forked from vmp3/vmemu
parent
da1acf0013
commit
1f527e400f
@ -1 +0,0 @@
|
||||
Subproject commit 1aedaf8bb7f383f54b7cd498767611535526da85
|
@ -1 +1 @@
|
||||
Subproject commit f252173d7c3d8b237f9055033a9392f594ee5915
|
||||
Subproject commit 11650b6d8aa319940a298f707645334898f8de5d
|
@ -0,0 +1,137 @@
|
||||
#include <vmemu_t.hpp>
|
||||
|
||||
namespace vm {
|
||||
emu_t::emu_t(vm::vmctx_t* vm_ctx) : m_vm_ctx(vm_ctx) {}
|
||||
|
||||
emu_t::~emu_t() {
|
||||
if (uc_ctx)
|
||||
uc_close(uc_ctx);
|
||||
}
|
||||
|
||||
bool emu_t::init() {
|
||||
uc_err err;
|
||||
if ((err = uc_open(UC_ARCH_X86, UC_MODE_64, &uc_ctx))) {
|
||||
std::printf("> uc_open err = %d\n", err);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ((err = uc_mem_map(uc_ctx, STACK_BASE, STACK_SIZE, UC_PROT_ALL))) {
|
||||
std::printf("> uc_mem_map stack err, reason = %d\n", err);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ((err = uc_mem_map(uc_ctx, m_vm_ctx->m_module_base, m_vm_ctx->m_image_size,
|
||||
UC_PROT_ALL))) {
|
||||
std::printf("> map memory failed, reason = %d\n", err);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ((err = uc_mem_write(uc_ctx, m_vm_ctx->m_module_base,
|
||||
reinterpret_cast<void*>(m_vm_ctx->m_module_base),
|
||||
m_vm_ctx->m_image_size))) {
|
||||
std::printf("> failed to write memory... reason = %d\n", err);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ((err = uc_hook_add(uc_ctx, &code_exec_hook, UC_HOOK_CODE,
|
||||
(void*)&vm::emu_t::code_exec_callback, this,
|
||||
m_vm_ctx->m_module_base,
|
||||
m_vm_ctx->m_module_base + m_vm_ctx->m_image_size))) {
|
||||
std::printf("> uc_hook_add error, reason = %d\n", err);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ((err = uc_hook_add(uc_ctx, &int_hook, UC_HOOK_INTR,
|
||||
(void*)&vm::emu_t::int_callback, this, 0ull, 0ull))) {
|
||||
std::printf("> uc_hook_add error, reason = %d\n", err);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ((err =
|
||||
uc_hook_add(uc_ctx, &invalid_mem_hook,
|
||||
UC_HOOK_MEM_READ_UNMAPPED | UC_HOOK_MEM_WRITE_UNMAPPED |
|
||||
UC_HOOK_MEM_FETCH_UNMAPPED,
|
||||
(void*)&vm::emu_t::invalid_mem, this, true, false))) {
|
||||
std::printf("> uc_hook_add error, reason = %d\n", err);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
void emu_t::int_callback(uc_engine* uc, std::uint32_t intno, emu_t* obj) {
|
||||
uc_err err;
|
||||
std::uintptr_t rip = 0ull;
|
||||
static thread_local zydis_decoded_instr_t instr;
|
||||
|
||||
if ((err = uc_reg_read(uc, UC_X86_REG_RIP, &rip))) {
|
||||
std::printf("> failed to read rip... reason = %d\n", err);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!ZYAN_SUCCESS(ZydisDecoderDecodeBuffer(vm::utils::g_decoder.get(),
|
||||
reinterpret_cast<void*>(rip),
|
||||
PAGE_4KB, &instr))) {
|
||||
std::printf("> failed to decode instruction at = 0x%p\n", rip);
|
||||
if ((err = uc_emu_stop(uc))) {
|
||||
std::printf("> failed to stop emulation, exiting... reason = %d\n", err);
|
||||
exit(0);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
// advance rip over the instruction that caused the exception... this is
|
||||
// usually a division by 0...
|
||||
rip += instr.length;
|
||||
|
||||
if ((err = uc_reg_write(uc, UC_X86_REG_RIP, &rip))) {
|
||||
std::printf("> failed to write rip... reason = %d\n", err);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
bool emu_t::code_exec_callback(uc_engine* uc,
|
||||
uint64_t address,
|
||||
uint32_t size,
|
||||
emu_t* obj) {
|
||||
return true;
|
||||
}
|
||||
|
||||
void emu_t::invalid_mem(uc_engine* uc,
|
||||
uc_mem_type type,
|
||||
uint64_t address,
|
||||
int size,
|
||||
int64_t value,
|
||||
emu_t* obj) {
|
||||
switch (type) {
|
||||
case UC_MEM_READ_UNMAPPED: {
|
||||
uc_mem_map(uc, address & ~0xFFFull, PAGE_4KB, UC_PROT_ALL);
|
||||
std::printf(">>> reading invalid memory at address = %p, size = 0x%x\n",
|
||||
address, size);
|
||||
break;
|
||||
}
|
||||
case UC_MEM_WRITE_UNMAPPED: {
|
||||
uc_mem_map(uc, address & ~0xFFFull, PAGE_4KB, UC_PROT_ALL);
|
||||
std::printf(
|
||||
">>> writing invalid memory at address = %p, size = 0x%x, val = "
|
||||
"0x%x\n",
|
||||
address, size, value);
|
||||
break;
|
||||
}
|
||||
case UC_MEM_FETCH_UNMAPPED: {
|
||||
std::printf(">>> fetching invalid instructions at address = %p\n",
|
||||
address);
|
||||
|
||||
std::uintptr_t rip, rsp;
|
||||
uc_reg_read(uc, UC_X86_REG_RSP, &rsp);
|
||||
uc_mem_read(uc, rsp, &rip, sizeof rip);
|
||||
rsp += 8;
|
||||
uc_reg_write(uc, UC_X86_REG_RSP, &rsp);
|
||||
uc_reg_write(uc, UC_X86_REG_RIP, &rip);
|
||||
std::printf(">>> injecting return to try and recover... rip = %p\n", rip);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
} // namespace vm
|
Loading…
Reference in new issue