2 * 1024 * 1024
|
|
||||||
|
|
||||||
# mov [esp], DWORD 0x37f
|
|
||||||
# fldcw [esp]
|
|
||||||
# fnop
|
|
||||||
# fnstenv [esp + 8]
|
|
||||||
# pop ecx
|
|
||||||
CODE = "C704247F030000D92C24D9D0D974240859".decode('hex')
|
|
||||||
|
|
||||||
class SimpleEngine:
|
|
||||||
def __init__(self):
|
|
||||||
self.capmd = Cs(CS_ARCH_X86, CS_MODE_64)
|
|
||||||
|
|
||||||
def disas_single(self, data):
|
|
||||||
for i in self.capmd.disasm(data, 16):
|
|
||||||
print("\t%s\t%s" % (i.mnemonic, i.op_str))
|
|
||||||
break
|
|
||||||
|
|
||||||
disasm = SimpleEngine()
|
|
||||||
|
|
||||||
def hook_code(uc, addr, size, user_data):
|
|
||||||
mem = uc.mem_read(addr, size)
|
|
||||||
print(" 0x%X:" % (addr)),
|
|
||||||
disasm.disas_single(str(mem))
|
|
||||||
|
|
||||||
def mem_reader(addr, size):
|
|
||||||
tmp = mu.mem_read(addr, size)
|
|
||||||
|
|
||||||
for i in tmp:
|
|
||||||
print(" 0x%x" % i),
|
|
||||||
print("")
|
|
||||||
|
|
||||||
|
|
||||||
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
|
||||||
|
|
||||||
mu.mem_map(0x0, PAGE_SIZE)
|
|
||||||
mu.mem_write(0x4000, CODE)
|
|
||||||
mu.reg_write(UC_X86_REG_RSP, ESP)
|
|
||||||
mu.hook_add(UC_HOOK_CODE, hook_code)
|
|
||||||
|
|
||||||
|
|
||||||
mu.emu_start(0x4000, 0, 0, 5)
|
|
||||||
rsp = mu.reg_read(UC_X86_REG_RSP)
|
|
||||||
print("Value of FPIP: [0x%X]" % (rsp + 10))
|
|
||||||
mem_reader(rsp + 10, 8)
|
|
||||||
# EXPECTED OUTPUT:
|
|
||||||
|
|
||||||
# 0x4000: mov dword ptr [rsp], 0x37f
|
|
||||||
# 0x4007: fldcw word ptr [rsp]
|
|
||||||
# 0x400A: fnop
|
|
||||||
# 0x400C: fnstenv dword ptr [rsp + 8]
|
|
||||||
# 0x4010: pop rcx
|
|
||||||
# Value of FPIP: [0x2012]
|
|
||||||
# 0x0 0x0 0xa 0x40 0x0 0x0 0x0 0x0
|
|
||||||
|
|
||||||
# WHERE: the value of FPIP should be the address of fnop
|
|
|
@ -2,6 +2,8 @@
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.x86_const import *
|
from unicorn.x86_const import *
|
||||||
|
|
||||||
|
import regress
|
||||||
|
|
||||||
ESP = 0x2000
|
ESP = 0x2000
|
||||||
PAGE_SIZE = 1 * 1024 * 1024
|
PAGE_SIZE = 1 * 1024 * 1024
|
||||||
|
|
||||||
|
@ -10,24 +12,27 @@ PAGE_SIZE = 1 * 1024 * 1024
|
||||||
# pop ecx
|
# pop ecx
|
||||||
CODE = b'\x9B\xD9\x3C\x24\x59'
|
CODE = b'\x9B\xD9\x3C\x24\x59'
|
||||||
|
|
||||||
def mem_reader(addr, size):
|
|
||||||
tmp = mu.mem_read(addr, size)
|
|
||||||
|
|
||||||
for i in tmp:
|
|
||||||
print(" 0x%x" % i),
|
|
||||||
print("")
|
|
||||||
|
|
||||||
def hook_mem_write(uc, access, address, size, value, user_data):
|
def hook_mem_write(uc, access, address, size, value, user_data):
|
||||||
print("mem WRITE: 0x%x, data size = %u, data value = 0x%x" % (address, size, value))
|
print("mem WRITE: 0x%x, data size = %u, data value = 0x%x" % (address, size, value))
|
||||||
return True
|
return True
|
||||||
|
|
||||||
mu = Uc(UC_ARCH_X86, UC_MODE_32)
|
class FpuWrite(regress.RegressTest):
|
||||||
mu.mem_map(0, PAGE_SIZE)
|
|
||||||
mu.mem_write(0, CODE)
|
|
||||||
mu.reg_write(UC_X86_REG_ESP, ESP)
|
|
||||||
mu.hook_add(UC_HOOK_MEM_WRITE, hook_mem_write)
|
|
||||||
|
|
||||||
mu.emu_start(0x0, 5, 0, 2)
|
def mem_reader(self, mu, addr, size, expected):
|
||||||
esp = mu.reg_read(UC_X86_REG_ESP)
|
tmp = mu.mem_read(addr, size)
|
||||||
print("value at ESP [0x%X]: " % esp)
|
for i, e in zip(tmp, expected):
|
||||||
mem_reader(esp, 10)
|
self.assertEquals(e, i)
|
||||||
|
|
||||||
|
def runTest(self):
|
||||||
|
mu = Uc(UC_ARCH_X86, UC_MODE_32)
|
||||||
|
mu.mem_map(0, PAGE_SIZE)
|
||||||
|
mu.mem_write(0, CODE)
|
||||||
|
mu.reg_write(UC_X86_REG_ESP, ESP)
|
||||||
|
|
||||||
|
mu.hook_add(UC_HOOK_MEM_WRITE, hook_mem_write)
|
||||||
|
mu.emu_start(0x0, 5, 0, 2)
|
||||||
|
esp = mu.reg_read(UC_X86_REG_ESP)
|
||||||
|
self.mem_reader(mu, esp, 10, [0] * 10)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -4,6 +4,7 @@ from __future__ import print_function
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.x86_const import *
|
from unicorn.x86_const import *
|
||||||
|
|
||||||
|
import regress
|
||||||
|
|
||||||
# callback for tracing instructions
|
# callback for tracing instructions
|
||||||
def hook_code(uc, address, size, user_data):
|
def hook_code(uc, address, size, user_data):
|
||||||
|
@ -13,7 +14,6 @@ def hook_code(uc, address, size, user_data):
|
||||||
print(" %02x" %i, end="")
|
print(" %02x" %i, end="")
|
||||||
print("")
|
print("")
|
||||||
|
|
||||||
|
|
||||||
# callback for tracing Linux interrupt
|
# callback for tracing Linux interrupt
|
||||||
def hook_intr(uc, intno, user_data):
|
def hook_intr(uc, intno, user_data):
|
||||||
# only handle Linux syscall
|
# only handle Linux syscall
|
||||||
|
@ -26,28 +26,32 @@ def hook_intr(uc, intno, user_data):
|
||||||
eax = uc.reg_read(UC_X86_REG_EAX)
|
eax = uc.reg_read(UC_X86_REG_EAX)
|
||||||
print(">>> 0x%x: interrupt 0x%x, EAX = 0x%x" %(rip, intno, eax))
|
print(">>> 0x%x: interrupt 0x%x, EAX = 0x%x" %(rip, intno, eax))
|
||||||
|
|
||||||
|
class Hang(regress.RegressTest):
|
||||||
|
|
||||||
binary1 = b'\xeb\x1c\x5a\x89\xd6\x8b\x02\x66\x3d\xca\x7d\x75\x06\x66\x05\x03\x03\x89\x02\xfe\xc2\x3d\x41\x41\x41\x41\x75\xe9\xff\xe6\xe8\xdf\xff\xff\xff\x31\xd2\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xca\x7d\x41\x41\x41\x41\x41\x41\x41\x41'
|
def runTest(self):
|
||||||
|
binary1 = b'\xeb\x1c\x5a\x89\xd6\x8b\x02\x66\x3d\xca\x7d\x75\x06\x66\x05\x03\x03\x89\x02\xfe\xc2\x3d\x41\x41\x41\x41\x75\xe9\xff\xe6\xe8\xdf\xff\xff\xff\x31\xd2\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xca\x7d\x41\x41\x41\x41\x41\x41\x41\x41'
|
||||||
|
|
||||||
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
||||||
|
|
||||||
mu.mem_map(0, 2 * 1024 * 1024)
|
mu.mem_map(0, 2 * 1024 * 1024)
|
||||||
|
|
||||||
# tracing all instructions with customized callback
|
# tracing all instructions with customized callback
|
||||||
mu.hook_add(UC_HOOK_CODE, hook_code)
|
mu.hook_add(UC_HOOK_CODE, hook_code)
|
||||||
|
|
||||||
# handle interrupt ourself
|
# handle interrupt ourself
|
||||||
mu.hook_add(UC_HOOK_INTR, hook_intr)
|
mu.hook_add(UC_HOOK_INTR, hook_intr)
|
||||||
|
|
||||||
# setup stack
|
# setup stack
|
||||||
mu.reg_write(UC_X86_REG_RSP, 1024 * 1024)
|
mu.reg_write(UC_X86_REG_RSP, 1024 * 1024)
|
||||||
|
|
||||||
# fill in memory with 0xCC (software breakpoint int 3)
|
# fill in memory with 0xCC (software breakpoint int 3)
|
||||||
for i in xrange(1 * 1024):
|
for i in xrange(1 * 1024):
|
||||||
mu.mem_write(0 + i, b'\xcc')
|
mu.mem_write(0 + i, b'\xcc')
|
||||||
|
|
||||||
# write machine code to be emulated to memory
|
# write machine code to be emulated to memory
|
||||||
mu.mem_write(0, binary1)
|
mu.mem_write(0, binary1)
|
||||||
|
|
||||||
mu.emu_start(0, len(binary1))
|
self.assertEqual(mu.emu_start(0, len(binary1)), None)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -3,35 +3,37 @@
|
||||||
"""See https://github.com/unicorn-engine/unicorn/issues/82"""
|
"""See https://github.com/unicorn-engine/unicorn/issues/82"""
|
||||||
|
|
||||||
import unicorn
|
import unicorn
|
||||||
|
from unicorn import *
|
||||||
|
import regress
|
||||||
|
|
||||||
CODE_ADDR = 0x10101000
|
CODE_ADDR = 0x10101000
|
||||||
CODE = b'\xff\xe3' # jmp ebx
|
CODE = b'\xff\xe3' # jmp ebx
|
||||||
mu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
|
||||||
mu.mem_map(CODE_ADDR, 1024 * 4)
|
|
||||||
mu.mem_write(CODE_ADDR, CODE)
|
|
||||||
# If EBX is zero then an exception is raised, as expected
|
|
||||||
mu.reg_write(unicorn.x86_const.UC_X86_REG_EBX, 0x0)
|
|
||||||
|
|
||||||
print(">>> jmp ebx (ebx = 0)");
|
class JumEbxHang(regress.RegressTest):
|
||||||
try:
|
|
||||||
mu.emu_start(CODE_ADDR, CODE_ADDR + 2, count=1)
|
|
||||||
except unicorn.UcError as e:
|
|
||||||
print("ERROR: %s" % e)
|
|
||||||
assert(e.errno == unicorn.UC_ERR_CODE_INVALID)
|
|
||||||
else:
|
|
||||||
assert(False)
|
|
||||||
|
|
||||||
print(">>> jmp ebx (ebx = 0xaa96a47f)");
|
def runTest(self):
|
||||||
mu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
mu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
||||||
mu.mem_map(CODE_ADDR, 1024 * 4)
|
mu.mem_map(CODE_ADDR, 1024 * 4)
|
||||||
# If we write this address to EBX then the emulator hangs on emu_start
|
mu.mem_write(CODE_ADDR, CODE)
|
||||||
mu.reg_write(unicorn.x86_const.UC_X86_REG_EBX, 0xaa96a47f)
|
# If EBX is zero then an exception is raised, as expected
|
||||||
mu.mem_write(CODE_ADDR, CODE)
|
mu.reg_write(unicorn.x86_const.UC_X86_REG_EBX, 0x0)
|
||||||
try:
|
|
||||||
mu.emu_start(CODE_ADDR, CODE_ADDR + 2, count=1)
|
|
||||||
except unicorn.UcError as e:
|
|
||||||
print("ERROR: %s" % e)
|
|
||||||
assert(e.errno == unicorn.UC_ERR_CODE_INVALID)
|
|
||||||
else:
|
|
||||||
assert(False)
|
|
||||||
|
|
||||||
print "Success"
|
print(">>> jmp ebx (ebx = 0)");
|
||||||
|
with self.assertRaises(UcError) as m:
|
||||||
|
mu.emu_start(CODE_ADDR, CODE_ADDR + 2, count=1)
|
||||||
|
|
||||||
|
self.assertEqual(m.exception.errno, unicorn.UC_ERR_CODE_INVALID)
|
||||||
|
|
||||||
|
print(">>> jmp ebx (ebx = 0xaa96a47f)");
|
||||||
|
mu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
||||||
|
mu.mem_map(CODE_ADDR, 1024 * 4)
|
||||||
|
# If we write this address to EBX then the emulator hangs on emu_start
|
||||||
|
mu.reg_write(unicorn.x86_const.UC_X86_REG_EBX, 0xaa96a47f)
|
||||||
|
mu.mem_write(CODE_ADDR, CODE)
|
||||||
|
with self.assertRaises(UcError) as m:
|
||||||
|
mu.emu_start(CODE_ADDR, CODE_ADDR + 2, count=1)
|
||||||
|
|
||||||
|
self.assertEqual(m.exception.errno, unicorn.UC_ERR_CODE_INVALID)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -4,11 +4,37 @@
|
||||||
# this prints out 2 lines and the contents must be the same
|
# this prints out 2 lines and the contents must be the same
|
||||||
|
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
uc = Uc(UC_ARCH_X86, UC_MODE_64)
|
import regress
|
||||||
|
|
||||||
uc.mem_map(0x8048000, 0x2000)
|
class MemMap(regress.RegressTest):
|
||||||
uc.mem_write(0x8048000, 'test')
|
|
||||||
print 1, str(uc.mem_read(0x8048000, 4)).encode('hex')
|
|
||||||
|
|
||||||
uc.mem_map(0x804a000, 0x8000)
|
def test_mmap_write(self):
|
||||||
print 2, str(uc.mem_read(0x8048000, 4)).encode('hex')
|
uc = Uc(UC_ARCH_X86, UC_MODE_64)
|
||||||
|
|
||||||
|
uc.mem_map(0x8048000, 0x2000)
|
||||||
|
uc.mem_write(0x8048000, 'test')
|
||||||
|
s1 = str(uc.mem_read(0x8048000, 4)).encode('hex')
|
||||||
|
|
||||||
|
self.assertEqual('test'.encode('hex'), s1)
|
||||||
|
|
||||||
|
uc.mem_map(0x804a000, 0x8000)
|
||||||
|
s2 = str(uc.mem_read(0x8048000, 4)).encode('hex')
|
||||||
|
self.assertEqual(s1, s2)
|
||||||
|
|
||||||
|
def test_mmap_invalid(self):
|
||||||
|
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
||||||
|
with self.assertRaises(UcError):
|
||||||
|
u.mem_map(0x2000, 0)
|
||||||
|
with self.assertRaises(UcError):
|
||||||
|
u.mem_map(0x4000, 1)
|
||||||
|
|
||||||
|
def test_mmap_weird(self):
|
||||||
|
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
||||||
|
|
||||||
|
for i in xrange(20):
|
||||||
|
with self.assertRaises(UcError):
|
||||||
|
u.mem_map(i*0x1000, 5)
|
||||||
|
u.mem_read(i*0x1000+6, 1)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
|
|
||||||
import unicorn
|
|
||||||
|
|
||||||
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
|
||||||
u.mem_map(0x2000, 0)
|
|
||||||
u.mem_map(0x4000, 1)
|
|
||||||
print "I am never reached"
|
|
|
@ -1,25 +1,35 @@
|
||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
|
|
||||||
import unicorn
|
import unicorn
|
||||||
|
from unicorn import *
|
||||||
|
|
||||||
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
import regress
|
||||||
u.mem_map(0x2000, 0x1000)
|
|
||||||
u.mem_read(0x2000, 1)
|
|
||||||
|
|
||||||
for i in range(20):
|
class MmapSeg(regress.RegressTest):
|
||||||
try:
|
|
||||||
|
def test_seg1(self):
|
||||||
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
||||||
u.mem_map(i*0x1000, 5)
|
u.mem_map(0x2000, 0x1000)
|
||||||
u.mem_read(i*0x1000, 1)
|
u.mem_read(0x2000, 1)
|
||||||
print hex(i*0x1000) + " succeeeded"
|
|
||||||
except unicorn.UcError:
|
|
||||||
print hex(i*0x1000) + " failed"
|
|
||||||
|
|
||||||
for i in range(20):
|
for i in range(50):
|
||||||
try:
|
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
||||||
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
u.mem_map(i*0x1000, 0x1000)
|
||||||
u.mem_map(i*0x1000, 5)
|
u.mem_read(i*0x1000, 1)
|
||||||
u.mem_read(i*0x1000, 1)
|
|
||||||
print hex(i*0x1000) + " succeeeded"
|
for i in range(20):
|
||||||
except unicorn.UcError:
|
with self.assertRaises(UcError):
|
||||||
print hex(i*0x1000) + " failed"
|
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
||||||
|
u.mem_map(i*0x1000, 5)
|
||||||
|
u.mem_read(i*0x1000, 1)
|
||||||
|
|
||||||
|
def test_seg2(self):
|
||||||
|
uc = Uc(UC_ARCH_X86, UC_MODE_32)
|
||||||
|
uc.mem_map(0x0000, 0x2000)
|
||||||
|
uc.mem_map(0x2000, 0x4000)
|
||||||
|
uc.mem_write(0x1000, 0x1004 * ' ')
|
||||||
|
self.assertTrue(1,
|
||||||
|
'If not reached, then we have BUG (crash on x86_64 Linux).')
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
#!/usr/bin/python
|
|
||||||
|
|
||||||
from unicorn import *
|
|
||||||
uc = Uc(UC_ARCH_X86, UC_MODE_32)
|
|
||||||
uc.mem_map(0x0000, 0x2000)
|
|
||||||
uc.mem_map(0x2000, 0x4000)
|
|
||||||
uc.mem_write(0x1000, 0x1004 * ' ')
|
|
||||||
print 'If not reached, then we have BUG (crash on x86_64 Linux).'
|
|
|
@ -1,12 +0,0 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
|
|
||||||
import unicorn
|
|
||||||
|
|
||||||
for i in range(20):
|
|
||||||
#try:
|
|
||||||
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
|
||||||
u.mem_map(i*0x1000, 5)
|
|
||||||
u.mem_read(i*0x1000+6, 1)
|
|
||||||
print hex(i*0x1000) + " succeeeded"
|
|
||||||
#except unicorn.UcError as e:
|
|
||||||
# print hex(i*0x1000) + " failed:",e
|
|
|
@ -3,27 +3,35 @@ from capstone import *
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.mips_const import *
|
from unicorn.mips_const import *
|
||||||
|
|
||||||
md = Cs(CS_ARCH_MIPS, CS_MODE_MIPS32 + CS_MODE_LITTLE_ENDIAN)
|
import regress
|
||||||
|
|
||||||
def disas(code, addr):
|
class MipsBranchDelay(regress.RegressTest):
|
||||||
for i in md.disasm(code, addr):
|
|
||||||
print '0x%x: %s %s' % (i.address, str(i.bytes).encode('hex'), i.op_str)
|
|
||||||
|
|
||||||
def hook_code(uc, addr, size, _):
|
def runTest(self):
|
||||||
mem = str(uc.mem_read(addr, size))
|
md = Cs(CS_ARCH_MIPS, CS_MODE_MIPS32 + CS_MODE_LITTLE_ENDIAN)
|
||||||
disas(mem, addr)
|
|
||||||
|
|
||||||
CODE = 0x400000
|
def disas(code, addr):
|
||||||
asm = '0000a4126a00822800000000'.decode('hex')
|
for i in md.disasm(code, addr):
|
||||||
|
print '0x%x: %s %s' % (i.address, str(i.bytes).encode('hex'), i.op_str)
|
||||||
|
|
||||||
print 'Input instructions:'
|
def hook_code(uc, addr, size, _):
|
||||||
disas(asm, CODE)
|
mem = str(uc.mem_read(addr, size))
|
||||||
print
|
disas(mem, addr)
|
||||||
|
|
||||||
print 'Hooked instructions:'
|
CODE = 0x400000
|
||||||
|
asm = '0000a4126a00822800000000'.decode('hex')
|
||||||
|
|
||||||
uc = Uc(UC_ARCH_MIPS, UC_MODE_MIPS32 + UC_MODE_LITTLE_ENDIAN)
|
print 'Input instructions:'
|
||||||
uc.hook_add(UC_HOOK_CODE, hook_code)
|
disas(asm, CODE)
|
||||||
uc.mem_map(CODE, 0x1000)
|
print
|
||||||
uc.mem_write(CODE, asm)
|
|
||||||
uc.emu_start(CODE, CODE + len(asm))
|
print 'Hooked instructions:'
|
||||||
|
|
||||||
|
uc = Uc(UC_ARCH_MIPS, UC_MODE_MIPS32 + UC_MODE_LITTLE_ENDIAN)
|
||||||
|
uc.hook_add(UC_HOOK_CODE, hook_code)
|
||||||
|
uc.mem_map(CODE, 0x1000)
|
||||||
|
uc.mem_write(CODE, asm)
|
||||||
|
self.assertEqual(None, uc.emu_start(CODE, CODE + len(asm)))
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -2,37 +2,40 @@
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.mips_const import *
|
from unicorn.mips_const import *
|
||||||
|
|
||||||
|
import regress
|
||||||
|
|
||||||
def hook_intr(uc, intno, _):
|
def hook_intr(uc, intno, _):
|
||||||
print 'interrupt', intno
|
print 'interrupt', intno
|
||||||
|
|
||||||
CODE = 0x400000
|
CODE = 0x400000
|
||||||
asm = '0000a48f'.decode('hex') # lw $a0, ($sp)
|
asm = '0000a48f'.decode('hex') # lw $a0, ($sp)
|
||||||
|
|
||||||
uc = Uc(UC_ARCH_MIPS, UC_MODE_MIPS32 + UC_MODE_LITTLE_ENDIAN)
|
class MipsExcept(regress.RegressTest):
|
||||||
uc.hook_add(UC_HOOK_INTR, hook_intr)
|
|
||||||
uc.mem_map(CODE, 0x1000)
|
|
||||||
uc.mem_write(CODE, asm)
|
|
||||||
|
|
||||||
try:
|
def runTest(self):
|
||||||
print 'unaligned access (exc 12)'
|
uc = Uc(UC_ARCH_MIPS, UC_MODE_MIPS32 + UC_MODE_LITTLE_ENDIAN)
|
||||||
uc.reg_write(UC_MIPS_REG_SP, 0x400001)
|
uc.hook_add(UC_HOOK_INTR, hook_intr)
|
||||||
uc.emu_start(CODE, CODE + len(asm), 300)
|
uc.mem_map(CODE, 0x1000)
|
||||||
print
|
uc.mem_write(CODE, asm)
|
||||||
except UcError as e:
|
|
||||||
print("ERROR: %s" % e)
|
|
||||||
|
|
||||||
try:
|
with self.assertRaises(UcError) as m:
|
||||||
print 'dunno (exc 26)'
|
uc.reg_write(UC_MIPS_REG_SP, 0x400001)
|
||||||
uc.reg_write(UC_MIPS_REG_SP, 0xFFFFFFF0)
|
uc.emu_start(CODE, CODE + len(asm), 300)
|
||||||
uc.emu_start(CODE, CODE + len(asm), 200)
|
|
||||||
print
|
self.assertEqual(UC_ERR_READ_UNALIGNED, m.exception.errno)
|
||||||
except UcError as e:
|
|
||||||
print("ERROR: %s" % e)
|
with self.assertRaises(UcError) as m:
|
||||||
|
uc.reg_write(UC_MIPS_REG_SP, 0xFFFFFFF0)
|
||||||
|
uc.emu_start(CODE, CODE + len(asm), 200)
|
||||||
|
|
||||||
|
self.assertEqual(UC_ERR_READ_INVALID, m.exception.errno)
|
||||||
|
|
||||||
|
with self.assertRaises(UcError) as m:
|
||||||
|
uc.reg_write(UC_MIPS_REG_SP, 0x80000000)
|
||||||
|
uc.emu_start(CODE, CODE + len(asm), 100)
|
||||||
|
|
||||||
|
self.assertEqual(UC_ERR_READ_INVALID, m.exception.errno)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
||||||
try:
|
|
||||||
print 'unassigned access (exc 28)'
|
|
||||||
uc.reg_write(UC_MIPS_REG_SP, 0x80000000)
|
|
||||||
uc.emu_start(CODE, CODE + len(asm), 100)
|
|
||||||
print
|
|
||||||
except UcError as e:
|
|
||||||
print("ERROR: %s" % e)
|
|
||||||
|
|
|
@ -5,6 +5,7 @@ from capstone import *
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.x86_const import *
|
from unicorn.x86_const import *
|
||||||
|
|
||||||
|
import regress
|
||||||
code = 'f20f1005aa120000'.decode('hex')
|
code = 'f20f1005aa120000'.decode('hex')
|
||||||
|
|
||||||
def dis(mem, addr):
|
def dis(mem, addr):
|
||||||
|
@ -20,9 +21,15 @@ def hook_code(uc, addr, size, user_data):
|
||||||
print 'instruction:', str(mem).encode('hex'), dis(mem, addr)
|
print 'instruction:', str(mem).encode('hex'), dis(mem, addr)
|
||||||
print 'reference: ', code.encode('hex'), dis(code, addr)
|
print 'reference: ', code.encode('hex'), dis(code, addr)
|
||||||
|
|
||||||
addr = 0x400000
|
class Movsd(regress.RegressTest):
|
||||||
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
|
||||||
mu.hook_add(UC_HOOK_CODE, hook_code)
|
def runTest(self):
|
||||||
mu.mem_map(addr, 8 * 1024 * 1024)
|
addr = 0x400000
|
||||||
mu.mem_write(addr, code)
|
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
||||||
mu.emu_start(addr, addr + len(code))
|
mu.hook_add(UC_HOOK_CODE, hook_code)
|
||||||
|
mu.mem_map(addr, 8 * 1024 * 1024)
|
||||||
|
mu.mem_write(addr, code)
|
||||||
|
mu.emu_start(addr, addr + len(code))
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -5,8 +5,17 @@
|
||||||
|
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.x86_const import *
|
from unicorn.x86_const import *
|
||||||
uc = Uc(UC_ARCH_X86, UC_MODE_64)
|
|
||||||
uc.mem_map(0x2000, 0x1000)
|
import regress
|
||||||
# pshufb xmm0, xmm1
|
|
||||||
uc.mem_write(0x2000, '660f3800c1'.decode('hex'))
|
class Pshufb(regress.RegressTest):
|
||||||
uc.emu_start(0x2000, 0x2005)
|
|
||||||
|
def runTest(self):
|
||||||
|
uc = Uc(UC_ARCH_X86, UC_MODE_64)
|
||||||
|
uc.mem_map(0x2000, 0x1000)
|
||||||
|
# pshufb xmm0, xmm1
|
||||||
|
uc.mem_write(0x2000, '660f3800c1'.decode('hex'))
|
||||||
|
uc.emu_start(0x2000, 0x2005)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -3,6 +3,8 @@
|
||||||
"""See https://github.com/unicorn-engine/unicorn/issues/98"""
|
"""See https://github.com/unicorn-engine/unicorn/issues/98"""
|
||||||
|
|
||||||
import unicorn
|
import unicorn
|
||||||
|
import regress
|
||||||
|
|
||||||
ADDR = 0xffaabbcc
|
ADDR = 0xffaabbcc
|
||||||
|
|
||||||
def hook_mem_invalid(mu, access, address, size, value, user_data):
|
def hook_mem_invalid(mu, access, address, size, value, user_data):
|
||||||
|
@ -12,12 +14,18 @@ def hook_mem_invalid(mu, access, address, size, value, user_data):
|
||||||
mu.mem_write(address, b'\xcc')
|
mu.mem_write(address, b'\xcc')
|
||||||
return True
|
return True
|
||||||
|
|
||||||
mu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
class RegWriteSignExt(regress.RegressTest):
|
||||||
mu.reg_write(unicorn.x86_const.UC_X86_REG_EBX, ADDR)
|
|
||||||
|
|
||||||
mu.mem_map(0x10000000, 1024 * 4)
|
def runTest(self):
|
||||||
# jmp ebx
|
mu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
|
||||||
mu.mem_write(0x10000000, b'\xff\xe3')
|
mu.reg_write(unicorn.x86_const.UC_X86_REG_EBX, ADDR)
|
||||||
|
|
||||||
mu.hook_add(unicorn.UC_HOOK_MEM_INVALID, hook_mem_invalid)
|
mu.mem_map(0x10000000, 1024 * 4)
|
||||||
mu.emu_start(0x10000000, 0x10000000 + 2, count=1)
|
# jmp ebx
|
||||||
|
mu.mem_write(0x10000000, b'\xff\xe3')
|
||||||
|
|
||||||
|
mu.hook_add(unicorn.UC_HOOK_MEM_INVALID, hook_mem_invalid)
|
||||||
|
mu.emu_start(0x10000000, 0x10000000 + 2, count=1)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
34
regress/regress.py
Executable file
34
regress/regress.py
Executable file
|
@ -0,0 +1,34 @@
|
||||||
|
#!/usr/bin/python
|
||||||
|
|
||||||
|
import unittest
|
||||||
|
|
||||||
|
from os.path import dirname, basename, isfile
|
||||||
|
import glob
|
||||||
|
|
||||||
|
# Find all unittest type in this directory and run it.
|
||||||
|
|
||||||
|
class RegressTest(unittest.TestCase):
|
||||||
|
pass
|
||||||
|
|
||||||
|
def main():
|
||||||
|
unittest.main()
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
directory = dirname(__file__)
|
||||||
|
if directory == '':
|
||||||
|
directory = '.'
|
||||||
|
modules = glob.glob(directory+"/*.py")
|
||||||
|
__all__ = [ basename(f)[:-3] for f in modules if isfile(f)]
|
||||||
|
suite = unittest.TestSuite()
|
||||||
|
|
||||||
|
for module in __all__:
|
||||||
|
m = __import__(module)
|
||||||
|
for cl in dir(m):
|
||||||
|
try:
|
||||||
|
realcl = getattr(m,cl)
|
||||||
|
if issubclass(realcl, unittest.TestCase):
|
||||||
|
suite.addTest(realcl())
|
||||||
|
except Exception as e:
|
||||||
|
pass
|
||||||
|
|
||||||
|
unittest.TextTestRunner().run(suite)
|
|
@ -3,30 +3,69 @@
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.x86_const import *
|
from unicorn.x86_const import *
|
||||||
|
|
||||||
|
import regress
|
||||||
|
|
||||||
binary1 = b'\xb8\x02\x00\x00\x00' # mov eax, 2
|
binary1 = b'\xb8\x02\x00\x00\x00' # mov eax, 2
|
||||||
binary2 = b'\xb8\x01\x00\x00\x00' # mov eax, 1
|
binary2 = b'\xb8\x01\x00\x00\x00' # mov eax, 1
|
||||||
|
|
||||||
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
class WrongRIP(regress.RegressTest):
|
||||||
|
|
||||||
mu.mem_map(0, 2 * 1024 * 1024)
|
def test_step(self):
|
||||||
|
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
||||||
|
mu.mem_map(0, 2 * 1024 * 1024)
|
||||||
|
# write machine code to be emulated to memory
|
||||||
|
mu.mem_write(0, binary1 + binary2)
|
||||||
|
# emu for maximum 1 instruction.
|
||||||
|
mu.emu_start(0, 5, 0, 1)
|
||||||
|
|
||||||
# write machine code to be emulated to memory
|
self.assertEqual(0x2, mu.reg_read(UC_X86_REG_RAX))
|
||||||
mu.mem_write(0, binary1 + binary2)
|
self.assertEqual(0x5, mu.reg_read(UC_X86_REG_RIP))
|
||||||
|
|
||||||
# emu for maximum 1 instruction.
|
mu.emu_start(5, 10, 0, 1)
|
||||||
mu.emu_start(0, 5, 0, 1)
|
self.assertEqual(0xa, mu.reg_read(UC_X86_REG_RIP))
|
||||||
|
self.assertEqual(0x1, mu.reg_read(UC_X86_REG_RAX))
|
||||||
|
|
||||||
print("RAX = %u" %mu.reg_read(UC_X86_REG_RAX))
|
def test_step2(self):
|
||||||
|
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
||||||
|
mu.mem_map(0, 2 * 1024 * 1024)
|
||||||
|
# write machine code to be emulated to memory
|
||||||
|
mu.mem_write(0, binary1 + binary2)
|
||||||
|
# emu for maximum 1 instruction.
|
||||||
|
mu.emu_start(0, 10, 0, 1)
|
||||||
|
self.assertEqual(0x2, mu.reg_read(UC_X86_REG_RAX))
|
||||||
|
self.assertEqual(0x5, mu.reg_read(UC_X86_REG_RIP))
|
||||||
|
|
||||||
pos = mu.reg_read(UC_X86_REG_RIP)
|
mu.emu_start(5, 10, 0, 1)
|
||||||
|
self.assertEqual(0x1, mu.reg_read(UC_X86_REG_RAX))
|
||||||
|
self.assertEqual(0xa, mu.reg_read(UC_X86_REG_RIP))
|
||||||
|
|
||||||
print("RIP = %x" %pos)
|
def test_step3(self):
|
||||||
|
bin3 = b'\x40\x01\xc1\x31\xf6' # inc eax; add ecx, eax; xor esi, esi
|
||||||
|
mu = Uc(UC_ARCH_X86, UC_MODE_32)
|
||||||
|
mu.mem_map(0, 2 * 1024 * 1024)
|
||||||
|
# write machine code to be emulated to memory
|
||||||
|
mu.mem_write(0, bin3)
|
||||||
|
# emu for maximum 1 instruction.
|
||||||
|
mu.emu_start(0, 10, 0, 1)
|
||||||
|
self.assertEqual(0x1, mu.reg_read(UC_X86_REG_EAX))
|
||||||
|
self.assertEqual(0x1, mu.reg_read(UC_X86_REG_EIP))
|
||||||
|
|
||||||
mu.emu_start(5, 10, 0, 1)
|
def test_step_then_fin(self):
|
||||||
|
bin4 = b'\x40\x01\xc1\x31\xf6\x90\x90\x90' # inc eax; add ecx, eax; xor esi, esi
|
||||||
|
mu = Uc(UC_ARCH_X86, UC_MODE_32)
|
||||||
|
mu.mem_map(0, 2 * 1024 * 1024)
|
||||||
|
# write machine code to be emulated to memory
|
||||||
|
mu.mem_write(0, bin4)
|
||||||
|
# emu for maximum 1 instruction.
|
||||||
|
mu.emu_start(0, len(binary1), 0, 1)
|
||||||
|
|
||||||
pos = mu.reg_read(UC_X86_REG_RIP)
|
self.assertEqual(0x1, mu.reg_read(UC_X86_REG_EAX))
|
||||||
|
self.assertEqual(0x1, mu.reg_read(UC_X86_REG_EIP))
|
||||||
|
# emu to the end
|
||||||
|
mu.emu_start(1, len(bin4))
|
||||||
|
self.assertEqual(0x1, mu.reg_read(UC_X86_REG_EAX))
|
||||||
|
self.assertEqual(len(bin4), mu.reg_read(UC_X86_REG_EIP))
|
||||||
|
|
||||||
print("RIP = %x" %pos)
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
print("RAX = %u" %mu.reg_read(UC_X86_REG_RAX))
|
|
||||||
|
|
||||||
|
|
|
@ -1,32 +0,0 @@
|
||||||
#!/usr/bin/python
|
|
||||||
|
|
||||||
from unicorn import *
|
|
||||||
from unicorn.x86_const import *
|
|
||||||
|
|
||||||
binary1 = b'\xb8\x02\x00\x00\x00' # mov eax, 2
|
|
||||||
binary2 = b'\xb8\x01\x00\x00\x00' # mov eax, 1
|
|
||||||
|
|
||||||
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
|
||||||
|
|
||||||
mu.mem_map(0, 2 * 1024 * 1024)
|
|
||||||
|
|
||||||
# write machine code to be emulated to memory
|
|
||||||
mu.mem_write(0, binary1 + binary2)
|
|
||||||
|
|
||||||
# emu for maximum 1 instruction.
|
|
||||||
mu.emu_start(0, 10, 0, 1)
|
|
||||||
|
|
||||||
print("RAX = %u" %mu.reg_read(UC_X86_REG_RAX))
|
|
||||||
|
|
||||||
pos = mu.reg_read(UC_X86_REG_RIP)
|
|
||||||
|
|
||||||
print("RIP = %x" %pos)
|
|
||||||
|
|
||||||
mu.emu_start(5, 10, 0, 1)
|
|
||||||
|
|
||||||
pos = mu.reg_read(UC_X86_REG_RIP)
|
|
||||||
|
|
||||||
print("RIP = %x" %pos)
|
|
||||||
|
|
||||||
print("RAX = %u" %mu.reg_read(UC_X86_REG_RAX))
|
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
#!/usr/bin/python
|
|
||||||
|
|
||||||
from unicorn import *
|
|
||||||
from unicorn.x86_const import *
|
|
||||||
|
|
||||||
binary1 = b'\x40\x01\xc1\x31\xf6' # inc eax; add ecx, eax; xor esi, esi
|
|
||||||
|
|
||||||
mu = Uc(UC_ARCH_X86, UC_MODE_32)
|
|
||||||
|
|
||||||
mu.mem_map(0, 2 * 1024 * 1024)
|
|
||||||
|
|
||||||
# write machine code to be emulated to memory
|
|
||||||
mu.mem_write(0, binary1)
|
|
||||||
|
|
||||||
# emu for maximum 1 instruction.
|
|
||||||
mu.emu_start(0, 10, 0, 1)
|
|
||||||
|
|
||||||
print("EAX = %u" %mu.reg_read(UC_X86_REG_EAX))
|
|
||||||
|
|
||||||
pos = mu.reg_read(UC_X86_REG_EIP)
|
|
||||||
|
|
||||||
print("EIP = %x" %pos)
|
|
||||||
|
|
|
@ -1,32 +0,0 @@
|
||||||
#!/usr/bin/python
|
|
||||||
|
|
||||||
from unicorn import *
|
|
||||||
from unicorn.x86_const import *
|
|
||||||
|
|
||||||
binary1 = b'\x40\x01\xc1\x31\xf6\x90\x90\x90' # inc eax; add ecx, eax; xor esi, esi
|
|
||||||
|
|
||||||
mu = Uc(UC_ARCH_X86, UC_MODE_32)
|
|
||||||
|
|
||||||
mu.mem_map(0, 2 * 1024 * 1024)
|
|
||||||
|
|
||||||
# write machine code to be emulated to memory
|
|
||||||
mu.mem_write(0, binary1)
|
|
||||||
|
|
||||||
pos = 0
|
|
||||||
# emu for maximum 1 instruction.
|
|
||||||
mu.emu_start(pos, len(binary1), 0, 1)
|
|
||||||
|
|
||||||
print("EAX = %u" %mu.reg_read(UC_X86_REG_EAX))
|
|
||||||
|
|
||||||
pos = mu.reg_read(UC_X86_REG_EIP)
|
|
||||||
|
|
||||||
print("EIP = %x" %pos)
|
|
||||||
|
|
||||||
# emu to the end
|
|
||||||
mu.emu_start(pos, len(binary1))
|
|
||||||
|
|
||||||
print("EAX = %u" %mu.reg_read(UC_X86_REG_EAX))
|
|
||||||
|
|
||||||
pos = mu.reg_read(UC_X86_REG_EIP)
|
|
||||||
|
|
||||||
print("EIP = %x" %pos)
|
|
|
@ -4,6 +4,8 @@ from unicorn import *
|
||||||
from unicorn.x86_const import *
|
from unicorn.x86_const import *
|
||||||
from unicorn.arm_const import *
|
from unicorn.arm_const import *
|
||||||
|
|
||||||
|
import regress
|
||||||
|
|
||||||
# adds r1, #0x48
|
# adds r1, #0x48
|
||||||
# ldrsb r7, [r7, r7]
|
# ldrsb r7, [r7, r7]
|
||||||
# ldrsh r7, [r2, r1]
|
# ldrsh r7, [r2, r1]
|
||||||
|
@ -14,26 +16,23 @@ from unicorn.arm_const import *
|
||||||
# strb r7, [r5, #0xc]
|
# strb r7, [r5, #0xc]
|
||||||
# ldr r0, [pc, #0x1a0]
|
# ldr r0, [pc, #0x1a0]
|
||||||
binary1 = b'\x48\x31\xff\x57\x57\x5e\x5a\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xef\x08\x57\x54\x5f\x6a\x3b\x58\x0f\x05'
|
binary1 = b'\x48\x31\xff\x57\x57\x5e\x5a\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xef\x08\x57\x54\x5f\x6a\x3b\x58\x0f\x05'
|
||||||
binary1 = b'\x48\x31\xff\x57'
|
# binary1 = b'\x48\x31\xff\x57'
|
||||||
#adds r1, #0x48
|
#adds r1, #0x48
|
||||||
#ldrsb r7, [r7, r7]
|
#ldrsb r7, [r7, r7]
|
||||||
|
|
||||||
mu = Uc(UC_ARCH_ARM, UC_MODE_THUMB)
|
class WrongRIPArm(regress.RegressTest):
|
||||||
|
|
||||||
mu.mem_map(0, 2 * 1024 * 1024)
|
def runTest(self):
|
||||||
|
mu = Uc(UC_ARCH_ARM, UC_MODE_THUMB)
|
||||||
|
mu.mem_map(0, 2 * 1024 * 1024)
|
||||||
|
# write machine code to be emulated to memory
|
||||||
|
mu.mem_write(0, binary1)
|
||||||
|
mu.reg_write(UC_ARM_REG_R13, 1 * 1024 * 1024)
|
||||||
|
# emu for maximum 1 instruction.
|
||||||
|
mu.emu_start(0, len(binary1), 0, 1)
|
||||||
|
self.assertEqual(0x48, mu.reg_read(UC_ARM_REG_R1))
|
||||||
|
pos = mu.reg_read(UC_ARM_REG_R15)
|
||||||
|
self.assertEqual(0x2, pos)
|
||||||
|
|
||||||
# write machine code to be emulated to memory
|
if __name__ == '__main__':
|
||||||
mu.mem_write(0, binary1)
|
regress.main()
|
||||||
|
|
||||||
mu.reg_write(ARM_REG_R13, 1*1024*1024)
|
|
||||||
|
|
||||||
pos = 0
|
|
||||||
|
|
||||||
# emu for maximum 1 instruction.
|
|
||||||
mu.emu_start(pos, len(binary1), 0, 1)
|
|
||||||
|
|
||||||
print("R1 = %x" % mu.reg_read(ARM_REG_R1))
|
|
||||||
|
|
||||||
pos = mu.reg_read(ARM_REG_R15)
|
|
||||||
|
|
||||||
print("RIP = %x" %pos)
|
|
||||||
|
|
|
@ -3,20 +3,26 @@
|
||||||
|
|
||||||
from unicorn import *
|
from unicorn import *
|
||||||
from unicorn.arm_const import *
|
from unicorn.arm_const import *
|
||||||
|
from unicorn.arm64_const import *
|
||||||
|
|
||||||
try:
|
import regress
|
||||||
uc = Uc(UC_ARCH_ARM, UC_MODE_32)
|
|
||||||
uc.reg_write(UC_ARM_REG_SP, 4)
|
|
||||||
print 'Writing 4 to SP'
|
|
||||||
print 'SP =', uc.reg_read(UC_ARM_REG_SP)
|
|
||||||
except UcError as e:
|
|
||||||
print("ERROR: %s" % e)
|
|
||||||
|
|
||||||
try:
|
class WrongSPArm(regress.RegressTest):
|
||||||
print "==========="
|
|
||||||
uc = Uc(UC_ARCH_ARM, UC_MODE_ARM)
|
def test_32(self):
|
||||||
uc.reg_write(UC_ARM_REG_SP, 4)
|
with self.assertRaises(UcError):
|
||||||
print 'Writing 4 to SP'
|
uc = Uc(UC_ARCH_ARM, UC_MODE_32)
|
||||||
print 'SP =', uc.reg_read(UC_ARM_REG_SP)
|
uc.reg_write(UC_ARM_REG_SP, 4)
|
||||||
except UcError as e:
|
|
||||||
print("ERROR: %s" % e)
|
def test_64(self):
|
||||||
|
uc = Uc(UC_ARCH_ARM64, UC_MODE_ARM)
|
||||||
|
uc.reg_write(UC_ARM64_REG_SP, 4)
|
||||||
|
self.assertEqual(0x4, uc.reg_read(UC_ARM64_REG_SP))
|
||||||
|
|
||||||
|
def test_arm(self):
|
||||||
|
uc = Uc(UC_ARCH_ARM, UC_MODE_ARM)
|
||||||
|
uc.reg_write(UC_ARM_REG_SP, 4)
|
||||||
|
self.assertEqual(0x4, uc.reg_read(UC_ARM_REG_SP))
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
regress.main()
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
#!/usr/bin/python
|
|
||||||
|
|
||||||
from unicorn import *
|
|
||||||
from unicorn.arm64_const import *
|
|
||||||
|
|
||||||
try:
|
|
||||||
uc = Uc(UC_ARCH_ARM64, UC_MODE_ARM)
|
|
||||||
uc.reg_write(UC_ARM64_REG_SP, 4)
|
|
||||||
print 'Writing 4 to SP'
|
|
||||||
print 'SP =', uc.reg_read(UC_ARM64_REG_SP)
|
|
||||||
except UcError as e:
|
|
||||||
print("ERROR: %s" % e)
|
|
Loading…
Reference in a new issue