Implement rdtsc hook

momo5502 · Sep 2, 2024 · daff0d1 · daff0d1
1 parent 679fecd
commit daff0d1
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 6 deletions.
diff --git a/deps/unicorn b/deps/unicorn
diff --git a/src/emulator/emulator.hpp b/src/emulator/emulator.hpp
@@ -9,7 +9,7 @@ struct emulator_hook;
 
 using memory_operation = memory_permission;
 
-using hook_callback = std::function<void()>;
+using hook_callback = std::function<bool()>;
 
 using simple_memory_hook_callback = std::function<void(uint64_t address, size_t size)>;
 using complex_memory_hook_callback = std::function<void(uint64_t address, size_t size, memory_operation operation)>;

diff --git a/src/emulator/x64_emulator.hpp b/src/emulator/x64_emulator.hpp
@@ -6,6 +6,8 @@ enum class x64_hookable_instructions
 {
 	syscall,
 	cpuid,
+	rdtsc,
+	rdtscp,
 };
 
 using x64_emulator = typed_emulator<uint64_t, x64_register, x64_register::rip,

diff --git a/src/unicorn_emulator/unicorn_x64_emulator.cpp b/src/unicorn_emulator/unicorn_x64_emulator.cpp
@@ -25,6 +25,10 @@ namespace unicorn
 				return UC_X86_INS_SYSCALL;
 			case x64_hookable_instructions::cpuid:
 				return UC_X86_INS_CPUID;
+			case x64_hookable_instructions::rdtsc:
+				return UC_X86_INS_RDTSC;
+			case x64_hookable_instructions::rdtscp:
+				return UC_X86_INS_RDTSCP;
 			}
 
 			throw std::runtime_error("Bad instruction for mapping");
@@ -251,9 +255,9 @@ namespace unicorn
 				const auto uc_instruction = map_hookable_instruction(
 					static_cast<x64_hookable_instructions>(instruction_type));
 
-				function_wrapper<void, uc_engine*> wrapper([c = std::move(callback)](uc_engine*)
+				function_wrapper<int, uc_engine*> wrapper([c = std::move(callback)](uc_engine*)
 				{
-					c();
+					return c() ? 1 : 0;
 				});
 
 				unicorn_hook hook{*this};

diff --git a/src/windows_emulator/main.cpp b/src/windows_emulator/main.cpp
@@ -625,6 +625,13 @@ namespace
 		emu->hook_instruction(x64_hookable_instructions::syscall, [&]
 		{
 			dispatcher.dispatch(*emu, context);
+			return true;
+		});
+
+		emu->hook_instruction(x64_hookable_instructions::rdtsc, [&]
+		{
+			puts("RDTSC Hook");
+			return true;
 		});
 
 		watch_object(*emu, context.teb);
@@ -657,10 +664,8 @@ namespace
 
 		emu->reg(x64_register::rcx, execution_context.value());
 		emu->reg(x64_register::rdx, context.ntdll.image_base);
-
 		emu->reg(x64_register::rip, entry1);
 
-
 		try
 		{
 			if (use_gdb)
+40 −7		qemu/target/i386/misc_helper.c
+2 −1		qemu/target/i386/unicorn.c
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,8 @@ enum class x64_hookable_instructions @@
     {
     	syscall,
     	cpuid,
+    	rdtsc,
+    	rdtscp,
     };
     using x64_emulator = typed_emulator<uint64_t, x64_register, x64_register::rip,
@@ Expand Down @@