yuzu-emu/unicorn
1
0
Fork 0
mirror of https://github.com/yuzu-emu/unicorn.git synced 2024-10-19 04:18:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
837d3787c0
unicorn/tests/unit/test_x86_rip_bug.c
xorstream fac6a66860 platform.h move #3
2017-01-21 00:13:21 +11:00

272 lines
7.2 KiB
C
Raw Blame History

#include "unicorn/platform.h"
#include "unicorn/platform.h"
#include <unicorn/unicorn.h>
#include "unicorn_test.h"
/**
* Initialize i386 Unicorn Instance
*/
static int setup_i386(void **state)
{
uc_engine *uc;
uc_assert_success(uc_open(UC_ARCH_X86, UC_MODE_32, &uc));
*state = uc;
return 0;
}
/**
* Initialize amd64 Unicorn Instance
*/
static int setup_amd64(void **state)
{
uc_engine *uc;
uc_assert_success(uc_open(UC_ARCH_X86, UC_MODE_64, &uc));
*state = uc;
return 0;
}
/**
* Shutdown a Unicorn Instance
*/
static int teardown(void **state)
{
uc_engine *uc = *state;
uc_assert_success(uc_close(uc));
*state = NULL;
return 0;
}
/***********************************************************************************/
typedef struct {
bool good;
uint64_t actual;
uint64_t expected;
} TestData;
const uint64_t CodePage = 0x10000;
const uint64_t CodeSize = 0x4000;
/**
* Hook for reading unmapped memory in the i386 Unicorn Instance.
*
* BUG: EIP from uc_reg_read does not match expected value.
*/
static bool mem_hook_i386(uc_engine *uc, uc_mem_type type,
uint64_t address, int size, int64_t value, void *user_data)
{
TestData *data = user_data;
if (type == UC_MEM_READ_UNMAPPED)
{
uint32_t eip;
uint32_t eax;
uc_reg_read(uc, UC_X86_REG_EIP, &eip);
uc_reg_read(uc, UC_X86_REG_EAX, &eax);
data->actual = eip;
data->expected = CodePage + 0x05;
/**
* Code:
* 0x10000: mov eax, 0x41414141 ;; <- Returned EIP
* 0x10005: mov ecx, [eax] ;; <- Expected EIP
*/
if ((eax == 0x41414141) && // Proof we're at 0x10005.
(eip != (CodePage + 0x5))) // Proof uc_reg_read is wrong
{
data->good = false;
}
else
data->good = true;
}
return false;
}
/**
* Hook for reading unmapped memory in the amd64 Unicorn Instance.
*
* BUG: RIP from uc_reg_read does not match expected value.
*/
static bool mem_hook_amd64(uc_engine *uc, uc_mem_type type,
uint64_t address, int size, int64_t value, void *user_data)
{
TestData *data = user_data;
if (type == UC_MEM_READ_UNMAPPED)
{
uint64_t rip;
uint64_t rax;
uc_reg_read(uc, UC_X86_REG_RIP, &rip);
uc_reg_read(uc, UC_X86_REG_RAX, &rax);
data->actual = rip;
data->expected = CodePage + 0x0A;
/**
* Code:
* 0x10000: mov rax, 0x4141414141414141 ;; <- Returned RIP
* 0x10005: mov rcx, [rax] ;; <- Expected RIP
*/
if ((rax == 0x4141414141414141) && // Proof we're at 0x10005
(rip != (CodePage + 0xA))) // Proof uc_reg_read is wrong
{
data->good = false;
}
else
data->good = true;
}
return false;
}
/**
* Empty Code Hook.
*/
static void code_hook(uc_engine *uc, uint64_t addr, uint32_t size, void *user)
{
(void) uc;
(void) addr;
(void) size;
(void) user;
}
/**
* Test the bug for i386.
*
* 1. Map Code Page
* 2. Write Code to page.
* 3. Install Unmapped Read hook.
* 4. Run the VM.
*/
static void test_i386(void **state)
{
TestData data;
uc_engine *uc = *state;
uc_hook trace1;
const uint8_t i386_bug[] = {
0xb8, 0x41, 0x41, 0x41, 0x41, // mov eax, 0x41414141
0x8b, 0x08 // mov ecx, [eax]
};
uc_assert_success(uc_mem_map(uc, CodePage, CodeSize, UC_PROT_ALL));
uc_assert_success(uc_mem_write(uc, CodePage, i386_bug, sizeof(i386_bug)));
uc_assert_success(uc_hook_add(uc, &trace1, UC_HOOK_MEM_READ_UNMAPPED, mem_hook_i386, &data, 1, 0));
uc_assert_fail(uc_emu_start(uc, CodePage, CodePage + sizeof(i386_bug), 0, 0));
if (!data.good)
fail_msg("De-synced RIP value. 0x%"PRIX64" != 0x%"PRIX64"\n", data.expected, data.actual);
}
/**
* Test the bug for amd64..
*
* 1. Map Code Page
* 2. Write Code to page.
* 3. Install Unmapped Read hook.
* 4. Run the VM.
*/
static void test_amd64(void **state)
{
TestData data;
uc_engine *uc = *state;
uc_hook trace1;
const uint8_t amd64_bug[] = {
0x48, 0xb8, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x48, 0x8b, 0x08
};
uc_assert_success(uc_mem_map(uc, CodePage, CodeSize, UC_PROT_ALL));
uc_assert_success(uc_mem_write(uc, CodePage, amd64_bug, sizeof(amd64_bug)));
uc_assert_success(uc_hook_add(uc, &trace1, UC_HOOK_MEM_READ_UNMAPPED, mem_hook_amd64, &data, 1, 0));
uc_assert_fail(uc_emu_start(uc, CodePage, CodePage + sizeof(amd64_bug), 0, 0));
if (!data.good)
fail_msg("De-synced RIP value. 0x%"PRIX64" != 0x%"PRIX64"\n", data.expected, data.actual);
}
/**
* Test temporary fix for bug for i386.
*
* 1. Map Code Page
* 2. Write Code to page.
* 3. Install Unmapped Read hook.
* 4. Install Code hook.
* 5. Run the VM.
*/
static void test_i386_fix(void **state)
{
TestData data;
uc_engine *uc = *state;
uc_hook trace1, trace2;
const uint8_t i386_bug[] = {
0xb8, 0x41, 0x41, 0x41, 0x41, // mov eax, 0x41414141
0x8b, 0x08 // mov ecx, [eax]
};
uc_assert_success(uc_mem_map(uc, CodePage, CodeSize, UC_PROT_ALL));
uc_assert_success(uc_mem_write(uc, CodePage, i386_bug, sizeof(i386_bug)));
uc_assert_success(uc_hook_add(uc, &trace1, UC_HOOK_MEM_READ_UNMAPPED, mem_hook_i386, &data, 1, 0));
uc_assert_success(uc_hook_add(uc, &trace2, UC_HOOK_CODE, code_hook, NULL, 1, 0));
uc_assert_fail(uc_emu_start(uc, CodePage, CodePage + sizeof(i386_bug), 0, 0));
if (!data.good)
fail_msg("De-synced RIP value. 0x%"PRIX64" != 0x%"PRIX64"\n", data.expected, data.actual);
}
/**
* Test temporary fix for bug for amd64..
*
* 1. Map Code Page
* 2. Write Code to page.
* 3. Install Unmapped Read hook.
* 4. Install Code hook.
* 5. Run the VM.
*/
static void test_amd64_fix(void **state)
{
TestData data;
uc_engine *uc = *state;
uc_hook trace1, trace2;
const uint8_t amd64_bug[] = {
0x48, 0xb8, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x48, 0x8b, 0x08
};
uc_assert_success(uc_mem_map(uc, CodePage, CodeSize, UC_PROT_ALL));
uc_assert_success(uc_mem_write(uc, CodePage, amd64_bug, sizeof(amd64_bug)));
uc_assert_success(uc_hook_add(uc, &trace1, UC_HOOK_MEM_READ_UNMAPPED, mem_hook_amd64, &data, 1, 0));
uc_assert_success(uc_hook_add(uc, &trace2, UC_HOOK_CODE, code_hook, NULL, 1, 0));
uc_assert_fail(uc_emu_start(uc, CodePage, CodePage + sizeof(amd64_bug), 0, 0));
if (!data.good)
fail_msg("De-synced RIP value. 0x%"PRIX64" != 0x%"PRIX64"\n", data.expected, data.actual);
}
/**
* Run all tests
*/
int main(int argc, char **argv, char **envp)
{
const struct CMUnitTest tests[] = {
cmocka_unit_test_setup_teardown(test_i386, setup_i386, teardown),
cmocka_unit_test_setup_teardown(test_amd64, setup_amd64, teardown),
cmocka_unit_test_setup_teardown(test_i386_fix, setup_i386, teardown),
cmocka_unit_test_setup_teardown(test_amd64_fix, setup_amd64, teardown)
};
return cmocka_run_group_tests(tests, NULL, NULL);
}
Reference in New Issue View Git Blame Copy Permalink