2022-08-31 18:26:01 +03:00
|
|
|
#include "acutest.h"
|
|
|
|
|
#include "unicorn/unicorn.h"
|
2021-10-03 17:14:44 +03:00
|
|
|
#include "unicorn_test.h"
|
2022-08-31 18:26:01 +03:00
|
|
|
#include <stdbool.h>
|
|
|
|
|
#include <stdio.h>
|
2021-10-03 17:14:44 +03:00
|
|
|
|
|
|
|
|
const uint64_t code_start = 0x1000;
|
|
|
|
|
const uint64_t code_len = 0x4000;
|
|
|
|
|
|
2021-10-29 13:44:49 +03:00
|
|
|
static void uc_common_setup(uc_engine **uc, uc_arch arch, uc_mode mode,
|
2022-08-31 18:26:01 +03:00
|
|
|
const char *code, uint64_t size, uc_cpu_arm64 cpu)
|
2021-10-29 13:44:49 +03:00
|
|
|
{
|
2021-10-19 18:12:52 +03:00
|
|
|
OK(uc_open(arch, mode, uc));
|
2022-01-05 22:02:21 +03:00
|
|
|
OK(uc_ctl_set_cpu_model(*uc, cpu));
|
2021-10-19 18:12:52 +03:00
|
|
|
OK(uc_mem_map(*uc, code_start, code_len, UC_PROT_ALL));
|
|
|
|
|
OK(uc_mem_write(*uc, code_start, code, size));
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-16 14:40:04 +03:00
|
|
|
static void test_arm64_until(void)
|
2021-10-29 13:44:49 +03:00
|
|
|
{
|
|
|
|
|
uc_engine *uc;
|
|
|
|
|
char code[] = "\x30\x00\x80\xd2\x11\x04\x80\xd2\x9c\x23\x00\x91";
|
2021-10-19 18:12:52 +03:00
|
|
|
|
2021-10-29 13:44:49 +03:00
|
|
|
/*
|
|
|
|
|
mov x16, #1
|
|
|
|
|
mov x17, #0x20
|
|
|
|
|
add x28, x28, 8
|
|
|
|
|
*/
|
2021-10-19 18:12:52 +03:00
|
|
|
|
2021-10-29 13:44:49 +03:00
|
|
|
uint64_t r_x16 = 0x12341234;
|
|
|
|
|
uint64_t r_x17 = 0x78907890;
|
|
|
|
|
uint64_t r_pc = 0x00000000;
|
|
|
|
|
uint64_t r_x28 = 0x12341234;
|
2021-10-19 18:12:52 +03:00
|
|
|
|
2022-01-05 23:56:58 +03:00
|
|
|
uc_common_setup(&uc, UC_ARCH_ARM64, UC_MODE_ARM, code, sizeof(code) - 1,
|
2022-04-16 18:49:47 +03:00
|
|
|
UC_CPU_ARM64_A72);
|
2021-10-19 18:12:52 +03:00
|
|
|
|
2021-10-29 13:44:49 +03:00
|
|
|
// initialize machine registers
|
|
|
|
|
OK(uc_reg_write(uc, UC_ARM64_REG_X16, &r_x16));
|
|
|
|
|
OK(uc_reg_write(uc, UC_ARM64_REG_X17, &r_x17));
|
|
|
|
|
OK(uc_reg_write(uc, UC_ARM64_REG_X28, &r_x28));
|
2021-10-19 18:12:52 +03:00
|
|
|
|
2021-10-29 13:44:49 +03:00
|
|
|
// emulate the three instructions
|
|
|
|
|
OK(uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 3));
|
2021-10-19 18:12:52 +03:00
|
|
|
|
2021-10-29 13:44:49 +03:00
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X16, &r_x16));
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X17, &r_x17));
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X28, &r_x28));
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_PC, &r_pc));
|
2021-10-19 18:12:52 +03:00
|
|
|
|
2021-10-29 13:44:49 +03:00
|
|
|
TEST_CHECK(r_x16 == 0x1);
|
|
|
|
|
TEST_CHECK(r_x17 == 0x20);
|
|
|
|
|
TEST_CHECK(r_x28 == 0x1234123c);
|
|
|
|
|
TEST_CHECK(r_pc == (code_start + sizeof(code) - 1));
|
2021-10-19 18:12:52 +03:00
|
|
|
|
2021-10-29 13:44:49 +03:00
|
|
|
OK(uc_close(uc));
|
2021-10-19 18:12:52 +03:00
|
|
|
}
|
|
|
|
|
|
2022-04-16 14:40:04 +03:00
|
|
|
static void test_arm64_code_patching(void)
|
2021-12-22 22:37:15 +03:00
|
|
|
{
|
2021-12-10 17:27:54 +03:00
|
|
|
uc_engine *uc;
|
|
|
|
|
char code[] = "\x00\x04\x00\x11"; // add w0, w0, 0x1
|
2022-01-05 23:56:58 +03:00
|
|
|
uc_common_setup(&uc, UC_ARCH_ARM64, UC_MODE_ARM, code, sizeof(code) - 1,
|
2022-04-16 18:49:47 +03:00
|
|
|
UC_CPU_ARM64_A72);
|
2021-12-10 17:27:54 +03:00
|
|
|
// zero out x0
|
|
|
|
|
uint64_t r_x0 = 0x0;
|
|
|
|
|
OK(uc_reg_write(uc, UC_ARM64_REG_X0, &r_x0));
|
|
|
|
|
// emulate the instruction
|
2021-12-22 22:37:15 +03:00
|
|
|
OK(uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0));
|
2021-12-10 17:27:54 +03:00
|
|
|
// check value
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X0, &r_x0));
|
|
|
|
|
TEST_CHECK(r_x0 == 0x1);
|
|
|
|
|
// patch instruction
|
|
|
|
|
char patch_code[] = "\x00\xfc\x1f\x11"; // add w0, w0, 0x7FF
|
|
|
|
|
OK(uc_mem_write(uc, code_start, patch_code, sizeof(patch_code) - 1));
|
|
|
|
|
// zero out x0
|
|
|
|
|
r_x0 = 0x0;
|
|
|
|
|
OK(uc_reg_write(uc, UC_ARM64_REG_X0, &r_x0));
|
2021-12-22 22:37:15 +03:00
|
|
|
OK(uc_emu_start(uc, code_start, code_start + sizeof(patch_code) - 1, 0, 0));
|
2021-12-10 17:27:54 +03:00
|
|
|
// check value
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X0, &r_x0));
|
|
|
|
|
TEST_CHECK(r_x0 != 0x1);
|
|
|
|
|
TEST_CHECK(r_x0 == 0x7ff);
|
|
|
|
|
|
|
|
|
|
OK(uc_close(uc));
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-17 16:55:08 +03:00
|
|
|
// Need to flush the cache before running the emulation after patching
|
2022-04-16 14:40:04 +03:00
|
|
|
static void test_arm64_code_patching_count(void)
|
2021-12-22 22:37:15 +03:00
|
|
|
{
|
2021-12-10 17:27:54 +03:00
|
|
|
uc_engine *uc;
|
|
|
|
|
char code[] = "\x00\x04\x00\x11"; // add w0, w0, 0x1
|
2022-01-05 23:56:58 +03:00
|
|
|
uc_common_setup(&uc, UC_ARCH_ARM64, UC_MODE_ARM, code, sizeof(code) - 1,
|
2022-04-16 18:49:47 +03:00
|
|
|
UC_CPU_ARM64_A72);
|
2021-12-10 17:27:54 +03:00
|
|
|
// zero out x0
|
|
|
|
|
uint64_t r_x0 = 0x0;
|
|
|
|
|
OK(uc_reg_write(uc, UC_ARM64_REG_X0, &r_x0));
|
|
|
|
|
// emulate the instruction
|
|
|
|
|
OK(uc_emu_start(uc, code_start, -1, 0, 1));
|
|
|
|
|
// check value
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X0, &r_x0));
|
|
|
|
|
TEST_CHECK(r_x0 == 0x1);
|
|
|
|
|
// patch instruction
|
|
|
|
|
char patch_code[] = "\x00\xfc\x1f\x11"; // add w0, w0, 0x7FF
|
|
|
|
|
OK(uc_mem_write(uc, code_start, patch_code, sizeof(patch_code) - 1));
|
2021-12-22 22:37:15 +03:00
|
|
|
OK(uc_ctl_remove_cache(uc, code_start,
|
|
|
|
|
code_start + sizeof(patch_code) - 1));
|
2021-12-10 17:27:54 +03:00
|
|
|
// zero out x0
|
|
|
|
|
r_x0 = 0x0;
|
|
|
|
|
OK(uc_reg_write(uc, UC_ARM64_REG_X0, &r_x0));
|
|
|
|
|
OK(uc_emu_start(uc, code_start, -1, 0, 1));
|
|
|
|
|
// check value
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X0, &r_x0));
|
|
|
|
|
TEST_CHECK(r_x0 != 0x1);
|
|
|
|
|
TEST_CHECK(r_x0 == 0x7ff);
|
|
|
|
|
|
|
|
|
|
OK(uc_close(uc));
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-16 14:40:04 +03:00
|
|
|
static void test_arm64_v8_pac(void)
|
2022-01-05 23:56:58 +03:00
|
|
|
{
|
2022-01-05 22:02:21 +03:00
|
|
|
uc_engine *uc;
|
|
|
|
|
char code[] = "\x28\xfd\xea\xc8"; // casal x10, x8, [x9]
|
|
|
|
|
uint64_t r_x9, r_x8, mem;
|
|
|
|
|
|
2022-01-05 23:56:58 +03:00
|
|
|
uc_common_setup(&uc, UC_ARCH_ARM64, UC_MODE_ARM, code, sizeof(code) - 1,
|
2022-04-16 18:49:47 +03:00
|
|
|
UC_CPU_ARM64_MAX);
|
2022-01-05 22:02:21 +03:00
|
|
|
|
|
|
|
|
OK(uc_mem_map(uc, 0x40000, 0x1000, UC_PROT_ALL));
|
|
|
|
|
OK(uc_mem_write(uc, 0x40000, "\x00\x00\x00\x00\x00\x00\x00\x00", 8));
|
|
|
|
|
r_x9 = 0x40000;
|
|
|
|
|
OK(uc_reg_write(uc, UC_ARM64_REG_X9, &r_x9));
|
|
|
|
|
r_x8 = 0xdeadbeafdeadbeaf;
|
|
|
|
|
OK(uc_reg_write(uc, UC_ARM64_REG_X8, &r_x8));
|
|
|
|
|
|
|
|
|
|
OK(uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0));
|
|
|
|
|
|
2022-01-05 23:56:58 +03:00
|
|
|
OK(uc_mem_read(uc, 0x40000, (void *)&mem, 8));
|
2022-01-05 22:02:21 +03:00
|
|
|
|
|
|
|
|
TEST_CHECK(mem == r_x8);
|
|
|
|
|
|
|
|
|
|
OK(uc_close(uc));
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-16 14:40:04 +03:00
|
|
|
static void test_arm64_read_sctlr(void)
|
2022-02-12 00:13:01 +03:00
|
|
|
{
|
|
|
|
|
uc_engine *uc;
|
|
|
|
|
uc_arm64_cp_reg reg;
|
|
|
|
|
|
|
|
|
|
OK(uc_open(UC_ARCH_ARM64, UC_MODE_LITTLE_ENDIAN | UC_MODE_ARM, &uc));
|
|
|
|
|
|
|
|
|
|
// SCTLR_EL1. See arm reference.
|
|
|
|
|
reg.crn = 1;
|
|
|
|
|
reg.crm = 0;
|
|
|
|
|
reg.op0 = 0b11;
|
|
|
|
|
reg.op1 = 0;
|
|
|
|
|
reg.op2 = 0;
|
|
|
|
|
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_CP_REG, ®));
|
|
|
|
|
|
|
|
|
|
TEST_CHECK((reg.val >> 58) == 0);
|
|
|
|
|
|
|
|
|
|
OK(uc_close(uc));
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-27 16:59:52 +03:00
|
|
|
static uint32_t test_arm64_mrs_hook_cb(uc_engine *uc, uc_arm64_reg reg,
|
|
|
|
|
const uc_arm64_cp_reg *cp_reg)
|
|
|
|
|
{
|
|
|
|
|
uint64_t r_x2 = 0x114514;
|
|
|
|
|
|
|
|
|
|
OK(uc_reg_write(uc, reg, &r_x2));
|
|
|
|
|
|
|
|
|
|
// Skip
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-16 14:40:04 +03:00
|
|
|
static void test_arm64_mrs_hook(void)
|
2022-02-27 16:59:52 +03:00
|
|
|
{
|
|
|
|
|
uc_engine *uc;
|
|
|
|
|
uc_hook hk;
|
|
|
|
|
uint64_t r_x2;
|
|
|
|
|
// mrs x2, tpidrro_el0
|
|
|
|
|
char code[] = "\x62\xd0\x3b\xd5";
|
|
|
|
|
|
|
|
|
|
uc_common_setup(&uc, UC_ARCH_ARM64, UC_MODE_LITTLE_ENDIAN | UC_MODE_ARM,
|
2022-04-16 18:49:47 +03:00
|
|
|
code, sizeof(code) - 1, UC_CPU_ARM64_A72);
|
2022-02-27 16:59:52 +03:00
|
|
|
|
|
|
|
|
OK(uc_hook_add(uc, &hk, UC_HOOK_INSN, (void *)test_arm64_mrs_hook_cb, NULL,
|
|
|
|
|
1, 0, UC_ARM64_INS_MRS));
|
|
|
|
|
|
|
|
|
|
OK(uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0));
|
|
|
|
|
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X2, &r_x2));
|
|
|
|
|
|
|
|
|
|
TEST_CHECK(r_x2 == 0x114514);
|
|
|
|
|
|
|
|
|
|
OK(uc_hook_del(uc, hk));
|
|
|
|
|
|
|
|
|
|
OK(uc_close(uc));
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-23 13:30:44 +03:00
|
|
|
static bool test_arm64_correct_address_in_small_jump_hook_callback(
|
|
|
|
|
uc_engine *uc, int type, uint64_t address, int size, int64_t value,
|
|
|
|
|
void *user_data)
|
2022-05-04 19:03:06 +03:00
|
|
|
{
|
2022-05-23 13:30:44 +03:00
|
|
|
// Check registers
|
|
|
|
|
uint64_t r_x0 = 0x0;
|
|
|
|
|
uint64_t r_pc = 0x0;
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X0, &r_x0));
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_PC, &r_pc));
|
|
|
|
|
TEST_CHECK(r_x0 == 0x7F00);
|
|
|
|
|
TEST_CHECK(r_pc == 0x7F00);
|
|
|
|
|
|
|
|
|
|
// Check address
|
|
|
|
|
// printf("%lx\n", address);
|
|
|
|
|
TEST_CHECK(address == 0x7F00);
|
|
|
|
|
|
|
|
|
|
return false;
|
2022-05-04 19:03:06 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void test_arm64_correct_address_in_small_jump_hook(void)
|
|
|
|
|
{
|
|
|
|
|
uc_engine *uc;
|
|
|
|
|
// mov x0, 0x7F00;
|
|
|
|
|
// br x0
|
|
|
|
|
char code[] = "\x00\xe0\x8f\xd2\x00\x00\x1f\xd6";
|
|
|
|
|
|
|
|
|
|
uint64_t r_x0 = 0x0;
|
|
|
|
|
uint64_t r_pc = 0x0;
|
|
|
|
|
uc_hook hook;
|
|
|
|
|
|
2022-05-23 13:30:44 +03:00
|
|
|
uc_common_setup(&uc, UC_ARCH_ARM64, UC_MODE_ARM, code, sizeof(code) - 1,
|
|
|
|
|
UC_CPU_ARM64_A72);
|
|
|
|
|
OK(uc_hook_add(uc, &hook, UC_HOOK_MEM_UNMAPPED,
|
|
|
|
|
test_arm64_correct_address_in_small_jump_hook_callback, NULL,
|
|
|
|
|
1, 0));
|
2022-05-04 19:03:06 +03:00
|
|
|
|
|
|
|
|
uc_assert_err(
|
|
|
|
|
UC_ERR_FETCH_UNMAPPED,
|
|
|
|
|
uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0));
|
|
|
|
|
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X0, &r_x0));
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_PC, &r_pc));
|
|
|
|
|
TEST_CHECK(r_x0 == 0x7F00);
|
|
|
|
|
TEST_CHECK(r_pc == 0x7F00);
|
|
|
|
|
|
|
|
|
|
OK(uc_close(uc));
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-23 13:30:44 +03:00
|
|
|
static bool test_arm64_correct_address_in_long_jump_hook_callback(
|
|
|
|
|
uc_engine *uc, int type, uint64_t address, int size, int64_t value,
|
|
|
|
|
void *user_data)
|
2022-05-04 19:03:06 +03:00
|
|
|
{
|
2022-05-23 13:30:44 +03:00
|
|
|
// Check registers
|
|
|
|
|
uint64_t r_x0 = 0x0;
|
|
|
|
|
uint64_t r_pc = 0x0;
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X0, &r_x0));
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_PC, &r_pc));
|
|
|
|
|
TEST_CHECK(r_x0 == 0x7FFFFFFFFFFFFF00);
|
|
|
|
|
TEST_CHECK(r_pc == 0x7FFFFFFFFFFFFF00);
|
|
|
|
|
|
|
|
|
|
// Check address
|
|
|
|
|
// printf("%lx\n", address);
|
|
|
|
|
TEST_CHECK(address == 0x7FFFFFFFFFFFFF00);
|
|
|
|
|
|
|
|
|
|
return false;
|
2022-05-04 19:03:06 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void test_arm64_correct_address_in_long_jump_hook(void)
|
|
|
|
|
{
|
|
|
|
|
uc_engine *uc;
|
|
|
|
|
// mov x0, 0x7FFFFFFFFFFFFF00;
|
|
|
|
|
// br x0
|
|
|
|
|
char code[] = "\xe0\xdb\x78\xb2\x00\x00\x1f\xd6";
|
|
|
|
|
|
|
|
|
|
uint64_t r_x0 = 0x0;
|
|
|
|
|
uint64_t r_pc = 0x0;
|
|
|
|
|
uc_hook hook;
|
|
|
|
|
|
2022-05-23 13:30:44 +03:00
|
|
|
uc_common_setup(&uc, UC_ARCH_ARM64, UC_MODE_ARM, code, sizeof(code) - 1,
|
|
|
|
|
UC_CPU_ARM64_A72);
|
|
|
|
|
OK(uc_hook_add(uc, &hook, UC_HOOK_MEM_UNMAPPED,
|
|
|
|
|
test_arm64_correct_address_in_long_jump_hook_callback, NULL,
|
|
|
|
|
1, 0));
|
2022-05-04 19:03:06 +03:00
|
|
|
|
|
|
|
|
uc_assert_err(
|
|
|
|
|
UC_ERR_FETCH_UNMAPPED,
|
|
|
|
|
uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0));
|
|
|
|
|
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X0, &r_x0));
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_PC, &r_pc));
|
|
|
|
|
TEST_CHECK(r_x0 == 0x7FFFFFFFFFFFFF00);
|
|
|
|
|
TEST_CHECK(r_pc == 0x7FFFFFFFFFFFFF00);
|
|
|
|
|
|
|
|
|
|
OK(uc_close(uc));
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-31 18:27:24 +03:00
|
|
|
static void test_arm64_block_sync_pc_cb(uc_engine *uc, uint64_t addr,
|
|
|
|
|
uint32_t size, void *data)
|
2022-08-31 18:26:01 +03:00
|
|
|
{
|
|
|
|
|
uint64_t val = code_start;
|
2022-08-31 18:27:24 +03:00
|
|
|
bool first = *(bool *)data;
|
2022-08-31 18:26:01 +03:00
|
|
|
if (first) {
|
2022-08-31 18:27:24 +03:00
|
|
|
OK(uc_reg_write(uc, UC_ARM64_REG_PC, (void *)&val));
|
|
|
|
|
*(bool *)data = false;
|
2022-08-31 18:26:01 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void test_arm64_block_sync_pc(void)
|
|
|
|
|
{
|
2022-08-31 18:27:24 +03:00
|
|
|
uc_engine *uc;
|
2022-08-31 18:26:01 +03:00
|
|
|
// add x0, x0, #1234;bl t;t:mov x1, #5678;
|
|
|
|
|
const char code[] = "\x00\x48\x13\x91\x01\x00\x00\x94\xc1\xc5\x82\xd2";
|
|
|
|
|
uc_hook hk;
|
|
|
|
|
uint64_t x0;
|
|
|
|
|
bool data = true;
|
|
|
|
|
|
|
|
|
|
uc_common_setup(&uc, UC_ARCH_ARM64, UC_MODE_ARM, code, sizeof(code) - 1,
|
|
|
|
|
UC_CPU_ARM64_A72);
|
2022-08-31 18:27:24 +03:00
|
|
|
OK(uc_hook_add(uc, &hk, UC_HOOK_BLOCK, test_arm64_block_sync_pc_cb,
|
|
|
|
|
(void *)&data, code_start + 8, code_start + 12));
|
|
|
|
|
|
2022-08-31 18:26:01 +03:00
|
|
|
x0 = 0;
|
2022-08-31 18:27:24 +03:00
|
|
|
OK(uc_reg_write(uc, UC_ARM64_REG_X0, (void *)&x0));
|
2022-08-31 18:26:01 +03:00
|
|
|
OK(uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0));
|
|
|
|
|
|
2022-08-31 18:27:24 +03:00
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X0, (void *)&x0));
|
2022-08-31 18:26:01 +03:00
|
|
|
|
|
|
|
|
TEST_CHECK(x0 == (1234 * 2));
|
|
|
|
|
|
|
|
|
|
OK(uc_hook_del(uc, hk));
|
|
|
|
|
OK(uc_close(uc));
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-20 22:19:18 +03:00
|
|
|
static bool
|
|
|
|
|
test_arm64_block_invalid_mem_read_write_sync_cb(uc_engine *uc, int type,
|
|
|
|
|
uint64_t address, int size,
|
|
|
|
|
int64_t value, void *user_data)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void test_arm64_block_invalid_mem_read_write_sync(void)
|
|
|
|
|
{
|
|
|
|
|
uc_engine *uc;
|
|
|
|
|
// mov x0, #1
|
|
|
|
|
// mov x1, #2
|
|
|
|
|
// ldr x0, [x1]
|
|
|
|
|
const char code[] = "\x20\x00\x80\xd2\x41\x00\x80\xd2\x20\x00\x40\xf9";
|
|
|
|
|
uint64_t r_pc, r_x0, r_x1;
|
|
|
|
|
uc_hook hk;
|
|
|
|
|
|
|
|
|
|
uc_common_setup(&uc, UC_ARCH_ARM64, UC_MODE_ARM, code, sizeof(code) - 1,
|
|
|
|
|
UC_CPU_ARM64_A72);
|
|
|
|
|
|
|
|
|
|
OK(uc_hook_add(uc, &hk, UC_HOOK_MEM_READ,
|
|
|
|
|
test_arm64_block_invalid_mem_read_write_sync_cb, NULL, 1,
|
|
|
|
|
0));
|
|
|
|
|
|
|
|
|
|
uc_assert_err(
|
|
|
|
|
UC_ERR_READ_UNMAPPED,
|
|
|
|
|
uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0));
|
|
|
|
|
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_PC, &r_pc));
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X0, &r_x0));
|
|
|
|
|
OK(uc_reg_read(uc, UC_ARM64_REG_X1, &r_x1));
|
|
|
|
|
|
|
|
|
|
TEST_CHECK(r_pc == code_start + 8);
|
|
|
|
|
// TEST_CHECK(r_x0 == 1); // Unfortunately this can't be guarantee-ed
|
|
|
|
|
TEST_CHECK(r_x1 == 2);
|
|
|
|
|
|
|
|
|
|
OK(uc_close(uc));
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-22 22:37:15 +03:00
|
|
|
TEST_LIST = {{"test_arm64_until", test_arm64_until},
|
|
|
|
|
{"test_arm64_code_patching", test_arm64_code_patching},
|
|
|
|
|
{"test_arm64_code_patching_count", test_arm64_code_patching_count},
|
2022-01-05 22:02:21 +03:00
|
|
|
{"test_arm64_v8_pac", test_arm64_v8_pac},
|
2022-02-12 00:13:01 +03:00
|
|
|
{"test_arm64_read_sctlr", test_arm64_read_sctlr},
|
2022-02-27 16:59:52 +03:00
|
|
|
{"test_arm64_mrs_hook", test_arm64_mrs_hook},
|
2022-05-23 13:30:44 +03:00
|
|
|
{"test_arm64_correct_address_in_small_jump_hook",
|
|
|
|
|
test_arm64_correct_address_in_small_jump_hook},
|
|
|
|
|
{"test_arm64_correct_address_in_long_jump_hook",
|
|
|
|
|
test_arm64_correct_address_in_long_jump_hook},
|
2022-08-31 18:27:24 +03:00
|
|
|
{"test_arm64_block_sync_pc", test_arm64_block_sync_pc},
|
2022-10-20 22:19:18 +03:00
|
|
|
{"test_arm64_block_invalid_mem_read_write_sync",
|
|
|
|
|
test_arm64_block_invalid_mem_read_write_sync},
|
2021-12-22 22:37:15 +03:00
|
|
|
{NULL, NULL}};
|
