From d149648f2fe175ddbc591d4fcb4fd911578dfc0e Mon Sep 17 00:00:00 2001 From: Nguyen Anh Quynh Date: Mon, 3 Sep 2018 07:58:09 -0400 Subject: [PATCH] x86: fix #968. also fix potential bug of not clearing high bytes when updateing EIP Backports commit 4d0157eb4a4891fe9101ac84accbd11cd4277794 from qemu --- qemu/target/i386/unicorn.c | 4 ++-- uc.c | 11 +++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/qemu/target/i386/unicorn.c b/qemu/target/i386/unicorn.c index 7a51e649..5a3bea9d 100644 --- a/qemu/target/i386/unicorn.c +++ b/qemu/target/i386/unicorn.c @@ -973,7 +973,7 @@ int x86_reg_write(struct uc_struct *uc, unsigned int *regs, void *const *vals, i uc_emu_stop(uc); break; case UC_X86_REG_IP: - WRITE_WORD(state->eip, *(uint16_t *)value); + X86_CPU(uc, mycpu)->env.eip = *(uint16_t *)value; // force to quit execution and flush TB uc->quit_request = true; uc_emu_stop(uc); @@ -1163,7 +1163,7 @@ int x86_reg_write(struct uc_struct *uc, unsigned int *regs, void *const *vals, i uc_emu_stop(uc); break; case UC_X86_REG_EIP: - WRITE_DWORD(state->eip, *(uint32_t *)value); + X86_CPU(uc, mycpu)->env.eip = *(uint32_t *)value; // force to quit execution and flush TB uc->quit_request = true; uc_emu_stop(uc); diff --git a/uc.c b/uc.c index 4387f076..3ea0bb4e 100644 --- a/uc.c +++ b/uc.c @@ -549,9 +549,16 @@ uc_err uc_emu_start(uc_engine* uc, uint64_t begin, uint64_t until, uint64_t time switch(uc->mode) { default: break; - case UC_MODE_16: - uc_reg_write(uc, UC_X86_REG_IP, &begin); + case UC_MODE_16: { + uint64_t ip; + uint16_t cs; + + uc_reg_read(uc, UC_X86_REG_CS, &cs); + // compensate for later adding up IP & CS + ip = begin - cs*16; + uc_reg_write(uc, UC_X86_REG_IP, &ip); break; + } case UC_MODE_32: uc_reg_write(uc, UC_X86_REG_EIP, &begin); break;