File: translator_buffer.py

package info (click to toggle)
unicorn-engine 2.1.4-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 23,912 kB
  • sloc: ansic: 379,830; python: 9,213; sh: 9,011; java: 8,609; ruby: 4,241; pascal: 1,805; haskell: 1,379; xml: 490; cs: 424; makefile: 348; cpp: 298; asm: 64
file content (94 lines) | stat: -rwxr-xr-x 3,035 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# By Mariano Graziano

import regress
import struct
import sys
import unittest
from unicorn import *
from unicorn.x86_const import *


class Emulator:
    def __init__(self, code, stack):
        def __page_aligned(address):
            return address & ~(0x1000 - 1)

        self.unicorn_code = code
        self.unicorn_stack = stack

        self.mu = Uc(UC_ARCH_X86, UC_MODE_64)
        self.mu.ctl_set_tlb_mode(UC_TLB_VIRTUAL)
        self.mu.ctl_set_tcg_buffer_size(1 * 1024 * 1024) # 1MB

        regress.logger.debug("mapping code  : %#x", __page_aligned(code))
        regress.logger.debug("mapping stack : %#x", __page_aligned(stack))

        self.mu.mem_map(__page_aligned(code), 0x1000)
        self.mu.mem_map(__page_aligned(stack), 0x1000)

        self.mu.reg_write(UC_X86_REG_RSP, stack)
        self.mu.reg_write(UC_X86_REG_RIP, code)

        self.set_hooks()

    def set_hooks(self):
        self.mu.hook_add(UC_HOOK_MEM_WRITE, self.hook_mem_access)
        self.mu.hook_add(UC_HOOK_MEM_READ_UNMAPPED | UC_HOOK_MEM_WRITE_UNMAPPED, self.hook_mem_invalid)
        self.mu.hook_add(UC_HOOK_MEM_FETCH_UNMAPPED, self.hook_mem_fetch_unmapped)

    def hook_mem_fetch_unmapped(self, uc, access, address, size, value, user_data):
        next_ip = self.unicorn_code + size

        self.write_reg(UC_X86_REG_RIP, next_ip)
        self.write_data(next_ip, b"\x90")
        # self.write_reg(UC_X86_REG_RIP, address)  # ???

        return True

    def hook_mem_invalid(self, uc, access, address, size, value, user_data):
        regress.logger.debug("invalid mem access: access type = %d, to = %#x, size = %u, value = %#x", access, address,
                             size, value)

        return True

    def hook_mem_access(self, uc, access, address, size, value, user_data):
        return True

    def emu(self, steps):
        ip = self.mu.reg_read(UC_X86_REG_RIP)
        max_intel_insn_size = 15

        regress.logger.debug("starting at   : %#x", ip)
        self.mu.emu_start(ip, ip + max_intel_insn_size, count=steps)

    def write_data(self, address, content):
        self.mu.mem_write(address, content)

    def write_reg(self, reg, value):
        self.mu.reg_write(reg, value)


class TranslatorBuffer(regress.RegressTest):
    def init_unicorn(self, ip, sp, magic):
        emu = Emulator(ip, sp)

        emu.write_data(ip, b"\xf4" * 8)
        emu.write_data(sp, struct.pack("<Q", magic))

        emu.emu(1)

    @unittest.skipIf(sys.version_info < (3, 7), reason="requires python3.7 or higher")
    def runTest(self):
        ip_base = 0x000fffff816a0000  # was: 0xffffffff816a0000
        sp_base = 0x000f88001b800000  # was: 0xffff88001b800000
        mg_base = 0x000f880026f02000  # was: 0xffff880026f02000

        ips = range(0x9000, 0xf000, 16) # was: ..., 8
        sps = range(0x0000, 0x6000, 16) # was: ..., 8

        for i, (ip, sp) in enumerate(zip(ips, sps)):
            self.init_unicorn(ip_base + ip, sp_base + sp, mg_base + i * 8)


if __name__ == '__main__':
    regress.main()