forked from cseagle/sk3wldbg
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sk3wldbg.h
153 lines (120 loc) · 3.88 KB
/
sk3wldbg.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
/*
Source for Sk3wlDbg IdaPro plugin
Copyright (c) 2016 Chris Eagle
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details.
You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 59 Temple
Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef __UNICORN_H
#define __UNICORN_H
#ifdef __NT__
#include <windows.h>
#include <winnt.h>
#include <wincrypt.h>
#else
//#ifndef __NT__
#include <stdio.h>
#include <fcntl.h>
#include <time.h>
#include <unistd.h>
#include <sys/time.h>
#endif
#include <unicorn/unicorn.h>
#include <pro.h>
#include <ida.hpp>
#include <idd.hpp>
#include <kernwin.hpp>
#include <set>
using std::set;
#ifndef PLUGIN_NAME
#define PLUGIN_NAME "sk3wldbg"
#endif
typedef qlist<debug_event_t> evt_list_t;
typedef qlist<thid_t> thread_list;
enum run_state {
RS_INIT = 1,
RS_RUN,
RS_STEP_OVER,
RS_STEP_INTO,
RS_STEP_OUT,
RS_PAUSE,
RS_TERM
};
struct sk3wldbg : public debugger_t {
#ifdef __NT__
HCRYPTPROV hProv;
#else
int hProv;
#endif
uint32_t the_process;
thread_list the_threads;
set<uint64_t> breakpoints;
uc_arch debug_arch;
uc_mode debug_mode;
qstring cpu_model;
uc_engine *uc;
bool do_suspend;
bool finished;
bool single_step;
bool registered_menu;
meminfo_vec_t memory;
evt_list_t dbg_evt_list;
qmutex_t evt_mutex;
qsemaphore_t run_sem;
run_state emu_state;
qthread_t process_thread;
regval_t *saved;
uc_hook code_hook;
uc_hook mem_fault_hook;
event_id_t last_eid;
int32_t *reg_map; //map of internal unicorn reg enums to dbg->_register index values
sk3wldbg(const char *procname, uc_arch arch, uc_mode mode, const char *cpu_model = NULL);
~sk3wldbg();
virtual void install_initial_hooks();
virtual void check_mode(ea_t addr) {};
void enqueue_debug_evt(debug_event_t &evt);
bool dequeue_debug_evt(debug_event_t *out);
size_t debug_queue_len() {return dbg_evt_list.size();}
void runtime_exception(uc_err err, uint64_t pc);
bool queue_exception_event(uint32_t code, uint64_t mem_addr, const char *msg);
bool queue_dbg_event(bool is_hardware);
void close();
void start(uint64_t initial_pc);
void pause();
void resume();
void step(uint64_t initial_pc);
bool open();
void clear_memory() {memory.clear();}
void map_mem_fix_overlaps(uint64_t *startAddr, uint64_t *endAddr, unsigned int perms);
void map_mem_zero(uint64_t startAddr, uint64_t endAddr, unsigned int perms);
void map_mem_copy(uint64_t startAddr, uint64_t endAddr, unsigned int perms, void *src);
void getRandomBytes(void *buf, unsigned int len);
void add_bpt(uint64_t bpt_addr);
void del_bpt(uint64_t bpt_addr);
bool read_register(int regidx, regval_t *values);
bool save_registers();
bool restore_registers();
virtual bool call_changes_sp() {return false;};
//emulate what this processor does when a function is called
//some processors push, some processors save it in a register
//emulate the right thing here. This is to support appcall
virtual bool save_ret_addr(uint64_t retaddr) = 0;
bool done() {return finished;}
uint64_t get_pc();
bool set_pc(uint64_t);
uint64_t get_sp();
bool set_sp(uint64_t);
};
struct mem_map_action_handler : public action_handler_t {
int idaapi activate(action_activation_ctx_t *ctx);
action_state_t idaapi update(action_update_ctx_t *ctx);
};
#endif