Support SGDT hooking

2026-01-22 13:13:57 +00:00 · 2025-08-18 15:33:32 +02:00
parent acf28467c5
commit 10cd7868ac
7 changed files with 46 additions and 8 deletions
--- a/src/backends/icicle-emulator/icicle_x86_64_emulator.cpp
+++ b/src/backends/icicle-emulator/icicle_x86_64_emulator.cpp
@@ -266,7 +266,7 @@ namespace icicle

            const auto invoker = +[](void* cb) {
                const auto& func = *static_cast<decltype(ptr)>(cb);
-                (void)func(); //
+                (void)func(0); //
            };

            const auto id = icicle_add_syscall_hook(this->emu_, invoker, ptr);
--- a/src/backends/unicorn-emulator/unicorn_x86_64_emulator.cpp
+++ b/src/backends/unicorn-emulator/unicorn_x86_64_emulator.cpp
@@ -32,6 +32,8 @@ namespace unicorn
                return UC_X86_INS_RDTSC;
            case x86_hookable_instructions::rdtscp:
                return UC_X86_INS_RDTSCP;
+            case x86_hookable_instructions::sgdt:
+                return UC_X86_INS_SGDT;
            default:
                throw std::runtime_error("Bad instruction for mapping");
            }
@@ -376,8 +378,9 @@ namespace unicorn

                if (inst_type == x86_hookable_instructions::invalid)
                {
-                    function_wrapper<int, uc_engine*> wrapper(
-                        [c = std::move(callback)](uc_engine*) { return (c() == instruction_hook_continuation::skip_instruction) ? 1 : 0; });
+                    function_wrapper<int, uc_engine*> wrapper([c = std::move(callback)](uc_engine*) {
+                        return (c(0) == instruction_hook_continuation::skip_instruction) ? 1 : 0;
+                    });

                    uce(uc_hook_add(*this, hook.make_reference(), UC_HOOK_INSN_INVALID, wrapper.get_function(), wrapper.get_user_data(), 0,
                                    std::numeric_limits<pointer_type>::max()));
@@ -385,7 +388,19 @@ namespace unicorn
                }
                else if (inst_type == x86_hookable_instructions::syscall)
                {
-                    function_wrapper<void, uc_engine*> wrapper([c = std::move(callback)](uc_engine*) { c(); });
+                    function_wrapper<void, uc_engine*> wrapper([c = std::move(callback)](uc_engine*) { (void)c(0); });
+
+                    const auto uc_instruction = map_hookable_instruction(inst_type);
+                    uce(uc_hook_add(*this, hook.make_reference(), UC_HOOK_INSN, wrapper.get_function(), wrapper.get_user_data(), 0,
+                                    std::numeric_limits<pointer_type>::max(), uc_instruction));
+
+                    container->add(std::move(wrapper), std::move(hook));
+                }
+                else if (inst_type == x86_hookable_instructions::sgdt)
+                {
+                    function_wrapper<int, uc_engine*, uint64_t> wrapper([c = std::move(callback)](uc_engine*, const uint64_t data) {
+                        return (c(data) == instruction_hook_continuation::skip_instruction) ? 1 : 0;
+                    });

                    const auto uc_instruction = map_hookable_instruction(inst_type);
                    uce(uc_hook_add(*this, hook.make_reference(), UC_HOOK_INSN, wrapper.get_function(), wrapper.get_user_data(), 0,
@@ -395,8 +410,9 @@ namespace unicorn
                }
                else
                {
-                    function_wrapper<int, uc_engine*> wrapper(
-                        [c = std::move(callback)](uc_engine*) { return (c() == instruction_hook_continuation::skip_instruction) ? 1 : 0; });
+                    function_wrapper<int, uc_engine*> wrapper([c = std::move(callback)](uc_engine*) {
+                        return (c(0) == instruction_hook_continuation::skip_instruction) ? 1 : 0;
+                    });

                    const auto uc_instruction = map_hookable_instruction(inst_type);
                    uce(uc_hook_add(*this, hook.make_reference(), UC_HOOK_INSN, wrapper.get_function(), wrapper.get_user_data(), 0,