Skip to content

Update sal, sar and xadd instructions #95

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Jul 13, 2025
Merged

Update sal, sar and xadd instructions #95

merged 13 commits into from
Jul 13, 2025

Conversation

acheron2302
Copy link
Contributor

@acheron2302 acheron2302 commented Jul 10, 2025
edited
Loading

This update make change include:

  • xadd instruction. (fix bug when the src register is inside dest by swapping the order of assignment).
  • sal, sar instructions.
  • Re-implement parity table so that it is compile at compile-time.
  • Re-implement set_operation_value to speed up without needing to call virtual_memory.
  • Update flag test

@acheron2302
Copy link
Contributor Author

Maybe I need some update to the algorithm

@sha0coder
Copy link
Owner

Hi, it's not passing this tests:

test tests::tests::sc32win_donut
test tests::tests::sc64lin_flags
test tests::tests::elf64lin_static_helloworld
test tests::tests::sc32win_veryobfus
test tests::tests::exe32win_minecraft
test tests::tests::exe64win_enigma

It's mainly because a bug in the modifications of:
OpKind::Memory => { ...

ie, the address 0x4CC230 is changed to 0x8ceca5

~/s/c/mwemu_pr95 ❯❯❯ cargo run --release -- -f test/elf64lin_static_helloworld.bin -6 -vv -c 28
...

27 0x402a70: mov   [rsp+78h],r9
-------
28 0x402a75: mov   [4CC230h],rdi
--- console ---
=>r rdi
	rdi: 0x7fffffffe280 140737488347776 (linux_static_stack)
=>mn
address=>0x4CC230
map: elf64.bss 0x4c72a0-0x4ccc20 (22912)
=>
28 0x402a75: mov   [4CC230h],rdi

thread 'main' panicked at libmwemu/src/maps/mod.rs:142:17:
Writing qword to unmapped region at 0x8ceca5
~/s/mwemu ❯❯❯ cargo run --release -- -f test/elf64lin_static_helloworld.bin -6 -c 28 -vv  
...

27 0x402a70: mov   [rsp+78h],r9
-------
28 0x402a75: mov   [4CC230h],rdi
--- console ---
=>r rdi
	rdi: 0x7fffffffe280 140737488347776 (linux_static_stack)
=>mn
address=>0x4CC230
map: elf64.bss 0x4c72a0-0x4ccc20 (22912)
=>
28 0x402a75: mov   [4CC230h],rdi
=>

@acheron2302
Copy link
Contributor Author

ok thanks I will take a look but for now we can fall back to virtual memory if thing don't work out.

@sha0coder
Copy link
Owner

Hello, this is what is happening with donut shellcode:

121 0x3ea4ac: mov   [edx+eax],cl
Writing byte to unmapped region at 0x10022da8c

=>r edx
	edx: 0x8f921a56 2408716886
=>r eax
	eax: 0x7090c036 1888534582 'SHELL32.dll' (shell32.text)
>>> hex(0x8f921a56+0x7090c036)
'0x10022da8c'

set_operand_value on 32bits don't have to write to this address (0x10022da8c) that is not 32bits, the add should give: 0x22da8c

Enabling memory trace mode (--memory) on the main branch is calculating: 0x22da8c

121 0x3ea4ac: mov [edx+eax],cl
mem_trace: pos = 121 rip = 3ea4ac op = write bits = 8 address = 0x22da8c value = 0x73 name = 'stack'

regards.

@sha0coder
Copy link
Owner

awesome!!!!

@sha0coder sha0coder merged commit 7d57285 into sha0coder:main Jul 13, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@acheron2302 @sha0coder