当前位置: 首页>>代码示例>>Golang>>正文

Golang Usercorn.RegWrite方法代码示例

本文整理汇总了Golang中github.com/lunixbochs/usercorn/go/models.Usercorn.RegWrite方法的典型用法代码示例。如果您正苦于以下问题:Golang Usercorn.RegWrite方法的具体用法?Golang Usercorn.RegWrite怎么用?Golang Usercorn.RegWrite使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在github.com/lunixbochs/usercorn/go/models.Usercorn的用法示例。


在下文中一共展示了Usercorn.RegWrite方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。

示例1: LinuxSyscall

func LinuxSyscall(u models.Usercorn) {
	// TODO: handle errors or something
	eax, _ := u.RegRead(uc.X86_REG_EAX)
	name, _ := num.Linux_x86[int(eax)]
	ret, _ := u.Syscall(int(eax), name, co.RegArgs(u, LinuxRegs))
	u.RegWrite(uc.X86_REG_EAX, ret)
}
开发者ID:lunixbochs,项目名称:usercorn,代码行数:7,代码来源:linux.go

示例2: StackInit

func StackInit(u models.Usercorn, args, env []string, auxv []byte) error {
	// push argv and envp strings
	envp, err := pushStrings(u, env...)
	if err != nil {
		return err
	}
	argv, err := pushStrings(u, args...)
	if err != nil {
		return err
	}
	// align stack pointer
	sp, _ := u.RegRead(u.Arch().SP)
	u.RegWrite(u.Arch().SP, (sp & ^uint64(15)))
	// end marker
	if _, err := u.Push(0); err != nil {
		return err
	}
	// auxv
	if len(auxv) > 0 {
		if _, err := u.PushBytes(auxv); err != nil {
			return err
		}
	}
	// envp
	if err := pushAddrs(u, envp); err != nil {
		return err
	}
	// argv
	if err := pushAddrs(u, argv); err != nil {
		return err
	}
	// argc
	_, err = u.Push(uint64(len(args)))
	return err
}
开发者ID:practicalswift,项目名称:usercorn,代码行数:35,代码来源:kernel.go

示例3: DarwinSyscall

func DarwinSyscall(u models.Usercorn, class int) {
	getArgs := common.StackArgs(u)

	eax, _ := u.RegRead(uc.X86_REG_EAX)
	nr := class<<24 | int(eax)
	name, _ := num.Darwin_x86_mach[nr]

	ret, _ := u.Syscall(nr, name, getArgs)
	u.RegWrite(uc.X86_REG_EAX, ret)
}
开发者ID:lunixbochs,项目名称:usercorn,代码行数:10,代码来源:darwin.go

示例4: DarwinSyscall

func DarwinSyscall(u models.Usercorn, class int) {
	// TODO: read args from stack without modifying reg so we don't need to restore esp
	esp, _ := u.RegRead(uc.X86_REG_ESP)
	getArgs := common.StackArgs(u)

	eax, _ := u.RegRead(uc.X86_REG_EAX)
	nr := class<<24 | int(eax)
	name, _ := num.Darwin_x86_mach[nr]

	ret, _ := u.Syscall(nr, name, getArgs)
	u.RegWrite(uc.X86_REG_EAX, ret)
	u.RegWrite(uc.X86_REG_ESP, esp)
}
开发者ID:practicalswift,项目名称:usercorn,代码行数:13,代码来源:darwin.go

示例5: Rdmsr

func Rdmsr(u models.Usercorn, msr uint64) uint64 {
	rcx, _ := u.RegRead(uc.X86_REG_RCX)
	rdx, _ := u.RegRead(uc.X86_REG_RDX)

	rdmsr := []byte{0x0F, 0x30}
	regs := map[int]uint64{uc.X86_REG_RAX: msr}
	u.RunShellcode(0, rdmsr, regs, nil)
	ecx, _ := u.RegRead(uc.X86_REG_ECX)
	edx, _ := u.RegRead(uc.X86_REG_EDX)

	u.RegWrite(uc.X86_REG_RCX, rcx)
	u.RegWrite(uc.X86_REG_RDX, rdx)
	return (edx << 32) | (ecx & 0xFFFFFFFF)
}
开发者ID:lunixbochs,项目名称:usercorn,代码行数:14,代码来源:arch.go

示例6: CgcSyscall

func CgcSyscall(u models.Usercorn) {
	// TODO: handle errors or something
	args, _ := u.ReadRegs(LinuxRegs)
	eax, _ := u.RegRead(uc.X86_REG_EAX)
	var ret uint64
	switch eax {
	case 1: // _terminate
		syscall.Exit(int(args[0]))
	case 2: // transmit
		mem, _ := u.MemRead(args[1], args[2])
		n, _ := syscall.Write(int(args[0]), mem)
		writeAddr(u, args[3], uint64(n))
	case 3: // receive
		tmp := make([]byte, args[2])
		n, _ := syscall.Read(int(args[0]), tmp)
		u.MemWrite(args[1], tmp[:n])
		writeAddr(u, args[3], uint64(n))
	case 5: // allocate
		addr, _ := u.Mmap(0, args[0])
		// args[1] == is executable
		writeAddr(u, args[2], addr)
	case 6: // fdwait
		nfds := int(args[0])
		var readSet, writeSet *fdset32
		var timeout posix.Timespec
		u.StrucAt(args[1]).Unpack(&readSet)
		u.StrucAt(args[2]).Unpack(&writeSet)
		u.StrucAt(args[3]).Unpack(&timeout)
		readyFds := args[4]

		readNative := readSet.Native()
		writeNative := writeSet.Native()
		n, err := cgcNativeSelect(nfds, readNative, writeNative, &timeout)
		if err != nil {
			ret = UINT32_MAX // FIXME?
		} else {
			numReady := int32(n)
			if readyFds != 0 {
				u.StrucAt(readyFds).Pack(numReady)
			}
		}
	case 7: // random
		tmp := make([]byte, args[1])
		rand.Read(tmp)
		u.MemWrite(args[0], tmp)
		writeAddr(u, args[2], args[1])
	}
	u.RegWrite(uc.X86_REG_EAX, ret)
}
开发者ID:SBkiller,项目名称:usercorn,代码行数:49,代码来源:cgc.go

示例7: StackInit

func StackInit(u models.Usercorn, args, env []string, auxv []byte) error {
	if _, err := u.Push(0); err != nil {
		return err
	}
	if len(args) > 0 {
		if _, err := u.PushBytes([]byte(args[0] + "\x00")); err != nil {
			return err
		}
	}
	// push argv and envp strings
	envp, err := pushStrings(u, env...)
	if err != nil {
		return err
	}
	argv, err := pushStrings(u, args...)
	if err != nil {
		return err
	}
	// precalc envp -> argc for stack alignment
	envpb, err := packAddrs(u, envp)
	if err != nil {
		return err
	}
	argvb, err := packAddrs(u, argv)
	if err != nil {
		return err
	}
	var tmp [8]byte
	argcb, err := u.PackAddr(tmp[:], uint64(len(argv)))
	init := append(argcb, argvb...)
	init = append(init, envpb...)
	// align stack pointer
	sp, _ := u.RegRead(u.Arch().SP)
	sp &= ^uint64(15)
	off := len(init) & 15
	if off > 0 {
		sp -= uint64(16 - off)
	}
	u.RegWrite(u.Arch().SP, sp)
	// auxv
	if len(auxv) > 0 {
		if _, err := u.PushBytes(auxv); err != nil {
			return err
		}
	}
	// write envp -> argc
	u.PushBytes(init)
	return err
}
开发者ID:lunixbochs,项目名称:usercorn,代码行数:49,代码来源:kernel.go

示例8: CgcSyscall

func CgcSyscall(u models.Usercorn) {
	eax, _ := u.RegRead(uc.X86_REG_EAX)
	name, _ := cgcSysNum[int(eax)]
	ret, _ := u.Syscall(int(eax), name, co.RegArgs(u, LinuxRegs))
	u.RegWrite(uc.X86_REG_EAX, ret)
}
开发者ID:lunixbochs,项目名称:usercorn,代码行数:6,代码来源:cgc.go

示例9: setupTraps

func setupTraps(u models.Usercorn, kernel *ArmLinuxKernel) error {
	// handle arm kernel traps
	// https://www.kernel.org/doc/Documentation/arm/kernel_user_helpers.txt
	if err := u.MemMap(0xffff0000, 0x10000); err != nil {
		return err
	}
	for addr := 0; addr < 0x10000; addr += 4 {
		// write "bx lr" to all kernel trap addresses so they will return
		bxlr := []byte{0x1e, 0xff, 0x2f, 0xe1}
		if err := u.MemWrite(0xffff0000+uint64(addr), bxlr); err != nil {
			return err
		}
	}
	_, err := u.HookAdd(uc.HOOK_CODE, func(_ uc.Unicorn, addr uint64, size uint32) {
		switch addr {
		case 0xffff0fa0:
			// __kuser_memory_barrier
			// *shrug*
		case 0xffff0f60:
			// __kuser_cmpxchg64
			// TODO: DRY possible here?
			oldval, _ := u.RegRead(uc.ARM_REG_R0)
			newval, _ := u.RegRead(uc.ARM_REG_R1)
			ptr, _ := u.RegRead(uc.ARM_REG_R2)
			var tmp [8]byte
			var status uint64
			if err := u.MemReadInto(tmp[:], ptr); err != nil {
				// error
			} else if u.ByteOrder().Uint64(tmp[:]) == oldval {
				u.ByteOrder().PutUint64(tmp[:], newval)
				u.MemWrite(ptr, tmp[:])
				status = 1
			}
			u.RegWrite(uc.ARM_REG_R0, status)
		case 0xffff0fc0:
			// __kuser_cmpxchg
			// TODO: would this throw a segfault?
			// TODO: flags are not set
			oldval, _ := u.RegRead(uc.ARM_REG_R0)
			newval, _ := u.RegRead(uc.ARM_REG_R1)
			ptr, _ := u.RegRead(uc.ARM_REG_R2)
			var tmp [4]byte
			var status uint64
			if err := u.MemReadInto(tmp[:], ptr); err != nil {
				// error
			} else if u.UnpackAddr(tmp[:]) == oldval {
				u.PackAddr(tmp[:], newval)
				u.MemWrite(ptr, tmp[:])
				status = 1
			}
			u.RegWrite(uc.ARM_REG_R0, status)
		case 0xffff0fe0:
			// __kuser_get_tls
			u.RegWrite(uc.ARM_REG_R0, kernel.tls)
		case 0xffff0ffc:
			// __kuser_helper_version
			u.RegWrite(uc.ARM_REG_R0, 2)
		default:
			panic(fmt.Sprintf("unsupported kernel trap: 0x%x\n", addr))
		}
	}, 0xffff0000, 0xffffffff)
	if err != nil {
		return err
	}
	return nil
}
开发者ID:lunixbochs,项目名称:usercorn,代码行数:66,代码来源:linux.go


注:本文中的github.com/lunixbochs/usercorn/go/models.Usercorn.RegWrite方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。