-
Notifications
You must be signed in to change notification settings - Fork 0
/
x86_cpustate.h
183 lines (153 loc) · 4.26 KB
/
x86_cpustate.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
// This file is part of KEmuFuzzer.
//
// KEmuFuzzer is free software: you can redistribute it and/or modify it under
// the terms of the GNU General Public License as published by the Free
// Software Foundation, either version 3 of the License, or (at your option)
// any later version.
//
// KEmuFuzzer is distributed in the hope that it will be useful, but WITHOUT ANY
// WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
// details.
//
// You should have received a copy of the GNU General Public License along with
// KEmuFuzzer. If not, see <http://www.gnu.org/licenses/>.
#ifndef CPUSTATE_H
#define CPUSTATE_H
#include <stdint.h>
#include "x86.h"
#define KEMUFUZZER_HYPERCALL_START_TESTCASE 0x23
#define KEMUFUZZER_HYPERCALL_STOP_TESTCASE 0x45
#define EXPECTED_MAGIC 0xEFEF
#define EXPECTED_VERSION 0x0001
#define CPU_STATE_MAGIC 0xEFEF
#define CPU_STATE_VERSION 0x0001
#define MAX_MSRS 0x20
#define HYPERCALL_LEN 0x2 // length of a "hypercall" instruction (in bytes)
static int MSRs_to_save[] = {
X86_MSR_IA32_SYSENTER_CS,
X86_MSR_IA32_SYSENTER_ESP,
X86_MSR_IA32_SYSENTER_EIP,
X86_MSR_IA32_APICBASE,
X86_MSR_EFER,
X86_MSR_STAR,
X86_MSR_PAT,
X86_MSR_VM_HSAVE_PA,
X86_MSR_IA32_PERF_STATUS,
};
typedef uint64_t reg64_t;
typedef uint32_t reg32_t;
typedef uint16_t reg16_t;
typedef struct __attribute__((__packed__)) {
uint64_t mantissa;
uint16_t expsign;
uint8_t reserved[6];
} fpust_t;
typedef struct __attribute__((__packed__)) {
uint8_t data[16];
} fpuxmm_t;
typedef struct __attribute__((__packed__)) {
uint16_t fcw;
uint16_t fsw;
uint8_t ftw;
uint8_t unused;
uint16_t fop;
uint32_t fpuip;
uint16_t cs;
uint16_t reserved0;
uint32_t fpudp;
uint16_t ds;
uint16_t reserved1;
uint32_t mxcsr;
uint32_t mxcsr_mask;
fpust_t st[8]; // STx/MMx
fpuxmm_t xmm[8];
fpuxmm_t xmm_reserved[14];
} fpu_state_t;
typedef enum {
EMULATOR_QEMU = 0,
EMULATOR_BOCHS,
EMULATOR_VIRTUALBOX,
EMULATOR_VMWARE,
EMULATOR_KVM
} emulator_t;
typedef enum {
PRE_TESTCASE = 0,
POST_TESTCASE = 1,
CRASH_TESTCASE = 0x10,
TIMEOUT_TESTCASE = 0x20,
IO_TESTCASE = 0x40
} type_t;
typedef struct __attribute__ ((__packed__)) {
uint16_t magic;
uint16_t version;
emulator_t emulator;
char kernel_version[16];
char kernel_checksum[64];
char testcase_checksum[64];
type_t type;
uint8_t cpusno;
uint32_t mem_size;
uint8_t ioports[2];
} header_t;
typedef struct __attribute__ ((__packed__)) {
reg64_t rax, rbx, rcx, rdx, rsi, rdi, rsp, rbp, r8, r9, r10;
reg64_t r11, r12, r13, r14, r15, rip, rflags;
} regs_state_t;
typedef struct __attribute__ ((__packed__)) {
uint64_t base;
uint32_t limit;
uint16_t selector;
uint8_t type;
uint8_t present, dpl, db, s, l, g, avl;
uint8_t unusable;
} segment_reg_t;
typedef struct __attribute__ ((__packed__)) {
uint64_t base;
uint16_t limit;
} dtable_reg_t;
typedef struct __attribute__ ((__packed__)) {
segment_reg_t cs, ds, es, fs, gs, ss;
segment_reg_t tr, ldt;
dtable_reg_t idtr, gdtr;
uint64_t cr0, cr1, cr2, cr3, cr4, cr8;
uint64_t dr0, dr1, dr2, dr3, dr6, dr7;
uint64_t efer;
} sregs_state_t;
typedef struct __attribute__ ((__packed__)) {
uint32_t idx;
uint64_t val;
} msr_reg_t;
typedef struct __attribute__ ((__packed__)) {
uint32_t n;
msr_reg_t msr_regs[MAX_MSRS];
} msrs_state_t;
typedef struct __attribute__ ((__packed__)) {
uint32_t vector;
uint32_t error_code;
} exception_state_t;
typedef struct __attribute__ ((__packed__)) {
// FPU state
fpu_state_t fpu_state;
// General purpose registers state
regs_state_t regs_state;
// Special registers state
sregs_state_t sregs_state;
// Exception state
exception_state_t exception_state;
// MSR registers state
msrs_state_t msrs_state;
} cpu_state_t;
// HEADER + CPU[0] + CPU[1] + .... + MEM
#ifndef DONT_GZIP_STATE
#define file gzFile
#define fwrite(a,b,c) gzwrite(a,b,c)
#define fread(a,b,c) gzread(a,b,c)
#define fclose(a) gzclose(a)
#define fopen(a,b) gzopen(a,b)
#else
#define file FILE *
#define fwrite(a,b,c) (fwrite(b,c,1,a) * c)
#define fread(a,b,c) (fread(b,c,1,a) * c)
#endif
#endif