Setting RIP inside callback doesn't change execution flow

unicorn-engine / unicorn

Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)

http://www.unicorn-engine.org

GNU General Public License v2.0

7.33k stars 1.31k forks source link

Setting RIP inside callback doesn't change execution flow #1952

Closed smuthayan closed 1 month ago

smuthayan commented 2 months ago

Hello! I place a hook on UC_MEM_FETCH_PROT. Inside the hook, I overwrite UC_X86_REG_RIP to a different address and return true to change the flow of execution. Instead, the code keeps executing at the previous RIP. It even leaves UC_X86_REG_RIP unchanged as it's executing. Is this normal behavior?

wtdcode commented 1 month ago

Could you provide a reproduction?

smuthayan commented 1 month ago

Hi. I think this was due to the fact that the RIP register is only synced at certain points. Instead, i just catch the error from uc_emu_start and set the RIP there and restart emulation.