completed the test

The issue noticed before only occurs while we are in the hook_code (eflags is not correctly updated after the execution of the SHL instruction using CL).
Once the emulation has finished executing the code the value of eflags is correct.
This commit is contained in:
samothtronicien 2016-07-29 18:52:53 +02:00 committed by GitHub
parent 2ba32922e4
commit 6fc1f27492

View file

@ -1,55 +1,96 @@
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <unicorn/unicorn.h>
#ifdef _WIN32
# include <Windows.h>
# define printf OutputDebugStringA
#endif
char buffer[256];
void hook_code(uc_engine *uc, uint64_t address, uint32_t size, void *user_data)
{
uint32_t eax = 0, eflags = 0;
uint32_t eax = 0, ebx = 0, eflags = 0;
uc_reg_read(uc, UC_X86_REG_EAX, &eax);
uc_reg_read(uc, UC_X86_REG_EBX, &ebx);
uc_reg_read(uc, UC_X86_REG_EFLAGS, &eflags);
printf("eip=%08x - eax=%08x - eflags=%08X\n", (uint32_t)address, eax, eflags);
sprintf(buffer, "eip=%08x - eax=%08x - ebx=%08x - eflags=%08X\n", (uint32_t)address, eax, ebx, eflags);
printf(buffer);
}
const char code32_prob[] = {
0xB8, 0x3C, 0x00, 0x00, 0x00, //0x100000: mov eax, 3Ch
0xBB, 0x3C, 0x00, 0x00, 0x00, //0x100000: mov ebx, 3Ch
0xB1, 0x02, //0x100005: mov cl, 2
0xD3, 0xE0, //0x100007: shl eax, cl <- do not set PF
0x33, 0xC0 //0x100009: xor eax, eax
0xD3, 0xE3, //0x100007: shl ebx, cl
0x9F, //0x100009: lahf
0xCC //0x10000A: int3
};
const char code32_ok[] = {
0xB8, 0x3C, 0x00, 0x00, 0x00, //0x100000: mov eax, 3Ch
0xC1, 0xE0, 0x02, //0x100005: shl eax, 2 <- set PF correctly
0x33, 0xC0 //0x100007: xor eax, eax
0xBB, 0x3C, 0x00, 0x00, 0x00, //0x100000: mov ebx, 3Ch
0xC1, 0xE3, 0x02, //0x100005: shl ebx, 2
0x9F, //0x100008: lahf
0xCC //0x100009: int3
};
const char code16_prob[] = {
0x66, 0xB8, 0x3C, 0x00, //0x100000: mov ax, 3Ch
0x66, 0xBB, 0x3C, 0x00, //0x100000: mov bx, 3Ch
0xB1, 0x02, //0x100004: mov cl, 2
0x66, 0xD3, 0xE0, //0x100006: shl ax, cl
0x33, 0xC0 //0x100009: xor eax, eax
0x66, 0xD3, 0xE3, //0x100006: shl bx, cl
0x9F, //0x100009: lahf
0xCC //0x10000A: int3
};
const char code16_ok[] = {
0x66, 0xB8, 0x3C, 0x00, //0x100000: mov ax, 3Ch
0x66, 0xC1, 0xE0, 0x02, //0x100004: shl ax, 2
0x33, 0xC0 //0x100008: xor eax, eax
0x66, 0xBB, 0x3C, 0x00, //0x100000: mov bx, 3Ch
0x66, 0xC1, 0xE3, 0x02, //0x100004: shl bx, 2
0x9F, //0x100008: lahf
0xCC //0x10000A: int3
};
const char code8_prob[] = {
0xB0, 0x3C, //0x100000: mov al, 3Ch
0xB3, 0x3C, //0x100000: mov bl, 3Ch
0xB1, 0x02, //0x100002: mov cl, 2
0xD2, 0xE0, //0x100004: shl al, 2
0x33, 0xC0 //0x100006: xor eax, eax
0xD2, 0xE3, //0x100004: shl bl, 2
0x9F, //0x100006: lahf
0xCC //0x100007: int3
};
const char code8_ok[] = {
0xB0, 0x3C, //0x100000: mov al, 3Ch
0xC0, 0xE0, 0x02, //0x100002: shl al, 2
0x33, 0xC0 //0x100005: xor eax, eax
0xB3, 0x3C, //0x100000: mov bl, 3Ch
0xC0, 0xE3, 0x02, //0x100002: shl bl, 2
0x9F, //0x100005: lahf
0xCC //0x100006: int3
};
const char code_SHL_JP_CL[] = {
0xB4, 0x00, //0x100000: mov ah, 0
0x9E, //0x100002: sahf
0xB8, 0x3C, 0x00, 0x00, 0x00, //0x100003: mov eax, 3Ch
0xB1, 0x02, //0x100008: mov cl, 2
0xD3, 0xE0, //0x10000A: shl eax, cl
0x7A, 0x07, //0x10000C: jp +7
0xB8, 0x00, 0x00, 0x00, 0x00, //0x10000E: mov eax, 0
0xEB, 0x05, //0x100014: jmp +5
0xB8, 0x01, 0x00, 0x00, 0x00, //0x100016: mov eax, 1
0xCC //0x10001B: int3
};
const char code_SHL_JP_NOCL[] = {
0xB4, 0x00, //0x100000: mov ah, 0
0x9E, //0x100002: sahf
0xB8, 0x3C, 0x00, 0x00, 0x00, //0x100003: mov eax, 3Ch
0xC1, 0xE0, 0x02, //0x100008: shl eax, 2
0x7A, 0x07, //0x10000B: jp +7
0xB8, 0x00, 0x00, 0x00, 0x00, //0x10000D: mov eax, 0
0xEB, 0x05, //0x100014:
0xB8, 0x01, 0x00, 0x00, 0x00, //0x100016: mov eax, 1
0xCC //0x100017: int3
};
#define ADDR_START 0x100000
#define TEST(X) if((X) != UC_ERR_OK) { \
@ -59,6 +100,7 @@ const char code8_ok[] = {
int main()
{
uint32_t eflags = 0, eax = 0;
uc_engine * uc = NULL;
TEST(uc_open(UC_ARCH_X86, UC_MODE_32, &uc));
@ -67,47 +109,55 @@ int main()
TEST(uc_hook_add(uc, &trace_hook_code, UC_HOOK_CODE, hook_code, NULL, 1, 0));
TEST(uc_mem_map(uc, ADDR_START, 0x1000, UC_PROT_READ | UC_PROT_EXEC));
#define RUN_CODE(CODE) { \
TEST(uc_mem_write(uc, ADDR_START, CODE, sizeof(CODE))); \
printf("running " #CODE "...\n"); \
eflags = 0; \
uc_reg_write(uc, UC_X86_REG_EFLAGS, &eflags); \
TEST(uc_emu_start(uc, ADDR_START, ADDR_START + sizeof(CODE) - 1, 0, 0)); \
uc_reg_read(uc, UC_X86_REG_EFLAGS, &eflags); \
uc_reg_read(uc, UC_X86_REG_EAX, &eax); \
sprintf(buffer, "after uc_emu_start: eflags=%08X - ah=%08X - %s\n", eflags, (eax>>8) & 0xFF, eflags & 4 ? "success" : "failed"); \
printf(buffer); \
}
//32 bits
TEST(uc_mem_write(uc, ADDR_START, code32_prob, sizeof(code32_prob)));
printf("running code_prob\n");
TEST(uc_emu_start(uc, ADDR_START, ADDR_START + sizeof(code32_prob) - 1, 0, 4));
uint32_t eflags = 0;
uc_reg_write(uc, UC_X86_REG_EFLAGS, &eflags);
TEST(uc_mem_write(uc, ADDR_START, code32_ok, sizeof(code32_ok)));
printf("running code_ok\n");
TEST(uc_emu_start(uc, ADDR_START, ADDR_START + sizeof(code32_ok) - 1, 0, 3));
RUN_CODE(code32_prob);
RUN_CODE(code32_ok);
//16 bits
eflags = 0;
uc_reg_write(uc, UC_X86_REG_EFLAGS, &eflags);
TEST(uc_mem_write(uc, ADDR_START, code16_prob, sizeof(code16_prob)));
printf("running code16_prob\n");
TEST(uc_emu_start(uc, ADDR_START, ADDR_START + sizeof(code16_prob) - 1, 0, 4));
eflags = 0;
uc_reg_write(uc, UC_X86_REG_EFLAGS, &eflags);
TEST(uc_mem_write(uc, ADDR_START, code16_ok, sizeof(code16_ok)));
printf("running code16_ok\n");
TEST(uc_emu_start(uc, ADDR_START, ADDR_START + sizeof(code16_ok) - 1, 0, 3));
RUN_CODE(code16_prob);
RUN_CODE(code16_ok);
//8 bits
RUN_CODE(code8_prob);
RUN_CODE(code8_ok);
//test with JP-CL
eflags = 0;
uc_reg_write(uc, UC_X86_REG_EFLAGS, &eflags);
TEST(uc_mem_write(uc, ADDR_START, code8_prob, sizeof(code8_prob)));
printf("running code8_prob\n");
TEST(uc_emu_start(uc, ADDR_START, ADDR_START + sizeof(code8_prob) - 1, 0, 4));
TEST(uc_mem_write(uc, ADDR_START, code_SHL_JP_CL, sizeof(code_SHL_JP_CL)));
printf("running code_SHL_JP_CL ...\n");
TEST(uc_emu_start(uc, ADDR_START, ADDR_START + sizeof(code_SHL_JP_CL) - 1, 0, 0));
eax = 0;
uc_reg_read(uc, UC_X86_REG_EAX, &eax);
if (eax == 1) printf("success\n");
else printf("failed\n");
//test with JP-NOCL
eflags = 0;
uc_reg_write(uc, UC_X86_REG_EFLAGS, &eflags);
TEST(uc_mem_write(uc, ADDR_START, code8_ok, sizeof(code8_ok)));
printf("running code8_ok\n");
TEST(uc_emu_start(uc, ADDR_START, ADDR_START + sizeof(code8_ok) - 1, 0, 3));
TEST(uc_mem_write(uc, ADDR_START, code_SHL_JP_NOCL, sizeof(code_SHL_JP_NOCL)));
printf("running code_SHL_JP_NOCL ...\n");
TEST(uc_emu_start(uc, ADDR_START, ADDR_START + sizeof(code_SHL_JP_NOCL) - 1, 0, 0));
eax = 0;
uc_reg_read(uc, UC_X86_REG_EAX, &eax);
if (eax == 1) printf("success\n");
else printf("failed\n");
TEST(uc_close(uc));