2015-08-24 18:07:33 +03:00
|
|
|
#include <unicorn/unicorn.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
#define UC_BUG_WRITE_SIZE 128
|
|
|
|
#define UC_BUG_WRITE_ADDR 0x1000 // fix this by change this to 0x2000
|
|
|
|
|
|
|
|
int got_sigill = 0;
|
|
|
|
|
2015-09-05 06:20:32 +03:00
|
|
|
void _interrupt(uc_engine *uc, uint32_t intno, void *user_data)
|
2015-08-28 13:21:36 +03:00
|
|
|
{
|
2015-08-24 18:07:33 +03:00
|
|
|
if (intno == 6) {
|
2015-08-26 16:29:28 +03:00
|
|
|
uc_emu_stop(uc);
|
2015-08-28 13:21:36 +03:00
|
|
|
got_sigill = 1;
|
2015-08-24 18:07:33 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-08-28 13:21:36 +03:00
|
|
|
int main()
|
|
|
|
{
|
2015-08-24 18:07:33 +03:00
|
|
|
int size;
|
|
|
|
uint8_t *buf;
|
2015-09-05 06:20:32 +03:00
|
|
|
uc_engine *uc;
|
|
|
|
uc_hook uh_trap;
|
2015-08-26 16:29:28 +03:00
|
|
|
uc_err err = uc_open (UC_ARCH_X86, UC_MODE_64, &uc);
|
2015-08-24 18:07:33 +03:00
|
|
|
if (err) {
|
|
|
|
fprintf (stderr, "Cannot initialize unicorn\n");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
size = UC_BUG_WRITE_SIZE;
|
|
|
|
buf = malloc (size);
|
|
|
|
if (!buf) {
|
|
|
|
fprintf (stderr, "Cannot allocate\n");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
memset (buf, 0, size);
|
2015-08-30 07:02:33 +03:00
|
|
|
if (!uc_mem_map(uc, UC_BUG_WRITE_ADDR, size, UC_PROT_ALL)) {
|
2015-08-26 16:29:28 +03:00
|
|
|
uc_mem_write(uc, UC_BUG_WRITE_ADDR,
|
2015-08-28 13:21:36 +03:00
|
|
|
(const uint8_t*)"\xff\xff\xff\xff\xff\xff\xff\xff", 8);
|
2015-08-24 18:07:33 +03:00
|
|
|
}
|
2015-08-26 16:29:28 +03:00
|
|
|
uc_hook_add(uc, &uh_trap, UC_HOOK_INTR, _interrupt, NULL);
|
|
|
|
uc_emu_start(uc, UC_BUG_WRITE_ADDR, UC_BUG_WRITE_ADDR+8, 0, 1);
|
|
|
|
uc_close(uc);
|
2015-08-24 18:07:33 +03:00
|
|
|
printf ("Correct: %s\n", got_sigill? "YES": "NO");
|
|
|
|
return got_sigill? 0: 1;
|
|
|
|
}
|