Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unicorn 2.1.1: SMC doesn't work. #2029

Open
wallds opened this issue Oct 12, 2024 · 1 comment
Open

unicorn 2.1.1: SMC doesn't work. #2029

wallds opened this issue Oct 12, 2024 · 1 comment

Comments

@wallds
Copy link

wallds commented Oct 12, 2024
edited
Loading 

from unicorn import *
from unicorn.x86_const import *
from capstone import *
from capstone.x86_const import *
from capstone.x86 import *

CODE = b'\x48\x89\x05\x10\x00\x00\x00' # mov qword ptr [rip+0x10], rax
CODE += b'\x66\xc7\x05\x00\x00\x00\x00\x48\x05' # mov word ptr [rip], 0x0548;
CODE += b'\x8b\x80\x78\x56\x34\x12' # [orig] mov eax, dword ptr [rax + 0x12345678]; [after SMC] 480578563412 add rax, 0x12345678
CODE += b'\xf4' # hlt

def hook_code(uc: Uc, address, size, user_data):
    code = uc.mem_read(address, size)
    print(hex(address), size, code.hex(), '\t', end='')
    insn = list(cs.disasm(code, address, 1))
    if insn:
        insn = insn[0]
        print(insn.mnemonic, insn.op_str)
    else:
        print('[ERROR]: disasm')


def hook_mem_read(uc, access, address, size, value, user_data):
    print('[mem_read]:', access, hex(address), hex(value), size)


def hook_mem_write(uc, access, address, size, value, user_data):
    print('[mem_write]:', access, hex(address), hex(value), size)


def hook_mem_invalid(uc, access, address, size, value, user_data):
    print(f"[mem_invalid]:", hex(uc.reg_read(UC_X86_REG_RIP)), access, hex(address), size, value)
    return False


uc = Uc(UC_ARCH_X86, UC_MODE_64)  # unicorn 2.1.1
cs = Cs(CS_ARCH_X86, CS_MODE_64)  # capstone 5.0.3

CODE_BASE = 0x1000
STACK_BASE = 0x20000

uc.mem_map(CODE_BASE, 0x1000, UC_PROT_ALL)
uc.mem_map(STACK_BASE, 0x2000, UC_PROT_ALL)

uc.hook_add(UC_HOOK_CODE, hook_code)
if 'y' in input('add memory read/write hooks? (y/n) >>>').lower():
    uc.hook_add(UC_HOOK_MEM_READ, hook_mem_read)
    uc.hook_add(UC_HOOK_MEM_WRITE, hook_mem_write)
uc.hook_add(UC_HOOK_MEM_INVALID, hook_mem_invalid)

uc.mem_write(CODE_BASE, CODE)
uc.reg_write(UC_X86_REG_RSP, STACK_BASE + 0x1800)
try:
    uc.emu_start(CODE_BASE, -1)
except Exception as e:
    print(e)

hi,
This code will get a UC_ERR_READ_UNMAPPED error.
It seems that the code memory cache has not been updated.

add memory read/write hooks? (y/n) >>>n
0x1000 7 48890510000000         mov qword ptr [rip + 0x10], rax
0x1007 9 66c705000000004805     mov word ptr [rip], 0x548
0x1010 6 480578563412   add rax, 0x12345678
[mem_invalid]: 0x1010 19 0x12345678 4 0
Invalid memory read (UC_ERR_READ_UNMAPPED)

But when I add memory read/write hooks it works fine.

add memory read/write hooks? (y/n) >>>y
0x1000 7 48890510000000         mov qword ptr [rip + 0x10], rax
[mem_write]: 17 0x1017 0x0 8
0x1007 9 66c705000000004805     mov word ptr [rip], 0x548
[mem_write]: 17 0x1010 0x548 2
0x1007 9 66c705000000004805     mov word ptr [rip], 0x548
[mem_write]: 17 0x1010 0x548 2
0x1010 6 480578563412   add rax, 0x12345678
0x1016 1 f4     hlt
@wtdcode
Copy link
Member

wtdcode commented Oct 12, 2024

Ah, it seems we leave out invalid mem hooks? Need to investigate.

@PhilippTakacs PhilippTakacs mentioned this issue Oct 14, 2024
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wallds @wtdcode