Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid instruction (vpxorq) #1913

Open
Jorgecmartins opened this issue Dec 13, 2023 · 6 comments
Open

Invalid instruction (vpxorq) #1913

Jorgecmartins opened this issue Dec 13, 2023 · 6 comments

Comments

@Jorgecmartins
Copy link

Hello,

I'm trying to emulate the following piece of code:

   0x7ffff7db2220 <__strlen_evex>:	endbr64 
   0x7ffff7db2224 <__strlen_evex+4>:	mov    eax,edi
   0x7ffff7db2226 <__strlen_evex+6>:	vpxorq xmm16,xmm16,xmm16 (buggy)

When I try to emulate the instruction vpxorq xmm16,xmm16,xmm16 I get the following error - Invalid instruction (UC_ERR_INSN_INVALID).

I've added a hook to this instruction:

def code_hook(mu, address, size, user_data):
    print (hex(address), hex(size))

and I get a weird output (instruction size):

0x7ffff7db2220 0x4
0x7ffff7db2224 0x2
0x7ffff7db2226 0xf1f1f1f1
ERROR: Invalid instruction (UC_ERR_INSN_INVALID)

The instruction size should be 6 but is outputting 0xf1f1f1f1
@wtdcode
Copy link
Member

wtdcode commented Dec 13, 2023

https://github.com/unicorn-engine/unicorn/wiki/FAQ#emulating-some-instructions-gives-an-error-like-invalid-instruction-what-should-i-do

Did you try switching models?

@Jorgecmartins
Copy link
Author

Thanks for the pointer.
I'm emulating x64, therefore I used Uc(UC_ARCH_X86, UC_MODE_64). Maybe this instruction is not implemented?

@ntqbit
Copy link

ntqbit commented Dec 23, 2023

I encounter the same issue. Emulation of a valid x86-64 instruction triggers UC_ERR_INSN_INVALID.
The code:

from unicorn import *
from unicorn.x86_const import *

uc = Uc(UC_ARCH_X86, UC_MODE_64)

# STACK
STACK_BASE = 0x5000
STACK_SIZE = 0x1000

uc.mem_map(STACK_BASE, STACK_SIZE, UC_PROT_ALL)
uc.reg_write(UC_X86_REG_RSP, STACK_BASE + STACK_SIZE - 0x8)

# PROGRAM
PROGRAM_BASE = 0x10000

# vmovdqu ymmword ptr ds:[rax], ymm0
PROGRAM = b"\xC5\xFE\x7F\x00"

uc.mem_map(PROGRAM_BASE, 0x1000, UC_PROT_ALL)
uc.mem_write(PROGRAM_BASE, PROGRAM)

uc.emu_start(PROGRAM_BASE, PROGRAM_BASE + len(PROGRAM))

@emc2314
Copy link

emc2314 commented Jan 13, 2024

You should set CPU model according to #1880.

mu.ctl_set_cpu_model(UC_CPU_X86_EPYC_ROME)

But the example code in #1880 just doesn't work on my computer even after I've set CPU model and I have no idea why...

@ntqbit
Copy link

ntqbit commented Jan 13, 2024
edited

You should set CPU model according to #1880.

mu.ctl_set_cpu_model(UC_CPU_X86_EPYC_ROME)

But the example code in #1880 just doesn't work on my computer even after I've set CPU model and I have no idea why...

Unfortunately, this does not work for me as well. I tried different model values for in ctl_set_cpu_model, neither of them worked. I tried on the example code I provided above.

@Nuxar1
Copy link

Nuxar1 commented Jan 21, 2024

Hi, same issue here for me trying to emulate

c5 fe 6f 02             vmovdqu ymm0,YMMWORD PTR [rdx]

I've tried multiple cpu models, none of which worked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@emc2314 @Jorgecmartins @wtdcode @Nuxar1 @ntqbit