herm1t LIVE!ng room - Hardware breakpoints [entries|archive|friends|userinfo]
herm1t

[ website | twilight corner in the herm1t's cave ]
[ userinfo | ljr userinfo ]
[ archive | journal archive ]

Hardware breakpoints [Sep. 21st, 2011|01:38 pm]
Previous Entry Add to Memories Tell A Friend Next Entry
LinkLeave a comment

Comments:
[User Picture]
From:[info]herm1t
Date:October 4th, 2011 - 09:15 am
(Link)
Клевая фича, но не хотелось бы связываться с /dev/*, права, ввод-вывод и все-такре. А с дизасмом все просто, только джампы эмулить муторно, вот что у меня получилось: uint32_t emu_cti(pid_t pid, yad_t *y, struct user_regs_struct *regs) { uint32_t mem; if (y->opcode == 0xcd) goto next_addr; if (y->opcode == 0xc2 || y->opcode == 0xc3) { mem = regs->esp; goto peek_data; } int32_t rel_arg = y->datasize == 1 ? (char)y->data1 : (int)y->data4; if (y->opcode == 0xe9 || y->opcode == 0xe8 || y->opcode == 0xeb) { goto next_rela; } if (y->flags & C_MODRM) { uint32_t mod, rm, reg[8]; mod = y->modrm >> 6; rm = y->modrm & 7; reg[0] = regs->eax; reg[1] = regs->ecx; reg[2] = regs->edx; reg[3] = regs->ebx; reg[4] = regs->esp; reg[5] = regs->ebp; reg[6] = regs->esi; reg[7] = regs->edi; if (mod == 3) { return reg[rm]; } if (mod == 0 && rm == 5) { mem = y->addr4; goto peek_data; } if (rm == 4) { uint32_t scale, index, base; scale = y->sib >> 6; index = (y->sib >> 3) & 7; base = y->sib & 7; mem = reg[base] + (reg[index] << scale); } else { mem = reg[rm]; } if (mod != 0) { int d; if (mod == 1) d = (char)y->addr1; else d = (int)y->addr4; mem += d; } goto peek_data; } uint32_t flags = regs->eflags; #define CF ((flags >> 0) & 1) #define PF ((flags >> 2) & 1) #define AF ((flgas >> 4) & 1) #define ZF ((flags >> 6) & 1) #define SF ((flags >> 7) & 1) #define OF ((flags >> 11) & 1) if ((y->opcode & 0xfc) == 0xe0) { if (y->opcode == 0xe3) { if (regs->ecx == 0) goto next_rela; } else if (regs->ecx - 1 == 0) { if (y->opcode == 0xe2 || ZF == (y->opcode & 0xfe)) goto next_rela; } goto next_addr; } uint32_t cc = (y->opcode == 0x0f ? y->opcode2 : y->opcode) & 0x0f; #define CC(N, cond) if (cc == N) { if (cond) goto next_rela; else goto next_addr; } else CC(0x00, OF) /* jo */ CC(0x01, OF == 0) /* jno */ CC(0x02, CF) /* jb/jnae/jc */ CC(0x03, CF == 0) /* jnb/jae/jnc */ CC(0x04, ZF) /* je/jz */ CC(0x05, ZF == 0) /* jne/jnz */ CC(0x06, CF || ZF) /* jbe/jna */ CC(0x07, CF == 0 && ZF == 0) /* ja/jnbe */ CC(0x08, SF) /* js */ CC(0x09, SF == 0) /* jns */ CC(0x0a, PF) /* jp/jpe */ CC(0x0b, PF == 0) /* jnp/jpo */ CC(0x0c, SF != OF) /* jl/jnge */ CC(0x0d, SF == OF) /* jge/jnl */ CC(0x0e, ZF || SF != OF) /* jle/jng */ CC(0x0f, ZF == 0 && SF == OF) ; /* jg/jnle */ next_addr: return regs->eip + y->len; next_rela: return regs->eip + y->len + rel_arg; peek_data: return ptrace(PTRACE_PEEKDATA, pid, mem, 0); }