x86 Emulation crash on reading CR8 register #1495
Description
Hello,
My x86 emulation crash whenever it tries to load mscoree.dll, it happens that's the first dll where the DllMain is actually called and when it's called it tries to save the cr8 register but reading this register crash the Unicorn engine:
def main() -> None:
ql = qiling.Qiling(
["[...]/x.exe"],
"./rootfs/x86_windows",
ostype=qiling.core.QL_OS.WINDOWS,
archtype=qiling.core.QL_ARCH.X86,
verbose=qiling.core.QL_VERBOSE.DEBUG,
)
print(ql)[=] Calling mscoree.dll DllMain at 0x1026f100
Traceback (most recent call last):
[...]
File "[...]\venv\lib\site-packages\unicorn\unicorn_py3\unicorn.py", line 381, in _reg_read
raise UcError(status, reg_id)
unicorn.unicorn_py3.unicorn.UcError: Invalid argument (UC_ERR_ARG)
What's happen is that the reg_map_cr in x86_const.py contains the cr8register id:
reg_map_cr = {
"cr0": UC_X86_REG_CR0,
"cr1": UC_X86_REG_CR1,
"cr2": UC_X86_REG_CR2,
"cr3": UC_X86_REG_CR3,
"cr4": UC_X86_REG_CR4,
"cr8": UC_X86_REG_CR8
}But in Unicorn, in the reg_read function, the UC_X86_REG_CR8 case doens't exist thus it returns an error:
case UC_MODE_32:
switch (regid) {
default:
break;
case UC_X86_REG_CR0:
case UC_X86_REG_CR1:
case UC_X86_REG_CR2:
case UC_X86_REG_CR3:
case UC_X86_REG_CR4:
CHECK_REG_TYPE(int32_t);
*(int32_t *)value = env->cr[regid - UC_X86_REG_CR0];
break;
case UC_X86_REG_DR0:I managed to quick fixed it by removing the cr8 line:
reg_map_cr = {
"cr0": UC_X86_REG_CR0,
"cr1": UC_X86_REG_CR1,
"cr2": UC_X86_REG_CR2,
"cr3": UC_X86_REG_CR3,
"cr4": UC_X86_REG_CR4,
}Thanks!