// Test hook evocation count // // Objective is to demonstrate finer duration control of // emulation by counts of instruction code // #include "unicorn_test.h" #include <inttypes.h> #define DEBUG 1 #define OK(x) uc_assert_success(x) volatile int expected_instructions = 0; volatile int total_instructions = 0; // NOTE: It would appear that this UC_HOOK_CODE is being done before the // uc_count_fb hook. // So, termination by uc->emu_count has not been done yet here... static void test_code_hook(uc_engine *uc, uint64_t address, uint32_t size, void *user_data) { ++total_instructions; if (total_instructions == expected_instructions) { uc_emu_stop(uc); } #ifdef DEBUG printf("instruction at 0x%"PRIx64": ", address); uint8_t tmp[256]; if (!uc_mem_read(uc, address, tmp, size)) { uint32_t i; for (i = 0; i < size; i++) { printf("0x%x ", tmp[i]); } printf("\n"); } #endif // DEBUG } /* Called before every test to set up a new instance */ static int setup32(void **state) { uc_hook trace1; uc_engine *uc; OK(uc_open(UC_ARCH_X86, UC_MODE_32, &uc)); *state = uc; // trace all instructions OK(uc_hook_add(uc, &trace1, UC_HOOK_CODE, test_code_hook, NULL, 1, 0)); return 0; } /* Called after every test to clean up */ static int teardown(void **state) { uc_engine *uc = *state; OK(uc_close(uc)); *state = NULL; return 0; } /******************************************************************************/ static void test_hook_count(uc_engine *uc, const uint8_t *code, int start_offset, int code_length, int count) { #define BASEADDR 0x1000000 #define MEMSIZE (2 * 1024 * 1024) uint64_t address = BASEADDR + (count * MEMSIZE); total_instructions = 0; #undef BASEADDR // map a new 2MB memory for this emulation OK(uc_mem_map(uc, address, MEMSIZE, UC_PROT_ALL)); // write machine code to be emulated to memory OK(uc_mem_write(uc, address, code, code_length)); #ifdef DEBUG printf("Address: %"PRIx64"\n", address); printf("Start : %"PRIx64"\n", address + start_offset); printf("End : %"PRIx64"\n", address + code_length - 1); printf("Count : %d\n", count); #endif expected_instructions = count; OK(uc_emu_start(uc, address+start_offset, address+code_length, 0, count)); assert_int_equal(expected_instructions, total_instructions); // map 2MB memory for this emulation OK(uc_mem_unmap(uc, address, MEMSIZE)); } /* Perform fine-grain emulation control of exactly 1 instruction */ /* of 1-opcode code space*/ static void test_hook_count_1_begin(void **state) { uc_engine *uc = *state; const uint8_t code[] = { 0x41, // inc ECX @0x1000000 }; int code_length = sizeof(code); int start_offset = 0; int ins_count = 1; test_hook_count(uc, code, start_offset, code_length, ins_count); } /* Perform fine-grain emulation control of exactly 1 instruction */ static void test_hook_count_1_midpoint(void **state) { uc_engine *uc = *state; const uint8_t code[] = { 0x41, // inc ECX @0x1000000 0x41, // inc ECX 0x41, // inc ECX 0x41, // inc ECX @0x1000003 0x41, // inc ECX 0x41, // inc ECX 0x42, // inc EDX @0x1000006 0x42, // inc EDX }; int code_length = sizeof(code); int start_offset = code_length/2; int ins_count = 1; test_hook_count(uc, code, start_offset, code_length, ins_count); } /* Perform fine-grain emulation control of exactly 1 instruction */ static void test_hook_count_1_end(void **state) { uc_engine *uc = *state; const uint8_t code[] = { 0x41, // inc ECX @0x1000000 0x41, // inc ECX 0x41, // inc ECX 0x41, // inc ECX @0x1000003 0x41, // inc ECX 0x41, // inc ECX 0x42, // inc EDX @0x1000006 0x42, // inc EDX }; int code_length = sizeof(code); int start_offset = code_length - 1; int ins_count = 1; test_hook_count(uc, code, start_offset, code_length, ins_count); } /* Perform fine-grain emulation control over a range of */ /* varied instruction steps. */ static void test_hook_count_range(void **state) { uc_engine *uc = *state; const uint8_t code[] = { 0x41, // inc ECX @0x1000000 0x41, // inc ECX 0x41, // inc ECX 0x41, // inc ECX @0x1000003 0x41, // inc ECX 0x41, // inc ECX 0x42, // inc EDX @0x1000006 0x42, // inc EDX }; int code_length = sizeof(code); int start_offset; int ins_count = 2; for (start_offset = 2; start_offset < (code_length - ins_count); start_offset++) { printf("Iteration %d\n", start_offset); test_hook_count(uc, code, start_offset, code_length, ins_count); } } static void test_hook_count_end(void **state) { uc_engine *uc = *state; const uint8_t code[] = { 0x41, // inc ECX @0x1000000 0x41, // inc ECX 0x41, // inc ECX 0x41, // inc ECX @0x1000003 0x41, // inc ECX 0x41, // inc ECX 0x42, // inc EDX @0x1000006 0x42, // inc EDX }; int code_length = sizeof(code); int ins_count = 3; int start_offset = sizeof(code) - ins_count; test_hook_count(uc, code, start_offset, code_length, ins_count); } static void test_hook_count_begins(void **state) { uc_engine *uc = *state; const uint8_t code[] = { 0x41, // inc ECX @0x1000000 0x41, // inc ECX 0x41, // inc ECX 0x41, // inc ECX @0x1000003 0x41, // inc ECX 0x41, // inc ECX 0x42, // inc EDX @0x1000006 0x42, // inc EDX }; int code_length = sizeof(code); int ins_count = 3; int start_offset = 0; test_hook_count(uc, code, start_offset, code_length, ins_count); } static void test_hook_count_midpoint(void **state) { uc_engine *uc = *state; const uint8_t code[] = { 0x41, // inc ECX @0x1000000 0x41, // inc ECX 0x41, // inc ECX 0x41, // inc ECX @0x1000003 0x41, // inc ECX 0x41, // inc ECX 0x42, // inc EDX @0x1000006 0x42, // inc EDX }; int code_length = sizeof(code); int ins_count = 3; int start_offset = 2; test_hook_count(uc, code, start_offset, code_length, ins_count); } int main(void) { const struct CMUnitTest tests[] = { cmocka_unit_test_setup_teardown(test_hook_count_1_begin, setup32, teardown), cmocka_unit_test_setup_teardown(test_hook_count_1_midpoint, setup32, teardown), cmocka_unit_test_setup_teardown(test_hook_count_1_end, setup32, teardown), cmocka_unit_test_setup_teardown(test_hook_count_begins, setup32, teardown), cmocka_unit_test_setup_teardown(test_hook_count_range, setup32, teardown), cmocka_unit_test_setup_teardown(test_hook_count_midpoint, setup32, teardown), cmocka_unit_test_setup_teardown(test_hook_count_end, setup32, teardown), }; return cmocka_run_group_tests(tests, NULL, NULL); }