func (a *Arch) RegDump(u uc.Unicorn) ([]RegVal, error) { ret := make([]RegVal, len(a.Regs)) for i, r := range a.getRegList() { val, err := u.RegRead(r.Enum) if err != nil { return nil, err } ret[i] = RegVal{r, val} } return ret, nil }
func (s *WorkingSet) Clear(mu uc.Unicorn) *errors.Error { if s.newest == -1 { return nil } for i := s.oldest; i != s.newest; i = (i + 1) % len(s.mapped) { err := mu.MemUnmap(s.mapped[i], pagesize) if err != nil { return wrap(err) } } return nil }
func (s *WorkingSet) Map(addr, size uint64, mu uc.Unicorn) error { alignment := (addr % pagesize) base_addr := addr - alignment err := mu.MemMap(base_addr, uint64(pagesize)) if err != nil { return err } err = mu.MemWrite(base_addr, GetMem(base_addr, pagesize)) if err != nil { return err } s.StoreInWorkingSet(base_addr, mu) if addr+size > base_addr+pagesize { //sometimes we might need to map 2 pages s.Map(base_addr+pagesize, 1, mu) //map next pages as well } return nil }
func (a *Arch) RegDump(u uc.Unicorn) ([]RegVal, error) { regList := a.getRegList() if a.regEnums == nil { a.regEnums = make([]int, len(regList)) for i, r := range regList { a.regEnums[i] = r.Enum } } regs, err := u.RegReadBatch(a.regEnums) if err != nil { return nil, err } ret := make([]RegVal, len(regList)) for i, r := range regList { ret[i] = RegVal{r, regs[i]} } return ret, nil }
func (s *WorkingSet) StoreInWorkingSet(addr uint64, mu uc.Unicorn) error { if s.newest == -1 { s.mapped[0] = addr s.oldest = 0 s.newest = 0 } s.newest = (s.newest + 1) % len(s.mapped) if s.newest == s.oldest { // unmap old page addr_to_unmap := s.mapped[s.oldest] err := mu.MemUnmap(addr_to_unmap, pagesize) if err != nil { return err } } s.oldest = (s.oldest + 1) % len(s.mapped) s.mapped[s.newest] = addr return nil }
func (s *WorkingSet) StoreInWorkingSet(addr uint64, mu uc.Unicorn) *errors.Error { if log_mem { log.WithFields(log.Fields{"addr": hex(addr)}).Debug("Store In Working Set") } if s.newest == -1 { s.mapped[0] = addr s.oldest = 0 s.newest = 0 } s.newest = (s.newest + 1) % len(s.mapped) if s.newest == s.oldest { // unmap old page addr_to_unmap := s.mapped[s.oldest] if log_mem { log.WithFields(log.Fields{"addr_to_unmap": addr_to_unmap}).Debug("unmap") } err := mu.MemUnmap(addr_to_unmap, pagesize) if err != nil { return wrap(err) } } s.oldest = (s.oldest + 1) % len(s.mapped) s.mapped[s.newest] = addr return nil }
func addHooks(mu uc.Unicorn) { mu.HookAdd(uc.HOOK_BLOCK, func(mu uc.Unicorn, addr uint64, size uint32) { fmt.Printf("Block: 0x%x, 0x%x\n", addr, size) }, 1, 0) mu.HookAdd(uc.HOOK_CODE, func(mu uc.Unicorn, addr uint64, size uint32) { fmt.Printf("Code: 0x%x, 0x%x\n", addr, size) }, 1, 0) mu.HookAdd(uc.HOOK_MEM_READ|uc.HOOK_MEM_WRITE, func(mu uc.Unicorn, access int, addr uint64, size int, value int64) { if access == uc.MEM_WRITE { fmt.Printf("Mem write") } else { fmt.Printf("Mem read") } fmt.Printf(": @0x%x, 0x%x = 0x%x\n", addr, size, value) }, 1, 0) invalid := uc.HOOK_MEM_READ_INVALID | uc.HOOK_MEM_WRITE_INVALID | uc.HOOK_MEM_FETCH_INVALID mu.HookAdd(invalid, func(mu uc.Unicorn, access int, addr uint64, size int, value int64) bool { switch access { case uc.MEM_WRITE_UNMAPPED | uc.MEM_WRITE_PROT: fmt.Printf("invalid write") case uc.MEM_READ_UNMAPPED | uc.MEM_READ_PROT: fmt.Printf("invalid read") case uc.MEM_FETCH_UNMAPPED | uc.MEM_FETCH_PROT: fmt.Printf("invalid fetch") default: fmt.Printf("unknown memory error") } fmt.Printf(": @0x%x, 0x%x = 0x%x\n", addr, size, value) return false }, 1, 0) mu.HookAdd(uc.HOOK_INSN, func(mu uc.Unicorn) { rax, _ := mu.RegRead(uc.X86_REG_RAX) fmt.Printf("Syscall: %d\n", rax) }, 1, 0, uc.X86_INS_SYSCALL) }