stack params: emu.call32() regs+stack microsoft ABI: emu.call64() arm abi: emu.linux_call64()

sha0coder · sha0coder · commit 34ad154b0025 · 2025-11-10T19:28:49.000+01:00
diff --git a/crates/libmwemu/src/emu/initialization.rs b/crates/libmwemu/src/emu/initialization.rs
@@ -227,7 +227,10 @@ impl Emu {
         .unwrap();
     }
 
+
     /// Initialize windows simulator, this does like init_cpu() but also setup the windows memory.
+    /// This require having the map files in place, otherwise use just init_cpu() but emu32() and
+    /// emu64() already call init_cpu()
     /// This is called from load_code if the code is a PE or shellcode.
     /// load_code_bytes() and other loading ways don't call this, if you need windows simulation call this.
     pub fn init(&mut self, clear_registers: bool, clear_flags: bool) {
@@ -381,6 +384,8 @@ impl Emu {
     pub fn init_mem32(&mut self) {
         log::info!("loading memory maps");
 
+        self.maps.is_64bits = false;
+
         let orig_path = std::env::current_dir().unwrap();
         std::env::set_current_dir(self.cfg.maps_folder.clone());
 
@@ -487,6 +492,7 @@ impl Emu {
     /// This is called from init(), this setup the 64bits windows memory simulation.
     pub fn init_mem64(&mut self) {
         log::info!("loading memory maps");
+        self.maps.is_64bits = true;
 
         /*
         let orig_path = std::env::current_dir().unwrap();
diff --git a/crates/libmwemu/src/tests/call32.rs b/crates/libmwemu/src/tests/call32.rs
@@ -2,17 +2,20 @@ use crate::tests::helpers;
 use crate::*;
 
 #[test]
-// this tests a linux 64bits flags
+// this tests the emu.call32() 
 pub fn call32() {
     helpers::setup();
 
     let mut emu = emu32();
-    let opcodes: Vec<u8> = vec![
-        0x55, 0x48, 0x89, 0xe5, 0x89, 0x7d, 0xfc, 0x89,
-        0x75, 0xf8, 0x8b, 0x55, 0xfc, 0x8b, 0x45, 0xf8,
-        0x01, 0xd0, 0x5d, 0xc3,
+    let opcodes: Vec<u8> = vec![ //TODO: test it with 7 parameters
+        0x55, 0x89, 0xe5, 0x83, 0xec, 0x50, 0xb8, 0x37, 0x13, 0x00, 0x00, 0x83, 0xf0, 0x7b, 0xc9, 0xc3
     ];
-E   emu.load_bytes(opcodes);  
-
-
+    emu.set_verbose(3);
+    emu.linux = true; // otherwise I would need to set map files.
+    emu.load_code_bytes(&opcodes);
+    emu.regs_mut().rax = 0;
+    let eax = emu.call32(emu.regs().rip, &[]).unwrap();
+    assert_eq!(emu.regs().get_eax() as u32, eax);
+    assert_eq!(eax, 0x134c);
+    assert_eq!(emu.regs().rax, 0x134c);
 }
diff --git a/crates/libmwemu/src/tests/call64.rs b/crates/libmwemu/src/tests/call64.rs
@@ -0,0 +1,24 @@
+use crate::tests::helpers;
+use crate::*;
+
+#[test]
+// this tests the emu.call64() Microsoft ABI
+pub fn call64() {
+    helpers::setup();
+
+    let mut emu = emu64();
+    let opcodes: Vec<u8> = vec![
+        0x55, 0x48, 0x89, 0xe5, 0x89, 0x7d, 0xfc, 0x89,
+        0x75, 0xf8, 0x8b, 0x55, 0xfc, 0x8b, 0x45, 0xf8,
+        0x01, 0xd0, 0x5d, 0xc3,
+    ];
+    emu.set_verbose(3);
+    emu.linux = true; // otherwise I would need to set map files.
+    emu.load_code_bytes(&opcodes);
+    emu.regs_mut().rax = 0;
+    let rax = emu.call64(emu.regs().rip, &[]).unwrap();
+    assert_eq!(emu.regs().rip, 0x3c0013);
+    // TODO: improve this test with something with microsoft ABI and more than 4 params.
+    //assert_eq!(rax, 0x134c);
+    //assert_eq!(emu.regs().rax, 0x134c);
+}
diff --git a/crates/libmwemu/src/tests/linux_call64.rs b/crates/libmwemu/src/tests/linux_call64.rs
@@ -0,0 +1,30 @@
+use crate::tests::helpers;
+use crate::*;
+
+#[test]
+// this tests the emu.linux_call64() ARM ABI (used in linux calls)
+pub fn linux_call64() {
+    helpers::setup();
+
+    /*
+         int test(int p1, int p2, int p3, int p4, int p5, int p6, int p7) {
+            return p1+p2+p3+p4+p5+p6+p7;
+        }
+     */
+
+    let mut emu = emu64();
+    let opcodes: Vec<u8> = vec![
+        0x55, 0x48, 0x89, 0xe5, 0x89, 0x7d, 0xfc, 0x89, 0x75, 0xf8, 0x89, 0x55, 
+        0xf4, 0x89, 0x4d, 0xf0, 0x44, 0x89, 0x45, 0xec, 0x44, 0x89, 0x4d, 0xe8, 
+        0x8b, 0x55, 0xfc, 0x8b, 0x45, 0xf8, 0x01, 0xc2, 0x8b, 0x45, 0xf4, 0x01,
+        0xc2, 0x8b, 0x45, 0xf0, 0x01, 0xc2, 0x8b, 0x45, 0xec, 0x01, 0xc2, 0x8b,
+        0x45, 0xe8, 0x01, 0xc2, 0x8b, 0x45, 0x10, 0x01, 0xd0, 0x5d, 0xc3
+    ];
+    emu.set_verbose(0);
+    emu.linux = true;
+    emu.load_code_bytes(&opcodes);
+    emu.regs_mut().rax = 0;
+    let rax = emu.linux_call64(emu.regs().rip, &[1,2,3,4,5,6,7]).unwrap();
+    assert_eq!(rax, emu.regs().rax);
+    assert_eq!(emu.regs().rax, 1+2+3+4+5+6+7);
+}
diff --git a/crates/mwemu/src/main.rs b/crates/mwemu/src/main.rs
@@ -94,7 +94,7 @@ fn main() {
         .arg(clap_arg!("trace_register", "R", "trace_register", "trace a specific register in every step, value and content", "REGISTER1,REGISTER2"))
         .arg(clap_arg!("console", "c", "console", "select in which moment will spawn the console to inspect.", "NUMBER"))
         .arg(clap_arg!("loops", "l", "loops", "show loop interations, it is slow."))
-        .arg(clap_arg!("nocolors", "n", "nocolors", "print without colors for redirectin to a file >out"))
+        .arg(clap_arg!("nocolors", "n", "nocolors", "print without colors for redirecting to a file >out"))
         .arg(clap_arg!("string", "s", "string", "monitor string on a specific address", "ADDRESS"))
         .arg(clap_arg!("inspect", "i", "inspect", "monitor memory like: -i 'dword ptr [ebp + 0x24]", "DIRECTION"))
         //.arg(clap_arg!("endpoint", "e", "endpoint", "perform communications with the endpoint, use tor or vpn!"))
