unicorn icon indicating copy to clipboard operation
unicorn copied to clipboard

Published 20 hours ago verified publisher icon unicorn-engine

Invalid instruction (vpxorq)

Open Jorgecmartins opened this issue 1 year ago • 8 comments

Hello,

I'm trying to emulate the following piece of code:

   0x7ffff7db2220 <__strlen_evex>:	endbr64 
   0x7ffff7db2224 <__strlen_evex+4>:	mov    eax,edi
   0x7ffff7db2226 <__strlen_evex+6>:	vpxorq xmm16,xmm16,xmm16 (buggy)

When I try to emulate the instruction vpxorq xmm16,xmm16,xmm16 I get the following error - Invalid instruction (UC_ERR_INSN_INVALID).

I've added a hook to this instruction:

def code_hook(mu, address, size, user_data):
    print (hex(address), hex(size))

and I get a weird output (instruction size):

0x7ffff7db2220 0x4
0x7ffff7db2224 0x2
0x7ffff7db2226 0xf1f1f1f1
ERROR: Invalid instruction (UC_ERR_INSN_INVALID)

The instruction size should be 6 but is outputting 0xf1f1f1f1

Jorgecmartins avatar Dec 13 '23 16:12 Jorgecmartins

https://github.com/unicorn-engine/unicorn/wiki/FAQ#emulating-some-instructions-gives-an-error-like-invalid-instruction-what-should-i-do

Did you try switching models?

wtdcode avatar Dec 13 '23 16:12 wtdcode

Thanks for the pointer. I'm emulating x64, therefore I used Uc(UC_ARCH_X86, UC_MODE_64). Maybe this instruction is not implemented?

Jorgecmartins avatar Dec 13 '23 16:12 Jorgecmartins

I encounter the same issue. Emulation of a valid x86-64 instruction triggers UC_ERR_INSN_INVALID. The code:

from unicorn import *
from unicorn.x86_const import *

uc = Uc(UC_ARCH_X86, UC_MODE_64)

# STACK
STACK_BASE = 0x5000
STACK_SIZE = 0x1000

uc.mem_map(STACK_BASE, STACK_SIZE, UC_PROT_ALL)
uc.reg_write(UC_X86_REG_RSP, STACK_BASE + STACK_SIZE - 0x8)

# PROGRAM
PROGRAM_BASE = 0x10000

# vmovdqu ymmword ptr ds:[rax], ymm0
PROGRAM = b"\xC5\xFE\x7F\x00"

uc.mem_map(PROGRAM_BASE, 0x1000, UC_PROT_ALL)
uc.mem_write(PROGRAM_BASE, PROGRAM)

uc.emu_start(PROGRAM_BASE, PROGRAM_BASE + len(PROGRAM))

ntqbit avatar Dec 23 '23 19:12 ntqbit

You should set CPU model according to #1880.

mu.ctl_set_cpu_model(UC_CPU_X86_EPYC_ROME)

But the example code in #1880 just doesn't work on my computer even after I've set CPU model and I have no idea why...

emc2314 avatar Jan 13 '24 07:01 emc2314

You should set CPU model according to #1880.

mu.ctl_set_cpu_model(UC_CPU_X86_EPYC_ROME)

But the example code in #1880 just doesn't work on my computer even after I've set CPU model and I have no idea why...

Unfortunately, this does not work for me as well. I tried different model values for in ctl_set_cpu_model, neither of them worked. I tried on the example code I provided above.

ntqbit avatar Jan 13 '24 11:01 ntqbit

Hi, same issue here for me trying to emulate

c5 fe 6f 02             vmovdqu ymm0,YMMWORD PTR [rdx]

I've tried multiple cpu models, none of which worked.

Nuxar1 avatar Jan 21 '24 02:01 Nuxar1

same problem. I'm trying to emulate:

c4 e2 7d 78 c0          vpbroadcastb ymm0,xmm0

I guess this is an supported instruction, because i found that : https://github.com/unicorn-engine/unicorn/blob/master/include/unicorn/x86.h#L1340

however, my settings mu.ctl_set_cpu_model(x86.UC_CPU_X86_EPYC_ROME) not worked.

tylzh97 avatar Jul 09 '24 13:07 tylzh97