Merge branch 'dev' of https://github.com/qilingframework/qiling into dev

Author: xwings

examples/mcu/stm32f407_ai_sine_display.py

@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+#
+# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
+#
+
+import sys
+sys.path.append("../..")
+
+from qiling.core import Qiling
+from qiling.const import QL_VERBOSE
+from qiling.extensions.mcu.stm32f4 import stm32f407
+from qiling.hw.external_device.oled.ssd1306 import PyGameSSD1306Spi
+
+
+ql = Qiling(["../rootfs/mcu/stm32f407/ai-sine-test.elf"],
+            archtype="cortex_m", env=stm32f407, verbose=QL_VERBOSE.DEFAULT)
+
+ql.hw.create('rcc')
+ql.hw.create('pwr')
+ql.hw.create('flash interface')
+ql.hw.create('gpioa')
+ql.hw.create('gpiob')
+ql.hw.create('gpiod')
+ql.hw.create('spi1')
+ql.hw.create('crc')
+
+oled = PyGameSSD1306Spi(dc=(ql.hw.gpiod, 5))
+ql.hw.spi1.connect(oled)
+
+def indicator(ql):
+    ql.log.info('PA7 set')
+
+ql.hw.gpioa.hook_set(7, indicator, ql)
+ql.hw.systick.ratio = 1000
+
+ql.run(count=800000)

qiling/debugger/qdb/qdb.py

@@ -40,12 +40,8 @@ def dbg_hook(self: QlQdb, init_hook: str):
         # self.ql.loader.entry_point  # ld.so
         # self.ql.loader.elf_entry    # .text of binary
 
-        if init_hook:
-            pause_entry = _parse_int(init_hook)
-        else:
-            pause_entry = self.ql.loader.entry_point
-
-        self.set_breakpoint(pause_entry, is_temp=True)
+        if init_hook and self.ql.loader.entry_point != init_hook:
+            self.do_breakpoint(init_hook)
 
         self.cur_addr = self.ql.loader.entry_point
 
@@ -55,9 +51,7 @@ def dbg_hook(self: QlQdb, init_hook: str):
         else:
             self._init_state = self.ql.save()
 
-        if pause_entry != self.cur_addr:
-            self.do_context()
-
+        self.do_context()
         self.interactive()
 
     @property
@@ -129,7 +123,6 @@ def _run(self: Qldbg, address: int = 0, end: int = 0, count: int = 0) -> None:
                     else:
                         print(f"{color.CYAN}[+] hit breakpoint at 0x{self.cur_addr:08x}{color.END}")
 
-                    self.do_context()
                     break
 
                 self.ql.arch.step()
@@ -239,7 +232,8 @@ def do_step(self: QlQdb, *args) -> Optional[bool]:
                 self.ql.count -= 1
 
             else:
-                self._run(count=1)
+                count = 1 if next_stop == self.cur_addr + 4 else 2
+                self._run(count=count)
 
             self.do_context()
 

qiling/debugger/qdb/utils.py

@@ -260,8 +260,8 @@ def regdst_eq_pc(op_str):
         to_jump = cb_table.get(line.mnemonic)(read_reg_val(line.op_str.split(", ")[0]))
 
     if to_jump:
-        if '#' in line.op_str:
-            ret_addr = _parse_int(line.op_str.split('#')[-1])
+        if "#" in line.op_str:
+            ret_addr = _parse_int(line.op_str.split("#")[-1])
         else:
             ret_addr = read_reg_val(line.op_str)
 
@@ -301,55 +301,62 @@ def regdst_eq_pc(op_str):
 
         ret_addr = next_addr
 
-        return ret_addr
-
     elif line.mnemonic in ("ldr",):
+
         if regdst_eq_pc(line.op_str):
-            _pc, _, rn_offset = line.op_str.partition(", ")
+            _, _, rn_offset = line.op_str.partition(", ")
+            r, _, imm = rn_offset.strip("[]!").partition(", #")
 
             if "]" in rn_offset.split(", ")[1]: # pre-indexed immediate
-                _, r, imm = line.op_str.replace("[", "").replace("]", "").replace("!", "").replace("#", "").split(", ")
-                ret_addr = ql.unpack32(ql.mem.read(_parse_int(imm) + read_reg_val(r), 4))
+                ret_addr = ql.unpack32(ql.mem.read(_parse_int(imm) + read_reg_val(r), ARM_INST_SIZE))
 
             else: # post-indexed immediate
                 # FIXME: weired behavior, immediate here does not apply
-                _, r, imm = line.op_str.replace("[", "").replace("]", "").replace("!", "").replace("#", "").split(", ")
-                ret_addr = ql.unpack32(ql.mem.read(read_reg_val(r), 4))
+                ret_addr = ql.unpack32(ql.mem.read(read_reg_val(r), ARM_INST_SIZE))
 
     elif line.mnemonic in ("addls", "addne", "add") and regdst_eq_pc(line.op_str):
         V, C, Z, N = get_cpsr(ql.reg.cpsr)
+        r0, r1, r2, *imm = line.op_str.split(", ")
 
-        if line.mnemonic == "addls" and (C == 0 or Z == 1):
-            r0, r1, r2, imm = line.op_str.split(", ")
-            # program counter is awalys 8 bytes ahead , when it comes with pc need to add extra 8 bytes
-            ret_addr = 8 + read_reg_val(r1) + read_reg_val(r2) * 4
+        # program counter is awalys 8 bytes ahead when it comes with pc, need to add extra 8 bytes
+        extra = 8 if 'pc' in (r0, r1, r2) else 0
+
+        if imm:
+            expr = imm[0].split()
+            # TODO: should support more bit shifting and rotating operation
+            if expr[0] == "lsl": # logical shift left
+                n = _parse_int(expr[-1].strip("#")) * 2
 
-        elif line.mnemonic == "addne" and Z == 0:
-            r0, r1, r2, *rest = line.op_str.split(", ")
-            ret_addr = 8 + read_reg_val(r1) + (read_reg_val(r2) * 4 if rest else read_reg_val(r2))
+        if line.mnemonic == "addls" and (C == 0 or Z == 1):
+            ret_addr = extra + read_reg_val(r1) + read_reg_val(r2) * n
 
-        elif line.mnemonic == "add":
-            r0, r1, r2 = line.op_str.split(", ")
-            ret_addr = 8 + sum(map(read_reg_val, [r1, r2]))
+        elif line.mnemonic == "add" or (line.mnemonic == "addne" and Z == 0):
+            ret_addr = extra + read_reg_val(r1) + (read_reg_val(r2) * n if imm else read_reg_val(r2))
 
     elif line.mnemonic in ("tbh", "tbb"):
 
         cur_addr += ARM_INST_SIZE
+        r0, r1, *imm = line.op_str.strip("[]").split(", ")
+
+        if imm:
+            expr = imm[0].split()
+            if expr[0] == "lsl": # logical shift left
+                n = _parse_int(expr[-1].strip("#")) * 2
 
         if line.mnemonic == "tbh":
-            r0, r1, _ = line.op_str.strip("[").strip("]").split(", ")
-            r1 = read_reg_val(r1) * 2
+
+            r1 = read_reg_val(r1) * n
 
         elif line.mnemonic == "tbb":
-            r0, r1 = line.op_str.strip("[").strip("]").split(", ")
+
             r1 = read_reg_val(r1)
 
-        to_add = int.from_bytes(ql.mem.read(cur_addr+r1, 2 if line.mnemonic == "tbh" else 1), byteorder="little") * 2
+        to_add = int.from_bytes(ql.mem.read(cur_addr+r1, 2 if line.mnemonic == "tbh" else 1), byteorder="little") * n
         ret_addr = cur_addr + to_add
 
     elif line.mnemonic.startswith("pop") and "pc" in line.op_str:
 
-        ret_addr = ql.stack_read(line.op_str.strip("{").strip("}").split(", ").index("pc") * 4)
+        ret_addr = ql.stack_read(line.op_str.strip("{}").split(", ").index("pc") * ARM_INST_SIZE)
         if not { # step to next instruction if cond does not meet
                 "pop"  : lambda *_: True,
                 "pop.w": lambda *_: True,