From daff0d1e13bb5b065df2a04e2bfc28f3c71195de Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Mon, 2 Sep 2024 17:16:29 +0200
Subject: [PATCH] Implement rdtsc hook

---
 deps/unicorn                                  | 2 +-
 src/emulator/emulator.hpp                     | 2 +-
 src/emulator/x64_emulator.hpp                 | 2 ++
 src/unicorn_emulator/unicorn_x64_emulator.cpp | 8 ++++++--
 src/windows_emulator/main.cpp                 | 9 +++++++--
 5 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/deps/unicorn b/deps/unicorn
index 9fe229cc..18764179 160000
--- a/deps/unicorn
+++ b/deps/unicorn
@@ -1 +1 @@
-Subproject commit 9fe229cc77811248bcfc1ef323250af7d5e474ee
+Subproject commit 18764179cf87d61ed3c9e12f977f6e8cfc12f01d
diff --git a/src/emulator/emulator.hpp b/src/emulator/emulator.hpp
index b7c9ba15..0b9c5b8c 100644
--- a/src/emulator/emulator.hpp
+++ b/src/emulator/emulator.hpp
@@ -9,7 +9,7 @@ struct emulator_hook;
 
 using memory_operation = memory_permission;
 
-using hook_callback = std::function<void()>;
+using hook_callback = std::function<bool()>;
 
 using simple_memory_hook_callback = std::function<void(uint64_t address, size_t size)>;
 using complex_memory_hook_callback = std::function<void(uint64_t address, size_t size, memory_operation operation)>;
diff --git a/src/emulator/x64_emulator.hpp b/src/emulator/x64_emulator.hpp
index 13146e87..c0593a8f 100644
--- a/src/emulator/x64_emulator.hpp
+++ b/src/emulator/x64_emulator.hpp
@@ -6,6 +6,8 @@ enum class x64_hookable_instructions
 {
 	syscall,
 	cpuid,
+	rdtsc,
+	rdtscp,
 };
 
 using x64_emulator = typed_emulator<uint64_t, x64_register, x64_register::rip,
diff --git a/src/unicorn_emulator/unicorn_x64_emulator.cpp b/src/unicorn_emulator/unicorn_x64_emulator.cpp
index e11abfda..78f23742 100644
--- a/src/unicorn_emulator/unicorn_x64_emulator.cpp
+++ b/src/unicorn_emulator/unicorn_x64_emulator.cpp
@@ -25,6 +25,10 @@ namespace unicorn
 				return UC_X86_INS_SYSCALL;
 			case x64_hookable_instructions::cpuid:
 				return UC_X86_INS_CPUID;
+			case x64_hookable_instructions::rdtsc:
+				return UC_X86_INS_RDTSC;
+			case x64_hookable_instructions::rdtscp:
+				return UC_X86_INS_RDTSCP;
 			}
 
 			throw std::runtime_error("Bad instruction for mapping");
@@ -251,9 +255,9 @@ namespace unicorn
 				const auto uc_instruction = map_hookable_instruction(
 					static_cast<x64_hookable_instructions>(instruction_type));
 
-				function_wrapper<void, uc_engine*> wrapper([c = std::move(callback)](uc_engine*)
+				function_wrapper<int, uc_engine*> wrapper([c = std::move(callback)](uc_engine*)
 				{
-					c();
+					return c() ? 1 : 0;
 				});
 
 				unicorn_hook hook{*this};
diff --git a/src/windows_emulator/main.cpp b/src/windows_emulator/main.cpp
index f834c604..5e7c6800 100644
--- a/src/windows_emulator/main.cpp
+++ b/src/windows_emulator/main.cpp
@@ -625,6 +625,13 @@ namespace
 		emu->hook_instruction(x64_hookable_instructions::syscall, [&]
 		{
 			dispatcher.dispatch(*emu, context);
+			return true;
+		});
+
+		emu->hook_instruction(x64_hookable_instructions::rdtsc, [&]
+		{
+			puts("RDTSC Hook");
+			return true;
 		});
 
 		watch_object(*emu, context.teb);
@@ -657,10 +664,8 @@ namespace
 
 		emu->reg(x64_register::rcx, execution_context.value());
 		emu->reg(x64_register::rdx, context.ntdll.image_base);
-
 		emu->reg(x64_register::rip, entry1);
 
-
 		try
 		{
 			if (use_gdb)