From 2599d41404e10cfd53008e8242ab9f37e50f5289 Mon Sep 17 00:00:00 2001 From: Nguyen Anh Quynh Date: Thu, 24 Sep 2015 19:21:31 +0800 Subject: [PATCH] add some hooking macros for all kind of memory access events --- include/unicorn/unicorn.h | 19 +++++++++++++++++++ samples/mem_apis.c | 3 +-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/include/unicorn/unicorn.h b/include/unicorn/unicorn.h index 52f9cd1f..dd7e5536 100644 --- a/include/unicorn/unicorn.h +++ b/include/unicorn/unicorn.h @@ -181,6 +181,25 @@ typedef enum uc_hook_type { UC_HOOK_MEM_FETCH = 1 << 12, // Hook memory fetch for execution events } uc_hook_type; +// hook type for all events of unmapped memory access +#define UC_HOOK_MEM_INVALID (UC_HOOK_MEM_READ_INVALID + UC_HOOK_MEM_WRITE_INVALID + UC_HOOK_MEM_FETCH_INVALID) +// hook type for all events of illegal protected memory access +#define UC_HOOK_MEM_PROT (UC_HOOK_MEM_READ_PROT + UC_HOOK_MEM_WRITE_PROT + UC_HOOK_MEM_FETCH_PROT) +// hook type for all events of illegal read memory access +#define UC_HOOK_MEM_READ_ERR (UC_HOOK_MEM_READ_PROT + UC_HOOK_MEM_READ_INVALID) +// hook type for all events of illegal write memory access +#define UC_HOOK_MEM_WRITE_ERR (UC_HOOK_MEM_WRITE_PROT + UC_HOOK_MEM_WRITE_INVALID) +// hook type for all events of illegal fetch memory access +#define UC_HOOK_MEM_FETCH_ERR (UC_HOOK_MEM_FETCH_PROT + UC_HOOK_MEM_FETCH_INVALID) +// hook type for all events of illegal memory access +#define UC_HOOK_MEM_ERR (UC_HOOK_MEM_INVALID + UC_HOOK_MEM_PROT) +// hook type for all events of read memory access +#define UC_HOOK_MEM_READ_ALL (UC_HOOK_MEM_READ_ERR + UC_HOOK_MEM_READ) +// hook type for all events of write memory access +#define UC_HOOK_MEM_WRITE_ALL (UC_HOOK_MEM_WRITE_ERR + UC_HOOK_MEM_WRITE) +// hook type for all events of fetch memory access +#define UC_HOOK_MEM_FETCH_ALL (UC_HOOK_MEM_FETCH_ERR + UC_HOOK_MEM_FETCH) + // Callback function for hooking memory (UC_MEM_READ, UC_MEM_WRITE & UC_MEM_FETCH) // @type: this memory is being READ, or WRITE // @address: address where the code is being executed diff --git a/samples/mem_apis.c b/samples/mem_apis.c index fea1a834..28f2b60c 100644 --- a/samples/mem_apis.c +++ b/samples/mem_apis.c @@ -147,8 +147,7 @@ static void do_nx_demo(bool cause_fault) // intercept code and invalid memory events if (uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, (uint64_t)1, (uint64_t)0) != UC_ERR_OK || - uc_hook_add(uc, &trace1, - UC_HOOK_MEM_READ_INVALID | UC_HOOK_MEM_WRITE_INVALID | UC_HOOK_MEM_FETCH_INVALID | UC_HOOK_MEM_FETCH_PROT | UC_HOOK_MEM_WRITE_PROT | UC_HOOK_MEM_READ_PROT, + uc_hook_add(uc, &trace1, UC_HOOK_MEM_ERR, hook_mem_invalid, NULL) != UC_ERR_OK) { printf("not ok - Failed to install hooks\n"); return;