EIP value in callback UC_HOOK_MEM_UNMAPPED depends on UC_HOOK_CODE registration (x86)

Question

EIP value in callback UC_HOOK_MEM_UNMAPPED depends on UC_HOOK_CODE registration (x86)

Opened this issue 2 months ago · 1 comments

I get different eip values in the unmapped mem callback for the very same binary if I register a code hook instead of a block hook. Seemingly eip gets updated in some part of the code that depends on the existance of a code hook. (if there is a code hook, eip precisely points to the instruction making the failed access) What I see is that env->eip is different is store_helper() where the unmapped hook is called from. I haven't made any deep analysis hoping the phenomenon might ring some bells regarding code hook implementation.

Thanks for the help,
Viktor

wtdcode commented 2 months ago

#1643