func addHooks(mu uc.Unicorn) {
mu.HookAdd(uc.HOOK_BLOCK, func(mu uc.Unicorn, addr uint64, size uint32) {
fmt.Printf("Block: 0x%x, 0x%x\n", addr, size)
}, 1, 0)
mu.HookAdd(uc.HOOK_CODE, func(mu uc.Unicorn, addr uint64, size uint32) {
fmt.Printf("Code: 0x%x, 0x%x\n", addr, size)
}, 1, 0)
mu.HookAdd(uc.HOOK_MEM_READ|uc.HOOK_MEM_WRITE, func(mu uc.Unicorn, access int, addr uint64, size int, value int64) {
if access == uc.MEM_WRITE {
fmt.Printf("Mem write")
} else {
fmt.Printf("Mem read")
}
fmt.Printf(": @0x%x, 0x%x = 0x%x\n", addr, size, value)
}, 1, 0)
invalid := uc.HOOK_MEM_READ_INVALID | uc.HOOK_MEM_WRITE_INVALID | uc.HOOK_MEM_FETCH_INVALID
mu.HookAdd(invalid, func(mu uc.Unicorn, access int, addr uint64, size int, value int64) bool {
switch access {
case uc.MEM_WRITE_UNMAPPED | uc.MEM_WRITE_PROT:
fmt.Printf("invalid write")
case uc.MEM_READ_UNMAPPED | uc.MEM_READ_PROT:
fmt.Printf("invalid read")
case uc.MEM_FETCH_UNMAPPED | uc.MEM_FETCH_PROT:
fmt.Printf("invalid fetch")
default:
fmt.Printf("unknown memory error")
}
fmt.Printf(": @0x%x, 0x%x = 0x%x\n", addr, size, value)
return false
}, 1, 0)
mu.HookAdd(uc.HOOK_INSN, func(mu uc.Unicorn) {
rax, _ := mu.RegRead(uc.X86_REG_RAX)
fmt.Printf("Syscall: %d\n", rax)
}, 1, 0, uc.X86_INS_SYSCALL)
}
func (a *Arch) RegDump(u uc.Unicorn) ([]RegVal, error) {
ret := make([]RegVal, len(a.Regs))
for i, r := range a.getRegList() {
val, err := u.RegRead(r.Enum)
if err != nil {
return nil, err
}
ret[i] = RegVal{r, val}
}
return ret, nil
}