OpenCores
URL https://opencores.org/ocsvn/ao486/ao486/trunk

Subversion Repositories ao486

[/] [ao486/] [trunk/] [ao486_tool/] [src/] [ao486/] [test/] [branch/] [TestLOOP.java] - Blame information for rev 2

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 2 alfik 
/*
2 
 * Copyright (c) 2014, Aleksander Osman
3 
 * All rights reserved.
4 
 *
5 
 * Redistribution and use in source and binary forms, with or without
6 
 * modification, are permitted provided that the following conditions are met:
7 
 *
8 
 * * Redistributions of source code must retain the above copyright notice, this
9 
 *   list of conditions and the following disclaimer.
10 
 *
11 
 * * Redistributions in binary form must reproduce the above copyright notice,
12 
 *   this list of conditions and the following disclaimer in the documentation
13 
 *   and/or other materials provided with the distribution.
14 
 *
15 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
16 
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
19 
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22 
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
23 
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24 
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 
 */
26 
 
27 
package ao486.test.branch;
28 
 
29 
import ao486.test.TestUnit;
30 
import static ao486.test.TestUnit.run_test;
31 
import ao486.test.layers.FlagsLayer;
32 
import ao486.test.layers.GeneralRegisterLayer;
33 
import ao486.test.layers.HandleModeChangeLayer;
34 
import ao486.test.layers.IOLayer;
35 
import ao486.test.layers.InstructionLayer;
36 
import ao486.test.layers.Layer;
37 
import ao486.test.layers.MemoryLayer;
38 
import ao486.test.layers.MemoryPatchLayer;
39 
import ao486.test.layers.OtherLayer;
40 
import ao486.test.layers.Pair;
41 
import ao486.test.layers.SegmentLayer;
42 
import ao486.test.layers.StackLayer;
43 
import java.io.*;
44 
import java.util.LinkedList;
45 
import java.util.Random;
46 
 
47 
public class TestLOOP extends TestUnit implements Serializable {
48 
    public static void main(String args[]) throws Exception {
49 
        run_test(TestLOOP.class);
50 
    }
51 
 
52 
    //--------------------------------------------------------------------------
53 
    @Override
54 
    public int get_test_count() throws Exception {
55 
        return 100;
56 
    }
57 
 
58 
    @Override
59 
    public void init() throws Exception {
60 
 
61 
        random = new Random(5+index);
62 
 
63 
        String instruction;
64 
        while(true) {
65 
            layers.clear();
66 
 
67 
            LinkedList<Pair<Long, Long>> prohibited_list = new LinkedList<>();
68 
 
69 
            InstructionLayer instr = new InstructionLayer(random, prohibited_list);
70 
            layers.add(instr);
71 
            layers.add(new StackLayer(random, prohibited_list));
72 
            layers.add(new OtherLayer(OtherLayer.Type.RANDOM, random));
73 
            layers.add(new FlagsLayer(FlagsLayer.Type.RANDOM, random));
74 
            layers.add(new GeneralRegisterLayer(random));
75 
            layers.add(new SegmentLayer(random));
76 
            layers.add(new MemoryLayer(random));
77 
            layers.add(new IOLayer(random));
78 
            layers.addFirst(new HandleModeChangeLayer(
79 
                    getInput("cr0_pe"),
80 
                    getInput("vmflag"),
81 
                    getInput("cs_rpl"),
82 
                    getInput("cs_p"),
83 
                    getInput("cs_s"),
84 
                    getInput("cs_type")
85 
            ));
86 
 
87 
            // instruction size
88 
            boolean cs_d_b = getInput("cs_d_b") == 1;
89 
 
90 
            boolean a32 = random.nextBoolean();
91 
            boolean o32 = random.nextBoolean();
92 
 
93 
 
94 
            final long ecx = random.nextInt(3);
95 
 
96 
            layers.addFirst(new Layer() {
97 
               public long tflag() { return 0; }
98 
               public long ecx()   { return ecx; }
99 
            });
100 
 
101 
            // instruction
102 
            instruction = prepare_instr(cs_d_b, a32, o32, null);
103 
 
104 
            instruction += "0F0F";
105 
 
106 
            // add instruction
107 
            instr.add_instruction(instruction);
108 
 
109 
            //target memory patch
110 
            long cs_base= getInput("cs_base");
111 
            long eip    = getInput("eip");
112 
 
113 
System.out.printf("cs_base: %08x\n", cs_base);
114 
System.out.printf("eip:     %08x\n", eip);
115 
System.out.printf("offset:  %08x\n", offset);
116 
System.out.printf("linear:  %08x\n", cs_base + eip);
117 
System.out.printf("final:   %08x\n", cs_base + offset + eip + instruction.length()/2 - 2);
118 
System.out.printf("cs_d_b:  %b\n",   cs_d_b);
119 
 
120 
            if(o32 == false) eip &= 0xFFFF;
121 
 
122 
            long dest = cs_base + eip + offset + instruction.length()/2 - 2;
123 
 
124 
            boolean can_add = Layer.collides(prohibited_list, (int)dest, (int)(dest+1));
125 
 
126 
            if(can_add == false) continue;
127 
 
128 
            MemoryPatchLayer patch = new MemoryPatchLayer(random, prohibited_list, (int)dest, 0x0F,0x0F);
129 
            layers.addFirst(patch);
130 
 
131 
            // end condition
132 
            break;
133 
        }
134 
 
135 
        System.out.println("Instruction: [" + instruction + "]");
136 
    }
137 
 
138 
    int imm_len(boolean a16, boolean o16, int opcode) {
139 
        return 1;
140 
    }
141 
    String prepare_instr(boolean cs_d_b, boolean a32, boolean o32, byte modregrm_bytes[]) throws Exception {
142 
        int opcodes[] = {
143 
            0xE0,0xE1,0xE2
144 
        };
145 
 
146 
        String prefix = "";
147 
        if(cs_d_b != o32) { prefix = "66" + prefix; }
148 
        if(cs_d_b != a32) { prefix = "67" + prefix; }
149 
 
150 
        int     opcode      = opcodes[random.nextInt(opcodes.length)];
151 
        boolean is_modregrm = false;
152 
 
153 
        byte possible_modregrm = (byte)random.nextInt();
154 
        byte possible_sib      = (byte)random.nextInt();
155 
 
156 
        int len = (is_modregrm == false)? 1 : 1 + modregrm_len(!a32, unsigned(possible_modregrm), unsigned(possible_sib));
157 
        len += imm_len(!a32, !o32, opcode);
158 
System.out.println("[len final: " + len + "]");
159 
 
160 
        offset = 0;
161 
        while(true) {
162 
            int imm_len = imm_len(!a32, !o32, opcode);
163 
 
164 
            offset = random.nextInt();
165 
 
166 
            if(imm_len == 1) {
167 
                offset &= 0xFF;
168 
                byte b = (byte)offset;
169 
                offset = b;
170 
            }
171 
            if(imm_len == 2) {
172 
                offset &= 0xFFFF;
173 
                short b = (short)offset;
174 
                offset = b;
175 
            }
176 
 
177 
            if(offset > 15 || offset < -15) break;
178 
        }
179 
 
180 
        byte instr[] = new byte[len];
181 
        instr[0] = (byte)opcode;
182 
        if(len >= 2) instr[1] = (byte)((offset >> 0) & 0xFF);
183 
        if(len >= 3) instr[2] = (byte)((offset >> 8) & 0xFF);
184 
        if(len >= 4) instr[3] = (byte)((offset >> 16) & 0xFF);
185 
        if(len >= 5) instr[4] = (byte)((offset >> 24) & 0xFF);
186 
 
187 
        if(((opcode >> 4) & 0xF) == 8) return prefix + "0F" + bytesToHex(instr);
188 
 
189 
        return prefix + bytesToHex(instr);
190 
    }
191 
    int offset;
192 
}

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.