GDT fixes

2026-01-20 12:13:57 +00:00 · 2025-03-29 08:54:53 +01:00
parent af6492be6d
commit 637ed75b8c
5 changed files with 27 additions and 4 deletions
--- a/src/emulator/x64_emulator.hpp
+++ b/src/emulator/x64_emulator.hpp
@@ -15,4 +15,5 @@ struct x64_emulator
    : typed_emulator<uint64_t, x64_register, x64_register::rip, x64_register::rsp, x64_hookable_instructions>
 {
    virtual void set_segment_base(x64_register base, pointer_type value) = 0;
+    virtual void load_gdt(pointer_type address, uint32_t limit) = 0;
 };
--- a/src/icicle-emulator/icicle_x64_emulator.cpp
+++ b/src/icicle-emulator/icicle_x64_emulator.cpp
@@ -66,6 +66,21 @@ namespace icicle
        {
        }

+        void load_gdt(const pointer_type address, const uint32_t limit) override
+        {
+            struct gdtr
+            {
+                uint32_t padding{};
+                uint32_t limit{};
+                uint64_t address{};
+            };
+
+            const gdtr entry{.limit = limit, .address = address};
+            static_assert(sizeof(gdtr) - offsetof(gdtr, limit) == 12);
+
+            this->write_register(x64_register::gdtr, &entry.limit, 12);
+        }
+
        void set_segment_base(const x64_register base, const pointer_type value) override
        {
            switch (base)
--- a/src/icicle/src/icicle.rs
+++ b/src/icicle/src/icicle.rs
@@ -151,6 +151,7 @@ impl IcicleEmulator {
 // ------------------------------

 #[repr(i32)]
+#[derive(PartialEq)]
 pub enum X64Register {
    Invalid = 0,
    Ah,
--- a/src/unicorn-emulator/unicorn_x64_emulator.cpp
+++ b/src/unicorn-emulator/unicorn_x64_emulator.cpp
@@ -1,6 +1,8 @@
 #define UNICORN_EMULATOR_IMPL
 #include "unicorn_x64_emulator.hpp"

+#include <array>
+
 #include "unicorn_memory_regions.hpp"
 #include "unicorn_hook.hpp"

@@ -302,6 +304,12 @@ namespace unicorn
                uce(uc_emu_stop(*this));
            }

+            void load_gdt(const pointer_type address, const uint32_t limit) override
+            {
+                const std::array<uint64_t, 4> gdtr = {0, address, limit, 0};
+                this->write_register(x64_register::gdtr, gdtr.data(), gdtr.size());
+            }
+
            void set_segment_base(const x64_register base, const pointer_type value) override
            {
                constexpr auto IA32_FS_BASE_MSR = 0xC0000100;
--- a/src/windows-emulator/process_context.cpp
+++ b/src/windows-emulator/process_context.cpp
@@ -16,10 +16,8 @@ namespace

    void setup_gdt(x64_emulator& emu, memory_manager& memory)
    {
-        // NOLINTNEXTLINE(cppcoreguidelines-avoid-c-arrays,hicpp-avoid-c-arrays,modernize-avoid-c-arrays)
-        constexpr uint64_t gdtr[4] = {0, GDT_ADDR, GDT_LIMIT, 0};
-        emu.write_register(x64_register::gdtr, &gdtr, sizeof(gdtr));
        memory.allocate_memory(GDT_ADDR, GDT_LIMIT, memory_permission::read);
+        emu.load_gdt(GDT_ADDR, GDT_LIMIT);

        emu.write_memory<uint64_t>(GDT_ADDR + 6 * (sizeof(uint64_t)), 0xEFFE000000FFFF);
        emu.reg<uint16_t>(x64_register::cs, 0x33);
@@ -33,7 +31,7 @@ void process_context::setup(x64_emulator& emu, memory_manager& memory, const app
                            const mapped_module& executable, const mapped_module& ntdll,
                            const apiset::container& apiset_container)
 {
-    // setup_gdt(emu, memory);
+    setup_gdt(emu, memory);

    this->kusd.setup();