mirrors
/
unicorn
mirror of https://github.com/unicorn-engine/unicorn
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Format code

This commit is contained in:
lazymio 2022-06-02 14:46:26 +02:00
parent fdd129fd30
commit 6d61aec82f
No known key found for this signature in database
GPG Key ID: DFF27E34A47CB873
3 changed files with 42 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
include/uc_priv.h
View File

@ -422,33 +422,39 @@ typedef struct HookedRegion {
} HookedRegion;
// hooked_regions related functions
static inline guint hooked_regions_hash(const void* p) {
HookedRegion *region = (HookedRegion*)p;
static inline guint hooked_regions_hash(const void *p)
{
HookedRegion *region = (HookedRegion *)p;
return qemu_xxhash4(region->start, region->length);
}
static inline gboolean hooked_regions_equal(const void* lhs, const void* rhs) {
HookedRegion *l = (HookedRegion*)lhs;
HookedRegion *r = (HookedRegion*)rhs;
static inline gboolean hooked_regions_equal(const void *lhs, const void *rhs)
{
HookedRegion *l = (HookedRegion *)lhs;
HookedRegion *r = (HookedRegion *)rhs;
return l->start == r->start && l->length == r->length;
}
static inline void hooked_regions_add(struct hook* h, uint64_t start, uint64_t length) {
static inline void hooked_regions_add(struct hook *h, uint64_t start,
uint64_t length)
{
HookedRegion tmp;
tmp.start = start;
tmp.length = length;
if (!g_hash_table_lookup(h->hooked_regions, (void*)&tmp)) {
HookedRegion* r = malloc(sizeof(HookedRegion));
if (!g_hash_table_lookup(h->hooked_regions, (void *)&tmp)) {
HookedRegion *r = malloc(sizeof(HookedRegion));
r->start = start;
r->length = length;
g_hash_table_insert(h->hooked_regions, (void*)r, (void*)1);
g_hash_table_insert(h->hooked_regions, (void *)r, (void *)1);
}
}
static inline void hooked_regions_check_single(struct list_item *cur, uint64_t start, uint64_t length) {
static inline void hooked_regions_check_single(struct list_item *cur,
uint64_t start, uint64_t length)
{
while (cur != NULL) {
if (HOOK_BOUND_CHECK((struct hook *)cur->data, start)) {
hooked_regions_add((struct hook *)cur->data, start, length);
@ -457,10 +463,13 @@ static inline void hooked_regions_check_single(struct list_item *cur, uint64_t s
}
}
static inline void hooked_regions_check(uc_engine *uc, uint64_t start, uint64_t length) {
static inline void hooked_regions_check(uc_engine *uc, uint64_t start,
uint64_t length)
{
// Only UC_HOOK_BLOCK and UC_HOOK_CODE might be wrongle cached!
hooked_regions_check_single(uc->hook[UC_HOOK_CODE_IDX].head, start, length);
hooked_regions_check_single(uc->hook[UC_HOOK_BLOCK_IDX].head, start, length);
hooked_regions_check_single(uc->hook[UC_HOOK_BLOCK_IDX].head, start,
length);
}
#ifdef UNICORN_TRACER

23
tests/unit/test_ctl.c
View File

@ -227,31 +227,37 @@ static void test_uc_ctl_arm_cpu(void)
OK(uc_close(uc));
}
static void test_uc_hook_cached_cb(uc_engine* uc, uint64_t addr, size_t size, void* user_data) {
// Don't add any TEST_CHECK here since we can't refer to the global variable here.
uint64_t* p = (uint64_t*)user_data;
static void test_uc_hook_cached_cb(uc_engine *uc, uint64_t addr, size_t size,
void *user_data)
{
// Don't add any TEST_CHECK here since we can't refer to the global variable
// here.
uint64_t *p = (uint64_t *)user_data;
(*p)++;
return;
}
static void test_uc_hook_cached_uaf(void)
{
uc_engine* uc;
uc_engine *uc;
// "INC ecx; DEC edx; jmp t; t: nop"
char code[] = "\x41\x4a\xeb\x00\x90";
uc_hook h;
uint64_t count = 0;
#ifndef _WIN32
void* callback = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
void *callback = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
#else
void* callback = VirtualAlloc(NULL, 4096, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE)
void *callback = VirtualAlloc(NULL, 4096, MEM_RESERVE | MEM_COMMIT,
PAGE_EXECUTE_READWRITE)
#endif
memcpy(callback, (void*)test_uc_hook_cached_cb, 4096);
memcpy(callback, (void *)test_uc_hook_cached_cb, 4096);
uc_common_setup(&uc, UC_ARCH_X86, UC_MODE_32, code, sizeof(code) - 1);
OK(uc_hook_add(uc, &h, UC_HOOK_CODE, (void*)callback, (void*)&count, 1, 0));
OK(uc_hook_add(uc, &h, UC_HOOK_CODE, (void *)callback, (void *)&count, 1,
0));
OK(uc_emu_start(uc, code_start, code_start + sizeof(code) - 1, 0, 0));
@ -275,7 +281,6 @@ static void test_uc_hook_cached_uaf(void)
#else
VirtualFree(callback, 0, MEM_RELEASE);
#endif
}
TEST_LIST = {{"test_uc_ctl_mode", test_uc_ctl_mode},

12
uc.c
View File

@ -49,10 +49,10 @@ static void *hook_append(struct list *l, struct hook *h)
return item;
}
static void hook_invalidate_region(void* key, void* data, void* opaq)
static void hook_invalidate_region(void *key, void *data, void *opaq)
{
uc_engine* uc = (uc_engine*)opaq;
HookedRegion* region = (HookedRegion*)key;
uc_engine *uc = (uc_engine *)opaq;
HookedRegion *region = (HookedRegion *)key;
uc->uc_invalidate_tb(uc, region->start, region->length);
}
@ -1570,7 +1570,8 @@ uc_err uc_hook_add(uc_engine *uc, uc_hook *hh, int type, void *callback,
hook->user_data = user_data;
hook->refs = 0;
hook->to_delete = false;
hook->hooked_regions = g_hash_table_new_full(hooked_regions_hash, hooked_regions_equal, g_free, NULL);
hook->hooked_regions = g_hash_table_new_full(
hooked_regions_hash, hooked_regions_equal, g_free, NULL);
*hh = (uc_hook)hook;
// UC_HOOK_INSN has an extra argument for instruction ID
@ -1680,7 +1681,8 @@ uc_err uc_hook_del(uc_engine *uc, uc_hook hh)
// and store the type mask in the hook pointer.
for (i = 0; i < UC_HOOK_MAX; i++) {
if (list_exists(&uc->hook[i], (void *)hook)) {
g_hash_table_foreach(hook->hooked_regions, hook_invalidate_region, uc);
g_hash_table_foreach(hook->hooked_regions, hook_invalidate_region,
uc);
g_hash_table_remove_all(hook->hooked_regions);
hook->to_delete = true;
uc->hooks_count[i]--;