1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
import regress
from unicorn import *
from unicorn.x86_const import *
CODE = (
b'\x48\xc7\xc0\x03\x00\x00\x00' # 0x1000: mov rax, 3
b'\x0f\x05' # 0x1007: syscall
b'\x48\xc7\xc7\x00\x40\x00\x00' # 0x1009: mov rdi, 0x4000
b'\x48\x89\x07' # 0x1010: mov [rdi], rdx
b'\x48\x8b\x07' # 0x1013: mov rdx, [rdi]
b'\x48\x83\xc2\x01' # 0x1016: add rdx, 1
)
BASE = 0x00001000
SCRATCH = 0x00004000
class SingleStepper:
def __init__(self, uc, test):
self.uc = uc
self.hits = 0
self.test = test
def _stop_hook(self, uc, address, *args, **kwargs):
self.hits += 1
if self.hits > 1:
self.test.assertEqual(2, self.hits, "HOOK_CODE invoked too many times")
uc.emu_stop()
def step(self):
self.hits = 0
h = self.uc.hook_add(UC_HOOK_CODE, self._stop_hook)
try:
pc = self.uc.reg_read(UC_X86_REG_RIP)
self.uc.emu_start(pc, pc + 0x20)
finally:
self.uc.hook_del(h)
def showpc(mu):
regress.logger.debug("pc: %#x", mu.reg_read(UC_X86_REG_RIP))
class HookCodeStopEmuTest(regress.RegressTest):
def test_hook_code_stop_emu(self):
mu = Uc(UC_ARCH_X86, UC_MODE_64)
# base of CODE
mu.mem_map(BASE, 0x1000)
mu.mem_write(BASE, CODE)
# scratch, used by CODE
mu.mem_map(SCRATCH, 0x1000)
mu.reg_write(UC_X86_REG_RDX, 0x1)
mu.reg_write(UC_X86_REG_RIP, BASE)
stepper = SingleStepper(mu, self)
showpc(mu)
self.assertEqual(BASE + 0x0, mu.reg_read(UC_X86_REG_RIP), "Unexpected starting PC")
stepper.step()
showpc(mu)
self.assertEqual(BASE + 0x7, mu.reg_read(UC_X86_REG_RIP), "Emulator failed to stop after one instruction")
stepper.step()
showpc(mu)
self.assertEqual(BASE + 0x9, mu.reg_read(UC_X86_REG_RIP), "Emulator failed to stop after one instruction")
if __name__ == '__main__':
regress.main()
|
