mirror of
				https://github.com/yuzu-emu/unicorn.git
				synced 2025-10-25 00:47:19 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			270 lines
		
	
	
		
			7.1 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			270 lines
		
	
	
		
			7.1 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| #include <unicorn/unicorn.h>
 | |
| 
 | |
| #include "unicorn_test.h"
 | |
| 
 | |
| /**
 | |
|  *  Initialize i386 Unicorn Instance
 | |
|  */
 | |
| static int setup_i386(void **state)
 | |
| {
 | |
|     uc_engine *uc;
 | |
| 
 | |
|     uc_assert_success(uc_open(UC_ARCH_X86, UC_MODE_32, &uc));
 | |
| 
 | |
|     *state = uc;
 | |
|     return 0;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  *  Initialize amd64 Unicorn Instance
 | |
|  */
 | |
| static int setup_amd64(void **state)
 | |
| {
 | |
|     uc_engine *uc;
 | |
| 
 | |
|     uc_assert_success(uc_open(UC_ARCH_X86, UC_MODE_64, &uc));
 | |
| 
 | |
|     *state = uc;
 | |
|     return 0;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  *  Shutdown a Unicorn Instance
 | |
|  */
 | |
| static int teardown(void **state)
 | |
| {
 | |
|     uc_engine *uc = *state;
 | |
| 
 | |
|     uc_assert_success(uc_close(uc));
 | |
| 
 | |
|     *state = NULL;
 | |
|     return 0;
 | |
| }
 | |
| 
 | |
| /***********************************************************************************/
 | |
|   
 | |
| typedef struct {
 | |
|     bool good;
 | |
|     uint64_t actual;
 | |
|     uint64_t expected;
 | |
| } TestData;
 | |
| 
 | |
| const uint64_t CodePage = 0x10000;
 | |
| const uint64_t CodeSize = 0x4000;
 | |
| 
 | |
| /**
 | |
|  *  Hook for reading unmapped memory in the i386 Unicorn Instance.
 | |
|  *
 | |
|  *  BUG: EIP from uc_reg_read does not match expected value.
 | |
|  */
 | |
| static bool mem_hook_i386(uc_engine *uc, uc_mem_type type,
 | |
|         uint64_t address, int size, int64_t value, void *user_data)
 | |
| {
 | |
|     TestData *data = user_data;
 | |
|     if (type == UC_MEM_READ_UNMAPPED)
 | |
|     {
 | |
|         uint32_t eip;
 | |
|         uint32_t eax;
 | |
| 
 | |
|         uc_reg_read(uc, UC_X86_REG_EIP, &eip);
 | |
|         uc_reg_read(uc, UC_X86_REG_EAX, &eax);
 | |
| 
 | |
|         data->actual = eip;
 | |
|         data->expected = CodePage + 0x05;
 | |
| 
 | |
|         /**
 | |
|          *  Code:
 | |
|          *  0x10000: mov eax, 0x41414141 ;; <- Returned EIP
 | |
|          *  0x10005: mov ecx, [eax]      ;; <- Expected EIP
 | |
|          */
 | |
|         if ((eax == 0x41414141) &&       // Proof we're at 0x10005.
 | |
|             (eip != (CodePage + 0x5)))   // Proof uc_reg_read is wrong
 | |
|         {
 | |
|             data->good = false;
 | |
|         }
 | |
|         else
 | |
|             data->good = true;
 | |
|     }
 | |
|     return false;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  *  Hook for reading unmapped memory in the amd64 Unicorn Instance.
 | |
|  *
 | |
|  *  BUG: RIP from uc_reg_read does not match expected value.
 | |
|  */
 | |
| static bool mem_hook_amd64(uc_engine *uc, uc_mem_type type,
 | |
|         uint64_t address, int size, int64_t value, void *user_data)
 | |
| {
 | |
|     TestData *data = user_data;
 | |
|     if (type == UC_MEM_READ_UNMAPPED)
 | |
|     {
 | |
|         uint64_t rip;
 | |
|         uint64_t rax;
 | |
| 
 | |
|         uc_reg_read(uc, UC_X86_REG_RIP, &rip);
 | |
|         uc_reg_read(uc, UC_X86_REG_RAX, &rax);
 | |
| 
 | |
|         data->actual = rip;
 | |
|         data->expected = CodePage + 0x0A;
 | |
| 
 | |
|         /**
 | |
|          *  Code:
 | |
|          *  0x10000: mov rax, 0x4141414141414141 ;; <- Returned RIP
 | |
|          *  0x10005: mov rcx, [rax]              ;; <- Expected RIP
 | |
|          */
 | |
|         if ((rax == 0x4141414141414141) &&       // Proof we're at 0x10005
 | |
|             (rip != (CodePage + 0xA)))           // Proof uc_reg_read is wrong
 | |
|         {
 | |
|             data->good = false;
 | |
|         }
 | |
|         else
 | |
|             data->good = true;
 | |
|     }
 | |
|     return false;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  *  Empty Code Hook. 
 | |
|  */
 | |
| static void code_hook(uc_engine *uc, uint64_t addr, uint32_t size, void *user)
 | |
| {
 | |
|     (void) uc;
 | |
|     (void) addr;
 | |
|     (void) size;
 | |
|     (void) user;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  *  Test the bug for i386. 
 | |
|  *  
 | |
|  *  1. Map Code Page
 | |
|  *  2. Write Code to page.
 | |
|  *  3. Install Unmapped Read hook.
 | |
|  *  4. Run the VM.
 | |
|  */
 | |
| static void test_i386(void **state)
 | |
| {
 | |
|     TestData data;
 | |
|     uc_engine *uc = *state;
 | |
|     uc_hook trace1;
 | |
| 
 | |
|     const uint8_t i386_bug[] = {
 | |
|         0xb8, 0x41, 0x41, 0x41, 0x41,  // mov eax, 0x41414141
 | |
|         0x8b, 0x08                     // mov ecx, [eax]
 | |
|     };
 | |
| 
 | |
|     uc_assert_success(uc_mem_map(uc, CodePage, CodeSize, UC_PROT_ALL));
 | |
|     uc_assert_success(uc_mem_write(uc, CodePage, i386_bug, sizeof(i386_bug)));
 | |
|     uc_assert_success(uc_hook_add(uc, &trace1, UC_HOOK_MEM_READ_UNMAPPED, mem_hook_i386, &data, 1, 0));
 | |
|     uc_assert_fail(uc_emu_start(uc, CodePage, CodePage + sizeof(i386_bug), 0, 0));
 | |
| 
 | |
|     if (!data.good)
 | |
|         fail_msg("De-synced RIP value. 0x%"PRIX64" != 0x%"PRIX64"\n", data.expected, data.actual);
 | |
| }
 | |
| 
 | |
| /**
 | |
|  *  Test the bug for amd64.. 
 | |
|  *  
 | |
|  *  1. Map Code Page
 | |
|  *  2. Write Code to page.
 | |
|  *  3. Install Unmapped Read hook.
 | |
|  *  4. Run the VM.
 | |
|  */
 | |
| static void test_amd64(void **state)
 | |
| {
 | |
|     TestData data;
 | |
|     uc_engine *uc = *state;
 | |
|     uc_hook trace1;
 | |
| 
 | |
|     const uint8_t amd64_bug[] = {
 | |
|         0x48, 0xb8, 0x41, 0x41, 0x41, 0x41,
 | |
|         0x41, 0x41, 0x41, 0x41,
 | |
|         0x48, 0x8b, 0x08
 | |
|     };
 | |
| 
 | |
|     uc_assert_success(uc_mem_map(uc, CodePage, CodeSize, UC_PROT_ALL));
 | |
|     uc_assert_success(uc_mem_write(uc, CodePage, amd64_bug, sizeof(amd64_bug)));
 | |
|     uc_assert_success(uc_hook_add(uc, &trace1, UC_HOOK_MEM_READ_UNMAPPED, mem_hook_amd64, &data, 1, 0));
 | |
|     uc_assert_fail(uc_emu_start(uc, CodePage, CodePage + sizeof(amd64_bug), 0, 0));
 | |
| 
 | |
|     if (!data.good)
 | |
|         fail_msg("De-synced RIP value. 0x%"PRIX64" != 0x%"PRIX64"\n", data.expected, data.actual);
 | |
| }
 | |
| 
 | |
| /**
 | |
|  *  Test temporary fix for bug for i386. 
 | |
|  *  
 | |
|  *  1. Map Code Page
 | |
|  *  2. Write Code to page.
 | |
|  *  3. Install Unmapped Read hook.
 | |
|  *  4. Install Code hook.
 | |
|  *  5. Run the VM.
 | |
|  */
 | |
| static void test_i386_fix(void **state)
 | |
| {
 | |
|     TestData data;
 | |
|     uc_engine *uc = *state;
 | |
|     uc_hook trace1, trace2;
 | |
| 
 | |
|     const uint8_t i386_bug[] = {
 | |
|         0xb8, 0x41, 0x41, 0x41, 0x41,  // mov eax, 0x41414141
 | |
|         0x8b, 0x08                     // mov ecx, [eax]
 | |
|     };
 | |
| 
 | |
|     uc_assert_success(uc_mem_map(uc, CodePage, CodeSize, UC_PROT_ALL));
 | |
|     uc_assert_success(uc_mem_write(uc, CodePage, i386_bug, sizeof(i386_bug)));
 | |
|     uc_assert_success(uc_hook_add(uc, &trace1, UC_HOOK_MEM_READ_UNMAPPED, mem_hook_i386, &data, 1, 0));
 | |
|     uc_assert_success(uc_hook_add(uc, &trace2, UC_HOOK_CODE, code_hook, NULL, 1, 0));
 | |
|     uc_assert_fail(uc_emu_start(uc, CodePage, CodePage + sizeof(i386_bug), 0, 0));
 | |
| 
 | |
|     if (!data.good)
 | |
|         fail_msg("De-synced RIP value. 0x%"PRIX64" != 0x%"PRIX64"\n", data.expected, data.actual);
 | |
| }
 | |
| 
 | |
| /**
 | |
|  *  Test temporary fix for bug for amd64.. 
 | |
|  *  
 | |
|  *  1. Map Code Page
 | |
|  *  2. Write Code to page.
 | |
|  *  3. Install Unmapped Read hook.
 | |
|  *  4. Install Code hook.
 | |
|  *  5. Run the VM.
 | |
|  */
 | |
| static void test_amd64_fix(void **state)
 | |
| {
 | |
|     TestData data;
 | |
|     uc_engine *uc = *state;
 | |
|     uc_hook trace1, trace2;
 | |
| 
 | |
|     const uint8_t amd64_bug[] = {
 | |
|         0x48, 0xb8, 0x41, 0x41, 0x41, 0x41,
 | |
|         0x41, 0x41, 0x41, 0x41,
 | |
|         0x48, 0x8b, 0x08
 | |
|     };
 | |
| 
 | |
|     uc_assert_success(uc_mem_map(uc, CodePage, CodeSize, UC_PROT_ALL));
 | |
|     uc_assert_success(uc_mem_write(uc, CodePage, amd64_bug, sizeof(amd64_bug)));
 | |
|     uc_assert_success(uc_hook_add(uc, &trace1, UC_HOOK_MEM_READ_UNMAPPED, mem_hook_amd64, &data, 1, 0));
 | |
|     uc_assert_success(uc_hook_add(uc, &trace2, UC_HOOK_CODE, code_hook, NULL, 1, 0));
 | |
|     uc_assert_fail(uc_emu_start(uc, CodePage, CodePage + sizeof(amd64_bug), 0, 0));
 | |
| 
 | |
|     if (!data.good)
 | |
|         fail_msg("De-synced RIP value. 0x%"PRIX64" != 0x%"PRIX64"\n", data.expected, data.actual);
 | |
| }
 | |
| 
 | |
| /**
 | |
|  *  Run all tests
 | |
|  */
 | |
| int main(int argc, char **argv, char **envp)
 | |
| {
 | |
|     const struct CMUnitTest tests[] = {
 | |
|         cmocka_unit_test_setup_teardown(test_i386, setup_i386, teardown),
 | |
|         cmocka_unit_test_setup_teardown(test_amd64, setup_amd64, teardown),
 | |
|         cmocka_unit_test_setup_teardown(test_i386_fix, setup_i386, teardown),
 | |
|         cmocka_unit_test_setup_teardown(test_amd64_fix, setup_amd64, teardown)
 | |
|     };
 | |
|     
 | |
|     return cmocka_run_group_tests(tests, NULL, NULL);
 | |
| }
 |