Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"IT AL" not work for version 1.0.3 #1412

Closed
vforkliu opened this issue Jun 24, 2021 · 4 comments
Closed

"IT AL" not work for version 1.0.3 #1412

vforkliu opened this issue Jun 24, 2021 · 4 comments

Comments

@vforkliu
Copy link

sample code

/* Unicorn Emulator Engine */
/* By Nguyen Anh Quynh, 2015 */

/* Sample code to demonstrate how to emulate ARM code */

#include <unicorn/unicorn.h>
#include <string.h>


// code to be emulated
#define THUMB_CODE "\x10\xb5\x4f\xf6\x00\x74\xe8\xbf\x10\xbd"

// memory address where emulation starts

int STACK_MEMORY_BASE = 0x00000000;
int STACK_MEMORY_SIZE = 0x00800000;

int HOOK_MEMORY_BASE = 0x1000000;
int HOOK_MEMORY_SIZE = 0x0800000;



static void hook_code(uc_engine *uc, uint64_t address, uint32_t size, void *user_data)
{
    unsigned char bytes[8];
    char instruction[32] = {0};
    int i = 0;
    uc_mem_read(uc,address,bytes,size);
    for(i = 0; i < size; i++){
      sprintf(instruction + i * 3,"%02x ", bytes[i]);
    }
    printf(">>> Tracing instruction at 0x%"PRIx64 ", instruction size = 0x%x, instruction = %s\n", address, size, instruction);
    
    
}

unsigned char bytes[32];
char instruction[64] = {0};
static void test_thumb(void)
{
    uc_engine *uc;
    uc_err err;
    uc_hook trace2;

    int sp = 1024;     // R0 register
    int code_length;

    printf("Emulate THUMB code\n");

    // Initialize emulator in ARM mode
    err = uc_open(UC_ARCH_ARM, UC_MODE_THUMB, &uc);
    if (err) {
        printf("Failed on uc_open() with error returned: %u (%s)\n",
                err, uc_strerror(err));
        return;
    }

    // map 2MB memory for this emulation
    uc_mem_map(uc, HOOK_MEMORY_BASE, HOOK_MEMORY_SIZE, UC_PROT_ALL);
    uc_mem_map(uc, STACK_MEMORY_BASE, STACK_MEMORY_SIZE, UC_PROT_ALL);

    // write machine code to be emulated to memory
    code_length = sizeof(THUMB_CODE) - 1;
    
    uc_mem_write(uc, HOOK_MEMORY_BASE, THUMB_CODE, code_length);
    

    // initialize machine registers
    int lr = HOOK_MEMORY_BASE + 0x80;
    sp = STACK_MEMORY_BASE + STACK_MEMORY_SIZE;
    uc_reg_write(uc, UC_ARM_REG_SP, &sp);
    printf(">>> SP = 0x%x\n", sp);
    uc_reg_write(uc, UC_ARM_REG_LR, &lr);

    // tracing all basic blocks with customized callback
    //uc_hook_add(uc, &trace1, UC_HOOK_BLOCK, hook_block, NULL, 1, 0);

    // tracing one instruction at ADDRESS with customized callback
    uc_hook_add(uc, &trace2, UC_HOOK_CODE, hook_code, NULL, HOOK_MEMORY_BASE, HOOK_MEMORY_BASE + HOOK_MEMORY_SIZE);

    // emulate machine code in infinite time (last param = 0), or when
    // finishing all the code.
    // Note we start at ADDRESS | 1 to indicate THUMB mode.
    err = uc_emu_start(uc, (HOOK_MEMORY_BASE) | 1, lr, 0, 0);
    if (err) {
        printf("Failed on uc_emu_start() with error returned: %u\n", err);
    }

    // now print out some registers
    printf(">>> Emulation done. Below is the CPU context\n");

    uc_reg_read(uc, UC_ARM_REG_SP, &sp);
    printf(">>> SP = 0x%x\n", sp);

    uc_close(uc);
}

int main(int argc, char **argv, char **envp)
{
    // dynamically load shared library
#ifdef DYNLOAD
    if (!uc_dyn_load(NULL, 0)) {
        printf("Error dynamically loading shared library.\n");
        printf("Please check that unicorn.dll/unicorn.so is available as well as\n");
        printf("any other dependent dll/so files.\n");
        printf("The easiest way is to place them in the same directory as this app.\n");
        return 1;
    }
#endif
    
    // test_arm();
    printf("==========================\n");
    test_thumb();

    // dynamically free shared library
#ifdef DYNLOAD
    uc_dyn_free();
#endif
    
    return 0;
}

1.0.2 output

==========================
Emulate THUMB code
>>> SP = 0x800000
>>> Tracing instruction at 0x1000000, instruction size = 0x2, instruction = 10 b5
>>> Tracing instruction at 0x1000002, instruction size = 0x4, instruction = 4f f6 00 74
>>> Tracing instruction at 0x1000006, instruction size = 0x2, instruction = e8 bf
>>> Tracing instruction at 0x1000008, instruction size = 0x2, instruction = 10 bd
>>> Emulation done. Below is the CPU context
>>> SP = 0x800000

1.0.3 output

==========================
Emulate THUMB code
>>> SP = 0x800000
thumb insn: 0xb510
thumb insn: 0xb510 gen_uc_tracecode
thumb2:insn: 0xf64f
thumb insn: 0xbfe8
>>> Tracing instruction at 0x1000000, instruction size = 0x2, instruction = 10 b5
>>> Tracing instruction at 0x1000002, instruction size = 0x4, instruction = 4f f6 00 74
>>> Emulation done. Below is the CPU context
>>> SP = 0x800000
@wtdcode
Copy link
Member

wtdcode commented Jun 24, 2021

Thanks for your issue and sample code. I need to re-evaluate the #853 and #880.

@wtdcode
Copy link
Member

wtdcode commented Jul 13, 2021

I have tested your case and seems that the emulation result is correct while the hook is not triggered as expected. I think a better way is to "delay" the uc_emu_stop request to the end of ITE blocks. This would be fixed in uc2. Link to #1217.

@wtdcode
Copy link
Member

wtdcode commented Jul 13, 2021

Fixed in Unicorn2, stay tuned!

@wtdcode
Copy link
Member

wtdcode commented Oct 3, 2021

Closed due to uc2 beta release.

@wtdcode wtdcode closed this as completed Oct 3, 2021
@bluzye bluzye mentioned this issue Jun 6, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wtdcode @vforkliu