Fix Incorrect memory view after running self-modifying code #820

[wonderkun]

When I test qiling, I find issue #820.
I also post a issue to qiling qilingframework/qiling#561.

So far, this fix work will.

import unicorn
import unicorn.x86_const as x86

sc = bytes.fromhex(
    "dbd0d97424f45fb8e67741bc31c9b15831471a03471a83c704e2138ba93edb742"
    "a5f52911b5f00d10c6f43b7a004012c32688d43f3c7eb6a047bcfed868603ceb7"
    "48560fffb59a5da8b20872dd8f90f9ad1e901e6520b1b0fd7b1132d1f7182c363"
    "dd3c78cc9e201dd32486cd1c091a8d63ae4c024c6fe16561c8b8cf0d72b69003b"
    "adfa0ef0baa512076fde2f8c8e31a6d6b495e28dd58c4e63eacf30dc4e9bdd09e"
    "3c689a39e8c4954170424cd83bef47a0d38fa50609d5708d1720bc6ef22d2b1f0"
    "1e77ed64a22b4210ffda64e0175064e0e7460ca6d7ad862648a641aff7f0917a8"
    "e3b3eec91f12168c2a6f227b61e9d2c6db1664d5b5bf2bb3b0c8388c3cc0a0ea9"
    "c85ca43187344d08b94352419618ff394ff7d2bb777cd31102425e90423679cca"
    "c0ddb5bb2bb7124244495a4b42c95a4f4acc6ccac08bbe9b284a8a11fae2912c8"
    "b0959d08e283f51a92a2e4e44f31286ebdb2ae8efe4170e5e511b2590ed4cb993"
    "1614311fda3c8b573d46323595f0c85c5fe98bc05"
)

def main():
    uc = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
    uc.mem_map(0x1000, 0x2000)
    uc.mem_write(0x1000, sc)
    uc.reg_write(x86.UC_X86_REG_ESP, 0x2000)
    uc.emu_start(0x1000, 0, count=0x166)
    out = uc.mem_read(0x1000, 0x2000)

    for x in range(len(sc)):
        print("0x%08x: 0x%02x => 0x%02x" % (x, sc[x],out[x]))
    print(str(out))

if __name__ == "__main__":
    main()

0x0000000f: 0x58 => 0x58
0x00000010: 0x31 => 0x31
0x00000011: 0x47 => 0x47
0x00000012: 0x1a => 0x1a
0x00000013: 0x03 => 0x03
0x00000014: 0x47 => 0x47
0x00000015: 0x1a => 0x1a
0x00000016: 0x83 => 0x83
0x00000017: 0xc7 => 0xc7
0x00000018: 0x04 => 0x04
0x00000019: 0xe2 => 0xe2
0x0000001a: 0x13 => 0xf5
0x0000001b: 0x8b => 0xfc
0x0000001c: 0xa9 => 0xe8
0x0000001d: 0x3e => 0x82
0x0000001e: 0xdb => 0x00
0x0000001f: 0x74 => 0x00
0x00000020: 0x2a => 0x00
0x00000021: 0x5f => 0x60
0x00000022: 0x52 => 0x89
0x00000023: 0x91 => 0xe5
0x00000024: 0x1b => 0x31
0x00000025: 0x5f => 0xc0
0x00000026: 0x00 => 0x64
0x00000027: 0xd1 => 0x8b
0x00000028: 0x0c => 0x50
0x00000029: 0x6f => 0x30
0x0000002a: 0x43 => 0x8b
0x0000002b: 0xb7 => 0x52
0x0000002c: 0xa0 => 0x0c
0x0000002d: 0x04 => 0x8b
0x0000002e: 0x01 => 0x52
0x0000002f: 0x2c => 0x14
0x00000030: 0x32 => 0x8b
0x00000031: 0x68 => 0x72
0x00000032: 0x8d => 0x28
0x00000033: 0x43 => 0x0f
0x00000034: 0xf3 => 0xb7
0x00000035: 0xc7 => 0x4a
0x00000036: 0xeb => 0x26
0x00000037: 0x6a => 0x31
0x00000038: 0x04 => 0xff
0x00000039: 0x7b => 0xac
0x0000003a: 0xcf => 0x3c
0x0000003b: 0xed => 0x61
0x0000003c: 0x86 => 0x7c
0x0000003d: 0x86 => 0x02
0x0000003e: 0x03 => 0x2c
0x0000003f: 0xce => 0x20
0x00000040: 0xb7 => 0xc1
0x00000041: 0x48 => 0xcf
0x00000042: 0x56 => 0x0d
0x00000043: 0x0f => 0x01
0x00000044: 0xff => 0xc7

[aquynh]

do you really want to add a new API?

[wtdcode]

Do we really generate eob for every instruction?

[wtdcode]

Could you provide some examples on how to use this API? It also helps us decide whether this API is essential.

[wtdcode]

Confirmed that it is fixed in UC2. Link to #1217.

[google-mirror]

Confirmed that it is fixed in UC2. Link to #1217.

Has UC2 released source code recently?

[wtdcode]

Confirmed that it is fixed in UC2. Link to #1217.

Has UC2 released source code recently?

Very soon, still under heavy development. Stay tuned!