OpenCores
URL https://opencores.org/ocsvn/ao486/ao486/trunk

Subversion Repositories ao486

[/] [ao486/] [trunk/] [ao486_tool/] [src/] [ao486/] [test/] [branch/] [TestRET_near.java] - Blame information for rev 2

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 2 alfik 
/*
2 
 * Copyright (c) 2014, Aleksander Osman
3 
 * All rights reserved.
4 
 *
5 
 * Redistribution and use in source and binary forms, with or without
6 
 * modification, are permitted provided that the following conditions are met:
7 
 *
8 
 * * Redistributions of source code must retain the above copyright notice, this
9 
 *   list of conditions and the following disclaimer.
10 
 *
11 
 * * Redistributions in binary form must reproduce the above copyright notice,
12 
 *   this list of conditions and the following disclaimer in the documentation
13 
 *   and/or other materials provided with the distribution.
14 
 *
15 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
16 
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
19 
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22 
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
23 
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24 
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 
 */
26 
 
27 
package ao486.test.branch;
28 
 
29 
import ao486.test.TestUnit;
30 
import static ao486.test.TestUnit.run_test;
31 
import ao486.test.layers.FlagsLayer;
32 
import ao486.test.layers.GeneralRegisterLayer;
33 
import ao486.test.layers.HandleModeChangeLayer;
34 
import ao486.test.layers.IOLayer;
35 
import ao486.test.layers.InstructionLayer;
36 
import ao486.test.layers.Layer;
37 
import ao486.test.layers.MemoryLayer;
38 
import ao486.test.layers.MemoryPatchLayer;
39 
import ao486.test.layers.OtherLayer;
40 
import ao486.test.layers.Pair;
41 
import ao486.test.layers.SegmentLayer;
42 
import ao486.test.layers.StackLayer;
43 
import java.io.*;
44 
import java.util.LinkedList;
45 
import java.util.Random;
46 
 
47 
 
48 
public class TestRET_near extends TestUnit implements Serializable {
49 
    public static void main(String args[]) throws Exception {
50 
        run_test(TestRET_near.class);
51 
    }
52 
 
53 
    //--------------------------------------------------------------------------
54 
    @Override
55 
    public int get_test_count() throws Exception {
56 
        return 100;
57 
    }
58 
 
59 
    @Override
60 
    public void init() throws Exception {
61 
 
62 
        random = new Random(8+index);
63 
 
64 
        String instruction;
65 
        while(true) {
66 
            layers.clear();
67 
 
68 
            LinkedList<Pair<Long, Long>> prohibited_list = new LinkedList<>();
69 
 
70 
            InstructionLayer instr = new InstructionLayer(random, prohibited_list);
71 
            layers.add(instr);
72 
            StackLayer stack = new StackLayer(random, prohibited_list);
73 
            layers.add(stack);
74 
            layers.add(new OtherLayer(OtherLayer.Type.RANDOM, random));
75 
            layers.add(new FlagsLayer(FlagsLayer.Type.RANDOM, random));
76 
            layers.add(new GeneralRegisterLayer(random));
77 
            layers.add(new SegmentLayer(random));
78 
            layers.add(new MemoryLayer(random));
79 
            layers.add(new IOLayer(random));
80 
            layers.addFirst(new HandleModeChangeLayer(
81 
                    getInput("cr0_pe"),
82 
                    getInput("vmflag"),
83 
                    getInput("cs_rpl"),
84 
                    getInput("cs_p"),
85 
                    getInput("cs_s"),
86 
                    getInput("cs_type")
87 
            ));
88 
 
89 
            // instruction size
90 
            boolean cs_d_b = getInput("cs_d_b") == 1;
91 
 
92 
            boolean a32 = random.nextBoolean();
93 
            boolean o32 = random.nextBoolean();
94 
 
95 
            layers.addFirst(new Layer() {
96 
               public long tflag() { return 0; }
97 
            });
98 
 
99 
 
100 
            //target memory patch
101 
            long cs_base  = getInput("cs_base");
102 
            long cs_limit = getInput("cs_limit");
103 
            long eip      = getInput("eip");
104 
 
105 
            int offset = 0x20 + random.nextInt(0x0FFF);
106 
 
107 
            if(o32 == false) eip &= 0xFFFF;
108 
 
109 
            long sum = eip + offset;
110 
            if(o32 == false) sum &= 0xFFFF;
111 
 
112 
            long dest = cs_base + sum;
113 
 
114 
System.out.printf("cs_base: %08x\n", cs_base);
115 
System.out.printf("eip:     %08x\n", eip);
116 
System.out.printf("offset:  %08x\n", offset);
117 
System.out.printf("final:   %08x\n", cs_base + sum);
118 
System.out.printf("cs_d_b:  %b\n",   cs_d_b);
119 
 
120 
 
121 
            MemoryPatchLayer patch = new MemoryPatchLayer(random, prohibited_list, (int)dest, 0x0F,0x0F);
122 
            layers.addFirst(patch);
123 
 
124 
            // stack
125 
            if(o32) {
126 
                stack.push_dword((int)sum);     //eip
127 
            }
128 
            else {
129 
                stack.push_word((int)sum);      //eip
130 
            }
131 
 
132 
            // instruction
133 
            instruction = prepare_instr(cs_d_b, a32, o32, null);
134 
 
135 
            instruction += "0F0F";
136 
 
137 
            // add instruction
138 
            instr.add_instruction(instruction);
139 
 
140 
            // end condition
141 
            break;
142 
        }
143 
 
144 
        System.out.println("Instruction: [" + instruction + "]");
145 
    }
146 
 
147 
 
148 
    int imm_len(boolean a16, boolean o16, int opcode) {
149 
        return opcode == 0xC2 ? 2 : 0;
150 
    }
151 
    String prepare_instr(boolean cs_d_b, boolean a32, boolean o32, byte modregrm_bytes[]) throws Exception {
152 
        int opcodes[] = {
153 
            0xC2,0xC3
154 
        };
155 
 
156 
        String prefix = "";
157 
        if(cs_d_b != o32) { prefix = "66" + prefix; }
158 
        if(cs_d_b != a32) { prefix = "67" + prefix; }
159 
 
160 
        int     opcode      = opcodes[random.nextInt(opcodes.length)];
161 
        boolean is_modregrm = false;
162 
 
163 
        byte possible_modregrm = (byte)random.nextInt();
164 
        byte possible_sib      = (byte)random.nextInt();
165 
 
166 
        int len = (is_modregrm == false)? 1 : 1 + modregrm_len(!a32, unsigned(possible_modregrm), unsigned(possible_sib));
167 
        len += imm_len(!a32, !o32, opcode);
168 
System.out.println("[len final: " + len + "]");
169 
 
170 
        byte instr[] = new byte[len];
171 
        instr[0] = (byte)opcode;
172 
        for(int i=1; i<len; i++) {
173 
            if(i==1)        instr[1] = possible_modregrm;
174 
            else if(i==2)   instr[2] = possible_sib;
175 
            else            instr[i] = (byte)random.nextInt();
176 
        }
177 
 
178 
        return prefix + bytesToHex(instr);
179 
    }
180 
}
181 
 
182 
 
183 
 
184 
 
185 
 
186 
/*
187 
public class TestRET_near {
188 
    public static void main(String args[]) throws Exception {
189 
        TestManager manager = new TestManager();
190 
 
191 
        TestRET_near_Serializable test = new TestRET_near_Serializable();
192 
 
193 
        if(false) {
194 
            ObjectInputStream ois = new ObjectInputStream(new FileInputStream("test.obj"));
195 
            test = (TestRET_near_Serializable)ois.readObject();
196 
            ois.close();
197 
        }
198 
 
199 
        for(; test.index<test.get_test_count(); test.index++) {
200 
            System.out.println(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Running test " + (test.index+1) + "/" + test.get_test_count());
201 
 
202 
            ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("test.obj"));
203 
            oos.writeObject(test);
204 
            oos.close();
205 
 
206 
            boolean passed = manager.run_test_and_print_result(test);
207 
            if(passed == false) break;
208 
        }
209 
    }
210 
}
211 
class TestRET_near_Serializable extends TestBase implements Test, Serializable {
212 
    TestRET_near_Serializable() {
213 
        random = new Random(0);
214 
    }
215 
 
216 
    Random random;
217 
    int index;
218 
 
219 
    boolean d_b;
220 
 
221 
    //--------------------------------------------------------------------------
222 
    @Override
223 
    public int get_test_count() throws Exception {
224 
        return 2000;
225 
    }
226 
 
227 
    @Override
228 
    public void init() throws Exception {
229 
        instructions = null;
230 
        d_b = random.nextBoolean();
231 
    }
232 
 
233 
    @Override
234 
    public boolean fini() throws Exception {
235 
        return index < get_test_count();
236 
    }
237 
 
238 
    int imm_len(boolean a16, boolean o16, int opcode) {
239 
        return opcode == 0xC2 ? 2 : 0;
240 
    }
241 
    String prepare_instr() throws Exception {
242 
        int opcodes[] = {
243 
            0xC2,0xC3
244 
        };
245 
 
246 
        boolean a16 = !d_b;
247 
        boolean o16 = !d_b;
248 
        String prefix = "";
249 
        if(random.nextBoolean()) { prefix = "66" + prefix; o16 = !o16; }
250 
        if(random.nextBoolean()) { prefix = "67" + prefix; a16 = !a16; }
251 
 
252 
        int     opcode      = opcodes[random.nextInt(opcodes.length)];
253 
        boolean is_modregrm = false;
254 
 
255 
        byte possible_modregrm = (byte)random.nextInt();
256 
        byte possible_sib      = (byte)random.nextInt();
257 
 
258 
        int len = (is_modregrm == false)? 1 : 1 + modregrm_len(!d_b, unsigned(possible_modregrm), unsigned(possible_sib));
259 
System.out.printf("[len: %d, d_b: %b, modregrm: %02x, sib: %02x]\n", len, d_b, unsigned(possible_modregrm), unsigned(possible_sib));
260 
        len += imm_len(a16, o16, opcode);
261 
System.out.println("[len final: " + len + "]");
262 
 
263 
        byte instr[] = new byte[len];
264 
        instr[0] = (byte)opcode;
265 
        for(int i=1; i<len; i++) {
266 
            if(i==1)        instr[1] = possible_modregrm;
267 
            else if(i==2)   instr[2] = possible_sib;
268 
            else            instr[i] = (byte)random.nextInt();
269 
        }
270 
 
271 
        return prefix + bytesToHex(instr);
272 
    }
273 
 
274 
    public String get_instructions() throws Exception {
275 
        String instr = "";
276 
 
277 
        while(instr.length() < 2*15) {
278 
            instr += prepare_instr();
279 
        }
280 
        instr = instr.substring(0, 2*15);
281 
 
282 
System.out.println("[get_instructions: " + instr + "]");
283 
        return instr;
284 
    }
285 
 
286 
    byte instructions[];
287 
 
288 
    @Override
289 
    public byte get_memory(int address) throws Exception {
290 
        if(instructions == null) instructions = hexToBytes(get_instructions() + "0F0F");
291 
 
292 
        if(address >= 0 && address < instructions.length) return instructions[address];
293 
 
294 
        return 0x0F;
295 
    }
296 
    @Override
297 
    public int eax() throws Exception {
298 
        return random.nextInt() & ((random.nextInt(3) == 0)? 0xFFFFFFFF : 0x00000FFF);
299 
    }
300 
    @Override
301 
    public int get_ebx() throws Exception {
302 
        return random.nextInt() & ((random.nextInt(3) == 0)? 0xFFFFFFFF : 0x00000FFF);
303 
    }
304 
    @Override
305 
    public int get_ecx() throws Exception {
306 
        return random.nextInt() & ((random.nextInt(3) == 0)? 0xFFFFFFFF : 0x00000FFF);
307 
    }
308 
    @Override
309 
    public int get_edx() throws Exception {
310 
        return random.nextInt() & ((random.nextInt(3) == 0)? 0xFFFFFFFF : 0x00000FFF);
311 
    }
312 
    @Override
313 
    public int get_esi() throws Exception {
314 
        return random.nextInt() & ((random.nextInt(3) == 0)? 0xFFFFFFFF : 0x00000FFF);
315 
    }
316 
    @Override
317 
    public int get_edi() throws Exception {
318 
        return random.nextInt() & ((random.nextInt(3) == 0)? 0xFFFFFFFF : 0x00000FFF);
319 
    }
320 
    @Override
321 
    public int get_ebp() throws Exception {
322 
        return random.nextInt() & ((random.nextInt(3) == 0)? 0xFFFFFFFF : 0x00000FFF);
323 
    }
324 
    @Override
325 
    public int get_esp() throws Exception {
326 
        return random.nextInt() & ((random.nextInt(3) == 0)? 0xFFFFFFFF : 0x00000FFF);
327 
    }
328 
    @Override
329 
    public boolean get_cf() throws Exception {
330 
        return random.nextBoolean();
331 
    }
332 
    @Override
333 
    public boolean get_pf() throws Exception {
334 
        return random.nextBoolean();
335 
    }
336 
    @Override
337 
    public boolean get_af() throws Exception {
338 
        return random.nextBoolean();
339 
    }
340 
    @Override
341 
    public boolean get_zf() throws Exception {
342 
        return random.nextBoolean();
343 
    }
344 
    @Override
345 
    public boolean get_sf() throws Exception {
346 
        return random.nextBoolean();
347 
    }
348 
    @Override
349 
    public boolean get_tf() throws Exception {
350 
        return random.nextBoolean();
351 
    }
352 
    @Override
353 
    public boolean get_if() throws Exception {
354 
        return random.nextBoolean();
355 
    }
356 
    @Override
357 
    public boolean get_df() throws Exception {
358 
        return random.nextBoolean();
359 
    }
360 
    @Override
361 
    public boolean get_of() throws Exception {
362 
        return random.nextBoolean();
363 
    }
364 
    @Override
365 
    public int get_iopl() throws Exception {
366 
        return random.nextInt(4);
367 
    }
368 
    @Override
369 
    public boolean get_nt() throws Exception {
370 
        return random.nextBoolean();
371 
    }
372 
    @Override
373 
    public boolean get_rf() throws Exception {
374 
        return random.nextBoolean();
375 
    }
376 
    @Override
377 
    public boolean get_vm() throws Exception {
378 
        return random.nextBoolean();
379 
    }
380 
    @Override
381 
    public boolean get_ac() throws Exception {
382 
        return random.nextBoolean();
383 
    }
384 
    @Override
385 
    public boolean get_id() throws Exception {
386 
        return random.nextBoolean();
387 
    }
388 
    @Override
389 
    public int get_cs_base() throws Exception {
390 
        return 0;
391 
    }
392 
    @Override
393 
    public int get_cs_limit() throws Exception {
394 
        return 0x000FFFFF;
395 
    }
396 
    @Override
397 
    public boolean get_cs_d_b() throws Exception {
398 
        return d_b;
399 
    }
400 
    @Override
401 
    public int get_ds_base() throws Exception {
402 
        return 0;
403 
    }
404 
    @Override
405 
    public int get_ds_limit() throws Exception {
406 
        return 0x000FFFFF;
407 
    }
408 
    @Override
409 
    public int get_es_base() throws Exception {
410 
        return 0;
411 
    }
412 
    @Override
413 
    public int get_es_limit() throws Exception {
414 
        return 0x000FFFFF;
415 
    }
416 
    @Override
417 
    public int get_fs_base() throws Exception {
418 
        return 0;
419 
    }
420 
    @Override
421 
    public int get_fs_limit() throws Exception {
422 
        return 0x000FFFFF;
423 
    }
424 
    @Override
425 
    public int get_gs_base() throws Exception {
426 
        return 0;
427 
    }
428 
    @Override
429 
    public int get_gs_limit() throws Exception {
430 
        return 0x000FFFFF;
431 
    }
432 
    @Override
433 
    public int get_ss_base() throws Exception {
434 
        return 0;
435 
    }
436 
    @Override
437 
    public int get_ss_limit() throws Exception {
438 
        return 0x000FFFFF;
439 
    }
440 
}
441 
*/

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.