Example #1
0
File: arch.go Project: eqv/usercorn
func (a *Arch) RegDump(u uc.Unicorn) ([]RegVal, error) {
	ret := make([]RegVal, len(a.Regs))
	for i, r := range a.getRegList() {
		val, err := u.RegRead(r.Enum)
		if err != nil {
			return nil, err
		}
		ret[i] = RegVal{r, val}
	}
	return ret, nil
}
Example #2
0
func (s *WorkingSet) Clear(mu uc.Unicorn) *errors.Error {
	if s.newest == -1 {
		return nil
	}
	for i := s.oldest; i != s.newest; i = (i + 1) % len(s.mapped) {
		err := mu.MemUnmap(s.mapped[i], pagesize)
		if err != nil {
			return wrap(err)
		}
	}
	return nil
}
Example #3
0
func (s *WorkingSet) Map(addr, size uint64, mu uc.Unicorn) error {
	alignment := (addr % pagesize)
	base_addr := addr - alignment
	err := mu.MemMap(base_addr, uint64(pagesize))
	if err != nil {
		return err
	}
	err = mu.MemWrite(base_addr, GetMem(base_addr, pagesize))
	if err != nil {
		return err
	}
	s.StoreInWorkingSet(base_addr, mu)
	if addr+size > base_addr+pagesize { //sometimes we might need to map 2 pages
		s.Map(base_addr+pagesize, 1, mu) //map next pages as well
	}
	return nil
}
Example #4
0
func (a *Arch) RegDump(u uc.Unicorn) ([]RegVal, error) {
	regList := a.getRegList()
	if a.regEnums == nil {
		a.regEnums = make([]int, len(regList))
		for i, r := range regList {
			a.regEnums[i] = r.Enum
		}
	}
	regs, err := u.RegReadBatch(a.regEnums)
	if err != nil {
		return nil, err
	}
	ret := make([]RegVal, len(regList))
	for i, r := range regList {
		ret[i] = RegVal{r, regs[i]}
	}
	return ret, nil
}
Example #5
0
func (s *WorkingSet) StoreInWorkingSet(addr uint64, mu uc.Unicorn) error {
	if s.newest == -1 {
		s.mapped[0] = addr
		s.oldest = 0
		s.newest = 0
	}
	s.newest = (s.newest + 1) % len(s.mapped)
	if s.newest == s.oldest { // unmap old page
		addr_to_unmap := s.mapped[s.oldest]
		err := mu.MemUnmap(addr_to_unmap, pagesize)
		if err != nil {
			return err
		}
	}
	s.oldest = (s.oldest + 1) % len(s.mapped)
	s.mapped[s.newest] = addr
	return nil
}
Example #6
0
func (s *WorkingSet) StoreInWorkingSet(addr uint64, mu uc.Unicorn) *errors.Error {
	if log_mem {
		log.WithFields(log.Fields{"addr": hex(addr)}).Debug("Store In Working Set")
	}
	if s.newest == -1 {
		s.mapped[0] = addr
		s.oldest = 0
		s.newest = 0
	}
	s.newest = (s.newest + 1) % len(s.mapped)
	if s.newest == s.oldest { // unmap old page
		addr_to_unmap := s.mapped[s.oldest]
		if log_mem {
			log.WithFields(log.Fields{"addr_to_unmap": addr_to_unmap}).Debug("unmap")
		}
		err := mu.MemUnmap(addr_to_unmap, pagesize)
		if err != nil {
			return wrap(err)
		}
	}
	s.oldest = (s.oldest + 1) % len(s.mapped)
	s.mapped[s.newest] = addr
	return nil
}
Example #7
0
func addHooks(mu uc.Unicorn) {
	mu.HookAdd(uc.HOOK_BLOCK, func(mu uc.Unicorn, addr uint64, size uint32) {
		fmt.Printf("Block: 0x%x, 0x%x\n", addr, size)
	}, 1, 0)
	mu.HookAdd(uc.HOOK_CODE, func(mu uc.Unicorn, addr uint64, size uint32) {
		fmt.Printf("Code: 0x%x, 0x%x\n", addr, size)
	}, 1, 0)
	mu.HookAdd(uc.HOOK_MEM_READ|uc.HOOK_MEM_WRITE, func(mu uc.Unicorn, access int, addr uint64, size int, value int64) {
		if access == uc.MEM_WRITE {
			fmt.Printf("Mem write")
		} else {
			fmt.Printf("Mem read")
		}
		fmt.Printf(": @0x%x, 0x%x = 0x%x\n", addr, size, value)
	}, 1, 0)
	invalid := uc.HOOK_MEM_READ_INVALID | uc.HOOK_MEM_WRITE_INVALID | uc.HOOK_MEM_FETCH_INVALID
	mu.HookAdd(invalid, func(mu uc.Unicorn, access int, addr uint64, size int, value int64) bool {
		switch access {
		case uc.MEM_WRITE_UNMAPPED | uc.MEM_WRITE_PROT:
			fmt.Printf("invalid write")
		case uc.MEM_READ_UNMAPPED | uc.MEM_READ_PROT:
			fmt.Printf("invalid read")
		case uc.MEM_FETCH_UNMAPPED | uc.MEM_FETCH_PROT:
			fmt.Printf("invalid fetch")
		default:
			fmt.Printf("unknown memory error")
		}
		fmt.Printf(": @0x%x, 0x%x = 0x%x\n", addr, size, value)
		return false
	}, 1, 0)
	mu.HookAdd(uc.HOOK_INSN, func(mu uc.Unicorn) {
		rax, _ := mu.RegRead(uc.X86_REG_RAX)
		fmt.Printf("Syscall: %d\n", rax)
	}, 1, 0, uc.X86_INS_SYSCALL)
}