#include "arm-singlestep.h" #ifdef ARCH_AARCH64 static void break_imm(unsigned long address, struct thread *th) { struct breakpoint *b = add_breakpoint(th->proc, address, 1); b->user = 0; b->tid = th->id; b->enabled = -1; } static void break_reg(int reg, struct thread *th) { unsigned long address = 0; unsigned int *regs = th->state->regs.arm32.regs; switch (reg) { case ARM_REG_R0: address = regs[0]; break; case ARM_REG_R1: address = regs[1]; break; case ARM_REG_R2: address = regs[2]; break; case ARM_REG_R3: address = regs[3]; break; case ARM_REG_R4: address = regs[4]; break; case ARM_REG_R5: address = regs[5]; break; case ARM_REG_R6: address = regs[6]; break; case ARM_REG_R7: address = regs[7]; break; case ARM_REG_R8: address = regs[8]; break; case ARM_REG_R9: address = regs[9]; break; case ARM_REG_R10: address = regs[10]; break; case ARM_REG_R11: address = regs[11]; break; case ARM_REG_R12: address = regs[12]; break; case ARM_REG_R13: address = regs[13]; break; case ARM_REG_R14: address = regs[14]; break; case ARM_REG_R15: address = regs[15]; break; default: /* todo thread error */ break; } break_imm(address, th); } static int is_pc(csh handle, cs_insn *insn) { cs_regs read, write; uint8_t read_size, write_size; cs_regs_access(handle, insn, read, &read_size, write, &write_size); for (uint8_t i = 0; i < write_size; i++) { if (write[i] == ARM_REG_PC) { return 1; } } return 0; } static uint8_t pc_op(cs_arm_op *ops, uint8_t ops_size) { uint8_t i; for (i = 0; i < ops_size; i++) { if (ops[i].type == ARM_OP_REG && ops[i].reg == ARM_REG_PC) { break; } } return i; } int arm_singlestep(struct thread *th) { struct archinfo archinfo; struct iovec regs = { &th->state->regs, th->state->regsize }; architecture_info(&archinfo, ®s); int ret = 0; csh handle; if (cs_open(archinfo.cs_arch, archinfo.cs_mode, &handle) != CS_ERR_OK) { /* todo thread error */ return -1; } cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON); uint64_t address = archinfo.progmctr; size_t codez = 128; const uint8_t *code = deref(th, address, codez); cs_insn *insn = cs_malloc(handle); if (cs_disasm_iter(handle, &code, &codez, &address, insn)) { if (is_pc(handle, insn)) { cs_arm_op *ops = insn->detail->arm.operands; uint8_t ops_size = insn->detail->arm.op_count; uint8_t pci; switch (insn->id) { case ARM_INS_B: case ARM_INS_BL: case ARM_INS_BX: case ARM_INS_BLX: if (ops_size == 1) { switch (ops[0].type) { case ARM_OP_REG: break_reg(ops[0].reg, th); break; case ARM_OP_IMM: break_imm(ops[0].imm, th); break; default: ret = -1; /* todo thread error */ break; } } else { ret = -1; /* todo thread error */ } break; case ARM_INS_POP: if ((pci = pc_op(ops, ops_size)) < ops_size) { unsigned long saddr = archinfo.stackptr + (pci * archinfo.wordsize); unsigned long *sval = deref(th, saddr, archinfo.wordsize); break_imm(*sval, th); } else { ret = -1; /* todo thread error */ } break; case ARM_INS_MOV: if (pc_op(ops, ops_size) == 0) { if (ops_size == 2) { switch (ops[1].type) { case ARM_OP_REG: break_reg(ops[1].reg, th); break; case ARM_OP_IMM: break_imm(ops[1].imm, th); break; default: ret = -1; /* todo thread error */ break; } } else { ret = -1; /* tr */ } } else { ret = -1; /* tr */ } break; default: ret = -1; /* todo thread error */ break; } } /* default case - next sequential instruction */ break_imm(address, th); } else { ret = -1; /* todo thread error */ } cs_free(insn, 1); cs_close(&handle); return ret; } #endif