set_api tune

Author: xwings

qiling/arch/arm.py

@@ -104,3 +104,24 @@ def enable_vfp(self) -> None:
 
     def check_thumb(self):
         return UC_MODE_THUMB if self.__is_thumb() else UC_MODE_ARM
+
+    """
+    set_tls
+    """
+    def init_get_tls(self):
+        self.ql.mem.map(0xFFFF0000, 0x1000, info="[arm_tls]")
+        """
+        'adr r0, data; ldr r0, [r0]; mov pc, lr; data:.ascii "\x00\x00"'
+        """
+        sc = b'\x04\x00\x8f\xe2\x00\x00\x90\xe5\x0e\xf0\xa0\xe1\x00\x00\x00\x00'
+
+        # if ql.archendian == QL_ENDIAN.EB:
+        #    sc = swap_endianess(sc)
+
+        self.ql.mem.write(self.ql.arch.arm_get_tls_addr, sc)
+        self.ql.log.debug("Set init_kernel_get_tls")    
+
+    def swap_endianess(self, s: bytes, blksize=4) -> bytes:
+        blocks = (s[i:i + blksize] for i in range(0, len(s), blksize))
+
+        return b''.join(bytes(reversed(b)) for b in blocks)

qiling/os/linux/linux.py

@@ -16,7 +16,6 @@
 from qiling.os.posix.const import NR_OPEN
 from qiling.os.posix.posix import QlOsPosix
 
-from . import utils
 from . import futex
 from . import thread
 
@@ -56,7 +55,7 @@ def load(self):
             self.ql.arch.enable_vfp()
             self.ql.hook_intno(self.hook_syscall, 2)
             self.thread_class = thread.QlLinuxARMThread
-            utils.ql_arm_init_get_tls(self.ql)
+            self.ql.arch.init_get_tls()
 
         # MIPS32
         elif self.ql.archtype == QL_ARCH.MIPS:

qiling/os/qnx/qnx.py

@@ -8,6 +8,7 @@
 from typing import Callable
 from unicorn import UcError
 
+from qiling import Qiling
 from qiling.os.posix.posix import QlOsPosix
 from qiling.os.qnx.const import NTO_SIDE_CHANNEL, SYSMGR_PID, SYSMGR_CHID, SYSMGR_COID
 from qiling.os.qnx.helpers import QnxConn
@@ -20,7 +21,7 @@
 from qiling.os.posix.posix import QlOsPosix
 
 class QlOsQnx(QlOsPosix):
-    def __init__(self, ql):
+    def __init__(self, ql: Qiling):
         super(QlOsQnx, self).__init__(ql)
 
         self.ql = ql
@@ -60,11 +61,12 @@ def load(self):
         if self.ql.code:
             return
 
-        if self.ql.archtype!= QL_ARCH.ARM:
-            return
-
-        self.ql.arch.enable_vfp()
-        self.ql.hook_intno(self.hook_syscall, 2)
+        # ARM
+        if self.ql.archtype == QL_ARCH.ARM:
+            self.ql.arch.enable_vfp()
+            self.ql.hook_intno(self.hook_syscall, 2)
+            #self.thread_class = thread.QlLinuxARMThread
+            self.ql.arch.init_get_tls()
 
 
     def hook_syscall(self, intno= None, int = None):
@@ -98,15 +100,15 @@ def run(self):
         if  self.ql.entry_point is not None:
             self.ql.loader.elf_entry = self.ql.entry_point
 
-        self.cpupage_addr = int(self.ql.os.profile.get("OS32", "cpupage_address"), 16)
-        self.cpupage_tls_addr = int(self.ql.os.profile.get("OS32", "cpupage_tls_address"), 16)
-        self.tls_data_addr = int(self.ql.os.profile.get("OS32", "tls_data_address"), 16)
-
-        self.syspage_addr = int(self.ql.os.profile.get("OS32", "syspage_address"), 16)
+        self.cpupage_addr        = int(self.ql.os.profile.get("OS32", "cpupage_address"), 16)
+        self.cpupage_tls_addr    = int(self.ql.os.profile.get("OS32", "cpupage_tls_address"), 16)
+        self.tls_data_addr       = int(self.ql.os.profile.get("OS32", "tls_data_address"), 16)
+        self.syspage_addr        = int(self.ql.os.profile.get("OS32", "syspage_address"), 16)
+        syspage_path        = os.path.join(self.ql.rootfs, "syspage.bin")
 
         self.ql.mem.map(self.syspage_addr, 0x4000, info="[syspage_mem]")
 
-        syspage_path = os.path.join(self.ql.rootfs, "syspage.bin")
+        
         with open(syspage_path, "rb") as sp:
             self.ql.mem.write(self.syspage_addr, sp.read())
 
@@ -130,9 +132,13 @@ def run(self):
                 self.ql.emu_start(self.entry_point, (self.entry_point + len(self.ql.code)), self.ql.timeout, self.ql.count)
             else:
                 if self.ql.loader.elf_entry != self.ql.loader.entry_point:
-                    self.ql.emu_start(self.ql.loader.entry_point, self.ql.loader.elf_entry, self.ql.timeout)
+                    entry_address = self.ql.loader.elf_entry
+                    if self.ql.archtype == QL_ARCH.ARM and entry_address & 1 == 1:
+                        entry_address -= 1
+                    self.ql.emu_start(self.ql.loader.entry_point, entry_address, self.ql.timeout)
                     self.run_function_after_load()
-                    self.ql.enable_lib_patch()
+                    self.ql.loader.skip_exit_check = False
+                    self.ql.write_exit_trap()
 
                 self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count)
 

tests/test_qnx.py

@@ -26,7 +26,9 @@ def test_set_api_arm_qnx_sqrt(self):
         def my_msg_sendv(ql: Qiling):
             # params = ql.os.resolve_fcall_params({'s': STRING})
             # print(f'puts("{params["s"]}")')
+            print("*" * 40)
             print("Set API_DONE")
+            print("*" * 40)
 
         ql = Qiling(["../examples/rootfs/arm_qnx/bin/hello_sqrt"], "../examples/rootfs/arm_qnx", verbose=QL_VERBOSE.DEBUG)
         ql.set_api('msg_sendv', my_msg_sendv)