Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Whether the [ldab] instruction supports #1724

Closed
crazy-copy opened this issue Oct 18, 2022 · 5 comments
Closed

Whether the [ldab] instruction supports #1724

crazy-copy opened this issue Oct 18, 2022 · 5 comments
Labels
question

Comments

@crazy-copy
Copy link

crazy-copy commented Oct 18, 2022
edited
Loading 

<CsInsn 0x40000000 [70b5]: push {r4, r5, r6, lr}>
<CsInsn 0x40000002 [0546]: mov r5, r0>
<CsInsn 0x40000004 [2148]: ldr r0, [pc, #0x84]>
<CsInsn 0x40000006 [0c46]: mov r4, r1>
<CsInsn 0x40000008 [7844]: add r0, pc>
<CsInsn 0x4000000a [d0e88f0f]: ldab r0, [r0]>
Traceback (most recent call last):
  File "C:\Users\crazystone\PycharmProjects\pythonProject\main.py", line 34, in <module>
    uc.emu_start(0x40000000 | 1, 0x40000000 + len(code) - 1)
  File "C:\Users\crazystone\PycharmProjects\pythonProject\venv\lib\site-packages\unicorn\unicorn.py", line 548, in emu_start
    raise UcError(status)
unicorn.unicorn.UcError: Invalid instruction (UC_ERR_INSN_INVALID)

Process finished with exit code 1
@crazy-copy
Copy link
Author

crazy-copy commented Oct 18, 2022
edited
Loading

this is test code

from unicorn import *
from unicorn.arm_const import *
from capstone import *

cs = Cs(CS_ARCH_ARM, CS_MODE_THUMB)

code = bytes([0x70, 0xB5, 0x05, 0x46, 0x21, 0x48, 0x0C, 0x46, 0x78, 0x44,
              0xD0, 0xE8, 0x8F, 0x0F, 0xC0, 0x07, 0x1C, 0xD0])

STACK_SIZE = 1024 * 1024 * 5
STACK_BASE = 0XB0000000

uc = Uc(UC_ARCH_ARM, UC_MODE_ARM)

uc.mem_map(STACK_BASE, STACK_SIZE)
uc.reg_write(UC_ARM_REG_SP, STACK_BASE + STACK_SIZE - 0x10)


uc.mem_map(0x40000000, 0x1000)
uc.mem_write(0x40000000, code)

uc.mem_map(0, 0x1000)

def hook_code(uc: Uc, address, size, data):
    for i in cs.disasm(uc.mem_read(address, size), address):
        print(i)


uc.hook_add(UC_HOOK_CODE, hook_code)

if __name__ == '__main__':
    uc.emu_start(0x40000000 | 1, 0x40000000 + len(code))

@wtdcode
Copy link
Member

wtdcode commented Oct 18, 2022

I can't see any reason for 0x40000000 + len(code) - 1...

@crazy-copy
Copy link
Author

crazy-copy commented Oct 19, 2022
edited
Loading

QQ图片20221019092823

I know, but it is still the same after changing 0x40000000 + len(code) When the code runs to ldab, it reports an exception UC_ERR_INSN_INVALID, I try test in unicron-c and unicorn-python it is still the same

I read the unicorn document UC_ERR_INSN_INVALID, // Quit emulation due to invalid instruction:

so I want to know ldab Instructions support about unicorn

@wtdcode
Copy link
Member

wtdcode commented Oct 21, 2022

See #1725 You have to set the CPU model.

Maybe a new FAQ should be added...

@crazy-copy
Copy link
Author

i tried to set cpu mode
only UC_CPU_ARM_MAX support ldab
thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crazy-copy @wtdcode