New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect memory view after running self-modifying code #561
Comments
we need @aquynh to merge it. @wonderkun since this is a unicorn issue, can u provide and test with latest unicorn 1.0.2 to confirm this issue. |
first testYes, Let's test the issue unicorn-engine/unicorn#820 first. python: 3.8.5 Run the code as bellow: import unicorn
import unicorn.x86_const as x86
sc = bytes.fromhex(
"dbd0d97424f45fb8e67741bc31c9b15831471a03471a83c704e2138ba93edb742"
"a5f52911b5f00d10c6f43b7a004012c32688d43f3c7eb6a047bcfed868603ceb7"
"48560fffb59a5da8b20872dd8f90f9ad1e901e6520b1b0fd7b1132d1f7182c363"
"dd3c78cc9e201dd32486cd1c091a8d63ae4c024c6fe16561c8b8cf0d72b69003b"
"adfa0ef0baa512076fde2f8c8e31a6d6b495e28dd58c4e63eacf30dc4e9bdd09e"
"3c689a39e8c4954170424cd83bef47a0d38fa50609d5708d1720bc6ef22d2b1f0"
"1e77ed64a22b4210ffda64e0175064e0e7460ca6d7ad862648a641aff7f0917a8"
"e3b3eec91f12168c2a6f227b61e9d2c6db1664d5b5bf2bb3b0c8388c3cc0a0ea9"
"c85ca43187344d08b94352419618ff394ff7d2bb777cd31102425e90423679cca"
"c0ddb5bb2bb7124244495a4b42c95a4f4acc6ccac08bbe9b284a8a11fae2912c8"
"b0959d08e283f51a92a2e4e44f31286ebdb2ae8efe4170e5e511b2590ed4cb993"
"1614311fda3c8b573d46323595f0c85c5fe98bc05"
)
def main():
uc = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
uc.mem_map(0x1000, 0x2000)
uc.mem_write(0x1000, sc)
uc.reg_write(x86.UC_X86_REG_ESP, 0x2000)
uc.emu_start(0x1000, 0, count=0x166)
out = uc.mem_read(0x1000, 0x2000)
for x in range(len(sc)):
print("0x%08x: 0x%02x => 0x%02x" % (x, sc[x],out[x]))
print(str(out))
if __name__ == "__main__":
main() the output is the same as issue unicorn-engine/unicorn#820
second testHere is a self-modify shellcode The real asm code dump from memory is like this: let's run it in unicorn. import unicorn
import unicorn.x86_const as x86
sc = bytes.fromhex(
'bb1c577352d9cbd97424f45e2bc9b13a83c604315e10035e10fea2a899437'
'50f1aa85ffb063a072f8e738bacf88fdddaee6c760dedbe7b7e1871cd1512'
'db0c1a84d38fbcbcfe46673ddcd74fc0e1a21bff31234b8a52df3d1e823a2'
'a96360381fb0d38818232246c9e4e037805ccb144263da113512d546a2943'
'9a0b661895c947be24fbb8e30928bd805e3e1057998c1280977d382cbf248'
'02fe04d6745f3b2896164ace56c5db05a4975a618b822883e2773102c5ce7'
'c7d5fe6cbd54fa5815db17894753f9989842fba365fe29c48be52e75c93e2'
'834091d18c39340cab8dd3033eae87fe460bd1d55d775310e76ebc9d0676d'
'9583c3845f7bd9f64784e2b6c1'
)
# print(sc)
def main():
uc = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
uc.mem_map(0x1000, 0x2000)
uc.mem_write(0x1000, sc)
uc.reg_write(x86.UC_X86_REG_ESP, 0x2000)
uc.emu_start(0x1000,0,count=0x1b)
out = uc.mem_read(0x1000, 0x2000)
for x in range(len(sc)):
print("0x%08x: 0x%02x => 0x%02x" % (x+0x08048054, sc[x],out[x]))
print(str(out))
if __name__ == "__main__":
main() the output is not correct:
|
@xwings Anyone pay attention to this issue? I am supposed to fix it with your help. |
If this is a issue with Unicorn (very likely it is)
Finally, I cannot fix Unicorn :( |
Thank you very much! I will send a PR to unicron. |
*Describe the bug
I notice that there are some bugs when unicorn emulates self-modifying code.
So qiling-framework run shellcode with SMC will crash.
Here is a example in this issue unicorn-engine/unicorn#820 .
I found a fix for this issue alxchk/unicorn@a195b31,
but this commit isn't merged to unicorn which version used by qiling framework.
And I don't know whether this commit fix this problem.
Sample Code
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: