-
-
static int run_op(struct guest_info * info, v3_op_type_t op_type, addr_t src_addr, addr_t dst_addr, int op_size);
// We emulate up to the next 4KB page boundry
if (dec_instr->dst_operand.size == 1) {
- movs8((addr_t *)dst_addr, &src_addr, &tmp_rcx, (addr_t *)&(info->ctrl_regs.rflags));
+ movs8((addr_t *)&dst_addr, &src_addr, &tmp_rcx, (addr_t *)&(info->ctrl_regs.rflags));
} else if (dec_instr->dst_operand.size == 2) {
- movs16((addr_t *)dst_addr, &src_addr, &tmp_rcx, (addr_t *)&(info->ctrl_regs.rflags));
+ movs16((addr_t *)&dst_addr, &src_addr, &tmp_rcx, (addr_t *)&(info->ctrl_regs.rflags));
} else if (dec_instr->dst_operand.size == 4) {
- movs32((addr_t*)dst_addr, &src_addr, &tmp_rcx, (addr_t *)&(info->ctrl_regs.rflags));
+ movs32((addr_t*)&dst_addr, &src_addr, &tmp_rcx, (addr_t *)&(info->ctrl_regs.rflags));
} else {
PrintError("Invalid operand length\n");
return -1;
}
+ PrintDebug("Calling Write function\n");
if (write_fn(write_gpa, (void *)dst_addr, emulation_length, priv_data) != emulation_length) {
PrintError("Did not fully read hooked data\n");
}
if (write_fn(write_gpa, (void *)dst_addr, op_len, priv_data) != op_len) {
- PrintError("Did not fully read hooked data\n");
+ PrintError("Did not fully write hooked data\n");
return -1;
}
int op_len = 0;
PrintDebug("Emulating Read for instruction at %p\n", (void *)(addr_t)(info->rip));
- PrintDebug("GVA=%p\n", (void *)write_gva);
+ PrintDebug("GVA=%p\n", (void *)read_gva);
if (info->mem_mode == PHYSICAL_MEM) {
ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
return -1;
}
+#ifdef __V3_64BIT__
} else if (op_size == 8) {
- PrintError("64 bit instructions not handled\n");
- return -1;
+
+
+ switch (op_type) {
+ case V3_OP_ADC:
+ adc64((addr_t *)dst_addr, (addr_t *)src_addr, (addr_t *)&(info->ctrl_regs.rflags));
+ break;
+ case V3_OP_ADD:
+ add64((addr_t *)dst_addr, (addr_t *)src_addr, (addr_t *)&(info->ctrl_regs.rflags));
+ break;
+ case V3_OP_AND:
+ and64((addr_t *)dst_addr, (addr_t *)src_addr, (addr_t *)&(info->ctrl_regs.rflags));
+ break;
+ case V3_OP_OR:
+ or64((addr_t *)dst_addr, (addr_t *)src_addr, (addr_t *)&(info->ctrl_regs.rflags));
+ break;
+ case V3_OP_XOR:
+ xor64((addr_t *)dst_addr, (addr_t *)src_addr, (addr_t *)&(info->ctrl_regs.rflags));
+ break;
+ case V3_OP_SUB:
+ sub64((addr_t *)dst_addr, (addr_t *)src_addr, (addr_t *)&(info->ctrl_regs.rflags));
+ break;
+
+ case V3_OP_INC:
+ inc64((addr_t *)dst_addr, (addr_t *)&(info->ctrl_regs.rflags));
+ break;
+ case V3_OP_DEC:
+ dec64((addr_t *)dst_addr, (addr_t *)&(info->ctrl_regs.rflags));
+ break;
+ case V3_OP_NEG:
+ neg64((addr_t *)dst_addr, (addr_t *)&(info->ctrl_regs.rflags));
+ break;
+
+ case V3_OP_MOV:
+ mov64((addr_t *)dst_addr, (addr_t *)src_addr);
+ break;
+ case V3_OP_NOT:
+ not64((addr_t *)dst_addr);
+ break;
+ case V3_OP_XCHG:
+ xchg64((addr_t *)dst_addr, (addr_t *)src_addr);
+ break;
+
+ default:
+ PrintError("Unknown 64 bit instruction\n");
+ return -1;
+ }
+#endif
+
} else {
PrintError("Invalid Operation Size\n");
return -1;