2015-08-21 10:04:50 +03:00
|
|
|
/* Unicorn Emulator Engine */
|
|
|
|
|
/* By Nguyen Anh Quynh <aquynh@gmail.com>, 2015 */
|
2021-10-03 17:14:44 +03:00
|
|
|
/* Modified for Unicorn Engine by Chen Huitao<chenhuitao@hfmrit.com>, 2020 */
|
2015-08-21 10:04:50 +03:00
|
|
|
|
|
|
|
|
#if defined(UNICORN_HAS_OSXKERNEL)
|
|
|
|
|
#include <libkern/libkern.h>
|
|
|
|
|
#else
|
|
|
|
|
#include <stddef.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include <time.h> // nanosleep
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#include "uc_priv.h"
|
|
|
|
|
|
|
|
|
|
// target specific headers
|
2021-10-03 17:14:44 +03:00
|
|
|
#include "qemu/target/m68k/unicorn.h"
|
|
|
|
|
#include "qemu/target/i386/unicorn.h"
|
|
|
|
|
#include "qemu/target/arm/unicorn.h"
|
|
|
|
|
#include "qemu/target/mips/unicorn.h"
|
|
|
|
|
#include "qemu/target/sparc/unicorn.h"
|
|
|
|
|
#include "qemu/target/ppc/unicorn.h"
|
|
|
|
|
#include "qemu/target/riscv/unicorn.h"
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2016-07-08 19:16:23 +03:00
|
|
|
#include "qemu/include/qemu/queue.h"
|
2015-08-21 10:04:50 +03:00
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
|
|
|
|
unsigned int uc_version(unsigned int *major, unsigned int *minor)
|
|
|
|
|
{
|
|
|
|
|
if (major != NULL && minor != NULL) {
|
|
|
|
|
*major = UC_API_MAJOR;
|
|
|
|
|
*minor = UC_API_MINOR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (UC_API_MAJOR << 8) + UC_API_MINOR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2015-09-05 06:20:32 +03:00
|
|
|
uc_err uc_errno(uc_engine *uc)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
|
|
|
|
return uc->errnum;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
|
|
|
|
const char *uc_strerror(uc_err code)
|
|
|
|
|
{
|
|
|
|
|
switch(code) {
|
|
|
|
|
default:
|
|
|
|
|
return "Unknown error code";
|
|
|
|
|
case UC_ERR_OK:
|
|
|
|
|
return "OK (UC_ERR_OK)";
|
2015-09-01 23:40:19 +03:00
|
|
|
case UC_ERR_NOMEM:
|
|
|
|
|
return "No memory available or memory not present (UC_ERR_NOMEM)";
|
2015-08-21 10:04:50 +03:00
|
|
|
case UC_ERR_ARCH:
|
2015-10-31 00:32:59 +03:00
|
|
|
return "Invalid/unsupported architecture (UC_ERR_ARCH)";
|
2015-08-21 10:04:50 +03:00
|
|
|
case UC_ERR_HANDLE:
|
|
|
|
|
return "Invalid handle (UC_ERR_HANDLE)";
|
|
|
|
|
case UC_ERR_MODE:
|
|
|
|
|
return "Invalid mode (UC_ERR_MODE)";
|
|
|
|
|
case UC_ERR_VERSION:
|
|
|
|
|
return "Different API version between core & binding (UC_ERR_VERSION)";
|
2015-09-30 09:46:55 +03:00
|
|
|
case UC_ERR_READ_UNMAPPED:
|
|
|
|
|
return "Invalid memory read (UC_ERR_READ_UNMAPPED)";
|
|
|
|
|
case UC_ERR_WRITE_UNMAPPED:
|
|
|
|
|
return "Invalid memory write (UC_ERR_WRITE_UNMAPPED)";
|
|
|
|
|
case UC_ERR_FETCH_UNMAPPED:
|
|
|
|
|
return "Invalid memory fetch (UC_ERR_FETCH_UNMAPPED)";
|
2015-08-21 10:04:50 +03:00
|
|
|
case UC_ERR_HOOK:
|
|
|
|
|
return "Invalid hook type (UC_ERR_HOOK)";
|
2015-09-04 06:55:17 +03:00
|
|
|
case UC_ERR_INSN_INVALID:
|
|
|
|
|
return "Invalid instruction (UC_ERR_INSN_INVALID)";
|
2015-08-24 00:16:40 +03:00
|
|
|
case UC_ERR_MAP:
|
|
|
|
|
return "Invalid memory mapping (UC_ERR_MAP)";
|
2015-09-01 22:10:09 +03:00
|
|
|
case UC_ERR_WRITE_PROT:
|
|
|
|
|
return "Write to write-protected memory (UC_ERR_WRITE_PROT)";
|
|
|
|
|
case UC_ERR_READ_PROT:
|
|
|
|
|
return "Read from non-readable memory (UC_ERR_READ_PROT)";
|
2015-09-24 09:18:02 +03:00
|
|
|
case UC_ERR_FETCH_PROT:
|
|
|
|
|
return "Fetch from non-executable memory (UC_ERR_FETCH_PROT)";
|
2015-09-09 11:54:47 +03:00
|
|
|
case UC_ERR_ARG:
|
2015-10-19 23:52:56 +03:00
|
|
|
return "Invalid argument (UC_ERR_ARG)";
|
2015-09-09 10:52:15 +03:00
|
|
|
case UC_ERR_READ_UNALIGNED:
|
|
|
|
|
return "Read from unaligned memory (UC_ERR_READ_UNALIGNED)";
|
|
|
|
|
case UC_ERR_WRITE_UNALIGNED:
|
|
|
|
|
return "Write to unaligned memory (UC_ERR_WRITE_UNALIGNED)";
|
|
|
|
|
case UC_ERR_FETCH_UNALIGNED:
|
|
|
|
|
return "Fetch from unaligned memory (UC_ERR_FETCH_UNALIGNED)";
|
2015-11-11 20:43:41 +03:00
|
|
|
case UC_ERR_RESOURCE:
|
|
|
|
|
return "Insufficient resource (UC_ERR_RESOURCE)";
|
2016-07-05 19:10:39 +03:00
|
|
|
case UC_ERR_EXCEPTION:
|
|
|
|
|
return "Unhandled CPU exception (UC_ERR_EXCEPTION)";
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2015-08-24 04:10:47 +03:00
|
|
|
bool uc_arch_supported(uc_arch arch)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
2015-08-24 04:10:47 +03:00
|
|
|
switch (arch) {
|
|
|
|
|
#ifdef UNICORN_HAS_ARM
|
|
|
|
|
case UC_ARCH_ARM: return true;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_ARM64
|
|
|
|
|
case UC_ARCH_ARM64: return true;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_M68K
|
|
|
|
|
case UC_ARCH_M68K: return true;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_MIPS
|
|
|
|
|
case UC_ARCH_MIPS: return true;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_PPC
|
|
|
|
|
case UC_ARCH_PPC: return true;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_SPARC
|
|
|
|
|
case UC_ARCH_SPARC: return true;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_X86
|
|
|
|
|
case UC_ARCH_X86: return true;
|
2021-10-03 17:14:44 +03:00
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_RISCV
|
|
|
|
|
case UC_ARCH_RISCV: return true;
|
2015-08-24 04:10:47 +03:00
|
|
|
#endif
|
|
|
|
|
/* Invalid or disabled arch */
|
|
|
|
|
default: return false;
|
|
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2015-09-05 06:20:32 +03:00
|
|
|
uc_err uc_open(uc_arch arch, uc_mode mode, uc_engine **result)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
|
|
|
|
struct uc_struct *uc;
|
|
|
|
|
|
|
|
|
|
if (arch < UC_ARCH_MAX) {
|
|
|
|
|
uc = calloc(1, sizeof(*uc));
|
|
|
|
|
if (!uc) {
|
|
|
|
|
// memory insufficient
|
2015-09-01 23:40:19 +03:00
|
|
|
return UC_ERR_NOMEM;
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
/* qemu/exec.c: phys_map_node_reserve() */
|
|
|
|
|
uc->alloc_hint = 16;
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->errnum = UC_ERR_OK;
|
|
|
|
|
uc->arch = arch;
|
|
|
|
|
uc->mode = mode;
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
// uc->ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
|
|
|
|
|
QLIST_INIT(&uc->ram_list.blocks);
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
QTAILQ_INIT(&uc->memory_listeners);
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
QTAILQ_INIT(&uc->address_spaces);
|
2015-08-21 10:04:50 +03:00
|
|
|
|
|
|
|
|
switch(arch) {
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
#ifdef UNICORN_HAS_M68K
|
|
|
|
|
case UC_ARCH_M68K:
|
2016-01-23 04:17:59 +03:00
|
|
|
if ((mode & ~UC_MODE_M68K_MASK) ||
|
2016-01-23 04:34:02 +03:00
|
|
|
!(mode & UC_MODE_BIG_ENDIAN)) {
|
2016-01-23 04:17:59 +03:00
|
|
|
free(uc);
|
|
|
|
|
return UC_ERR_MODE;
|
|
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->init_arch = m68k_uc_init;
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_X86
|
|
|
|
|
case UC_ARCH_X86:
|
2016-01-23 04:17:59 +03:00
|
|
|
if ((mode & ~UC_MODE_X86_MASK) ||
|
2016-01-23 04:34:02 +03:00
|
|
|
(mode & UC_MODE_BIG_ENDIAN) ||
|
|
|
|
|
!(mode & (UC_MODE_16|UC_MODE_32|UC_MODE_64))) {
|
2016-01-23 04:17:59 +03:00
|
|
|
free(uc);
|
|
|
|
|
return UC_ERR_MODE;
|
|
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->init_arch = x86_uc_init;
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_ARM
|
|
|
|
|
case UC_ARCH_ARM:
|
2017-03-13 17:32:44 +03:00
|
|
|
if ((mode & ~UC_MODE_ARM_MASK)) {
|
2015-08-24 04:50:55 +03:00
|
|
|
free(uc);
|
|
|
|
|
return UC_ERR_MODE;
|
|
|
|
|
}
|
2021-10-03 17:14:44 +03:00
|
|
|
if (mode & UC_MODE_BIG_ENDIAN) {
|
2017-03-13 17:32:44 +03:00
|
|
|
uc->init_arch = armeb_uc_init;
|
|
|
|
|
} else {
|
|
|
|
|
uc->init_arch = arm_uc_init;
|
|
|
|
|
}
|
2015-08-24 04:50:55 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (mode & UC_MODE_THUMB) {
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->thumb = 1;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_ARM64
|
|
|
|
|
case UC_ARCH_ARM64:
|
2017-04-24 18:25:30 +03:00
|
|
|
if (mode & ~UC_MODE_ARM_MASK) {
|
2016-01-23 04:17:59 +03:00
|
|
|
free(uc);
|
|
|
|
|
return UC_ERR_MODE;
|
|
|
|
|
}
|
2017-04-24 18:25:30 +03:00
|
|
|
if (mode & UC_MODE_BIG_ENDIAN) {
|
|
|
|
|
uc->init_arch = arm64eb_uc_init;
|
|
|
|
|
} else {
|
|
|
|
|
uc->init_arch = arm64_uc_init;
|
|
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if defined(UNICORN_HAS_MIPS) || defined(UNICORN_HAS_MIPSEL) || defined(UNICORN_HAS_MIPS64) || defined(UNICORN_HAS_MIPS64EL)
|
|
|
|
|
case UC_ARCH_MIPS:
|
2016-01-23 04:17:59 +03:00
|
|
|
if ((mode & ~UC_MODE_MIPS_MASK) ||
|
2016-01-23 04:34:02 +03:00
|
|
|
!(mode & (UC_MODE_MIPS32|UC_MODE_MIPS64))) {
|
2016-01-23 04:17:59 +03:00
|
|
|
free(uc);
|
|
|
|
|
return UC_ERR_MODE;
|
|
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
if (mode & UC_MODE_BIG_ENDIAN) {
|
|
|
|
|
#ifdef UNICORN_HAS_MIPS
|
2021-10-03 17:14:44 +03:00
|
|
|
if (mode & UC_MODE_MIPS32) {
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->init_arch = mips_uc_init;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_MIPS64
|
2021-10-03 17:14:44 +03:00
|
|
|
if (mode & UC_MODE_MIPS64) {
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->init_arch = mips64_uc_init;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
#endif
|
|
|
|
|
} else { // little endian
|
|
|
|
|
#ifdef UNICORN_HAS_MIPSEL
|
2021-10-03 17:14:44 +03:00
|
|
|
if (mode & UC_MODE_MIPS32) {
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->init_arch = mipsel_uc_init;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_MIPS64EL
|
2021-10-03 17:14:44 +03:00
|
|
|
if (mode & UC_MODE_MIPS64) {
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->init_arch = mips64el_uc_init;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef UNICORN_HAS_SPARC
|
|
|
|
|
case UC_ARCH_SPARC:
|
2016-01-24 14:27:33 +03:00
|
|
|
if ((mode & ~UC_MODE_SPARC_MASK) ||
|
|
|
|
|
!(mode & UC_MODE_BIG_ENDIAN) ||
|
|
|
|
|
!(mode & (UC_MODE_SPARC32|UC_MODE_SPARC64))) {
|
2016-01-23 04:17:59 +03:00
|
|
|
free(uc);
|
|
|
|
|
return UC_ERR_MODE;
|
|
|
|
|
}
|
2021-10-03 17:14:44 +03:00
|
|
|
if (mode & UC_MODE_SPARC64) {
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->init_arch = sparc64_uc_init;
|
2021-10-03 17:14:44 +03:00
|
|
|
} else {
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->init_arch = sparc_uc_init;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
break;
|
|
|
|
|
#endif
|
2021-10-03 17:14:44 +03:00
|
|
|
#ifdef UNICORN_HAS_PPC
|
|
|
|
|
case UC_ARCH_PPC:
|
|
|
|
|
if ((mode & ~UC_MODE_PPC_MASK) ||
|
|
|
|
|
!(mode & UC_MODE_BIG_ENDIAN) ||
|
|
|
|
|
!(mode & (UC_MODE_PPC32|UC_MODE_PPC64))) {
|
|
|
|
|
free(uc);
|
|
|
|
|
return UC_ERR_MODE;
|
|
|
|
|
}
|
|
|
|
|
if (mode & UC_MODE_PPC64) {
|
|
|
|
|
uc->init_arch = ppc64_uc_init;
|
|
|
|
|
} else {
|
|
|
|
|
uc->init_arch = ppc_uc_init;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_RISCV
|
|
|
|
|
case UC_ARCH_RISCV:
|
|
|
|
|
if ((mode & ~UC_MODE_RISCV_MASK) ||
|
|
|
|
|
!(mode & (UC_MODE_RISCV32|UC_MODE_RISCV64))) {
|
|
|
|
|
free(uc);
|
|
|
|
|
return UC_ERR_MODE;
|
|
|
|
|
}
|
|
|
|
|
if (mode & UC_MODE_RISCV32) {
|
|
|
|
|
uc->init_arch = riscv32_uc_init;
|
|
|
|
|
} else if (mode & UC_MODE_RISCV64) {
|
|
|
|
|
uc->init_arch =riscv64_uc_init;
|
|
|
|
|
} else {
|
|
|
|
|
free(uc);
|
|
|
|
|
return UC_ERR_MODE;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (uc->init_arch == NULL) {
|
|
|
|
|
return UC_ERR_ARCH;
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (machine_initialize(uc)) {
|
2015-11-11 20:43:41 +03:00
|
|
|
return UC_ERR_RESOURCE;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// init fpu softfloat
|
|
|
|
|
uc->softfloat_initialize();
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2015-08-26 13:39:51 +03:00
|
|
|
*result = uc;
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc->reg_reset) {
|
2015-08-26 13:39:51 +03:00
|
|
|
uc->reg_reset(uc);
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2017-01-21 04:28:22 +03:00
|
|
|
return UC_ERR_OK;
|
2015-08-21 10:04:50 +03:00
|
|
|
} else {
|
|
|
|
|
return UC_ERR_ARCH;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2015-09-05 06:20:32 +03:00
|
|
|
uc_err uc_close(uc_engine *uc)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
2015-12-11 03:42:31 +03:00
|
|
|
int i;
|
2016-01-16 11:44:02 +03:00
|
|
|
struct list_item *cur;
|
|
|
|
|
struct hook *hook;
|
2021-10-03 17:14:44 +03:00
|
|
|
MemoryRegion *mr;
|
2015-12-11 03:42:31 +03:00
|
|
|
|
2016-07-08 19:16:23 +03:00
|
|
|
// Cleanup internally.
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc->release) {
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->release(uc->tcg_ctx);
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2016-12-21 17:28:36 +03:00
|
|
|
g_free(uc->tcg_ctx);
|
2016-07-08 19:16:23 +03:00
|
|
|
|
|
|
|
|
// Cleanup CPU.
|
2021-10-03 17:14:44 +03:00
|
|
|
g_free(uc->cpu->cpu_ases);
|
2016-12-21 17:28:36 +03:00
|
|
|
g_free(uc->cpu->thread);
|
2016-07-08 19:16:23 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
/* cpu */
|
|
|
|
|
free(uc->cpu);
|
|
|
|
|
|
|
|
|
|
/* memory */
|
|
|
|
|
mr = &uc->io_mem_unassigned;
|
|
|
|
|
mr->destructor(mr);
|
|
|
|
|
mr = uc->system_io;
|
|
|
|
|
mr->destructor(mr);
|
|
|
|
|
mr = uc->system_memory;
|
|
|
|
|
mr->destructor(mr);
|
2016-12-21 17:28:36 +03:00
|
|
|
g_free(uc->system_memory);
|
2021-10-03 17:14:44 +03:00
|
|
|
//g_free(uc->system_io);
|
|
|
|
|
|
|
|
|
|
/* flatviews */
|
|
|
|
|
g_hash_table_destroy(uc->flat_views);
|
2016-07-08 19:16:23 +03:00
|
|
|
|
|
|
|
|
// Thread relateds.
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc->qemu_thread_data) {
|
2017-01-20 09:27:22 +03:00
|
|
|
g_free(uc->qemu_thread_data);
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* free */
|
|
|
|
|
g_free(uc->init_target_page);
|
2016-07-08 19:16:23 +03:00
|
|
|
|
|
|
|
|
// Other auxilaries.
|
2021-10-03 17:14:44 +03:00
|
|
|
g_free(uc->l1_map);
|
2015-08-21 10:04:50 +03:00
|
|
|
|
|
|
|
|
if (uc->bounce.buffer) {
|
|
|
|
|
free(uc->bounce.buffer);
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-16 11:44:02 +03:00
|
|
|
// free hooks and hook lists
|
|
|
|
|
for (i = 0; i < UC_HOOK_MAX; i++) {
|
|
|
|
|
cur = uc->hook[i].head;
|
|
|
|
|
// hook can be in more than one list
|
|
|
|
|
// so we refcount to know when to free
|
|
|
|
|
while (cur) {
|
|
|
|
|
hook = (struct hook *)cur->data;
|
|
|
|
|
if (--hook->refs == 0) {
|
|
|
|
|
free(hook);
|
|
|
|
|
}
|
|
|
|
|
cur = cur->next;
|
|
|
|
|
}
|
|
|
|
|
list_clear(&uc->hook[i]);
|
|
|
|
|
}
|
2015-10-31 00:32:59 +03:00
|
|
|
|
2015-08-26 18:41:30 +03:00
|
|
|
free(uc->mapped_blocks);
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2020-09-24 17:28:55 +03:00
|
|
|
// free the saved contexts list and notify them that uc has been closed.
|
|
|
|
|
cur = uc->saved_contexts.head;
|
|
|
|
|
while (cur != NULL) {
|
|
|
|
|
struct list_item *next = cur->next;
|
|
|
|
|
struct uc_context *context = (struct uc_context*)cur->data;
|
|
|
|
|
context->uc = NULL;
|
|
|
|
|
cur = next;
|
|
|
|
|
}
|
|
|
|
|
list_clear(&uc->saved_contexts);
|
|
|
|
|
|
2015-08-21 10:04:50 +03:00
|
|
|
// finally, free uc itself.
|
|
|
|
|
memset(uc, 0, sizeof(*uc));
|
|
|
|
|
free(uc);
|
2021-10-03 17:14:44 +03:00
|
|
|
|
2017-01-21 04:28:22 +03:00
|
|
|
return UC_ERR_OK;
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2016-04-04 18:25:30 +03:00
|
|
|
uc_err uc_reg_read_batch(uc_engine *uc, int *ids, void **vals, int count)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
2021-10-03 17:14:44 +03:00
|
|
|
int ret = UC_ERR_OK;
|
|
|
|
|
if (uc->reg_read) {
|
|
|
|
|
ret = uc->reg_read(uc, (unsigned int *)ids, vals, count);
|
|
|
|
|
} else {
|
|
|
|
|
return UC_ERR_HANDLE;
|
|
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
return ret;
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2016-04-04 18:25:30 +03:00
|
|
|
uc_err uc_reg_write_batch(uc_engine *uc, int *ids, void *const *vals, int count)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
2019-08-23 12:05:14 +03:00
|
|
|
int ret = UC_ERR_OK;
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc->reg_write) {
|
2019-08-23 12:05:14 +03:00
|
|
|
ret = uc->reg_write(uc, (unsigned int *)ids, vals, count);
|
2021-10-03 17:14:44 +03:00
|
|
|
} else {
|
|
|
|
|
return UC_ERR_HANDLE;
|
|
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2019-08-23 12:05:14 +03:00
|
|
|
return ret;
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2016-04-04 18:25:30 +03:00
|
|
|
UNICORN_EXPORT
|
|
|
|
|
uc_err uc_reg_read(uc_engine *uc, int regid, void *value)
|
|
|
|
|
{
|
|
|
|
|
return uc_reg_read_batch(uc, ®id, &value, 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
|
|
|
|
uc_err uc_reg_write(uc_engine *uc, int regid, const void *value)
|
|
|
|
|
{
|
|
|
|
|
return uc_reg_write_batch(uc, ®id, (void *const *)&value, 1);
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-29 05:23:53 +03:00
|
|
|
// check if a memory area is mapped
|
|
|
|
|
// this is complicated because an area can overlap adjacent blocks
|
2015-09-05 06:20:32 +03:00
|
|
|
static bool check_mem_area(uc_engine *uc, uint64_t address, size_t size)
|
2015-08-29 05:23:53 +03:00
|
|
|
{
|
|
|
|
|
size_t count = 0, len;
|
|
|
|
|
|
|
|
|
|
while(count < size) {
|
|
|
|
|
MemoryRegion *mr = memory_mapping(uc, address);
|
|
|
|
|
if (mr) {
|
2017-01-19 14:50:28 +03:00
|
|
|
len = (size_t)MIN(size - count, mr->end - address);
|
2015-08-29 05:23:53 +03:00
|
|
|
count += len;
|
|
|
|
|
address += len;
|
2021-10-03 17:14:44 +03:00
|
|
|
} else {// this address is not mapped in yet
|
2015-08-29 05:23:53 +03:00
|
|
|
break;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-29 05:23:53 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (count == size);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2015-08-21 10:04:50 +03:00
|
|
|
UNICORN_EXPORT
|
2015-09-07 19:44:03 +03:00
|
|
|
uc_err uc_mem_read(uc_engine *uc, uint64_t address, void *_bytes, size_t size)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
2015-12-28 10:19:30 +03:00
|
|
|
size_t count = 0, len;
|
2015-09-07 19:44:03 +03:00
|
|
|
uint8_t *bytes = _bytes;
|
|
|
|
|
|
2015-12-28 10:19:30 +03:00
|
|
|
if (uc->mem_redirect) {
|
|
|
|
|
address = uc->mem_redirect(address);
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (!check_mem_area(uc, address, size)) {
|
2015-09-30 09:46:55 +03:00
|
|
|
return UC_ERR_READ_UNMAPPED;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2015-08-29 05:23:53 +03:00
|
|
|
// memory area can overlap adjacent memory blocks
|
|
|
|
|
while(count < size) {
|
|
|
|
|
MemoryRegion *mr = memory_mapping(uc, address);
|
|
|
|
|
if (mr) {
|
2017-01-19 14:50:28 +03:00
|
|
|
len = (size_t)MIN(size - count, mr->end - address);
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc->read_mem(&uc->address_space_memory, address, bytes, len) == false) {
|
2015-08-29 05:23:53 +03:00
|
|
|
break;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-29 05:23:53 +03:00
|
|
|
count += len;
|
|
|
|
|
address += len;
|
|
|
|
|
bytes += len;
|
2021-10-03 17:14:44 +03:00
|
|
|
} else { // this address is not mapped in yet
|
2015-08-29 05:23:53 +03:00
|
|
|
break;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-29 05:23:53 +03:00
|
|
|
}
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (count == size) {
|
2015-08-29 05:23:53 +03:00
|
|
|
return UC_ERR_OK;
|
2021-10-03 17:14:44 +03:00
|
|
|
} else {
|
2015-09-30 09:46:55 +03:00
|
|
|
return UC_ERR_READ_UNMAPPED;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2015-09-07 19:44:03 +03:00
|
|
|
uc_err uc_mem_write(uc_engine *uc, uint64_t address, const void *_bytes, size_t size)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
2015-12-28 10:19:30 +03:00
|
|
|
size_t count = 0, len;
|
2015-09-07 19:44:03 +03:00
|
|
|
const uint8_t *bytes = _bytes;
|
|
|
|
|
|
2015-12-28 10:19:30 +03:00
|
|
|
if (uc->mem_redirect) {
|
|
|
|
|
address = uc->mem_redirect(address);
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (!check_mem_area(uc, address, size)) {
|
2015-09-30 09:46:55 +03:00
|
|
|
return UC_ERR_WRITE_UNMAPPED;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2015-08-29 05:23:53 +03:00
|
|
|
// memory area can overlap adjacent memory blocks
|
|
|
|
|
while(count < size) {
|
|
|
|
|
MemoryRegion *mr = memory_mapping(uc, address);
|
|
|
|
|
if (mr) {
|
|
|
|
|
uint32_t operms = mr->perms;
|
2021-10-03 17:14:44 +03:00
|
|
|
if (!(operms & UC_PROT_WRITE)) {// write protected
|
2015-08-29 05:23:53 +03:00
|
|
|
// but this is not the program accessing memory, so temporarily mark writable
|
|
|
|
|
uc->readonly_mem(mr, false);
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2017-01-19 14:50:28 +03:00
|
|
|
len = (size_t)MIN(size - count, mr->end - address);
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc->write_mem(&uc->address_space_memory, address, bytes, len) == false) {
|
2015-08-29 05:23:53 +03:00
|
|
|
break;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-26 23:29:54 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (!(operms & UC_PROT_WRITE)) {// write protected
|
2015-08-29 05:23:53 +03:00
|
|
|
// now write protect it again
|
|
|
|
|
uc->readonly_mem(mr, true);
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-29 05:23:53 +03:00
|
|
|
|
|
|
|
|
count += len;
|
|
|
|
|
address += len;
|
|
|
|
|
bytes += len;
|
2021-10-03 17:14:44 +03:00
|
|
|
} else {// this address is not mapped in yet
|
2015-08-29 05:23:53 +03:00
|
|
|
break;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-29 05:23:53 +03:00
|
|
|
}
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (count == size) {
|
2015-08-29 05:23:53 +03:00
|
|
|
return UC_ERR_OK;
|
2021-10-03 17:14:44 +03:00
|
|
|
} else {
|
2015-09-30 09:46:55 +03:00
|
|
|
return UC_ERR_WRITE_UNMAPPED;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#define TIMEOUT_STEP 2 // microseconds
|
|
|
|
|
static void *_timeout_fn(void *arg)
|
|
|
|
|
{
|
2015-09-03 04:44:43 +03:00
|
|
|
struct uc_struct *uc = arg;
|
2015-08-21 10:04:50 +03:00
|
|
|
int64_t current_time = get_clock();
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
usleep(TIMEOUT_STEP);
|
|
|
|
|
// perhaps emulation is even done before timeout?
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc->emulation_done) {
|
2015-08-21 10:04:50 +03:00
|
|
|
break;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2017-01-19 14:50:28 +03:00
|
|
|
} while((uint64_t)(get_clock() - current_time) < uc->timeout);
|
2015-08-21 10:04:50 +03:00
|
|
|
|
|
|
|
|
// timeout before emulation is done?
|
|
|
|
|
if (!uc->emulation_done) {
|
2019-12-28 19:16:54 +03:00
|
|
|
uc->timed_out = true;
|
2015-08-21 10:04:50 +03:00
|
|
|
// force emulation to stop
|
2015-08-26 14:32:05 +03:00
|
|
|
uc_emu_stop(uc);
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-05 06:20:32 +03:00
|
|
|
static void enable_emu_timer(uc_engine *uc, uint64_t timeout)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
|
|
|
|
uc->timeout = timeout;
|
2015-09-02 11:13:12 +03:00
|
|
|
qemu_thread_create(uc, &uc->timer, "timeout", _timeout_fn,
|
2015-08-21 10:04:50 +03:00
|
|
|
uc, QEMU_THREAD_JOINABLE);
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-16 11:44:02 +03:00
|
|
|
static void hook_count_cb(struct uc_struct *uc, uint64_t address, uint32_t size, void *user_data)
|
|
|
|
|
{
|
|
|
|
|
// count this instruction. ah ah ah.
|
|
|
|
|
uc->emu_counter++;
|
2021-10-03 17:14:44 +03:00
|
|
|
// printf(":: emu counter = %u, at %lx\n", uc->emu_counter, address);
|
2016-01-16 11:44:02 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc->emu_counter > uc->emu_count) {
|
|
|
|
|
// printf(":: emu counter = %u, stop emulation\n", uc->emu_counter);
|
2016-01-16 11:44:02 +03:00
|
|
|
uc_emu_stop(uc);
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2016-01-16 11:44:02 +03:00
|
|
|
}
|
|
|
|
|
|
2020-05-07 09:24:48 +03:00
|
|
|
static void clear_deleted_hooks(uc_engine *uc)
|
|
|
|
|
{
|
|
|
|
|
struct list_item * cur;
|
|
|
|
|
struct hook * hook;
|
|
|
|
|
int i;
|
|
|
|
|
|
2020-05-07 09:30:22 +03:00
|
|
|
for (cur = uc->hooks_to_del.head; cur != NULL && (hook = (struct hook *)cur->data); cur = cur->next) {
|
2020-05-07 09:24:48 +03:00
|
|
|
assert(hook->to_delete);
|
|
|
|
|
for (i = 0; i < UC_HOOK_MAX; i++) {
|
|
|
|
|
if (list_remove(&uc->hook[i], (void *)hook)) {
|
|
|
|
|
if (--hook->refs == 0) {
|
|
|
|
|
free(hook);
|
|
|
|
|
}
|
2020-05-07 09:30:22 +03:00
|
|
|
|
2020-05-07 09:24:48 +03:00
|
|
|
// a hook cannot be twice in the same list
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-05-07 09:30:22 +03:00
|
|
|
|
2020-05-07 09:24:48 +03:00
|
|
|
list_clear(&uc->hooks_to_del);
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-21 10:04:50 +03:00
|
|
|
UNICORN_EXPORT
|
2015-09-05 06:20:32 +03:00
|
|
|
uc_err uc_emu_start(uc_engine* uc, uint64_t begin, uint64_t until, uint64_t timeout, size_t count)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
2015-08-24 19:02:31 +03:00
|
|
|
// reset the counter
|
|
|
|
|
uc->emu_counter = 0;
|
|
|
|
|
uc->invalid_error = UC_ERR_OK;
|
2015-08-29 04:22:53 +03:00
|
|
|
uc->emulation_done = false;
|
2020-05-25 11:22:28 +03:00
|
|
|
uc->size_recur_mem = 0;
|
2019-12-28 19:16:54 +03:00
|
|
|
uc->timed_out = false;
|
2021-10-03 17:14:44 +03:00
|
|
|
uc->first_tb = true;
|
2015-08-24 19:02:31 +03:00
|
|
|
|
2015-08-21 10:04:50 +03:00
|
|
|
switch(uc->arch) {
|
|
|
|
|
default:
|
|
|
|
|
break;
|
2017-02-24 05:00:36 +03:00
|
|
|
#ifdef UNICORN_HAS_M68K
|
2015-08-21 10:04:50 +03:00
|
|
|
case UC_ARCH_M68K:
|
2015-08-26 13:39:51 +03:00
|
|
|
uc_reg_write(uc, UC_M68K_REG_PC, &begin);
|
2015-08-21 10:04:50 +03:00
|
|
|
break;
|
2017-02-24 05:00:36 +03:00
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_X86
|
2015-08-21 10:04:50 +03:00
|
|
|
case UC_ARCH_X86:
|
|
|
|
|
switch(uc->mode) {
|
|
|
|
|
default:
|
|
|
|
|
break;
|
2018-07-26 10:19:23 +03:00
|
|
|
case UC_MODE_16: {
|
|
|
|
|
uint64_t ip;
|
|
|
|
|
uint16_t cs;
|
|
|
|
|
|
|
|
|
|
uc_reg_read(uc, UC_X86_REG_CS, &cs);
|
|
|
|
|
// compensate for later adding up IP & CS
|
|
|
|
|
ip = begin - cs*16;
|
|
|
|
|
uc_reg_write(uc, UC_X86_REG_IP, &ip);
|
2015-08-21 10:04:50 +03:00
|
|
|
break;
|
2018-07-26 10:19:23 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
case UC_MODE_32:
|
2015-08-26 13:39:51 +03:00
|
|
|
uc_reg_write(uc, UC_X86_REG_EIP, &begin);
|
2015-08-21 10:04:50 +03:00
|
|
|
break;
|
|
|
|
|
case UC_MODE_64:
|
2015-08-26 13:39:51 +03:00
|
|
|
uc_reg_write(uc, UC_X86_REG_RIP, &begin);
|
2015-08-21 10:04:50 +03:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
break;
|
2017-02-24 05:00:36 +03:00
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_ARM
|
2015-08-21 10:04:50 +03:00
|
|
|
case UC_ARCH_ARM:
|
2016-01-24 14:36:37 +03:00
|
|
|
uc_reg_write(uc, UC_ARM_REG_R15, &begin);
|
2015-08-21 10:04:50 +03:00
|
|
|
break;
|
2017-02-24 05:00:36 +03:00
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_ARM64
|
2015-08-21 10:04:50 +03:00
|
|
|
case UC_ARCH_ARM64:
|
2015-08-26 13:39:51 +03:00
|
|
|
uc_reg_write(uc, UC_ARM64_REG_PC, &begin);
|
2015-08-21 10:04:50 +03:00
|
|
|
break;
|
2017-02-24 05:00:36 +03:00
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_MIPS
|
2015-08-21 10:04:50 +03:00
|
|
|
case UC_ARCH_MIPS:
|
|
|
|
|
// TODO: MIPS32/MIPS64/BIGENDIAN etc
|
2015-08-26 13:39:51 +03:00
|
|
|
uc_reg_write(uc, UC_MIPS_REG_PC, &begin);
|
2015-08-21 10:04:50 +03:00
|
|
|
break;
|
2017-02-24 05:00:36 +03:00
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_SPARC
|
2015-08-21 10:04:50 +03:00
|
|
|
case UC_ARCH_SPARC:
|
|
|
|
|
// TODO: Sparc/Sparc64
|
2015-08-26 13:39:51 +03:00
|
|
|
uc_reg_write(uc, UC_SPARC_REG_PC, &begin);
|
2015-08-21 10:04:50 +03:00
|
|
|
break;
|
2021-10-03 17:14:44 +03:00
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_PPC
|
|
|
|
|
case UC_ARCH_PPC:
|
|
|
|
|
uc_reg_write(uc, UC_PPC_REG_PC, &begin);
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_RISCV
|
|
|
|
|
case UC_ARCH_RISCV:
|
|
|
|
|
uc_reg_write(uc, UC_RISCV_REG_PC, &begin);
|
|
|
|
|
break;
|
2017-02-24 05:00:36 +03:00
|
|
|
#endif
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
2016-01-28 09:06:17 +03:00
|
|
|
uc->stop_request = false;
|
|
|
|
|
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->emu_count = count;
|
2016-01-16 11:44:02 +03:00
|
|
|
// remove count hook if counting isn't necessary
|
|
|
|
|
if (count <= 0 && uc->count_hook != 0) {
|
|
|
|
|
uc_hook_del(uc, uc->count_hook);
|
|
|
|
|
uc->count_hook = 0;
|
|
|
|
|
}
|
|
|
|
|
// set up count hook to count instructions.
|
|
|
|
|
if (count > 0 && uc->count_hook == 0) {
|
2017-06-16 12:37:33 +03:00
|
|
|
uc_err err;
|
2017-06-16 08:22:38 +03:00
|
|
|
// callback to count instructions must be run before everything else,
|
|
|
|
|
// so instead of appending, we must insert the hook at the begin
|
|
|
|
|
// of the hook list
|
|
|
|
|
uc->hook_insert = 1;
|
2017-06-16 12:37:33 +03:00
|
|
|
err = uc_hook_add(uc, &uc->count_hook, UC_HOOK_CODE, hook_count_cb, NULL, 1, 0);
|
2017-06-16 08:22:38 +03:00
|
|
|
// restore to append mode for uc_hook_add()
|
|
|
|
|
uc->hook_insert = 0;
|
2016-01-16 11:44:02 +03:00
|
|
|
if (err != UC_ERR_OK) {
|
|
|
|
|
return err;
|
|
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uc->addr_end = until;
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (timeout) {
|
2016-03-24 08:31:23 +03:00
|
|
|
enable_emu_timer(uc, timeout * 1000); // microseconds -> nanoseconds
|
2015-11-11 20:43:41 +03:00
|
|
|
}
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
uc->vm_start(uc);
|
|
|
|
|
|
2015-08-21 10:04:50 +03:00
|
|
|
// emulation is done
|
|
|
|
|
uc->emulation_done = true;
|
|
|
|
|
|
2020-05-07 09:24:48 +03:00
|
|
|
// remove hooks to delete
|
|
|
|
|
clear_deleted_hooks(uc);
|
|
|
|
|
|
2015-08-30 00:12:04 +03:00
|
|
|
if (timeout) {
|
|
|
|
|
// wait for the timer to finish
|
2016-04-23 05:17:04 +03:00
|
|
|
qemu_thread_join(&uc->timer);
|
2015-08-30 00:12:04 +03:00
|
|
|
}
|
|
|
|
|
|
2015-08-21 10:04:50 +03:00
|
|
|
return uc->invalid_error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2015-09-05 06:20:32 +03:00
|
|
|
uc_err uc_emu_stop(uc_engine *uc)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc->emulation_done) {
|
2015-08-29 04:10:18 +03:00
|
|
|
return UC_ERR_OK;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-29 04:10:18 +03:00
|
|
|
|
2015-08-21 10:04:50 +03:00
|
|
|
uc->stop_request = true;
|
2016-09-23 17:38:21 +03:00
|
|
|
// TODO: make this atomic somehow?
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc->cpu) {
|
2015-11-03 16:34:31 +03:00
|
|
|
// exit the current TB
|
2021-10-03 17:14:44 +03:00
|
|
|
cpu_exit(uc->cpu);
|
2015-11-03 16:34:31 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
|
|
|
|
|
return UC_ERR_OK;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-30 04:17:47 +03:00
|
|
|
// find if a memory range overlaps with existing mapped regions
|
|
|
|
|
static bool memory_overlap(struct uc_struct *uc, uint64_t begin, size_t size)
|
|
|
|
|
{
|
|
|
|
|
unsigned int i;
|
|
|
|
|
uint64_t end = begin + size - 1;
|
|
|
|
|
|
|
|
|
|
for(i = 0; i < uc->mapped_block_count; i++) {
|
|
|
|
|
// begin address falls inside this region?
|
2021-10-03 17:14:44 +03:00
|
|
|
if (begin >= uc->mapped_blocks[i]->addr && begin <= uc->mapped_blocks[i]->end - 1) {
|
2015-12-30 04:17:47 +03:00
|
|
|
return true;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-12-30 04:17:47 +03:00
|
|
|
// end address falls inside this region?
|
2021-10-03 17:14:44 +03:00
|
|
|
if (end >= uc->mapped_blocks[i]->addr && end <= uc->mapped_blocks[i]->end - 1) {
|
2015-12-30 04:17:47 +03:00
|
|
|
return true;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-12-30 04:17:47 +03:00
|
|
|
// this region falls totally inside this range?
|
2021-10-03 17:14:44 +03:00
|
|
|
if (begin < uc->mapped_blocks[i]->addr && end > uc->mapped_blocks[i]->end - 1) {
|
2015-12-30 04:17:47 +03:00
|
|
|
return true;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-12-30 04:17:47 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// not found
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-28 04:25:53 +03:00
|
|
|
// common setup/error checking shared between uc_mem_map and uc_mem_map_ptr
|
2015-11-28 13:26:08 +03:00
|
|
|
static uc_err mem_map(uc_engine *uc, uint64_t address, size_t size, uint32_t perms, MemoryRegion *block)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
2015-08-28 09:19:32 +03:00
|
|
|
MemoryRegion **regions;
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (block == NULL) {
|
2015-11-28 13:26:08 +03:00
|
|
|
return UC_ERR_NOMEM;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-11-28 13:26:08 +03:00
|
|
|
|
2015-08-26 09:08:18 +03:00
|
|
|
if ((uc->mapped_block_count & (MEM_BLOCK_INCR - 1)) == 0) { //time to grow
|
2016-08-11 18:15:50 +03:00
|
|
|
regions = (MemoryRegion**)g_realloc(uc->mapped_blocks,
|
2015-09-04 04:20:13 +03:00
|
|
|
sizeof(MemoryRegion*) * (uc->mapped_block_count + MEM_BLOCK_INCR));
|
2015-08-28 09:19:32 +03:00
|
|
|
if (regions == NULL) {
|
2015-09-01 23:40:19 +03:00
|
|
|
return UC_ERR_NOMEM;
|
2015-08-26 09:08:18 +03:00
|
|
|
}
|
2015-08-28 09:19:32 +03:00
|
|
|
uc->mapped_blocks = regions;
|
2015-08-26 07:52:18 +03:00
|
|
|
}
|
2015-11-10 06:44:29 +03:00
|
|
|
|
2015-11-28 04:25:53 +03:00
|
|
|
uc->mapped_blocks[uc->mapped_block_count] = block;
|
2015-08-26 07:52:18 +03:00
|
|
|
uc->mapped_block_count++;
|
2015-08-21 10:04:50 +03:00
|
|
|
|
|
|
|
|
return UC_ERR_OK;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-11 19:59:56 +03:00
|
|
|
static uc_err mem_map_check(uc_engine *uc, uint64_t address, size_t size, uint32_t perms)
|
2015-11-28 04:25:53 +03:00
|
|
|
{
|
2021-10-03 17:14:44 +03:00
|
|
|
if (size == 0) {
|
2016-01-11 19:26:23 +03:00
|
|
|
// invalid memory mapping
|
|
|
|
|
return UC_ERR_ARG;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2016-01-11 19:26:23 +03:00
|
|
|
|
|
|
|
|
// address cannot wrapp around
|
2021-10-03 17:14:44 +03:00
|
|
|
if (address + size - 1 < address) {
|
2016-01-11 19:26:23 +03:00
|
|
|
return UC_ERR_ARG;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2016-01-11 19:26:23 +03:00
|
|
|
|
|
|
|
|
// address must be aligned to uc->target_page_size
|
2021-10-03 17:14:44 +03:00
|
|
|
if ((address & uc->target_page_align) != 0) {
|
2016-01-11 19:26:23 +03:00
|
|
|
return UC_ERR_ARG;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2016-01-11 19:26:23 +03:00
|
|
|
|
|
|
|
|
// size must be multiple of uc->target_page_size
|
2021-10-03 17:14:44 +03:00
|
|
|
if ((size & uc->target_page_align) != 0) {
|
2016-01-11 19:26:23 +03:00
|
|
|
return UC_ERR_ARG;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2016-01-11 19:26:23 +03:00
|
|
|
|
|
|
|
|
// check for only valid permissions
|
2021-10-03 17:14:44 +03:00
|
|
|
if ((perms & ~UC_PROT_ALL) != 0) {
|
2016-01-11 19:26:23 +03:00
|
|
|
return UC_ERR_ARG;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2016-01-11 19:26:23 +03:00
|
|
|
|
2016-02-11 12:53:51 +03:00
|
|
|
// this area overlaps existing mapped regions?
|
|
|
|
|
if (memory_overlap(uc, address, size)) {
|
|
|
|
|
return UC_ERR_MAP;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-11 19:59:56 +03:00
|
|
|
return UC_ERR_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
|
|
|
|
uc_err uc_mem_map(uc_engine *uc, uint64_t address, size_t size, uint32_t perms)
|
|
|
|
|
{
|
|
|
|
|
uc_err res;
|
|
|
|
|
|
|
|
|
|
if (uc->mem_redirect) {
|
|
|
|
|
address = uc->mem_redirect(address);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res = mem_map_check(uc, address, size, perms);
|
2021-10-03 17:14:44 +03:00
|
|
|
if (res) {
|
2016-01-11 19:59:56 +03:00
|
|
|
return res;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2016-01-11 19:59:56 +03:00
|
|
|
|
2015-11-28 13:26:08 +03:00
|
|
|
return mem_map(uc, address, size, perms, uc->memory_map(uc, address, size, perms));
|
2015-11-28 04:25:53 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2015-11-28 12:36:11 +03:00
|
|
|
uc_err uc_mem_map_ptr(uc_engine *uc, uint64_t address, size_t size, uint32_t perms, void *ptr)
|
2015-11-28 04:25:53 +03:00
|
|
|
{
|
2016-01-11 19:59:56 +03:00
|
|
|
uc_err res;
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (ptr == NULL) {
|
2015-11-28 04:25:53 +03:00
|
|
|
return UC_ERR_ARG;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-11-28 04:25:53 +03:00
|
|
|
|
2015-12-28 10:19:30 +03:00
|
|
|
if (uc->mem_redirect) {
|
|
|
|
|
address = uc->mem_redirect(address);
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-11 19:59:56 +03:00
|
|
|
res = mem_map_check(uc, address, size, perms);
|
2021-10-03 17:14:44 +03:00
|
|
|
if (res) {
|
2016-01-11 19:59:56 +03:00
|
|
|
return res;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2016-01-11 19:59:56 +03:00
|
|
|
|
2015-11-28 12:36:11 +03:00
|
|
|
return mem_map(uc, address, size, UC_PROT_ALL, uc->memory_map_ptr(uc, address, size, perms, ptr));
|
2015-11-28 04:25:53 +03:00
|
|
|
}
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
UNICORN_EXPORT
|
|
|
|
|
uc_err uc_mmio_map(uc_engine *uc, uint64_t address, size_t size,
|
|
|
|
|
uc_cb_mmio_read_t read_cb, void *user_data_read,
|
|
|
|
|
uc_cb_mmio_write_t write_cb, void *user_data_write)
|
|
|
|
|
{
|
|
|
|
|
uc_err res;
|
|
|
|
|
|
|
|
|
|
if (uc->mem_redirect) {
|
|
|
|
|
address = uc->mem_redirect(address);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res = mem_map_check(uc, address, size, UC_PROT_ALL);
|
|
|
|
|
if (res)
|
|
|
|
|
return res;
|
|
|
|
|
|
|
|
|
|
// The callbacks do not need to be checked for NULL here, as their presence
|
|
|
|
|
// (or lack thereof) will determine the permissions used.
|
|
|
|
|
return mem_map(uc, address, size, UC_PROT_NONE,
|
|
|
|
|
uc->memory_map_io(uc, address, size, read_cb, write_cb, user_data_read, user_data_write));
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-03 20:02:38 +03:00
|
|
|
// Create a backup copy of the indicated MemoryRegion.
|
|
|
|
|
// Generally used in prepartion for splitting a MemoryRegion.
|
2015-09-04 05:15:49 +03:00
|
|
|
static uint8_t *copy_region(struct uc_struct *uc, MemoryRegion *mr)
|
2015-08-30 10:22:18 +03:00
|
|
|
{
|
2017-01-19 14:50:28 +03:00
|
|
|
uint8_t *block = (uint8_t *)g_malloc0((size_t)int128_get64(mr->size));
|
2015-08-30 10:22:18 +03:00
|
|
|
if (block != NULL) {
|
2017-01-19 14:50:28 +03:00
|
|
|
uc_err err = uc_mem_read(uc, mr->addr, block, (size_t)int128_get64(mr->size));
|
2015-08-30 10:22:18 +03:00
|
|
|
if (err != UC_ERR_OK) {
|
|
|
|
|
free(block);
|
|
|
|
|
block = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-09-03 20:02:38 +03:00
|
|
|
|
2015-08-30 10:22:18 +03:00
|
|
|
return block;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2015-09-03 13:16:49 +03:00
|
|
|
Split the given MemoryRegion at the indicated address for the indicated size
|
|
|
|
|
this may result in the create of up to 3 spanning sections. If the delete
|
|
|
|
|
parameter is true, the no new section will be created to replace the indicate
|
|
|
|
|
range. This functions exists to support uc_mem_protect and uc_mem_unmap.
|
|
|
|
|
|
2015-10-31 00:32:59 +03:00
|
|
|
This is a static function and callers have already done some preliminary
|
2015-09-03 13:16:49 +03:00
|
|
|
parameter validation.
|
2015-10-31 00:32:59 +03:00
|
|
|
|
2015-09-03 22:26:36 +03:00
|
|
|
The do_delete argument indicates that we are being called to support
|
|
|
|
|
uc_mem_unmap. In this case we save some time by choosing NOT to remap
|
|
|
|
|
the areas that are intended to get unmapped
|
2015-09-03 13:16:49 +03:00
|
|
|
*/
|
2015-09-03 20:02:38 +03:00
|
|
|
// TODO: investigate whether qemu region manipulation functions already offered
|
|
|
|
|
// this capability
|
2015-09-04 05:15:49 +03:00
|
|
|
static bool split_region(struct uc_struct *uc, MemoryRegion *mr, uint64_t address,
|
2015-09-03 22:26:36 +03:00
|
|
|
size_t size, bool do_delete)
|
2015-08-30 10:22:18 +03:00
|
|
|
{
|
|
|
|
|
uint8_t *backup;
|
|
|
|
|
uint32_t perms;
|
|
|
|
|
uint64_t begin, end, chunk_end;
|
|
|
|
|
size_t l_size, m_size, r_size;
|
2019-03-07 04:05:26 +03:00
|
|
|
RAMBlock *block = NULL;
|
|
|
|
|
bool prealloc = false;
|
2015-09-03 20:02:38 +03:00
|
|
|
|
2015-08-30 10:22:18 +03:00
|
|
|
chunk_end = address + size;
|
2015-09-04 04:20:13 +03:00
|
|
|
|
|
|
|
|
// if this region belongs to area [address, address+size],
|
|
|
|
|
// then there is no work to do.
|
2021-10-03 17:14:44 +03:00
|
|
|
if (address <= mr->addr && chunk_end >= mr->end) {
|
2015-08-30 10:22:18 +03:00
|
|
|
return true;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-30 10:22:18 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (size == 0) {
|
2015-09-04 04:20:13 +03:00
|
|
|
// trivial case
|
2015-08-30 10:22:18 +03:00
|
|
|
return true;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-30 10:22:18 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (address >= mr->end || chunk_end <= mr->addr) {
|
2015-09-04 04:20:13 +03:00
|
|
|
// impossible case
|
2015-08-30 10:22:18 +03:00
|
|
|
return false;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-30 10:22:18 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
QLIST_FOREACH(block, &uc->ram_list.blocks, next) {
|
|
|
|
|
if (block->offset <= mr->addr && block->used_length >= (mr->end - mr->addr)) {
|
2019-03-07 04:05:26 +03:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (block == NULL) {
|
2015-08-30 10:22:18 +03:00
|
|
|
return false;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-30 10:22:18 +03:00
|
|
|
|
2019-03-07 04:05:26 +03:00
|
|
|
// RAM_PREALLOC is not defined outside exec.c and I didn't feel like
|
|
|
|
|
// moving it
|
2021-10-03 17:14:44 +03:00
|
|
|
prealloc = !!(block->flags & 1);
|
2019-03-07 04:05:26 +03:00
|
|
|
|
|
|
|
|
if (block->flags & 1) {
|
|
|
|
|
backup = block->host;
|
|
|
|
|
} else {
|
|
|
|
|
backup = copy_region(uc, mr);
|
2021-10-03 17:14:44 +03:00
|
|
|
if (backup == NULL) {
|
2019-03-07 04:05:26 +03:00
|
|
|
return false;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2019-03-07 04:05:26 +03:00
|
|
|
}
|
|
|
|
|
|
2015-09-04 04:20:13 +03:00
|
|
|
// save the essential information required for the split before mr gets deleted
|
2015-08-30 10:22:18 +03:00
|
|
|
perms = mr->perms;
|
|
|
|
|
begin = mr->addr;
|
|
|
|
|
end = mr->end;
|
2015-09-03 13:16:49 +03:00
|
|
|
|
2015-09-04 04:20:13 +03:00
|
|
|
// unmap this region first, then do split it later
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc_mem_unmap(uc, mr->addr, (size_t)int128_get64(mr->size)) != UC_ERR_OK) {
|
2015-08-30 10:22:18 +03:00
|
|
|
goto error;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-30 10:22:18 +03:00
|
|
|
|
|
|
|
|
/* overlapping cases
|
|
|
|
|
* |------mr------|
|
|
|
|
|
* case 1 |---size--|
|
|
|
|
|
* case 2 |--size--|
|
|
|
|
|
* case 3 |---size--|
|
|
|
|
|
*/
|
|
|
|
|
|
2015-09-04 04:20:13 +03:00
|
|
|
// adjust some things
|
2021-10-03 17:14:44 +03:00
|
|
|
if (address < begin) {
|
2015-08-30 10:22:18 +03:00
|
|
|
address = begin;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
|
|
|
|
if (chunk_end > end) {
|
2015-08-30 10:22:18 +03:00
|
|
|
chunk_end = end;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-30 10:22:18 +03:00
|
|
|
|
2015-09-04 04:20:13 +03:00
|
|
|
// compute sub region sizes
|
2015-08-30 10:22:18 +03:00
|
|
|
l_size = (size_t)(address - begin);
|
|
|
|
|
r_size = (size_t)(end - chunk_end);
|
|
|
|
|
m_size = (size_t)(chunk_end - address);
|
|
|
|
|
|
2015-09-03 20:02:38 +03:00
|
|
|
// If there are error in any of the below operations, things are too far gone
|
|
|
|
|
// at that point to recover. Could try to remap orignal region, but these smaller
|
|
|
|
|
// allocation just failed so no guarantee that we can recover the original
|
|
|
|
|
// allocation at this point
|
2015-08-30 10:22:18 +03:00
|
|
|
if (l_size > 0) {
|
2019-03-07 04:05:26 +03:00
|
|
|
if (!prealloc) {
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc_mem_map(uc, begin, l_size, perms) != UC_ERR_OK) {
|
2019-03-07 04:05:26 +03:00
|
|
|
goto error;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
|
|
|
|
if (uc_mem_write(uc, begin, backup, l_size) != UC_ERR_OK) {
|
2019-03-07 04:05:26 +03:00
|
|
|
goto error;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2019-03-07 04:05:26 +03:00
|
|
|
} else {
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc_mem_map_ptr(uc, begin, l_size, perms, backup) != UC_ERR_OK) {
|
2019-03-07 04:05:26 +03:00
|
|
|
goto error;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2019-03-07 04:05:26 +03:00
|
|
|
}
|
2015-08-30 10:22:18 +03:00
|
|
|
}
|
2015-09-04 04:20:13 +03:00
|
|
|
|
2015-09-03 22:26:36 +03:00
|
|
|
if (m_size > 0 && !do_delete) {
|
2019-03-07 04:05:26 +03:00
|
|
|
if (!prealloc) {
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc_mem_map(uc, address, m_size, perms) != UC_ERR_OK) {
|
2019-03-07 04:05:26 +03:00
|
|
|
goto error;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
|
|
|
|
if (uc_mem_write(uc, address, backup + l_size, m_size) != UC_ERR_OK) {
|
2019-03-07 04:05:26 +03:00
|
|
|
goto error;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2019-03-07 04:05:26 +03:00
|
|
|
} else {
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc_mem_map_ptr(uc, address, m_size, perms, backup + l_size) != UC_ERR_OK) {
|
2019-03-07 04:05:26 +03:00
|
|
|
goto error;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2019-03-07 04:05:26 +03:00
|
|
|
}
|
2015-08-30 10:22:18 +03:00
|
|
|
}
|
2015-09-04 04:20:13 +03:00
|
|
|
|
2015-08-30 10:22:18 +03:00
|
|
|
if (r_size > 0) {
|
2019-03-07 04:05:26 +03:00
|
|
|
if (!prealloc) {
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc_mem_map(uc, chunk_end, r_size, perms) != UC_ERR_OK) {
|
2019-03-07 04:05:26 +03:00
|
|
|
goto error;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
|
|
|
|
if (uc_mem_write(uc, chunk_end, backup + l_size + m_size, r_size) != UC_ERR_OK) {
|
2019-03-07 04:05:26 +03:00
|
|
|
goto error;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2019-03-07 04:05:26 +03:00
|
|
|
} else {
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc_mem_map_ptr(uc, chunk_end, r_size, perms, backup + l_size + m_size) != UC_ERR_OK) {
|
2019-03-07 04:05:26 +03:00
|
|
|
goto error;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2019-03-07 04:05:26 +03:00
|
|
|
}
|
2015-08-30 10:22:18 +03:00
|
|
|
}
|
2015-09-04 04:20:13 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (!prealloc) {
|
2019-03-07 04:05:26 +03:00
|
|
|
free(backup);
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-30 10:22:18 +03:00
|
|
|
return true;
|
2015-09-04 04:20:13 +03:00
|
|
|
|
2015-08-30 10:22:18 +03:00
|
|
|
error:
|
2021-10-03 17:14:44 +03:00
|
|
|
if (!prealloc) {
|
2019-03-07 04:05:26 +03:00
|
|
|
free(backup);
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-30 10:22:18 +03:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-29 04:59:45 +03:00
|
|
|
UNICORN_EXPORT
|
2015-09-04 05:15:49 +03:00
|
|
|
uc_err uc_mem_protect(struct uc_struct *uc, uint64_t address, size_t size, uint32_t perms)
|
2015-08-29 04:59:45 +03:00
|
|
|
{
|
2015-08-30 07:17:30 +03:00
|
|
|
MemoryRegion *mr;
|
2015-09-03 20:02:38 +03:00
|
|
|
uint64_t addr = address;
|
|
|
|
|
size_t count, len;
|
2016-01-27 19:56:55 +03:00
|
|
|
bool remove_exec = false;
|
2015-08-29 04:59:45 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (size == 0) {
|
2015-09-01 23:40:19 +03:00
|
|
|
// trivial case, no change
|
|
|
|
|
return UC_ERR_OK;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-29 04:59:45 +03:00
|
|
|
|
2015-08-31 11:00:44 +03:00
|
|
|
// address must be aligned to uc->target_page_size
|
2021-10-03 17:14:44 +03:00
|
|
|
if ((address & uc->target_page_align) != 0) {
|
2015-09-09 11:54:47 +03:00
|
|
|
return UC_ERR_ARG;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-29 04:59:45 +03:00
|
|
|
|
2015-08-31 11:00:44 +03:00
|
|
|
// size must be multiple of uc->target_page_size
|
2021-10-03 17:14:44 +03:00
|
|
|
if ((size & uc->target_page_align) != 0) {
|
2015-09-09 11:54:47 +03:00
|
|
|
return UC_ERR_ARG;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-29 04:59:45 +03:00
|
|
|
|
|
|
|
|
// check for only valid permissions
|
2021-10-03 17:14:44 +03:00
|
|
|
if ((perms & ~UC_PROT_ALL) != 0) {
|
2015-09-09 11:54:47 +03:00
|
|
|
return UC_ERR_ARG;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-09-03 13:16:49 +03:00
|
|
|
|
2015-12-28 10:19:30 +03:00
|
|
|
if (uc->mem_redirect) {
|
|
|
|
|
address = uc->mem_redirect(address);
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-03 22:26:36 +03:00
|
|
|
// check that user's entire requested block is mapped
|
2021-10-03 17:14:44 +03:00
|
|
|
if (!check_mem_area(uc, address, size)) {
|
2015-09-01 23:40:19 +03:00
|
|
|
return UC_ERR_NOMEM;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-29 04:59:45 +03:00
|
|
|
|
2015-09-03 20:02:38 +03:00
|
|
|
// Now we know entire region is mapped, so change permissions
|
|
|
|
|
// We may need to split regions if this area spans adjacent regions
|
|
|
|
|
addr = address;
|
|
|
|
|
count = 0;
|
|
|
|
|
while(count < size) {
|
|
|
|
|
mr = memory_mapping(uc, addr);
|
2017-01-19 14:50:28 +03:00
|
|
|
len = (size_t)MIN(size - count, mr->end - addr);
|
2021-10-03 17:14:44 +03:00
|
|
|
if (!split_region(uc, mr, addr, len, false)) {
|
2015-09-01 23:40:19 +03:00
|
|
|
return UC_ERR_NOMEM;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-09-03 20:02:38 +03:00
|
|
|
|
|
|
|
|
mr = memory_mapping(uc, addr);
|
2016-01-27 19:56:55 +03:00
|
|
|
// will this remove EXEC permission?
|
2021-10-03 17:14:44 +03:00
|
|
|
if (((mr->perms & UC_PROT_EXEC) != 0) && ((perms & UC_PROT_EXEC) == 0)) {
|
2016-01-27 19:56:55 +03:00
|
|
|
remove_exec = true;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-09-03 20:02:38 +03:00
|
|
|
mr->perms = perms;
|
|
|
|
|
uc->readonly_mem(mr, (perms & UC_PROT_WRITE) == 0);
|
2015-09-03 22:26:36 +03:00
|
|
|
|
2015-09-03 20:02:38 +03:00
|
|
|
count += len;
|
|
|
|
|
addr += len;
|
2015-08-31 00:01:07 +03:00
|
|
|
}
|
2016-01-27 19:56:55 +03:00
|
|
|
|
|
|
|
|
// if EXEC permission is removed, then quit TB and continue at the same place
|
|
|
|
|
if (remove_exec) {
|
|
|
|
|
uc->quit_request = true;
|
|
|
|
|
uc_emu_stop(uc);
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-31 00:01:07 +03:00
|
|
|
return UC_ERR_OK;
|
2015-08-30 07:17:30 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2015-09-04 05:15:49 +03:00
|
|
|
uc_err uc_mem_unmap(struct uc_struct *uc, uint64_t address, size_t size)
|
2015-08-30 07:17:30 +03:00
|
|
|
{
|
|
|
|
|
MemoryRegion *mr;
|
2015-09-03 20:02:38 +03:00
|
|
|
uint64_t addr;
|
|
|
|
|
size_t count, len;
|
2015-08-30 07:17:30 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (size == 0) {
|
2015-08-30 07:17:30 +03:00
|
|
|
// nothing to unmap
|
|
|
|
|
return UC_ERR_OK;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-30 07:17:30 +03:00
|
|
|
|
2015-08-31 11:00:44 +03:00
|
|
|
// address must be aligned to uc->target_page_size
|
2021-10-03 17:14:44 +03:00
|
|
|
if ((address & uc->target_page_align) != 0) {
|
2015-09-09 11:54:47 +03:00
|
|
|
return UC_ERR_ARG;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-30 07:17:30 +03:00
|
|
|
|
2015-08-31 11:00:44 +03:00
|
|
|
// size must be multiple of uc->target_page_size
|
2021-10-03 17:14:44 +03:00
|
|
|
if ((size & uc->target_page_align) != 0) {
|
2017-08-01 13:59:55 +03:00
|
|
|
return UC_ERR_ARG;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-30 07:17:30 +03:00
|
|
|
|
2015-12-28 10:19:30 +03:00
|
|
|
if (uc->mem_redirect) {
|
|
|
|
|
address = uc->mem_redirect(address);
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-03 22:26:36 +03:00
|
|
|
// check that user's entire requested block is mapped
|
2021-10-03 17:14:44 +03:00
|
|
|
if (!check_mem_area(uc, address, size)) {
|
2015-09-01 23:40:19 +03:00
|
|
|
return UC_ERR_NOMEM;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-08-30 07:17:30 +03:00
|
|
|
|
2015-09-03 22:26:36 +03:00
|
|
|
// Now we know entire region is mapped, so do the unmap
|
2015-09-03 20:02:38 +03:00
|
|
|
// We may need to split regions if this area spans adjacent regions
|
|
|
|
|
addr = address;
|
|
|
|
|
count = 0;
|
|
|
|
|
while(count < size) {
|
|
|
|
|
mr = memory_mapping(uc, addr);
|
2017-01-19 14:50:28 +03:00
|
|
|
len = (size_t)MIN(size - count, mr->end - addr);
|
2021-10-03 17:14:44 +03:00
|
|
|
if (!split_region(uc, mr, addr, len, true)) {
|
2015-09-03 20:02:38 +03:00
|
|
|
return UC_ERR_NOMEM;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-10-27 20:26:59 +03:00
|
|
|
|
2015-09-04 04:20:13 +03:00
|
|
|
// if we can retrieve the mapping, then no splitting took place
|
2015-09-03 22:26:36 +03:00
|
|
|
// so unmap here
|
2015-09-03 20:02:38 +03:00
|
|
|
mr = memory_mapping(uc, addr);
|
2021-10-03 17:14:44 +03:00
|
|
|
if (mr != NULL) {
|
2015-09-03 22:26:36 +03:00
|
|
|
uc->memory_unmap(uc, mr);
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-09-03 20:02:38 +03:00
|
|
|
count += len;
|
|
|
|
|
addr += len;
|
2015-08-30 07:17:30 +03:00
|
|
|
}
|
2015-10-27 20:26:59 +03:00
|
|
|
|
2015-08-30 10:22:18 +03:00
|
|
|
return UC_ERR_OK;
|
2015-08-28 09:19:32 +03:00
|
|
|
}
|
|
|
|
|
|
2015-12-30 04:17:47 +03:00
|
|
|
// find the memory region of this address
|
2015-08-28 04:03:17 +03:00
|
|
|
MemoryRegion *memory_mapping(struct uc_struct* uc, uint64_t address)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
|
|
|
|
unsigned int i;
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (uc->mapped_block_count == 0) {
|
2015-09-21 17:17:26 +03:00
|
|
|
return NULL;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-09-21 17:17:26 +03:00
|
|
|
|
2015-10-27 09:37:03 +03:00
|
|
|
if (uc->mem_redirect) {
|
|
|
|
|
address = uc->mem_redirect(address);
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-04 10:40:47 +03:00
|
|
|
// try with the cache index first
|
|
|
|
|
i = uc->mapped_block_cache_index;
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
if (i < uc->mapped_block_count && address >= uc->mapped_blocks[i]->addr && address < uc->mapped_blocks[i]->end) {
|
2015-09-04 10:40:47 +03:00
|
|
|
return uc->mapped_blocks[i];
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
2015-09-04 10:40:47 +03:00
|
|
|
|
2015-08-26 07:52:18 +03:00
|
|
|
for(i = 0; i < uc->mapped_block_count; i++) {
|
2015-12-11 20:37:13 +03:00
|
|
|
if (address >= uc->mapped_blocks[i]->addr && address <= uc->mapped_blocks[i]->end - 1) {
|
2015-09-04 10:40:47 +03:00
|
|
|
// cache this index for the next query
|
|
|
|
|
uc->mapped_block_cache_index = i;
|
2015-08-28 09:19:32 +03:00
|
|
|
return uc->mapped_blocks[i];
|
2015-09-04 10:40:47 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// not found
|
2015-08-28 04:03:17 +03:00
|
|
|
return NULL;
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2016-02-11 03:02:13 +03:00
|
|
|
uc_err uc_hook_add(uc_engine *uc, uc_hook *hh, int type, void *callback,
|
|
|
|
|
void *user_data, uint64_t begin, uint64_t end, ...)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
|
|
|
|
int ret = UC_ERR_OK;
|
2016-02-11 03:02:13 +03:00
|
|
|
int i = 0;
|
2015-08-21 10:04:50 +03:00
|
|
|
|
2016-01-16 11:44:02 +03:00
|
|
|
struct hook *hook = calloc(1, sizeof(struct hook));
|
|
|
|
|
if (hook == NULL) {
|
|
|
|
|
return UC_ERR_NOMEM;
|
|
|
|
|
}
|
2016-02-11 03:02:13 +03:00
|
|
|
|
|
|
|
|
hook->begin = begin;
|
|
|
|
|
hook->end = end;
|
2016-01-16 11:44:02 +03:00
|
|
|
hook->type = type;
|
|
|
|
|
hook->callback = callback;
|
|
|
|
|
hook->user_data = user_data;
|
|
|
|
|
hook->refs = 0;
|
2020-05-07 09:24:48 +03:00
|
|
|
hook->to_delete = false;
|
2016-01-16 11:44:02 +03:00
|
|
|
*hh = (uc_hook)hook;
|
|
|
|
|
|
2016-02-11 04:27:30 +03:00
|
|
|
// UC_HOOK_INSN has an extra argument for instruction ID
|
2016-01-16 11:44:02 +03:00
|
|
|
if (type & UC_HOOK_INSN) {
|
2016-02-11 03:02:13 +03:00
|
|
|
va_list valist;
|
|
|
|
|
|
|
|
|
|
va_start(valist, end);
|
2016-01-16 11:44:02 +03:00
|
|
|
hook->insn = va_arg(valist, int);
|
2016-02-11 03:02:13 +03:00
|
|
|
va_end(valist);
|
|
|
|
|
|
2017-05-13 20:16:17 +03:00
|
|
|
if (uc->insn_hook_validate) {
|
|
|
|
|
if (! uc->insn_hook_validate(hook->insn)) {
|
|
|
|
|
free(hook);
|
|
|
|
|
return UC_ERR_HOOK;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-16 08:22:38 +03:00
|
|
|
if (uc->hook_insert) {
|
|
|
|
|
if (list_insert(&uc->hook[UC_HOOK_INSN_IDX], hook) == NULL) {
|
|
|
|
|
free(hook);
|
|
|
|
|
return UC_ERR_NOMEM;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if (list_append(&uc->hook[UC_HOOK_INSN_IDX], hook) == NULL) {
|
|
|
|
|
free(hook);
|
|
|
|
|
return UC_ERR_NOMEM;
|
|
|
|
|
}
|
2016-01-16 11:44:02 +03:00
|
|
|
}
|
2016-02-11 03:02:13 +03:00
|
|
|
|
2016-01-16 11:44:02 +03:00
|
|
|
hook->refs++;
|
|
|
|
|
return UC_ERR_OK;
|
|
|
|
|
}
|
2015-09-24 09:18:02 +03:00
|
|
|
|
2016-01-16 11:44:02 +03:00
|
|
|
while ((type >> i) > 0) {
|
|
|
|
|
if ((type >> i) & 1) {
|
|
|
|
|
// TODO: invalid hook error?
|
|
|
|
|
if (i < UC_HOOK_MAX) {
|
2017-06-16 08:22:38 +03:00
|
|
|
if (uc->hook_insert) {
|
|
|
|
|
if (list_insert(&uc->hook[i], hook) == NULL) {
|
|
|
|
|
if (hook->refs == 0) {
|
|
|
|
|
free(hook);
|
|
|
|
|
}
|
|
|
|
|
return UC_ERR_NOMEM;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if (list_append(&uc->hook[i], hook) == NULL) {
|
|
|
|
|
if (hook->refs == 0) {
|
|
|
|
|
free(hook);
|
|
|
|
|
}
|
|
|
|
|
return UC_ERR_NOMEM;
|
2016-01-16 11:44:02 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
hook->refs++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
i++;
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
|
|
|
|
|
2016-01-16 11:44:02 +03:00
|
|
|
// we didn't use the hook
|
|
|
|
|
// TODO: return an error?
|
|
|
|
|
if (hook->refs == 0) {
|
|
|
|
|
free(hook);
|
|
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-07 09:24:48 +03:00
|
|
|
|
2015-08-21 10:04:50 +03:00
|
|
|
UNICORN_EXPORT
|
2015-09-05 06:20:32 +03:00
|
|
|
uc_err uc_hook_del(uc_engine *uc, uc_hook hh)
|
2015-08-21 10:04:50 +03:00
|
|
|
{
|
2016-12-21 19:50:40 +03:00
|
|
|
int i;
|
2016-03-26 06:25:18 +03:00
|
|
|
struct hook *hook = (struct hook *)hh;
|
2020-05-07 09:24:48 +03:00
|
|
|
|
2016-12-21 19:50:40 +03:00
|
|
|
// we can't dereference hook->type if hook is invalid
|
|
|
|
|
// so for now we need to iterate over all possible types to remove the hook
|
|
|
|
|
// which is less efficient
|
|
|
|
|
// an optimization would be to align the hook pointer
|
|
|
|
|
// and store the type mask in the hook pointer.
|
|
|
|
|
for (i = 0; i < UC_HOOK_MAX; i++) {
|
2020-05-07 09:30:22 +03:00
|
|
|
if (list_exists(&uc->hook[i], (void *) hook)) {
|
2020-05-07 09:24:48 +03:00
|
|
|
hook->to_delete = true;
|
|
|
|
|
list_append(&uc->hooks_to_del, hook);
|
2016-01-16 11:44:02 +03:00
|
|
|
}
|
|
|
|
|
}
|
2020-05-07 09:24:48 +03:00
|
|
|
|
2016-01-16 11:44:02 +03:00
|
|
|
return UC_ERR_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TCG helper
|
2021-10-03 17:14:44 +03:00
|
|
|
void helper_uc_tracecode(int32_t size, uc_hook_idx index, void *handle, int64_t address);
|
|
|
|
|
void helper_uc_tracecode(int32_t size, uc_hook_idx index, void *handle, int64_t address)
|
2016-01-16 11:44:02 +03:00
|
|
|
{
|
|
|
|
|
struct uc_struct *uc = handle;
|
2020-05-07 09:24:48 +03:00
|
|
|
struct list_item *cur;
|
2016-01-23 05:28:17 +03:00
|
|
|
struct hook *hook;
|
2021-10-03 17:14:44 +03:00
|
|
|
int hook_flags = index & UC_HOOK_FLAG_MASK; // The index here may contain additional flags. See the comments of uc_hook_idx for details.
|
|
|
|
|
|
|
|
|
|
index = index & UC_HOOK_IDX_MASK;
|
2016-01-16 11:44:02 +03:00
|
|
|
|
|
|
|
|
// sync PC in CPUArchState with address
|
|
|
|
|
if (uc->set_pc) {
|
|
|
|
|
uc->set_pc(uc, address);
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
// the last callback may already asked to stop emulation
|
|
|
|
|
if (uc->stop_request && !(hook_flags & UC_HOOK_FLAG_NO_STOP)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (cur = uc->hook[index].head; cur != NULL && (hook = (struct hook *)cur->data); cur = cur->next) {
|
|
|
|
|
if (hook->to_delete) {
|
2020-05-07 09:24:48 +03:00
|
|
|
continue;
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// on invalid block/instruction, call instruction counter (if enable), then quit
|
|
|
|
|
if (size == 0) {
|
|
|
|
|
if (index == UC_HOOK_CODE_IDX && uc->count_hook) {
|
|
|
|
|
// this is the instruction counter (first hook in the list)
|
|
|
|
|
((uc_cb_hookcode_t)hook->callback)(uc, address, size, hook->user_data);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-19 14:50:28 +03:00
|
|
|
if (HOOK_BOUND_CHECK(hook, (uint64_t)address)) {
|
2016-01-25 14:51:35 +03:00
|
|
|
((uc_cb_hookcode_t)hook->callback)(uc, address, size, hook->user_data);
|
|
|
|
|
}
|
2021-10-03 17:14:44 +03:00
|
|
|
|
|
|
|
|
// the last callback may already asked to stop emulation
|
|
|
|
|
// Unicorn:
|
|
|
|
|
// In an ARM IT block, we behave like the emulation continues normally. No check_exit_request
|
|
|
|
|
// is generated and the hooks are triggered normally. In other words, the whole IT block is
|
|
|
|
|
// treated as a single instruction.
|
|
|
|
|
if (uc->stop_request && !(hook_flags & UC_HOOK_FLAG_NO_STOP)) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2016-01-23 05:28:17 +03:00
|
|
|
}
|
2015-08-21 10:04:50 +03:00
|
|
|
}
|
2016-01-16 11:57:17 +03:00
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2021-10-03 17:14:44 +03:00
|
|
|
uc_err uc_mem_regions(uc_engine *uc, uc_mem_region **regions, uint32_t *count)
|
2016-01-16 11:57:17 +03:00
|
|
|
{
|
|
|
|
|
uint32_t i;
|
|
|
|
|
uc_mem_region *r = NULL;
|
|
|
|
|
|
|
|
|
|
*count = uc->mapped_block_count;
|
|
|
|
|
|
|
|
|
|
if (*count) {
|
2016-08-11 18:15:50 +03:00
|
|
|
r = g_malloc0(*count * sizeof(uc_mem_region));
|
2016-01-16 11:57:17 +03:00
|
|
|
if (r == NULL) {
|
|
|
|
|
// out of memory
|
|
|
|
|
return UC_ERR_NOMEM;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < *count; i++) {
|
|
|
|
|
r[i].begin = uc->mapped_blocks[i]->addr;
|
|
|
|
|
r[i].end = uc->mapped_blocks[i]->end - 1;
|
|
|
|
|
r[i].perms = uc->mapped_blocks[i]->perms;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*regions = r;
|
|
|
|
|
|
|
|
|
|
return UC_ERR_OK;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-23 12:14:44 +03:00
|
|
|
UNICORN_EXPORT
|
|
|
|
|
uc_err uc_query(uc_engine *uc, uc_query_type type, size_t *result)
|
|
|
|
|
{
|
2020-05-24 18:54:45 +03:00
|
|
|
switch(type) {
|
|
|
|
|
default:
|
|
|
|
|
return UC_ERR_ARG;
|
2016-07-08 20:49:43 +03:00
|
|
|
|
2020-05-24 18:54:45 +03:00
|
|
|
case UC_QUERY_PAGE_SIZE:
|
|
|
|
|
*result = uc->target_page_size;
|
|
|
|
|
break;
|
2017-05-21 04:47:02 +03:00
|
|
|
|
2020-05-24 18:54:45 +03:00
|
|
|
case UC_QUERY_ARCH:
|
|
|
|
|
*result = uc->arch;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case UC_QUERY_MODE:
|
2017-02-24 05:00:36 +03:00
|
|
|
#ifdef UNICORN_HAS_ARM
|
2020-05-24 18:54:45 +03:00
|
|
|
if (uc->arch == UC_ARCH_ARM) {
|
|
|
|
|
return uc->query(uc, type, result);
|
|
|
|
|
}
|
2017-02-24 05:00:36 +03:00
|
|
|
#endif
|
2021-10-03 17:14:44 +03:00
|
|
|
return UC_ERR_ARG;
|
2020-05-24 18:54:45 +03:00
|
|
|
|
|
|
|
|
case UC_QUERY_TIMEOUT:
|
|
|
|
|
*result = uc->timed_out;
|
|
|
|
|
break;
|
2016-01-23 12:14:44 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return UC_ERR_OK;
|
|
|
|
|
}
|
2016-08-20 14:14:07 +03:00
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
2016-10-07 21:39:42 +03:00
|
|
|
uc_err uc_context_alloc(uc_engine *uc, uc_context **context)
|
2016-09-09 21:55:20 +03:00
|
|
|
{
|
2016-10-11 00:04:51 +03:00
|
|
|
struct uc_context **_context = context;
|
2020-09-23 19:53:23 +03:00
|
|
|
size_t size = uc_context_size(uc);
|
2016-10-12 06:05:32 +03:00
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
*_context = g_malloc(size);
|
2016-10-11 00:04:51 +03:00
|
|
|
if (*_context) {
|
2020-06-05 15:12:44 +03:00
|
|
|
(*_context)->jmp_env_size = sizeof(*uc->cpu->jmp_env);
|
2021-10-03 17:14:44 +03:00
|
|
|
(*_context)->context_size = uc->cpu_context_size;
|
|
|
|
|
(*_context)->arch = uc->arch;
|
|
|
|
|
(*_context)->mode = uc->mode;
|
2020-09-24 17:28:55 +03:00
|
|
|
(*_context)->uc = uc;
|
|
|
|
|
if (list_insert(&uc->saved_contexts, *_context)) {
|
|
|
|
|
return UC_ERR_OK;
|
|
|
|
|
} else {
|
|
|
|
|
return UC_ERR_NOMEM;
|
|
|
|
|
}
|
2016-10-07 21:39:42 +03:00
|
|
|
} else {
|
|
|
|
|
return UC_ERR_NOMEM;
|
2016-08-20 14:14:07 +03:00
|
|
|
}
|
2016-10-07 21:39:42 +03:00
|
|
|
}
|
2016-08-20 14:14:07 +03:00
|
|
|
|
2016-10-07 21:39:42 +03:00
|
|
|
UNICORN_EXPORT
|
2017-01-10 15:59:14 +03:00
|
|
|
uc_err uc_free(void *mem)
|
2016-10-07 21:39:42 +03:00
|
|
|
{
|
2017-01-09 15:52:14 +03:00
|
|
|
g_free(mem);
|
2016-10-07 21:39:42 +03:00
|
|
|
return UC_ERR_OK;
|
2016-08-20 14:14:07 +03:00
|
|
|
}
|
|
|
|
|
|
2019-09-07 14:09:17 +03:00
|
|
|
UNICORN_EXPORT
|
|
|
|
|
size_t uc_context_size(uc_engine *uc)
|
|
|
|
|
{
|
2020-06-05 15:12:44 +03:00
|
|
|
// return the total size of struct uc_context
|
2021-10-03 17:14:44 +03:00
|
|
|
return sizeof(uc_context) + uc->cpu_context_size + sizeof(*uc->cpu->jmp_env);
|
2019-09-07 14:09:17 +03:00
|
|
|
}
|
|
|
|
|
|
2016-08-20 14:14:07 +03:00
|
|
|
UNICORN_EXPORT
|
2016-10-07 21:39:42 +03:00
|
|
|
uc_err uc_context_save(uc_engine *uc, uc_context *context)
|
2016-09-09 21:55:20 +03:00
|
|
|
{
|
2020-06-05 15:12:44 +03:00
|
|
|
memcpy(context->data, uc->cpu->env_ptr, context->context_size);
|
|
|
|
|
memcpy(context->data + context->context_size, uc->cpu->jmp_env, context->jmp_env_size);
|
|
|
|
|
|
2016-10-11 23:07:14 +03:00
|
|
|
return UC_ERR_OK;
|
2016-10-07 21:39:42 +03:00
|
|
|
}
|
|
|
|
|
|
2021-10-03 17:14:44 +03:00
|
|
|
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
|
|
|
|
uc_err uc_context_reg_write(uc_context *ctx, int regid, const void *value)
|
|
|
|
|
{
|
|
|
|
|
return uc_context_reg_write_batch(ctx, ®id, (void *const *)&value, 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
|
|
|
|
uc_err uc_context_reg_read(uc_context *ctx, int regid, void *value)
|
|
|
|
|
{
|
|
|
|
|
return uc_context_reg_read_batch(ctx, ®id, &value, 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Keep in mind that we don't a uc_engine when r/w the registers of a context.
|
|
|
|
|
static void find_context_reg_rw_function(uc_arch arch, uc_mode mode, context_reg_rw_t *rw)
|
|
|
|
|
{
|
|
|
|
|
// We believe that the arch/mode pair is correct.
|
|
|
|
|
switch(arch) {
|
|
|
|
|
default:
|
|
|
|
|
rw->context_reg_read = NULL;
|
|
|
|
|
rw->context_reg_write = NULL;
|
|
|
|
|
break;
|
|
|
|
|
#ifdef UNICORN_HAS_M68K
|
|
|
|
|
case UC_ARCH_M68K:
|
|
|
|
|
rw->context_reg_read = m68k_context_reg_read;
|
|
|
|
|
rw->context_reg_write = m68k_context_reg_write;
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_X86
|
|
|
|
|
case UC_ARCH_X86:
|
|
|
|
|
rw->context_reg_read = x86_context_reg_read;
|
|
|
|
|
rw->context_reg_write = x86_context_reg_write;
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_ARM
|
|
|
|
|
case UC_ARCH_ARM:
|
|
|
|
|
if (mode & UC_MODE_BIG_ENDIAN) {
|
|
|
|
|
rw->context_reg_read = armeb_context_reg_read;
|
|
|
|
|
rw->context_reg_write = armeb_context_reg_write;
|
|
|
|
|
} else {
|
|
|
|
|
rw->context_reg_read = arm_context_reg_read;
|
|
|
|
|
rw->context_reg_write = arm_context_reg_write;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_ARM64
|
|
|
|
|
case UC_ARCH_ARM64:
|
|
|
|
|
if (mode & UC_MODE_BIG_ENDIAN) {
|
|
|
|
|
rw->context_reg_read = arm64eb_context_reg_read;
|
|
|
|
|
rw->context_reg_write = arm64eb_context_reg_write;
|
|
|
|
|
} else {
|
|
|
|
|
rw->context_reg_read = arm64_context_reg_read;
|
|
|
|
|
rw->context_reg_write = arm64_context_reg_write;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if defined(UNICORN_HAS_MIPS) || defined(UNICORN_HAS_MIPSEL) || defined(UNICORN_HAS_MIPS64) || defined(UNICORN_HAS_MIPS64EL)
|
|
|
|
|
case UC_ARCH_MIPS:
|
|
|
|
|
if (mode & UC_MODE_BIG_ENDIAN) {
|
|
|
|
|
#ifdef UNICORN_HAS_MIPS
|
|
|
|
|
if (mode & UC_MODE_MIPS32) {
|
|
|
|
|
rw->context_reg_read = mips_context_reg_read;
|
|
|
|
|
rw->context_reg_write = mips_context_reg_write;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_MIPS64
|
|
|
|
|
if (mode & UC_MODE_MIPS64) {
|
|
|
|
|
rw->context_reg_read = mips64_context_reg_read;
|
|
|
|
|
rw->context_reg_write = mips64_context_reg_write;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
} else { // little endian
|
|
|
|
|
#ifdef UNICORN_HAS_MIPSEL
|
|
|
|
|
if (mode & UC_MODE_MIPS32) {
|
|
|
|
|
rw->context_reg_read = mipsel_context_reg_read;
|
|
|
|
|
rw->context_reg_write = mipsel_context_reg_write;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_MIPS64EL
|
|
|
|
|
if (mode & UC_MODE_MIPS64) {
|
|
|
|
|
rw->context_reg_read = mips64el_context_reg_read;
|
|
|
|
|
rw->context_reg_write = mips64el_context_reg_write;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef UNICORN_HAS_SPARC
|
|
|
|
|
case UC_ARCH_SPARC:
|
|
|
|
|
if (mode & UC_MODE_SPARC64) {
|
|
|
|
|
rw->context_reg_read = sparc64_context_reg_read;
|
|
|
|
|
rw->context_reg_write = sparc64_context_reg_write;
|
|
|
|
|
} else {
|
|
|
|
|
rw->context_reg_read = sparc_context_reg_read;
|
|
|
|
|
rw->context_reg_write = sparc_context_reg_write;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_PPC
|
|
|
|
|
case UC_ARCH_PPC:
|
|
|
|
|
if (mode & UC_MODE_PPC64) {
|
|
|
|
|
rw->context_reg_read = ppc64_context_reg_read;
|
|
|
|
|
rw->context_reg_write = ppc64_context_reg_write;
|
|
|
|
|
} else {
|
|
|
|
|
rw->context_reg_read = ppc_context_reg_read;
|
|
|
|
|
rw->context_reg_write = ppc_context_reg_write;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef UNICORN_HAS_RISCV
|
|
|
|
|
case UC_ARCH_RISCV:
|
|
|
|
|
if (mode & UC_MODE_RISCV32) {
|
|
|
|
|
rw->context_reg_read = riscv32_context_reg_read;
|
|
|
|
|
rw->context_reg_write = riscv32_context_reg_write;
|
|
|
|
|
} else if (mode & UC_MODE_RISCV64) {
|
|
|
|
|
rw->context_reg_read = riscv64_context_reg_read;
|
|
|
|
|
rw->context_reg_write = riscv64_context_reg_write;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
|
|
|
|
uc_err uc_context_reg_write_batch(uc_context *ctx, int *ids, void *const *vals, int count)
|
|
|
|
|
{
|
|
|
|
|
int ret = UC_ERR_OK;
|
|
|
|
|
context_reg_rw_t rw;
|
|
|
|
|
|
|
|
|
|
find_context_reg_rw_function(ctx->arch, ctx->mode, &rw);
|
|
|
|
|
if (rw.context_reg_write) {
|
|
|
|
|
ret = rw.context_reg_write(ctx, (unsigned int *)ids, vals, count);
|
|
|
|
|
} else {
|
|
|
|
|
return UC_ERR_HANDLE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
|
|
|
|
uc_err uc_context_reg_read_batch(uc_context *ctx, int *ids, void **vals, int count)
|
|
|
|
|
{
|
|
|
|
|
int ret = UC_ERR_OK;
|
|
|
|
|
context_reg_rw_t rw;
|
|
|
|
|
|
|
|
|
|
find_context_reg_rw_function(ctx->arch, ctx->mode, &rw);
|
|
|
|
|
if (rw.context_reg_read) {
|
|
|
|
|
ret = rw.context_reg_read(ctx, (unsigned int *)ids, vals, count);
|
|
|
|
|
} else {
|
|
|
|
|
return UC_ERR_HANDLE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-07 21:39:42 +03:00
|
|
|
UNICORN_EXPORT
|
|
|
|
|
uc_err uc_context_restore(uc_engine *uc, uc_context *context)
|
|
|
|
|
{
|
2020-06-05 15:12:44 +03:00
|
|
|
memcpy(uc->cpu->env_ptr, context->data, context->context_size);
|
2020-09-24 17:28:55 +03:00
|
|
|
if (list_exists(&uc->saved_contexts, context)) {
|
|
|
|
|
memcpy(uc->cpu->jmp_env, context->data + context->context_size, context->jmp_env_size);
|
|
|
|
|
}
|
2020-06-05 15:12:44 +03:00
|
|
|
|
2016-10-11 23:07:14 +03:00
|
|
|
return UC_ERR_OK;
|
2016-08-20 14:14:07 +03:00
|
|
|
}
|
2020-09-24 17:28:55 +03:00
|
|
|
|
|
|
|
|
UNICORN_EXPORT
|
|
|
|
|
uc_err uc_context_free(uc_context *context)
|
|
|
|
|
{
|
|
|
|
|
uc_engine* uc = context->uc;
|
|
|
|
|
// if uc is NULL, it means that uc_engine has been free-ed.
|
|
|
|
|
if (uc) {
|
|
|
|
|
list_remove(&uc->saved_contexts, context);
|
|
|
|
|
}
|
|
|
|
|
return uc_free(context);
|
2021-10-03 17:14:44 +03:00
|
|
|
}
|
