diff options
| -rw-r--r-- | example/ida/depgraph.py | 7 | ||||
| -rw-r--r-- | example/jitter/test_x86_32_seh.py | 4 | ||||
| -rw-r--r-- | example/samples/x86_32_seh.S | 8 | ||||
| -rw-r--r-- | miasm/arch/x86/arch.py | 6 | ||||
| -rw-r--r-- | miasm/arch/x86/sem.py | 41 | ||||
| -rw-r--r-- | miasm/jitter/csts.py | 1 | ||||
| -rw-r--r-- | miasm/jitter/vm_mngr.c | 2 | ||||
| -rw-r--r-- | miasm/jitter/vm_mngr.h | 6 | ||||
| -rw-r--r-- | miasm/os_dep/win_api_x86_32_seh.py | 1 |
9 files changed, 65 insertions, 11 deletions
diff --git a/example/ida/depgraph.py b/example/ida/depgraph.py index 73fc0f87..9e45ffa9 100644 --- a/example/ida/depgraph.py +++ b/example/ida/depgraph.py @@ -25,10 +25,11 @@ from utils import guess_machine class depGraphSettingsForm(ida_kernwin.Form): - def __init__(self, ira, ircfg): + def __init__(self, ira, ircfg, mn): self.ira = ira self.ircfg = ircfg + self.mn = mn self.stk_args = {'ARG%d' % i:i for i in range(10)} self.stk_unalias_force = False @@ -129,7 +130,7 @@ Method to use: arg_num = self.stk_args[value] stk_high = m2_expr.ExprInt(idc.GetSpd(line.offset), ir_arch.sp.size) stk_off = m2_expr.ExprInt(self.ira.sp.size // 8 * arg_num, ir_arch.sp.size) - element = m2_expr.ExprMem(mn.regs.regs_init[ir_arch.sp] + stk_high + stk_off, self.ira.sp.size) + element = m2_expr.ExprMem(self.mn.regs.regs_init[ir_arch.sp] + stk_high + stk_off, self.ira.sp.size) element = expr_simp(element) # Force stack unaliasing self.stk_unalias_force = True @@ -230,7 +231,7 @@ def launch_depgraph(): ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) # Get settings - settings = depGraphSettingsForm(ir_arch, ircfg) + settings = depGraphSettingsForm(ir_arch, ircfg, mn) settings.Execute() loc_key, elements, line_nb = settings.loc_key, settings.elements, settings.line_nb diff --git a/example/jitter/test_x86_32_seh.py b/example/jitter/test_x86_32_seh.py index 595b9586..d29d3a22 100644 --- a/example/jitter/test_x86_32_seh.py +++ b/example/jitter/test_x86_32_seh.py @@ -24,6 +24,9 @@ def deal_exception_illegal_instruction(jitter): jitter.pc = win_api_x86_32_seh.fake_seh_handler(jitter, win_api_x86_32_seh.EXCEPTION_ILLEGAL_INSTRUCTION) return True +def deal_exception_single_step(jitter): + jitter.pc = win_api_x86_32_seh.fake_seh_handler(jitter, win_api_x86_32_seh.EXCEPTION_SINGLE_STEP) + return True def return_from_seh(jitter): win_api_x86_32_seh.return_from_seh(jitter) @@ -47,6 +50,7 @@ sb.jitter.add_exception_handler(EXCEPT_SOFT_BP, deal_exception_breakpoint) sb.jitter.add_exception_handler(EXCEPT_DIV_BY_ZERO, deal_exception_div) sb.jitter.add_exception_handler(1<<17, deal_exception_privileged_instruction) sb.jitter.add_exception_handler(EXCEPT_UNK_MNEMO, deal_exception_illegal_instruction) +sb.jitter.add_exception_handler(EXCEPT_INT_1, deal_exception_single_step) sb.jitter.add_breakpoint(win_api_x86_32_seh.return_from_exception, return_from_seh) diff --git a/example/samples/x86_32_seh.S b/example/samples/x86_32_seh.S index 7bb2c3cd..a637cccf 100644 --- a/example/samples/x86_32_seh.S +++ b/example/samples/x86_32_seh.S @@ -41,6 +41,12 @@ lbl_err_end4: ADD ESP, 4 RET +;; Single step +lbl_err_5: + INT 0x1 +lbl_err_end5: + NOP + error: MOV ECX, DWORD PTR [ESP+0xC] MOV EAX, DWORD PTR [ECX+0xB8] @@ -66,6 +72,7 @@ labels_err: .dword lbl_err_2 .dword lbl_err_3 .dword lbl_err_4 +.dword lbl_err_5 labels_err_end: @@ -74,3 +81,4 @@ labels_err_end: .dword lbl_err_end2 .dword lbl_err_end3 .dword lbl_err_end4 +.dword lbl_err_end5 diff --git a/miasm/arch/x86/arch.py b/miasm/arch/x86/arch.py index 3053301a..3a797d0b 100644 --- a/miasm/arch/x86/arch.py +++ b/miasm/arch/x86/arch.py @@ -496,7 +496,7 @@ class instruction_x86(instruction): return True if self.name.startswith('SYS'): return True - return self.name in ['CALL', 'HLT', 'IRET', 'IRETD', 'IRETQ', 'ICEBP'] + return self.name in ['CALL', 'HLT', 'IRET', 'IRETD', 'IRETQ', 'ICEBP', 'UD2'] def splitflow(self): if self.name in conditional_branch: @@ -3807,6 +3807,10 @@ addop("mulsd", [bs8(0x0f), bs8(0x59), pref_f2] + rmmod(xmm_reg, rm_arg_xmm_m64)) addop("divss", [bs8(0x0f), bs8(0x5e), pref_f3] + rmmod(xmm_reg, rm_arg_xmm_m32)) addop("divsd", [bs8(0x0f), bs8(0x5e), pref_f2] + rmmod(xmm_reg, rm_arg_xmm_m64)) +addop("roundss", [bs8(0x0f), bs8(0x3a), bs8(0x0a), pref_66] + + rmmod(xmm_reg, rm_arg_xmm_m32) + [u08]) +addop("roundsd", [bs8(0x0f), bs8(0x3a), bs8(0x0b), pref_66] + + rmmod(xmm_reg, rm_arg_xmm_m64) + [u08]) addop("pminsw", [bs8(0x0f), bs8(0xea), no_xmm_pref] + rmmod(mm_reg, rm_arg_mm)) addop("pminsw", [bs8(0x0f), bs8(0xea), pref_66] + rmmod(xmm_reg, rm_arg_xmm)) diff --git a/miasm/arch/x86/sem.py b/miasm/arch/x86/sem.py index dc2479b1..e59a9b18 100644 --- a/miasm/arch/x86/sem.py +++ b/miasm/arch/x86/sem.py @@ -28,7 +28,7 @@ from miasm.arch.x86.arch import mn_x86, repeat_mn, replace_regs from miasm.ir.ir import IntermediateRepresentation, IRBlock, AssignBlock from miasm.core.sembuilder import SemBuilder from miasm.jitter.csts import EXCEPT_DIV_BY_ZERO, EXCEPT_ILLEGAL_INSN, \ - EXCEPT_PRIV_INSN, EXCEPT_SOFT_BP, EXCEPT_INT_XX + EXCEPT_PRIV_INSN, EXCEPT_SOFT_BP, EXCEPT_INT_XX, EXCEPT_INT_1 import math import struct @@ -1400,7 +1400,7 @@ def call(ir, instr, dst): m2 = base.zeroExtend(meip.size) elif dst.op == "far": # Far call far [eax] - addr = dst.args[0].arg + addr = dst.args[0].ptr m1 = ir.ExprMem(addr, CS.size) m2 = ir.ExprMem(addr + m2_expr.ExprInt(2, addr.size), meip.size) else: @@ -1528,7 +1528,7 @@ def jmp(ir, instr, dst): m2 = base.zeroExtend(meip.size) elif dst.op == "far": # Far jmp far [eax] - addr = dst.args[0].arg + addr = dst.args[0].ptr m1 = ir.ExprMem(addr, CS.size) m2 = ir.ExprMem(addr + m2_expr.ExprInt(2, addr.size), meip.size) else: @@ -3386,7 +3386,9 @@ def icebp(_, instr): def l_int(_, instr, src): e = [] # XXX - if src.arg in [1, 3]: + if src.arg == 1: + except_int = EXCEPT_INT_1 + elif src.arg == 3: except_int = EXCEPT_SOFT_BP else: except_int = EXCEPT_INT_XX @@ -5078,6 +5080,33 @@ def movmskpd(ir, instr, dst, src): out.append(src[(64 * i) + 63:(64 * i) + 64]) return [m2_expr.ExprAssign(dst, m2_expr.ExprCompose(*out).zeroExtend(dst.size))], [] +def _roundscalar(ir, inst, dst, src, imm8, double): + res = None + ctl = int(imm8) + dst_expr = dst[:64] if double else dst[:32] + src_expr = src[:64] if double else src[:32] + if ctl & 0x4 != 0: + # Use MXCSR rounding config + # TODO: here we assume it's round to nearest, ties to even + res = m2_expr.ExprOp('fpround_towardsnearest', src_expr) + else: + # Use encoded rounding mechanism + rounding_mechanism = ctl & 0x3 + ROUNDING_MODE = { + 0x0: 'fpround_towardsnearest', + 0x1: 'fpround_down', + 0x2: 'fpround_up', + 0x3: 'fpround_towardszero' + } + res = m2_expr.ExprOp(ROUNDING_MODE[rounding_mechanism], src_expr) + return [m2_expr.ExprAssign(dst_expr, res)], [] + +def roundss(ir, inst, dst, src, imm8): + return _roundscalar(ir, inst, dst, src, imm8, False) + +def roundsd(ir, inst, dst, src, imm8): + return _roundscalar(ir, inst, dst, src, imm8, True) + def fxsave(_ir, _instr, _src): # Implemented as a NOP for now return [], [] @@ -5521,6 +5550,10 @@ mnemo_func = {'mov': mov, "divps": divps, "divpd": divpd, + # Rounding + "roundss": roundss, + "roundsd": roundsd, + # Comparisons (floating-point) # "minps": minps, diff --git a/miasm/jitter/csts.py b/miasm/jitter/csts.py index 9c9919fc..6d40fe0d 100644 --- a/miasm/jitter/csts.py +++ b/miasm/jitter/csts.py @@ -18,6 +18,7 @@ EXCEPT_DIV_BY_ZERO = ((1 << 16) | EXCEPT_DO_NOT_UPDATE_PC) EXCEPT_PRIV_INSN = ((1 << 17) | EXCEPT_DO_NOT_UPDATE_PC) EXCEPT_ILLEGAL_INSN = ((1 << 18) | EXCEPT_DO_NOT_UPDATE_PC) EXCEPT_UNK_MNEMO = ((1 << 19) | EXCEPT_DO_NOT_UPDATE_PC) +EXCEPT_INT_1 = ((1 << 20) | EXCEPT_DO_NOT_UPDATE_PC) # VM Mngr constants diff --git a/miasm/jitter/vm_mngr.c b/miasm/jitter/vm_mngr.c index 43d6db53..53ec9065 100644 --- a/miasm/jitter/vm_mngr.c +++ b/miasm/jitter/vm_mngr.c @@ -226,7 +226,6 @@ static uint64_t memory_page_read(vm_mngr_t* vm_mngr, unsigned int my_size, uint6 } switch(my_size){ case 8: - ret = ret; break; case 16: ret = set_endian16(vm_mngr, (uint16_t)ret); @@ -302,7 +301,6 @@ static void memory_page_write(vm_mngr_t* vm_mngr, unsigned int my_size, switch(my_size){ case 8: - src = src; break; case 16: src = set_endian16(vm_mngr, (uint16_t)src); diff --git a/miasm/jitter/vm_mngr.h b/miasm/jitter/vm_mngr.h index 35a648a5..7ae44d99 100644 --- a/miasm/jitter/vm_mngr.h +++ b/miasm/jitter/vm_mngr.h @@ -45,6 +45,10 @@ #define __BYTE_ORDER __LITTLE_ENDIAN #define __BIG_ENDIAN '>' #define __LITTLE_ENDIAN '<' +#elif defined(__ANDROID__) +#define __BYTE_ORDER __BYTE_ORDER__ +#define __LITTLE_ENDIAN __ORDER_LITTLE_ENDIAN__ +#define __BIG_ENDIAN __ORDER_BIG_ENDIAN__ #endif @@ -80,7 +84,6 @@ LIST_HEAD(memory_breakpoint_info_head, memory_breakpoint_info); #define MAX_MEMORY_PAGE_POOL_TAB 0x100000 #define MEMORY_PAGE_POOL_MASK_BIT 12 -#define PAGE_SIZE (1<<MEMORY_PAGE_POOL_MASK_BIT) #define VM_BIG_ENDIAN 1 #define VM_LITTLE_ENDIAN 2 @@ -181,6 +184,7 @@ struct memory_breakpoint_info { #define EXCEPT_PRIV_INSN ((1<<17) | EXCEPT_DO_NOT_UPDATE_PC) #define EXCEPT_ILLEGAL_INSN ((1<<18) | EXCEPT_DO_NOT_UPDATE_PC) #define EXCEPT_UNK_MNEMO ((1<<19) | EXCEPT_DO_NOT_UPDATE_PC) +#define EXCEPT_INT_1 ((1<<20) | EXCEPT_DO_NOT_UPDATE_PC) int is_mem_mapped(vm_mngr_t* vm_mngr, uint64_t ad); diff --git a/miasm/os_dep/win_api_x86_32_seh.py b/miasm/os_dep/win_api_x86_32_seh.py index d1be9ad2..dadd0889 100644 --- a/miasm/os_dep/win_api_x86_32_seh.py +++ b/miasm/os_dep/win_api_x86_32_seh.py @@ -35,6 +35,7 @@ from miasm.os_dep.win_32_structs import LdrDataEntry, ListEntry, \ # Constants Windows EXCEPTION_BREAKPOINT = 0x80000003 +EXCEPTION_SINGLE_STEP = 0x80000004 EXCEPTION_ACCESS_VIOLATION = 0xc0000005 EXCEPTION_INT_DIVIDE_BY_ZERO = 0xc0000094 EXCEPTION_PRIV_INSTRUCTION = 0xc0000096 |