added tests with enter/leave

2016-07-31 03:19:52 +02:00 · 2016-07-31 03:19:52 +02:00 · ae8e34173a
commit ae8e34173a
parent 1ecc5abdbc
2 changed files with 490 additions and 3 deletions
--- a/tests/unit/Makefile
+++ b/tests/unit/Makefile
@ -13,7 +13,7 @@ endif

 ALL_TESTS = test_sanity test_x86 test_mem_map test_mem_high test_mem_map_ptr \
 	test_tb_x86 test_multihook test_pc_change test_x86_soft_paging \
-        test_hookcounts test_hang test_x86_shl
+        test_hookcounts test_hang test_x86_shl_enter_leave

 .PHONY: all
 all: ${ALL_TESTS}
@ -36,7 +36,7 @@ test: ${ALL_TESTS}
 	./test_x86_soft_paging
 	./test_hookcounts
 	./test_hang
-	./test_x86_shl
+	./test_x86_shl_enter_leave

 test_sanity: test_sanity.c
 test_x86: test_x86.c
@ -49,7 +49,7 @@ test_pc_change: test_pc_change.c
 test_x86_soft_paging: test_x86_soft_paging.c
 test_hookcounts: test_hookcounts.c
 test_hang: test_hang.c
-test_x86_shl: test_x86_shl.c
+test_x86_shl_enter_leave: test_x86_shl_enter_leave.c

 ${ALL_TESTS}:
 	${CC} ${CFLAGS} -o $@ $^
--- a/tests/unit/test_x86_shl_enter_leave.c
+++ b/tests/unit/test_x86_shl_enter_leave.c
@ -0,0 +1,487 @@
+#include <stdint.h>
+#include <inttypes.h>
+
+#include "unicorn_test.h"
+
+
+#define OK(x)   uc_assert_success(x)
+
+#define CF_MASK		(1<<0)
+#define PF_MASK		(1<<2)
+#define ZF_MASK		(1<<6)
+#define SF_MASK		(1<<7)
+#define OF_MASK		(1<<11)
+#define ALL_MASK	(OF_MASK|SF_MASK|ZF_MASK|PF_MASK|CF_MASK)
+#define NO_MASK		0xFFFFFFFF
+
+typedef struct _reg_value
+{
+	uint32_t regId, regValue, mask;
+} reg_value;
+
+typedef struct _instruction
+{
+	const char*			asmStr;
+	const uint8_t*		code;
+	uint32_t			codeSize;
+	const reg_value*	values;
+	uint32_t			nbValues;
+	uint32_t			addr;
+} instruction;
+
+typedef struct _block
+{
+	instruction*	insts[255];
+	uint32_t		nbInsts;
+	uint32_t		size;
+} block;
+
+/******************************************************************************/
+
+#define CAT2(X, Y)		X ## Y
+#define CAT(X, Y)		CAT2(X, Y)
+
+#define ADD_INSTRUCTION(BLOCK, CODE_ASM, CODE, REGVALUES)	\
+				const uint8_t CAT(code, __LINE__)[] = CODE; \
+				const reg_value CAT(regValues, __LINE__)[] = REGVALUES; \
+				inst = newInstruction(CAT(code, __LINE__), sizeof(CAT(code, __LINE__)), CODE_ASM, CAT(regValues, __LINE__), sizeof(CAT(regValues, __LINE__)) / sizeof(reg_value)); \
+				addInstructionToBlock(BLOCK, inst);
+
+#define V(...)	{ __VA_ARGS__ }
+
+/******************************************************************************/
+
+instruction*	newInstruction(const uint8_t * _code, uint32_t _codeSize, const char* _asmStr, const reg_value* _values, uint32_t _nbValues);
+void			addInstructionToBlock(block* _b, instruction* _i);
+uint32_t		loadBlock(uc_engine *_uc, block* _block, uint32_t _at);
+void			freeBlock(block* _block);
+const char*		getRegisterName(uint32_t _regid);
+uint32_t		getRegisterValue(uc_engine *uc, uint32_t _regid);
+instruction*	getInstruction(block * _block, uint32_t _addr);
+
+/******************************************************************************/
+
+void hook_code_test_i386_shl(uc_engine *uc, uint64_t address, uint32_t size, void *user_data)
+{
+	uint32_t i;
+	block* b = (block*)user_data;
+	instruction* currInst = getInstruction(b, (uint32_t)address);
+	assert_true(currInst != NULL);
+
+	print_message("|\teip=%08x - %s\n", (uint32_t)address, currInst->asmStr);
+
+	for (i = 0; i < currInst->nbValues; i++)
+	{
+		if (currInst->values[i].regId == UC_X86_REG_INVALID) continue;
+
+		uint32_t regValue = getRegisterValue(uc, currInst->values[i].regId);
+		print_message("|\t\ttesting %s : ", getRegisterName(currInst->values[i].regId));
+		assert_int_equal(regValue & currInst->values[i].mask, currInst->values[i].regValue);
+		print_message("ok\n");
+	}
+
+	if (currInst->code[0] == 0xCC)
+		OK(uc_emu_stop(uc));
+}
+
+bool hook_mem_invalid(uc_engine *uc, uc_mem_type type, uint64_t addr, int size, int64_t value, void *user_data)
+{
+	switch (type)
+	{
+	default:
+		print_message("hook_mem_invalid: UC_HOOK_MEM_INVALID type: %d at 0x%" PRIx64 "\n", type, addr); break;
+	case UC_MEM_READ_UNMAPPED:
+		print_message("hook_mem_invalid: Read from invalid memory at 0x%" PRIx64 ", data size = %u\n", addr, size); break;
+	case UC_MEM_WRITE_UNMAPPED:
+		print_message("hook_mem_invalid: Write to invalid memory at 0x%" PRIx64 ", data size = %u, data value = 0x%" PRIx64 "\n", addr, size, value); break;
+	case UC_MEM_FETCH_PROT:
+		print_message("hook_mem_invalid: Fetch from non-executable memory at 0x%" PRIx64 "\n", addr); break;
+	case UC_MEM_WRITE_PROT:
+		print_message("hook_mem_invalid: Write to non-writeable memory at 0x%" PRIx64 ", data size = %u, data value = 0x%" PRIx64 "\n", addr, size, value); break;
+	case UC_MEM_READ_PROT:
+		print_message("hook_mem_invalid: Read from non-readable memory at 0x%" PRIx64 ", data size = %u\n", addr, size); break;
+	}
+	return false;
+}
+
+#define ADDR_CODE	0x100000
+#define	ADDR_STACK	0x200000
+
+static void test_i386_shl_cl(void **state)
+{
+	uc_engine *uc;
+	uc_hook trace1;
+
+	// Initialize emulator in X86-32bit mode
+	OK(uc_open(UC_ARCH_X86, UC_MODE_32, &uc));
+	OK(uc_mem_map(uc, ADDR_CODE, 0x1000, UC_PROT_ALL));
+
+	{
+		block block;
+		instruction* inst;
+
+		block.nbInsts = 0;
+
+		ADD_INSTRUCTION(&block, "mov ebx, 3Ch", 
+						V(0xBB, 0x3C, 0x00, 0x00, 0x00), 
+						V(V(UC_X86_REG_INVALID, 0x0, NO_MASK)));
+		ADD_INSTRUCTION(&block, "mov cl, 2", 
+						V(0xB1, 0x02), 
+						V(V(UC_X86_REG_EBX, 0x3C, NO_MASK)));
+		ADD_INSTRUCTION(&block, "shl ebx, cl", 
+						V(0xD3, 0xE3), 
+						V(V(UC_X86_REG_EBX, 0x3C, NO_MASK), V(UC_X86_REG_CL, 0x2, NO_MASK)));
+		ADD_INSTRUCTION(&block, "lahf", 
+						V(0x9F), 
+						V(V(UC_X86_REG_EBX, 0xF0, NO_MASK), V(UC_X86_REG_CL, 0x2, NO_MASK), V(UC_X86_REG_EFLAGS, 0x4, ALL_MASK)));
+		ADD_INSTRUCTION(&block, "int3", 
+						V(0xCC), 
+						V(V(UC_X86_REG_AH, 0x4, PF_MASK), V(UC_X86_REG_EBX, 0xF0, NO_MASK), V(UC_X86_REG_CL, 0x2, NO_MASK), V(UC_X86_REG_EFLAGS, 0x4, ALL_MASK)));
+
+		loadBlock(uc, &block, ADDR_CODE);
+
+		// initialize machine registers
+		uint32_t zero = 0;
+		OK(uc_reg_write(uc, UC_X86_REG_EAX, &zero));
+		OK(uc_reg_write(uc, UC_X86_REG_EBX, &zero));
+		OK(uc_reg_write(uc, UC_X86_REG_ECX, &zero));
+		OK(uc_reg_write(uc, UC_X86_REG_EDX, &zero));
+
+		OK(uc_hook_add(uc, &trace1, UC_HOOK_CODE, hook_code_test_i386_shl, &block, 1, 0));
+		OK(uc_hook_add(uc, &trace1, UC_HOOK_MEM_INVALID, hook_mem_invalid, NULL, 1, 0));
+
+		// emulate machine code in infinite time
+		OK(uc_emu_start(uc, ADDR_CODE, ADDR_CODE + block.size, 0, 0));
+
+		freeBlock(&block);
+	}
+
+	uc_close(uc);
+}
+
+static void test_i386_shl_imm(void **state)
+{
+	uc_engine *uc;
+	uc_hook trace1;
+
+	// Initialize emulator in X86-32bit mode
+	OK(uc_open(UC_ARCH_X86, UC_MODE_32, &uc));
+	OK(uc_mem_map(uc, ADDR_CODE, 0x1000, UC_PROT_ALL));
+
+	{
+		block block;
+		instruction* inst;
+
+		block.nbInsts = 0;
+
+		ADD_INSTRUCTION(&block, "mov ebx, 3Ch",
+						V(0xBB, 0x3C, 0x00, 0x00, 0x00), 
+						V(V(UC_X86_REG_INVALID, 0x0, NO_MASK)));
+		ADD_INSTRUCTION(&block, "shl ebx, 2",
+						V(0xC1, 0xE3, 0x02), 
+						V(V(UC_X86_REG_EBX, 0x3C, NO_MASK)));
+		ADD_INSTRUCTION(&block, "lahf",
+						V(0x9F), 
+						V(V(UC_X86_REG_EBX, 0xF0, NO_MASK), V(UC_X86_REG_EFLAGS, 0x4, ALL_MASK)));
+		ADD_INSTRUCTION(&block, "int3",
+						V(0xCC), 
+						V(V(UC_X86_REG_AH, 0x4, PF_MASK), V(UC_X86_REG_EBX, 0xF0, NO_MASK), V(UC_X86_REG_EFLAGS, 0x4, ALL_MASK)));
+
+		loadBlock(uc, &block, ADDR_CODE);
+
+		// initialize machine registers
+		uint32_t zero = 0;
+		OK(uc_reg_write(uc, UC_X86_REG_EAX, &zero));
+		OK(uc_reg_write(uc, UC_X86_REG_EBX, &zero));
+		OK(uc_reg_write(uc, UC_X86_REG_ECX, &zero));
+		OK(uc_reg_write(uc, UC_X86_REG_EDX, &zero));
+
+		OK(uc_hook_add(uc, &trace1, UC_HOOK_CODE, hook_code_test_i386_shl, &block, 1, 0));
+		OK(uc_hook_add(uc, &trace1, UC_HOOK_MEM_INVALID, hook_mem_invalid, NULL, 1, 0));
+
+		// emulate machine code in infinite time
+		OK(uc_emu_start(uc, ADDR_CODE, ADDR_CODE + block.size, 0, 0));
+
+		freeBlock(&block);
+	}
+
+	uc_close(uc);
+}
+
+static void test_i386_enter_leave(void **state)
+{
+	uc_engine *uc;
+	uc_hook trace1;
+
+	// Initialize emulator in X86-32bit mode
+	OK(uc_open(UC_ARCH_X86, UC_MODE_32, &uc));
+	OK(uc_mem_map(uc, ADDR_CODE, 0x1000, UC_PROT_ALL));
+	OK(uc_mem_map(uc, ADDR_STACK - 0x1000, 0x1000, UC_PROT_ALL));
+
+	{
+		block block;
+		instruction* inst;
+
+		block.nbInsts = 0;
+
+		ADD_INSTRUCTION(&block, "mov esp, 0x200000", 
+						V(0xBC, 0x00, 0x00, 0x20, 0x00), 
+						V(V(UC_X86_REG_INVALID, 0x0, NO_MASK)));
+		ADD_INSTRUCTION(&block, "mov eax, 1", 
+						V(0xB8, 0x01, 0x00, 0x00, 0x00), 
+						V(V(UC_X86_REG_ESP, 0x200000, NO_MASK)));
+		ADD_INSTRUCTION(&block, "call 0x100015", 
+						V(0xE8, 0x06, 0x00, 0x00, 0x00), 
+						V(V(UC_X86_REG_EAX, 0x1, NO_MASK), V(UC_X86_REG_ESP, 0x200000, NO_MASK)));
+		ADD_INSTRUCTION(&block, "mov eax, 3", 
+						V(0xB8, 0x03, 0x00, 0x00, 0x00), 
+						V(V(UC_X86_REG_EAX, 0x2, NO_MASK)));
+		ADD_INSTRUCTION(&block, "int3", 
+						V(0xCC), 
+						V(V(UC_X86_REG_EAX, 0x3, NO_MASK)));
+		ADD_INSTRUCTION(&block, "enter 0x10,0", 
+						V(0xC8, 0x10, 0x00, 0x00), 
+						V(V(UC_X86_REG_ESP, 0x200000 - 4, NO_MASK)));
+		ADD_INSTRUCTION(&block, "mov eax, 2", 
+						V(0xB8, 0x02, 0x00, 0x00, 0x00), 
+						V(V(UC_X86_REG_ESP, 0x200000 - 4 - 4 - 0x10, NO_MASK), V(UC_X86_REG_EBP, 0x200000 - 4 - 4, NO_MASK)));
+		ADD_INSTRUCTION(&block, "leave", 
+						V(0xC9), 
+						V(V(UC_X86_REG_EAX, 0x2, NO_MASK), V(UC_X86_REG_INVALID, 0x0, NO_MASK)));
+		ADD_INSTRUCTION(&block, "mov eax, 2", 
+						V(0xB8, 0x02, 0x00, 0x00, 0x00), 
+						V(V(UC_X86_REG_INVALID, 0x0, NO_MASK)));
+		ADD_INSTRUCTION(&block, "ret", 
+						V(0xC3), 
+						V(V(UC_X86_REG_ESP, 0x200000 - 4, NO_MASK)));
+
+		loadBlock(uc, &block, ADDR_CODE);
+
+		// initialize machine registers
+		uint32_t zero = 0;
+		OK(uc_reg_write(uc, UC_X86_REG_EAX, &zero));
+		OK(uc_reg_write(uc, UC_X86_REG_EBX, &zero));
+		OK(uc_reg_write(uc, UC_X86_REG_ECX, &zero));
+		OK(uc_reg_write(uc, UC_X86_REG_EDX, &zero));
+
+		OK(uc_hook_add(uc, &trace1, UC_HOOK_CODE, hook_code_test_i386_shl, &block, 1, 0));
+		OK(uc_hook_add(uc, &trace1, UC_HOOK_MEM_INVALID, hook_mem_invalid, NULL, 1, 0));
+
+		// emulate machine code in infinite time
+		OK(uc_emu_start(uc, ADDR_CODE, ADDR_CODE + block.size, 0, 0));
+
+		freeBlock(&block);
+	}
+
+	uc_close(uc);
+}
+
+static void test_i386_enter_nested_leave(void **state)
+{
+	uc_engine *uc;
+	uc_hook trace1;
+
+	// Initialize emulator in X86-32bit mode
+	OK(uc_open(UC_ARCH_X86, UC_MODE_32, &uc));
+	OK(uc_mem_map(uc, ADDR_CODE, 0x1000, UC_PROT_ALL));
+	OK(uc_mem_map(uc, ADDR_STACK - 0x1000, 0x1000, UC_PROT_ALL));
+
+	{
+		block block;
+		instruction* inst;
+
+		block.nbInsts = 0;
+
+		ADD_INSTRUCTION(&block, "mov esp, 0x200000", 
+						V(0xBC, 0x00, 0x00, 0x20, 0x00), 
+						V(V(UC_X86_REG_INVALID, 0x0, NO_MASK)));
+		ADD_INSTRUCTION(&block, "mov eax, 1", 
+						V(0xB8, 0x01, 0x00, 0x00, 0x00), 
+						V(V(UC_X86_REG_ESP, 0x200000, NO_MASK)));
+		ADD_INSTRUCTION(&block, "call 0x100015", 
+						V(0xE8, 0x06, 0x00, 0x00, 0x00), 
+						V(V(UC_X86_REG_EAX, 0x1, NO_MASK), V(UC_X86_REG_ESP, 0x200000, NO_MASK)));
+		ADD_INSTRUCTION(&block, "mov eax, 3", 
+						V(0xB8, 0x03, 0x00, 0x00, 0x00), 
+						V(V(UC_X86_REG_EAX, 0x2, NO_MASK)));
+		ADD_INSTRUCTION(&block, "int3", 
+						V(0xCC), 
+						V(V(UC_X86_REG_EAX, 0x3, NO_MASK)));
+		ADD_INSTRUCTION(&block, "enter 0x10,1", 
+						V(0xC8, 0x10, 0x00, 0x01), 
+						V(V(UC_X86_REG_ESP, 0x200000 - 4, NO_MASK)));
+		ADD_INSTRUCTION(&block, "mov eax, 2", 
+						V(0xB8, 0x02, 0x00, 0x00, 0x00), 
+						V(V(UC_X86_REG_ESP, 0x200000 - 4 - 2*4 - 0x10, NO_MASK), V(UC_X86_REG_EBP, 0x200000 - 4 - 4, NO_MASK)));
+		ADD_INSTRUCTION(&block, "leave", 
+						V(0xC9), 
+						V(V(UC_X86_REG_EAX, 0x2, NO_MASK)));
+		ADD_INSTRUCTION(&block, "ret", 
+						V(0xC3), 
+						V(V(UC_X86_REG_ESP, 0x200000 - 4, NO_MASK)));
+
+		loadBlock(uc, &block, ADDR_CODE);
+
+		// initialize machine registers
+		uint32_t zero = 0;
+		OK(uc_reg_write(uc, UC_X86_REG_EAX, &zero));
+		OK(uc_reg_write(uc, UC_X86_REG_EBX, &zero));
+		OK(uc_reg_write(uc, UC_X86_REG_ECX, &zero));
+		OK(uc_reg_write(uc, UC_X86_REG_EDX, &zero));
+
+		OK(uc_hook_add(uc, &trace1, UC_HOOK_CODE, hook_code_test_i386_shl, &block, 1, 0));
+		OK(uc_hook_add(uc, &trace1, UC_HOOK_MEM_INVALID, hook_mem_invalid, NULL, 1, 0));
+
+		// emulate machine code in infinite time
+		OK(uc_emu_start(uc, ADDR_CODE, ADDR_CODE + block.size, 0, 0));
+
+		freeBlock(&block);
+	}
+
+	uc_close(uc);
+}
+
+/******************************************************************************/
+
+int main(void) {
+	const struct CMUnitTest tests[] = {
+
+		cmocka_unit_test(test_i386_shl_cl),
+		cmocka_unit_test(test_i386_shl_imm),
+		cmocka_unit_test(test_i386_enter_leave), 
+		cmocka_unit_test(test_i386_enter_nested_leave),
+	};
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+/******************************************************************************/
+
+instruction* newInstruction(const uint8_t * _code, uint32_t _codeSize, const char* _asmStr, const reg_value* _values, uint32_t _nbValues)
+{
+	instruction* inst = (instruction*)malloc(sizeof(instruction));
+
+	inst->asmStr = _asmStr;
+	inst->code = _code;
+	inst->codeSize = _codeSize;
+	inst->values = _values;
+	inst->nbValues = _nbValues;
+
+	return inst;
+}
+
+void addInstructionToBlock(block* _b, instruction* _i)
+{
+	_b->insts[_b->nbInsts++] = _i;
+}
+
+uint32_t loadBlock(uc_engine *_uc, block* _block, uint32_t _at)
+{
+	uint32_t i, j, offset;
+
+	for (i = 0, offset = 0; i < _block->nbInsts; i++)
+	{
+		const uint32_t codeSize = _block->insts[i]->codeSize;
+		const uint8_t* code = _block->insts[i]->code;
+		_block->insts[i]->addr = _at + offset;
+		print_message("load: %08X: ", _block->insts[i]->addr);
+		for (j = 0; j < codeSize; j++)			print_message("%02X ", code[j]);
+		for (j = 0; j < 15 - codeSize; j++)		print_message("   ");
+		print_message("%s\n", _block->insts[i]->asmStr);
+		OK(uc_mem_write(_uc, _at + offset, code, codeSize));
+		offset += codeSize;
+	}
+	_block->size = offset;
+	return offset;
+}
+
+void freeBlock(block* _block)
+{
+	uint32_t i;
+	for (i = 0; i < _block->nbInsts; i++)
+		free(_block->insts[i]);
+}
+
+instruction* getInstruction(block* _block, uint32_t _addr)
+{
+	uint32_t i;
+	for (i = 0; i < _block->nbInsts; i++)
+	{
+		if (_block->insts[i]->addr == _addr)
+			return _block->insts[i];
+	}
+	return NULL;
+}
+
+const char* getRegisterName(uint32_t _regid)
+{
+	switch (_regid)
+	{
+		//8
+	case UC_X86_REG_AH:		return "AH";
+	case UC_X86_REG_AL:		return "AL";
+	case UC_X86_REG_BH:		return "BH";
+	case UC_X86_REG_BL:		return "BL";
+	case UC_X86_REG_CL:		return "CL";
+	case UC_X86_REG_CH:		return "CH";
+	case UC_X86_REG_DH:		return "DH";
+	case UC_X86_REG_DL:		return "DL";
+		//16
+	case UC_X86_REG_AX:		return "AX";
+	case UC_X86_REG_BX:		return "BX";
+	case UC_X86_REG_CX:		return "CX";
+	case UC_X86_REG_DX:		return "DX";
+		//32
+	case UC_X86_REG_EAX:	return "EAX";
+	case UC_X86_REG_EBX:	return "EBX";
+	case UC_X86_REG_ECX:	return "ECX";
+	case UC_X86_REG_EDX:	return "EDX";
+	case UC_X86_REG_EDI:	return "EDI";
+	case UC_X86_REG_ESI:	return "ESI";
+	case UC_X86_REG_EBP:	return "EBP";
+	case UC_X86_REG_ESP:	return "ESP";
+	case UC_X86_REG_EIP:	return "EIP";
+	case UC_X86_REG_EFLAGS: return "EFLAGS";
+
+	default: fail();
+	}
+	return "UNKNOWN";
+}
+
+uint32_t getRegisterValue(uc_engine *uc, uint32_t _regid)
+{
+	switch (_regid)
+	{
+		//8
+	case UC_X86_REG_AH:		case UC_X86_REG_AL:
+	case UC_X86_REG_BH:		case UC_X86_REG_BL:
+	case UC_X86_REG_CL:		case UC_X86_REG_CH:
+	case UC_X86_REG_DH:		case UC_X86_REG_DL:
+	{
+		uint8_t val = 0;
+		OK(uc_reg_read(uc, _regid, &val));
+		return val;
+	}
+	//16
+	case UC_X86_REG_AX:		case UC_X86_REG_BX:
+	case UC_X86_REG_CX:		case UC_X86_REG_DX:
+	{
+		uint16_t val = 0;
+		OK(uc_reg_read(uc, _regid, &val));
+		return val;
+	}
+	//32
+	case UC_X86_REG_EAX:	case UC_X86_REG_EBX:
+	case UC_X86_REG_ECX:	case UC_X86_REG_EDX:
+	case UC_X86_REG_EDI:	case UC_X86_REG_ESI:
+	case UC_X86_REG_EBP:	case UC_X86_REG_ESP:
+	case UC_X86_REG_EIP:	case UC_X86_REG_EFLAGS:
+	{
+		uint32_t val = 0;
+		OK(uc_reg_read(uc, _regid, &val));
+		return val;
+	}
+
+	default: fail();
+	}
+	return 0;
+}