Merge pull request #20 from icicle-emu/x86-eflags-hook

mrexodia · web-flow · commit aef686faa6a6 · 2024-12-27T17:15:26.000+01:00
X86 eflags hook
diff --git a/src/lib.rs b/src/lib.rs
@@ -1,19 +1,36 @@
 use std::borrow::Cow;
 use std::collections::HashMap;
 use icicle_cpu::mem::{Mapping, MemError, perm};
-use icicle_cpu::{ExceptionCode, VmExit};
+use icicle_cpu::{Cpu, ExceptionCode, ValueSource, VarSource, VmExit};
 use pyo3::prelude::*;
 use icicle_vm;
-use icicle_vm::linux::LinuxCpu;
 use pyo3::exceptions::*;
 use target_lexicon;
 use indexmap::IndexMap;
+use target_lexicon::Architecture;
+use icicle_cpu::lifter::InstructionSource;
 use sleigh_runtime::NamedRegister;
 
 // References:
 // - https://pyo3.rs/main/conversions/tables
 // - https://pyo3.rs/main/class
 
+struct X86FlagsRegHandler {
+    pub eflags: pcode::VarNode,
+}
+
+impl icicle_cpu::RegHandler for X86FlagsRegHandler {
+    fn read(&mut self, cpu: &mut Cpu) {
+        let eflags = icicle_vm::x86::eflags(cpu);
+        cpu.write_var::<u32>(self.eflags, eflags);
+    }
+
+    fn write(&mut self, cpu: &mut Cpu) {
+        let eflags = cpu.read_var::<u32>(self.eflags);
+        icicle_vm::x86::set_eflags(cpu, eflags);
+    }
+}
+
 #[pyclass(eq, eq_int, module = "icicle")]
 #[derive(Clone, Debug, PartialEq)]
 pub enum MemoryProtection {
@@ -227,7 +244,7 @@ pub struct Icicle {
 }
 
 fn reg_find<'a>(i: &'a Icicle, name: &str) -> PyResult<&'a NamedRegister> {
-    let sleigh = i.vm.cpu.sleigh();
+    let sleigh = &i.vm.cpu.arch.sleigh;
     match sleigh.get_reg(name) {
         None => {
             i.regs.get(name.to_lowercase().as_str())
@@ -354,19 +371,29 @@ impl Icicle {
         config.optimize_instructions = optimize_instructions;
         config.optimize_block = optimize_block;
 
-        let vm = icicle_vm::build(&config)
+        let mut vm = icicle_vm::build(&config)
             .map_err(|e| {
                 PyException::new_err(format!("VM build error: {e}"))
             })?;
 
         // Populate the lowercase register map
         let mut regs = HashMap::new();
-        let sleigh = vm.cpu.sleigh();
+        let sleigh = &vm.cpu.arch.sleigh;
         for reg in &sleigh.named_registers {
             let name = sleigh.get_str(reg.name);
             regs.insert(name.to_lowercase(), reg.clone());
         }
 
+        // Special handling for x86 flags
+        match config.triple.architecture {
+            Architecture::X86_32(_) | Architecture::X86_64 | Architecture::X86_64h => {
+                let eflags = sleigh.get_reg("eflags").unwrap().var;
+                let reg_handler = X86FlagsRegHandler { eflags };
+                vm.cpu.add_reg_handler(eflags.id, Box::new(reg_handler));
+            }
+            _ => {}
+        }
+
         Ok(Icicle {
             architecture,
             vm,
@@ -454,7 +481,7 @@ impl Icicle {
 
     pub fn reg_list(&self) -> PyResult<IndexMap<String, (u32, u8)>> {
         let mut result = IndexMap::new();
-        let sleigh = self.vm.cpu.sleigh();
+        let sleigh = &self.vm.cpu.arch.sleigh;
         for reg in &sleigh.named_registers {
             let name = sleigh.get_str(reg.name);
             result.insert(name.to_string(), (reg.offset, reg.var.size));
diff --git a/tests/tests.rs b/tests/tests.rs
@@ -206,6 +206,55 @@ fn step_modify_rip() -> PyResult<()> {
     Ok(())
 }
 
+fn eflags_reconstruction() -> PyResult<()> {
+    let mut vm = new_vm(false)?;
+    vm.mem_map(0x100, 0x20, MemoryProtection::ExecuteRead)?;
+
+    vm.mem_write(0x100, b"\x48\x01\xD8".to_vec())?;
+    vm.reg_write("rax", 0x7FFFFFFFFFFFFFFF)?;
+    vm.reg_write("rbx", 0x1)?;
+
+    let of_mask = (1 << 11) as u64;
+
+    {
+        let eflags = vm.reg_read("eflags")?;
+        let of = vm.reg_read("OF")?;
+        let of_set = (eflags & of_mask) == of_mask;
+        println!("[pre] eflags: {:#x}, OF: {:#x} == {}", eflags, of, of_set);
+    }
+
+    vm.set_pc(0x100);
+    let status = vm.step(1);
+    println!("run status: {:?}", status);
+
+    {
+        let eflags = vm.reg_read("eflags")?;
+        let rflags = vm.reg_read("rflags")?;
+        let of = vm.reg_read("OF")?;
+        let of_set = (eflags & of_mask) == of_mask;
+        println!("[post] eflags: {:#x} == {:#x}, OF: {:#x} == {}", eflags, rflags, of, of_set);
+    }
+
+    {
+        vm.reg_write("OF", 0)?;
+        let eflags = vm.reg_read("eflags")?;
+        let of = vm.reg_read("OF")?;
+        let of_set = (eflags >> 11) & 1;
+        println!("[OF=0] eflags: {:#x}, OF: {:#x} == {}", eflags, of, of_set);
+    }
+
+    {
+        let mut eflags = vm.reg_read("eflags")?;
+        eflags |= of_mask;
+        vm.reg_write("rflags", eflags)?;
+        let of = vm.reg_read("OF")?;
+        let of_set = (eflags >> 11) & 1;
+        println!("[rflags|={:#x}] eflags: {:#x}, OF: {:#x} == {}", of_mask, eflags, of, of_set);
+    }
+
+    Ok(())
+}
+
 fn main() {
     // Make sure the GHIDRA_SRC environment variable is valid
     match std::env::var("GHIDRA_SRC") {
@@ -236,6 +285,7 @@ fn main() {
         ("Rewind", rewind),
         ("Execute only", execute_only),
         ("Step modify rip", step_modify_rip),
+        ("EFlags reconstruction", eflags_reconstruction),
     ];
 
     let mut success = 0;
