URL https://opencores.org/ocsvn/ao486/ao486/trunk

Subversion Repositories ao486

[/] [ao486/] [trunk/] [ao486_tool/] [src/] [ao486/] [test/] [branch/] [TestJcc_JECXZ.java] - Blame information for rev 2

Details | Compare with Previous | View Log


/*
 * Copyright (c) 2014, Aleksander Osman
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * * Redistributions of source code must retain the above copyright notice, this
 *   list of conditions and the following disclaimer.
 *
 * * Redistributions in binary form must reproduce the above copyright notice,
 *   this list of conditions and the following disclaimer in the documentation
 *   and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
package ao486.test.branch;
 
import ao486.test.TestUnit;
import static ao486.test.TestUnit.run_test;
import ao486.test.layers.FlagsLayer;
import ao486.test.layers.GeneralRegisterLayer;
import ao486.test.layers.HandleModeChangeLayer;
import ao486.test.layers.IOLayer;
import ao486.test.layers.InstructionLayer;
import ao486.test.layers.Layer;
import ao486.test.layers.MemoryLayer;
import ao486.test.layers.MemoryPatchLayer;
import ao486.test.layers.OtherLayer;
import ao486.test.layers.Pair;
import ao486.test.layers.SegmentLayer;
import ao486.test.layers.StackLayer;
import java.io.*;
import java.util.LinkedList;
import java.util.Random;
 
 
public class TestJcc_JECXZ extends TestUnit implements Serializable {
    public static void main(String args[]) throws Exception {
        run_test(TestJcc_JECXZ.class);
    }
 
    //--------------------------------------------------------------------------
    @Override
    public int get_test_count() throws Exception {
        return 100;
    }
 
    @Override
    public void init() throws Exception {
 
        random = new Random(4+index);
 
        String instruction;
        while(true) {
            layers.clear();
 
            LinkedList<Pair<Long, Long>> prohibited_list = new LinkedList<>();
 
            InstructionLayer instr = new InstructionLayer(random, prohibited_list);
            layers.add(instr);
            layers.add(new StackLayer(random, prohibited_list));
            layers.add(new OtherLayer(OtherLayer.Type.RANDOM, random));
            layers.add(new FlagsLayer(FlagsLayer.Type.RANDOM, random));
            layers.add(new GeneralRegisterLayer(random));
            layers.add(new SegmentLayer(random));
            layers.add(new MemoryLayer(random));
            layers.add(new IOLayer(random));
            layers.addFirst(new HandleModeChangeLayer(
                    getInput("cr0_pe"),
                    getInput("vmflag"),
                    getInput("cs_rpl"),
                    getInput("cs_p"),
                    getInput("cs_s"),
                    getInput("cs_type")
            ));
 
            // instruction size
            boolean cs_d_b = getInput("cs_d_b") == 1;
 
            boolean a32 = random.nextBoolean();
            boolean o32 = random.nextBoolean();
 
 
            final long ecx = random.nextInt(3);
 
            layers.addFirst(new Layer() {
               public long tflag() { return 0; }
               public long ecx()   { return ecx; }
            });
 
            // instruction
            instruction = prepare_instr(cs_d_b, a32, o32, null);
 
            instruction += "0F0F";
 
            // add instruction
            instr.add_instruction(instruction);
 
            //target memory patch
            long cs_base= getInput("cs_base");
            long eip    = getInput("eip");
 
System.out.printf("cs_base: %08x\n", cs_base);
System.out.printf("eip:     %08x\n", eip);
System.out.printf("offset:  %08x\n", offset);
System.out.printf("linear:  %08x\n", cs_base + eip);
System.out.printf("final:   %08x\n", cs_base + offset + eip + instruction.length()/2 - 2);
System.out.printf("cs_d_b:  %b\n",   cs_d_b);
 
            if(o32 == false) eip &= 0xFFFF;
 
            long dest = cs_base + eip + offset + instruction.length()/2 - 2;
 
            boolean can_add = Layer.collides(prohibited_list, (int)dest, (int)(dest+1));
 
            if(can_add == false) continue;
 
            MemoryPatchLayer patch = new MemoryPatchLayer(random, prohibited_list, (int)dest, 0x0F,0x0F);
            layers.addFirst(patch);
 
            // end condition
            break;
        }
 
        System.out.println("Instruction: [" + instruction + "]");
    }
 
    int imm_len(boolean a16, boolean o16, int opcode) {
        int h = (opcode >> 4) & 0x0F;
 
        if(h == 8) return o16? 2 : 4;
 
        return 1;
    }
    String prepare_instr(boolean cs_d_b, boolean a32, boolean o32, byte modregrm_bytes[]) throws Exception {
        int opcodes[] = {
            0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A,0x7B,0x7C,0x7D,0x7E,0x7F,
            0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8A,0x8B,0x8C,0x8D,0x8E,0x8F,
            0xE3
        };
 
        String prefix = "";
        if(cs_d_b != o32) { prefix = "66" + prefix; }
        if(cs_d_b != a32) { prefix = "67" + prefix; }
 
        int     opcode      = (random.nextInt(5) == 0)? 0xE3 : opcodes[random.nextInt(opcodes.length)];
        boolean is_modregrm = false;
 
        byte possible_modregrm = (byte)random.nextInt();
        byte possible_sib      = (byte)random.nextInt();
 
        int len = (is_modregrm == false)? 1 : 1 + modregrm_len(!a32, unsigned(possible_modregrm), unsigned(possible_sib));
        len += imm_len(!a32, !o32, opcode);
System.out.println("[len final: " + len + "]");
 
        offset = 0;
        while(true) {
            int imm_len = imm_len(!a32, !o32, opcode);
 
            offset = random.nextInt();
 
            if(imm_len == 1) {
                offset &= 0xFF;
                byte b = (byte)offset;
                offset = b;
            }
            if(imm_len == 2) {
                offset &= 0xFFFF;
                short b = (short)offset;
                offset = b;
            }
 
            if(offset > 15 || offset < -15) break;
        }
 
        byte instr[] = new byte[len];
        instr[0] = (byte)opcode;
        if(len >= 2) instr[1] = (byte)((offset >> 0) & 0xFF);
        if(len >= 3) instr[2] = (byte)((offset >> 8) & 0xFF);
        if(len >= 4) instr[3] = (byte)((offset >> 16) & 0xFF);
        if(len >= 5) instr[4] = (byte)((offset >> 24) & 0xFF);
 
        if(((opcode >> 4) & 0xF) == 8) return prefix + "0F" + bytesToHex(instr);
 
        return prefix + bytesToHex(instr);
    }
 
    int offset;
}

Line No.	Rev	Author	Line
1	2	alfik	`/*`
2			`* Copyright (c) 2014, Aleksander Osman`
3			`* All rights reserved.`
4			`*`
5			`* Redistribution and use in source and binary forms, with or without`
6			`* modification, are permitted provided that the following conditions are met:`
7			`*`
8			`* * Redistributions of source code must retain the above copyright notice, this`
9			`* list of conditions and the following disclaimer.`
10			`*`
11			`* * Redistributions in binary form must reproduce the above copyright notice,`
12			`* this list of conditions and the following disclaimer in the documentation`
13			`* and/or other materials provided with the distribution.`
14			`*`
15			`* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"`
16			`* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
17			`* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE`
18			`* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE`
19			`* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL`
20			`* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR`
21			`* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER`
22			`* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,`
23			`* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE`
24			`* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
25			`*/`
26
27			`package ao486.test.branch;`
28
29			`import ao486.test.TestUnit;`
30			`import static ao486.test.TestUnit.run_test;`
31			`import ao486.test.layers.FlagsLayer;`
32			`import ao486.test.layers.GeneralRegisterLayer;`
33			`import ao486.test.layers.HandleModeChangeLayer;`
34			`import ao486.test.layers.IOLayer;`
35			`import ao486.test.layers.InstructionLayer;`
36			`import ao486.test.layers.Layer;`
37			`import ao486.test.layers.MemoryLayer;`
38			`import ao486.test.layers.MemoryPatchLayer;`
39			`import ao486.test.layers.OtherLayer;`
40			`import ao486.test.layers.Pair;`
41			`import ao486.test.layers.SegmentLayer;`
42			`import ao486.test.layers.StackLayer;`
43			`import java.io.*;`
44			`import java.util.LinkedList;`
45			`import java.util.Random;`
46
47
48			`public class TestJcc_JECXZ extends TestUnit implements Serializable {`
49			`public static void main(String args[]) throws Exception {`
50			`run_test(TestJcc_JECXZ.class);`
51			`}`
52
53			`//--------------------------------------------------------------------------`
54			`@Override`
55			`public int get_test_count() throws Exception {`
56			`return 100;`
57			`}`
58
59			`@Override`
60			`public void init() throws Exception {`
61
62			`random = new Random(4+index);`
63
64			`String instruction;`
65			`while(true) {`
66			`layers.clear();`
67
68			`LinkedList<Pair<Long, Long>> prohibited_list = new LinkedList<>();`
69
70			`InstructionLayer instr = new InstructionLayer(random, prohibited_list);`
71			`layers.add(instr);`
72			`layers.add(new StackLayer(random, prohibited_list));`
73			`layers.add(new OtherLayer(OtherLayer.Type.RANDOM, random));`
74			`layers.add(new FlagsLayer(FlagsLayer.Type.RANDOM, random));`
75			`layers.add(new GeneralRegisterLayer(random));`
76			`layers.add(new SegmentLayer(random));`
77			`layers.add(new MemoryLayer(random));`
78			`layers.add(new IOLayer(random));`
79			`layers.addFirst(new HandleModeChangeLayer(`
80			`getInput("cr0_pe"),`
81			`getInput("vmflag"),`
82			`getInput("cs_rpl"),`
83			`getInput("cs_p"),`
84			`getInput("cs_s"),`
85			`getInput("cs_type")`
86			`));`
87
88			`// instruction size`
89			`boolean cs_d_b = getInput("cs_d_b") == 1;`
90
91			`boolean a32 = random.nextBoolean();`
92			`boolean o32 = random.nextBoolean();`
93
94
95			`final long ecx = random.nextInt(3);`
96
97			`layers.addFirst(new Layer() {`
98			`public long tflag() { return 0; }`
99			`public long ecx() { return ecx; }`
100			`});`
101
102			`// instruction`
103			`instruction = prepare_instr(cs_d_b, a32, o32, null);`
104
105			`instruction += "0F0F";`
106
107			`// add instruction`
108			`instr.add_instruction(instruction);`
109
110			`//target memory patch`
111			`long cs_base= getInput("cs_base");`
112			`long eip = getInput("eip");`
113
114			`System.out.printf("cs_base: %08x\n", cs_base);`
115			`System.out.printf("eip: %08x\n", eip);`
116			`System.out.printf("offset: %08x\n", offset);`
117			`System.out.printf("linear: %08x\n", cs_base + eip);`
118			`System.out.printf("final: %08x\n", cs_base + offset + eip + instruction.length()/2 - 2);`
119			`System.out.printf("cs_d_b: %b\n", cs_d_b);`
120
121			`if(o32 == false) eip &= 0xFFFF;`
122
123			`long dest = cs_base + eip + offset + instruction.length()/2 - 2;`
124
125			`boolean can_add = Layer.collides(prohibited_list, (int)dest, (int)(dest+1));`
126
127			`if(can_add == false) continue;`
128
129			`MemoryPatchLayer patch = new MemoryPatchLayer(random, prohibited_list, (int)dest, 0x0F,0x0F);`
130			`layers.addFirst(patch);`
131
132			`// end condition`
133			`break;`
134			`}`
135
136			`System.out.println("Instruction: [" + instruction + "]");`
137			`}`
138
139			`int imm_len(boolean a16, boolean o16, int opcode) {`
140			`int h = (opcode >> 4) & 0x0F;`
141
142			`if(h == 8) return o16? 2 : 4;`
143
144			`return 1;`
145			`}`
146			`String prepare_instr(boolean cs_d_b, boolean a32, boolean o32, byte modregrm_bytes[]) throws Exception {`
147			`int opcodes[] = {`
148			`0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A,0x7B,0x7C,0x7D,0x7E,0x7F,`
149			`0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8A,0x8B,0x8C,0x8D,0x8E,0x8F,`
150			`0xE3`
151			`};`
152
153			`String prefix = "";`
154			`if(cs_d_b != o32) { prefix = "66" + prefix; }`
155			`if(cs_d_b != a32) { prefix = "67" + prefix; }`
156
157			`int opcode = (random.nextInt(5) == 0)? 0xE3 : opcodes[random.nextInt(opcodes.length)];`
158			`boolean is_modregrm = false;`
159
160			`byte possible_modregrm = (byte)random.nextInt();`
161			`byte possible_sib = (byte)random.nextInt();`
162
163			`int len = (is_modregrm == false)? 1 : 1 + modregrm_len(!a32, unsigned(possible_modregrm), unsigned(possible_sib));`
164			`len += imm_len(!a32, !o32, opcode);`
165			`System.out.println("[len final: " + len + "]");`
166
167			`offset = 0;`
168			`while(true) {`
169			`int imm_len = imm_len(!a32, !o32, opcode);`
170
171			`offset = random.nextInt();`
172
173			`if(imm_len == 1) {`
174			`offset &= 0xFF;`
175			`byte b = (byte)offset;`
176			`offset = b;`
177			`}`
178			`if(imm_len == 2) {`
179			`offset &= 0xFFFF;`
180			`short b = (short)offset;`
181			`offset = b;`
182			`}`
183
184			`if(offset > 15 \|\| offset < -15) break;`
185			`}`
186
187			`byte instr[] = new byte[len];`
188			`instr[0] = (byte)opcode;`
189			`if(len >= 2) instr[1] = (byte)((offset >> 0) & 0xFF);`
190			`if(len >= 3) instr[2] = (byte)((offset >> 8) & 0xFF);`
191			`if(len >= 4) instr[3] = (byte)((offset >> 16) & 0xFF);`
192			`if(len >= 5) instr[4] = (byte)((offset >> 24) & 0xFF);`
193
194			`if(((opcode >> 4) & 0xF) == 8) return prefix + "0F" + bytesToHex(instr);`
195
196			`return prefix + bytesToHex(instr);`
197			`}`
198
199			`int offset;`
200			`}`

Browse

Tools

Subversion Repositories ao486

[/] [ao486/] [trunk/] [ao486_tool/] [src/] [ao486/] [test/] [branch/] [TestJcc_JECXZ.java] - Blame information for rev 2