This brings the Java API up to par with Python feature-wise and substantially
simplifies the hook implementation, enabling proper bounds-checked hooks.
The rewrite strives for compatibility with the previous API, but there are some
breaking changes. It is possible to push closer to full backwards compatibility
if required, at the cost of reintroducing some of the suboptimal designs. Here
are the main points of breakage:
- ReadHook and WriteHook are gone, replaced simply by MemHook. Hooking valid
memory accesses now requires a type parameter. This enables fetch and
read-after hooks with a unified API and a single callback object.
- mem_read now takes an int, not a long. We are unable to allocate more than 2GB
in a single request anyway (Java limitation).
- Instruction hooks now require specifying the instruction explicitly, instead
of guessing based on the hook type. This is necessary to distinguish
sysenter/syscall and ARM64 mrs/msr/sys/sysl, without excessively bloating the
library with redundant hook types. Bounds must also be specified, to support
bounds-checked instruction hooks.
- Reading object-type registers (any register larger than 64 bits, or registers
with special formats) requires a second argument to reg_read. This allows us
to provide a fast reg_read that returns a long for the common cases, while
still supporting a more general reg_read for other registers.
- mem_map_ptr is rewritten to take a *direct* java.nio.Buffer, which enables
many more use cases than a simple byte array, and improves performance (a
byte array cannot really be used as a mapped buffer without GC-pinning it,
which hurts the GC performance).
- Context handling API is redesigned to be safer and more object-oriented.
A lot of bugs are fixed with this implementation:
- Unicorn instances can be properly garbage-collected, instead of hanging around
forever in the Unicorn.unicorns table.
- Hooks no longer fire outside of their bounds (#1164), and in fact, hook bounds
are properly respected (previously, all hooks were just registered globally to
all addresses).
- Hooks are substantially faster, as they are now dispatched directly via a
single method call rather than being indirected through invokeCallbacks.
- Loading vector registers works now, rather than crashing the VM (#1539).
Several features are now enabled in the Java implementation:
- All of the current ctl_* calls are implemented.
- mmio_map is implemented.
- New virtual TLB mode is implemented.
- reading/writing Context registers is implemented.
- New hook types are added: TcgOpcodeHook, EdgeGeneratedHook,
InvalidInstructionHook, TlbFillHook, and the instruction hooks Arm64SysHook,
CpuidHook.
- All known special registers are supported.
Commit 640251e1aa added a size parameter to uc_hook_tcg_op_2, but this was not
reflected in the Python bindings.
Commit fbf4078d65 added a len parameter to ctl_remove_cache, but this was not
reflected in sample_ctl.py.
The C function uc_mmio_map() allows to add seperate callback functions
and userdata for read and write. When the callback functions are NULL
unicorn don't try to call this functions.
Previous this patch, when i.e. read_callback was None the callback was set
to mmio_read_callback_proxy and the userdata was set to NULL. On a callback
the mmio_read_callback_proxy then tried to dereference the userdata and
caused a segfault.
fixes#1762
