URL https://opencores.org/ocsvn/ao486/ao486/trunk

Subversion Repositories ao486

[/] [ao486/] [trunk/] [ao486_tool/] [src/] [ao486/] [test/] [branch/] [TestCALL_near_Jv.java] - Blame information for rev 2

Details | Compare with Previous | View Log


/*
 * Copyright (c) 2014, Aleksander Osman
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * * Redistributions of source code must retain the above copyright notice, this
 *   list of conditions and the following disclaimer.
 *
 * * Redistributions in binary form must reproduce the above copyright notice,
 *   this list of conditions and the following disclaimer in the documentation
 *   and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
package ao486.test.branch;
 
import ao486.test.TestUnit;
import ao486.test.layers.FlagsLayer;
import ao486.test.layers.GeneralRegisterLayer;
import ao486.test.layers.HandleModeChangeLayer;
import ao486.test.layers.IOLayer;
import ao486.test.layers.InstructionLayer;
import ao486.test.layers.Layer;
import ao486.test.layers.MemoryLayer;
import ao486.test.layers.MemoryPatchLayer;
import ao486.test.layers.OtherLayer;
import ao486.test.layers.Pair;
import ao486.test.layers.SegmentLayer;
import ao486.test.layers.StackLayer;
import java.io.*;
import java.util.LinkedList;
import java.util.Random;
 
 
public class TestCALL_near_Jv extends TestUnit implements Serializable {
    public static void main(String args[]) throws Exception {
        run_test(TestCALL_near_Jv.class);
    }
 
    //--------------------------------------------------------------------------
    @Override
    public int get_test_count() throws Exception {
        return 100;
    }
 
    @Override
    public void init() throws Exception {
 
        random = new Random(10+index);
 
        String instruction;
        while(true) {
            layers.clear();
 
            LinkedList<Pair<Long, Long>> prohibited_list = new LinkedList<>();
 
            InstructionLayer instr = new InstructionLayer(random, prohibited_list);
            layers.add(instr);
            StackLayer stack = new StackLayer(random, prohibited_list);
            layers.add(stack);
            layers.add(new OtherLayer(OtherLayer.Type.RANDOM, random));
            layers.add(new FlagsLayer(FlagsLayer.Type.RANDOM, random));
            layers.add(new GeneralRegisterLayer(random));
            layers.add(new SegmentLayer(random));
            layers.add(new MemoryLayer(random));
            layers.add(new IOLayer(random));
            layers.addFirst(new HandleModeChangeLayer(
                    getInput("cr0_pe"),
                    getInput("vmflag"),
                    getInput("cs_rpl"),
                    getInput("cs_p"),
                    getInput("cs_s"),
                    getInput("cs_type")
            ));
 
            // instruction size
            boolean cs_d_b = getInput("cs_d_b") == 1;
 
            boolean a32 = random.nextBoolean();
            boolean o32 = random.nextBoolean();
 
            // destination
            long cs_limit = getInput("cs_limit");
            long cs_base  = Layer.norm(getInput("cs_base"));
            long eip      = Layer.norm(getInput("eip"));
            long new_eip  = random.nextInt((int)cs_limit);
 
            if(o32 == false) new_eip &= 0xFFFF;
 
            long eip_diff = new_eip - (eip + ((o32)? 5 : 3) + ((cs_d_b != o32)? 1 : 0) + ((cs_d_b != a32)? 1 : 0));
            if(o32 == false) eip_diff &= 0xFFFF;
 
 
            // instruction after call
            long dest = cs_base + new_eip;
 
            MemoryPatchLayer patch = new MemoryPatchLayer(random, prohibited_list, (int)dest, 0x0F,0x0F);
            layers.addFirst(patch);
 
            // add instruction
 
            instruction = prepare_instr(cs_d_b, a32, o32, (int)eip_diff);
            instr.add_instruction(instruction);
System.out.printf("a32: %b, o32: %b, cs_d_b: %b\n", a32,o32,cs_d_b);
System.out.printf("eip:      %08x\n", eip);
System.out.printf("dest:     %08x\n", dest);
System.out.printf("new_eip:  %08x\n", new_eip);
System.out.printf("cs_base:  %08x\n", cs_base);
System.out.printf("cs_limit: %08x\n", cs_limit);
            // end condition
            break;
        }
 
        System.out.println("Instruction: [" + instruction + "]");
    }
 
    String prepare_instr(boolean cs_d_b, boolean a32, boolean o32, int offset) throws Exception {
        int opcodes[] = {
            0xE8
        };
 
        String prefix = "";
        if(cs_d_b != o32) { prefix = "66" + prefix; }
        if(cs_d_b != a32) { prefix = "67" + prefix; }
 
        int opcode = opcodes[random.nextInt(opcodes.length)];
 
        byte instr[] = new byte[1 + ((o32)? 4 : 2)];
        instr[0] = (byte)opcode;
        for(int i=1; i<instr.length; i++) {
            instr[i] = (byte)(offset & 0xFF);
            offset >>= 8;
        }
 
        return prefix + bytesToHex(instr);
    }
 
}

Line No.	Rev	Author	Line
1	2	alfik	`/*`
2			`* Copyright (c) 2014, Aleksander Osman`
3			`* All rights reserved.`
4			`*`
5			`* Redistribution and use in source and binary forms, with or without`
6			`* modification, are permitted provided that the following conditions are met:`
7			`*`
8			`* * Redistributions of source code must retain the above copyright notice, this`
9			`* list of conditions and the following disclaimer.`
10			`*`
11			`* * Redistributions in binary form must reproduce the above copyright notice,`
12			`* this list of conditions and the following disclaimer in the documentation`
13			`* and/or other materials provided with the distribution.`
14			`*`
15			`* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"`
16			`* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
17			`* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE`
18			`* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE`
19			`* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL`
20			`* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR`
21			`* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER`
22			`* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,`
23			`* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE`
24			`* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
25			`*/`
26
27			`package ao486.test.branch;`
28
29			`import ao486.test.TestUnit;`
30			`import ao486.test.layers.FlagsLayer;`
31			`import ao486.test.layers.GeneralRegisterLayer;`
32			`import ao486.test.layers.HandleModeChangeLayer;`
33			`import ao486.test.layers.IOLayer;`
34			`import ao486.test.layers.InstructionLayer;`
35			`import ao486.test.layers.Layer;`
36			`import ao486.test.layers.MemoryLayer;`
37			`import ao486.test.layers.MemoryPatchLayer;`
38			`import ao486.test.layers.OtherLayer;`
39			`import ao486.test.layers.Pair;`
40			`import ao486.test.layers.SegmentLayer;`
41			`import ao486.test.layers.StackLayer;`
42			`import java.io.*;`
43			`import java.util.LinkedList;`
44			`import java.util.Random;`
45
46
47			`public class TestCALL_near_Jv extends TestUnit implements Serializable {`
48			`public static void main(String args[]) throws Exception {`
49			`run_test(TestCALL_near_Jv.class);`
50			`}`
51
52			`//--------------------------------------------------------------------------`
53			`@Override`
54			`public int get_test_count() throws Exception {`
55			`return 100;`
56			`}`
57
58			`@Override`
59			`public void init() throws Exception {`
60
61			`random = new Random(10+index);`
62
63			`String instruction;`
64			`while(true) {`
65			`layers.clear();`
66
67			`LinkedList<Pair<Long, Long>> prohibited_list = new LinkedList<>();`
68
69			`InstructionLayer instr = new InstructionLayer(random, prohibited_list);`
70			`layers.add(instr);`
71			`StackLayer stack = new StackLayer(random, prohibited_list);`
72			`layers.add(stack);`
73			`layers.add(new OtherLayer(OtherLayer.Type.RANDOM, random));`
74			`layers.add(new FlagsLayer(FlagsLayer.Type.RANDOM, random));`
75			`layers.add(new GeneralRegisterLayer(random));`
76			`layers.add(new SegmentLayer(random));`
77			`layers.add(new MemoryLayer(random));`
78			`layers.add(new IOLayer(random));`
79			`layers.addFirst(new HandleModeChangeLayer(`
80			`getInput("cr0_pe"),`
81			`getInput("vmflag"),`
82			`getInput("cs_rpl"),`
83			`getInput("cs_p"),`
84			`getInput("cs_s"),`
85			`getInput("cs_type")`
86			`));`
87
88			`// instruction size`
89			`boolean cs_d_b = getInput("cs_d_b") == 1;`
90
91			`boolean a32 = random.nextBoolean();`
92			`boolean o32 = random.nextBoolean();`
93
94			`// destination`
95			`long cs_limit = getInput("cs_limit");`
96			`long cs_base = Layer.norm(getInput("cs_base"));`
97			`long eip = Layer.norm(getInput("eip"));`
98			`long new_eip = random.nextInt((int)cs_limit);`
99
100			`if(o32 == false) new_eip &= 0xFFFF;`
101
102			`long eip_diff = new_eip - (eip + ((o32)? 5 : 3) + ((cs_d_b != o32)? 1 : 0) + ((cs_d_b != a32)? 1 : 0));`
103			`if(o32 == false) eip_diff &= 0xFFFF;`
104
105
106			`// instruction after call`
107			`long dest = cs_base + new_eip;`
108
109			`MemoryPatchLayer patch = new MemoryPatchLayer(random, prohibited_list, (int)dest, 0x0F,0x0F);`
110			`layers.addFirst(patch);`
111
112			`// add instruction`
113
114			`instruction = prepare_instr(cs_d_b, a32, o32, (int)eip_diff);`
115			`instr.add_instruction(instruction);`
116			`System.out.printf("a32: %b, o32: %b, cs_d_b: %b\n", a32,o32,cs_d_b);`
117			`System.out.printf("eip: %08x\n", eip);`
118			`System.out.printf("dest: %08x\n", dest);`
119			`System.out.printf("new_eip: %08x\n", new_eip);`
120			`System.out.printf("cs_base: %08x\n", cs_base);`
121			`System.out.printf("cs_limit: %08x\n", cs_limit);`
122			`// end condition`
123			`break;`
124			`}`
125
126			`System.out.println("Instruction: [" + instruction + "]");`
127			`}`
128
129			`String prepare_instr(boolean cs_d_b, boolean a32, boolean o32, int offset) throws Exception {`
130			`int opcodes[] = {`
131			`0xE8`
132			`};`
133
134			`String prefix = "";`
135			`if(cs_d_b != o32) { prefix = "66" + prefix; }`
136			`if(cs_d_b != a32) { prefix = "67" + prefix; }`
137
138			`int opcode = opcodes[random.nextInt(opcodes.length)];`
139
140			`byte instr[] = new byte[1 + ((o32)? 4 : 2)];`
141			`instr[0] = (byte)opcode;`
142			`for(int i=1; i<instr.length; i++) {`
143			`instr[i] = (byte)(offset & 0xFF);`
144			`offset >>= 8;`
145			`}`
146
147			`return prefix + bytesToHex(instr);`
148			`}`
149
150			`}`

Browse

Tools

Subversion Repositories ao486

[/] [ao486/] [trunk/] [ao486_tool/] [src/] [ao486/] [test/] [branch/] [TestCALL_near_Jv.java] - Blame information for rev 2